Tons of updates including erpnext, fusionauth, kong, elasticsearch, postgres-12, opennebula-5.10...

app/erpnext-12/files/mysql/60-frappe.cnf

@@ -0,0 +1,10 @@
+[mysqld]
+innodb-file-format=barracuda
+innodb-file-per-table=1
+innodb-large-prefix=1
+character-set-client-handshake = FALSE
+character-set-server = utf8mb4
+collation-server = utf8mb4_unicode_ci
+
+[mysql]
+default-character-set = utf8mb4

app/erpnext-12/files/ssh.config

@@ -0,0 +1,3 @@
+# So ansible does not have to add each hypervisor node to known_hosts
+StrictHostKeyChecking=no
+UserKnownHostsFile=/dev/null

app/erpnext-12/handlers/main.yml

@@ -0,0 +1,12 @@
+---
+- name: restart mysql
+  service: name=mysql enabled=yes state=restarted
+
+- name: reload nginx
+  service: name=nginx enabled=yes state=restarted
+
+- name: restart supervisor
+  service: name=supervisor enabled=yes state=restarted
+
+- name: reload supervisor
+  service: name=supervisor enabled=yes state=reloaded

app/erpnext-12/tasks/configure-erpnext.yml

@@ -0,0 +1,133 @@
+---
+# # Pip install frappe-bench
+# - name: Installing pip frappe-bench
+#   pip:
+#     name:
+#       - frappe-bench
+
+# # Create {{ base }} directory
+# - name: Creating {{ base }} directory
+#   file:
+#     path: '{{ base }}'
+#     state: directory
+#     owner: toor
+#     group: toor
+#     mode: '0755'
+
+# # Run frappe bench init
+# - name: Running frappe bench init
+#   # NOTICE: running as toor
+#   become_user: toor
+#   shell: bench init {{ projectname }} --frappe-branch version-12 --no-backups
+#   args:
+#     chdir: '{{ base }}'
+#     # Ensures this command only runs if the dir does NOT exist
+#     creates: '{{ path }}'
+#   when: frappe_repo is undefined
+
+# # Run frappe bench init with custom repo
+# - name: Running frappe bench init with custom repo
+#   # NOTICE: running as toor
+#   become_user: toor
+#   shell: bench init {{ projectname }} --frappe-path {{ frappe_repo }} --frappe-branch version-12 --no-backups
+#   args:
+#     chdir: '{{ base }}'
+#     # Ensures this command only runs if the dir does NOT exist
+#     creates: '{{ path }}'
+#   when: frappe_repo is defined
+
+# # Create frappe-bench supervisor configs
+# - name: Creating frappe-bench supervisor config
+#   become_user: toor
+#   shell: bench setup supervisor
+#   args:
+#     chdir: '{{ path }}'
+#     creates: '{{ path }}/config/supervisor.conf'
+
+# # Symlink frappe-bench supervisor config
+# - name: Symlinking frappe-bench supervisor config
+#   file:
+#     src: '{{ path }}/config/supervisor.conf'
+#     dest: /etc/supervisor/conf.d/frappe-bench.conf
+#     state: link
+#   notify: reload supervisor
+
+# # Get ERPNext app
+# - name: Getting ERPNext app
+#   become_user: toor
+#   shell: bench get-app erpnext --branch version-12
+#   args:
+#     chdir: '{{ path }}'
+#     creates: '{{ path }}/apps/erpnext'
+#   notify: reload supervisor
+#   when: erpnext_repo is undefined
+
+# # Get ERPNext app from custom repo
+# - name: Getting ERPNext app from custom repo
+#   become_user: toor
+#   shell: bench get-app erpnext {{ erpnext_repo }} --branch version-12
+#   args:
+#     chdir: '{{ path }}'
+#     creates: '{{ path }}/apps/erpnext'
+#   notify: reload supervisor
+#   when: erpnext_repo is defined
+
+# # Settings frappe bench mariadb-host
+# - name: Setting frappe bench mariadb-host
+#   become_user: toor
+#   shell: bench set-mariadb-host {{ db_host }}
+#   args:
+#     chdir: '{{ path }}'
+#   when: db_host is defined
+
+# # Create new site using local database
+# - name: Creating new frappe site using local database
+#   become_user: toor
+#   shell: bench new-site {{ site }} --admin-password {{ erpnext_admin_password }} --db-name {{ db_name }} --db-password {{ erpnext_db_password }} --mariadb-root-username root --mariadb-root-password {{ root_db_password }} --force
+#   args:
+#     chdir: '{{ path }}'
+#     creates: '{{ path }}/sites/{{ site }}'
+#   notify: reload supervisor
+#   when: db_host is undefined
+
+# # Create new site using remote database
+# - name: Creating new frappe site using remote database
+#   become_user: toor
+#   shell: bench new-site {{ site }} --admin-password {{ erpnext_admin_password }} --db-name {{ db_name }} --db-password {{ erpnext_db_password }} --mariadb-root-username root --mariadb-root-password {{ root_db_password }} --force --no-mariadb-socket
+#   args:
+#     chdir: '{{ path }}'
+#     creates: '{{ path }}/sites/{{ site }}'
+#   notify: reload supervisor
+#   when: db_host is defined
+
+# Adding ERPNext to site
+- name: Adding ERPNext to site
+  become_user: toor
+  shell: bench --site {{ site }} install-app erpnext
+  args:
+    chdir: '{{ path }}'
+    creates: '{{ path }}/sites/{{ site }}/ansible-flag-app-erpnext-added'
+  notify: reload supervisor
+
+# Create frappe-bench nginx configs
+- name: Creating frappe-bench nginx config
+  become_user: toor
+  shell: bench setup nginx
+  args:
+    chdir: '{{ path }}'
+    creates: '{{ path }}/config/nginx.conf'
+
+# Delete /etc/nginx/sites-enabled/default
+- name: Deleting /etc/nginx/sites-enabled/default
+  file:
+    path: /etc/nginx/sites-enabled/default
+    state: absent
+  notify: reload nginx
+
+# Symlink frappe-bench nginx config
+- name: Symlinking frappe-bench nginx config
+  file:
+    src: '{{ path }}/config/nginx.conf'
+    dest: /etc/nginx/sites-enabled/erpnext.conf
+    state: link
+  notify: reload nginx

