aboutsummaryrefslogtreecommitdiff
path: root/roles/trac/tasks/main.yml
blob: 0b3b1a0f7831de160e4bb3541e08f7a358ba628b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
- name: Install dependencies for Trac
  apt:
    name: "{{ item }}"
    state: present
    update_cache: yes
    cache_valid_time: 10800   # 3 hours
  with_items:
    - trac
    - trac-xmlrpc
    - python-psycopg2
    - libapache2-mod-wsgi

- name: Enable wsgi apache module
  apache2_module:
    name: wsgi
    state: present
  notify:
    - reload apache2

- name: Add group
  group:
    name: "{{ service_name }}"
    system: yes

- name: Add user
  user:
    name: "{{ service_name }}"
    groups: "{{ service_name }}"
    comment: "Account to run Trac service"
    shell: /usr/sbin/nologin
    home: "{{ data_dir }}"
    system: yes
    createhome: no

# We are using apache to front the Trac WSGI application
- name: Configure SAML2 authentication for Trac
  include: ../../apache2/tasks/configure-apache-saml.yml
- name: Configure Apache for Trac
  include: ../../apache2/tasks/configure-apache-site.yml

- name: Add postgresql user
  include: ../../community/geerlingguy.postgresql/tasks/users.yml

- name: Add postgresql database
  include: ../../community/geerlingguy.postgresql/tasks/databases.yml

- name: Create the Trac environment directory
  file:
    state: directory
    path:  "{{ data_dir }}"
    owner: "{{ service_name }}"
    group: "{{ service_name }}"
    mode:  0755

- name: Initialise a new Trac environment
  command: "trac-admin {{ data_dir }} initenv 'Dark Peak' 'postgres://trac:{{ trac_postgresql_password }}@/trac?host=/var/run/postgresql'"
  args:
    creates: "{{ data_dir }}/VERSION"
  become: true
  become_user: "{{ service_name }}"

- name: Grant admin powers to the admin user
  command: "trac-admin {{ data_dir }} permission add admin TRAC_ADMIN"
  become: true
  become_user: "{{ service_name }}"

- name: Grant powers to authenticated users
  command: "trac-admin {{ data_dir }} permission add authenticated {{ item }}"
  with_items:
    - MILESTONE_ADMIN
    - REPORT_ADMIN
    - ROADMAP_ADMIN
    - TICKET_ADMIN
  become: true
  become_user: "{{ service_name }}"

- name: Make wiki module read-only
  command: "trac-admin {{ data_dir }} permission remove authenticated {{ item }}"
  register: trac_wiki_perms
  # allow this task to fail if it's only complaining because the user
  # doesn't have the permission we want to remove:
  failed_when: trac_wiki_perms.rc != 0 and trac_wiki_perms.stderr.find('The user has not been granted the permission') == -1
  with_items:
    - WIKI_CREATE
    - WIKI_MODIFY
  become: true
  become_user: "{{ service_name }}"

  #- name: Make darkpeak-services repo the default when linking changesets etc
  #  command: "trac-admin {{ data_dir }} repository alias '' darkpeak-services"
  #  register: trac_repo_default
  #  # allow this task to fail if it's only complaining because the repo
  #  # is already the default
  #  failed_when: trac_repo_default.rc != 0 and trac_repo_default.stderr.find('duplicate key value violates unique constraint') == -1
  #  become: true
  #  become_user: "{{ service_name }}"

- name: Install Trac configuration
  template:
    src: trac.ini.j2
    dest: "{{ data_dir }}/conf/trac.ini"
    owner: "{{ service_name }}"
    group: "{{ service_name }}"
    mode: 0600
  notify:
    - reload apache2

- name: Create the web root directory
  file:
    state: directory
    path:  "{{ web_root }}"
    owner: "{{ service_name }}"
    group: www-data
    mode:  0750

- name: Install custom Dark Peak branding
  copy:
    src: "{{ item }}"
    dest: "{{ data_dir }}/htdocs/{{ item }}"
    group: "{{ service_name }}"
    owner: "{{ service_name }}"
    mode: 0644
  with_items:
    - favicon.ico
    - darkpeak-logo.png

- name: Redeploy Trac environment
  shell: "trac-admin {{ data_dir }} deploy {{ web_root }}"
  become: true
  become_user: "{{ service_name }}"
  notify:
    - reload apache2