app/erpnext-12/tasks/configure-linux.yml

@@ -0,0 +1,9 @@
+---
+# Copy ssh client config for toor user so we can git clone without confirmation
+- name: Copying toor SSH client config
+  copy:
+    src: 'ssh.config'
+    dest: '/home/toor/.ssh/config'
+    owner: toor
+    group: toor
+    mode: '0644'

app/erpnext-12/tasks/configure-mysql.yml

@@ -0,0 +1,30 @@
+---
+# Install mariadb-client
+# Required regardless if MySQL server is local or remote
+- name: Installing mariadb-client
+  apt:
+    update_cache: yes
+    state: present
+    name:
+      - mariadb-client
+
+# Enable root password (only if using localhost db)
+- name: Enable MySQL root password
+  shell: "{{ item }}"
+  with_items:
+    - mysql -e "CREATE USER 'root'@'%' IDENTIFIED BY '{{ root_db_password }}'; GRANT ALL PRIVILEGES ON *.* to 'root'@'%';"
+    - mysql -e "ALTER USER 'root'@'%' IDENTIFIED VIA mysql_native_password; SET PASSWORD = PASSWORD('{{ root_db_password }}');"
+  args:
+    # Ensure this runs only once
+    creates: ~/.config/ansible-flag-mysql-password-enabled
+  notify: restart mysql
+
+# Copy MariaDB /etc/mysql/mariadb.conf.d/60-frappe.cnf
+- name: Copying /etc/mysql/mariadb.conf.d/60-frappe.cnf
+  copy:
+    src: mysql/60-frappe.cnf
+    dest: /etc/mysql/mariadb.conf.d/60-frappe.cnf
+    owner: root
+    group: root
+    mode: '0644'
+  notify: restart mysql

app/erpnext-12/tasks/configure-nodejs.yml

@@ -0,0 +1,6 @@
+---
+# Install nodejs yarn globally
+- name: Installing nodejs yarn globally
+  npm:
+    name: yarn
+    global: yes

app/erpnext-12/tasks/configure-python.yml

@@ -0,0 +1,22 @@
+---
+# Install python3-pip
+- name: Installing python3-pip
+  apt:
+    update_cache: yes
+    state: present
+    name:
+      - python3-pip
+
+# Update alternatives to python3
+- name: Updating alternatives to python3
+  alternatives:
+    name: python
+    link: /usr/bin/python
+    path: /usr/bin/python3
+
+# Update alternatives to pip3
+- name: Updating alternatives for pip3
+  alternatives:
+    name: pip
+    link: /usr/bin/pip
+    path: /usr/bin/pip3

app/erpnext-12/tasks/main.yml

@@ -0,0 +1,12 @@
+---
+# NOTICE: Commands like frappe bench and git clone need to run
+# as the toor user, not root.  The playbook that runs this role
+# should be logging in as toor, using become:yes with toors ssh key
+# Because become:yes all command still run as root, until I use
+# become_user: toor below.
+
+#- include_tasks: configure-linux.yml
+#- include_tasks: configure-mysql.yml
+#- include_tasks: configure-python.yml
+#- include_tasks: configure-nodejs.yml
+- include_tasks: configure-erpnext.yml

app/fusionauth-1.15.8/files/originals/fusionauth.properties

@@ -0,0 +1,73 @@
+#
+# Copyright (c) 2018, FusionAuth, All Rights Reserved
+#
+
+#------------------------------------------------------------------------------
+# Database
+# - Specify the URL and credentials for your database here
+# - Required on each node running FusionAuth App webservice
+#------------------------------------------------------------------------------
+database.url=jdbc:mysql://localhost:3306/fusionauth?serverTimezone=UTC&useSSL=false
+database.username=fusionauth
+database.password=fusionauth
+
+#------------------------------------------------------------------------------
+# Database Encoding Validation for MySQL
+# - This value is ignored if using PostgreSQL
+# - Disable (set to false) only if you understand the MySQL limitations not using 'utf8mb4' character sets.
+#------------------------------------------------------------------------------
+database.enforce-utf8mb4=true
+
+#------------------------------------------------------------------------------
+# fusionauth-search
+# - Required on each node running FusionAuth Search
+#------------------------------------------------------------------------------
+fusionauth-search.transport-port=9020
+fusionauth-search.http-port=9021
+fusionauth-search.memory=256M
+fusionauth-search.additional-java-args=
+
+# Special values include: _local_, _site_. Values can be combined in a comma separated list.
+fusionauth-search.hosts=_local_
+
+# Specify the location of your FusionAuth Search servers. Multiple values may be specified using a comma separator.
+# This configuration is used by ElasticSearch to configure clustering. The specified port should be the configured value
+# for 'fusionauth-search.transport-port'.
+#
+# Single host example: localhost:9020
+# Multiple hosts example: localhost:9020,192.168.1.42:9020
+fusionauth-search.servers=localhost:9020
+
+# Specify the full path to the ElasticSearch data directory. This defaults to /usr/local/fusionauth/data/search/esv6
+# on Linux/Unix and %FUSIONAUTH_HOME%\data\search\esv6 on Windows if not specified
+fusionauth-search.data-directory=
+
+#------------------------------------------------------------------------------
+# fusionauth-app
+# - Required on each node running FusionAuth App webservice
+#------------------------------------------------------------------------------
+
+# Optionally specify an addressable URL or IP address to access this node from other FusionAuth nodes.
+# - In most cases this should be left empty and it will be determined at runtime.
+# - Ideally this is a site local IP address that is not publicly routable but accessible from other FusionAuth nodes.
+fusionauth-app.public-url=
+
+# Specify the location of your FusionAuth Search servers. Multiple values may be specified using a comma separator.
+# This configuration is used by FusionAuth App to connect to the ElasticSearch nodes. The specified port should be the
+# configured value for 'fusionauth-search.http-port'.
+#
+# Single host example: http://localhost:9021
+# Multiple hosts example: http://localhost:9021,http://192.168.1.42:9021
+fusionauth-app.search-servers=http://localhost:9021
+
+# Specify the management and HTTP ports for Tomcat
+fusionauth-app.management-port=9010
+fusionauth-app.http-port=9011
+fusionauth-app.https-port=9013
+fusionauth-app.ajp-port=9019
+
+# Specify the memory size here. You can use M for megabytes and G for gigabytes
+fusionauth-app.memory=256M
+
+# Specify any additional JVM arguments here
+fusionauth-app.additional-java-args=

app/fusionauth-1.15.8/tasks/main.yml

@@ -0,0 +1,17 @@
+---
+# Install Fusionauth from online .deb (they provide NO apt repos)
+# Get latest version from curl https://metrics.fusionauth.io/api/latest-version
+# Currently 1.15.8
+- name: Install FusionAuth .deb package from the internet.
+  apt:
+    deb: https://storage.googleapis.com/inversoft_products_j098230498/products/fusionauth/1.15.8/fusionauth-app_1.15.8-1_all.deb
+
+- name: Install FusionAuth-Search .deb package from the internet.
+  apt:
+    deb: https://storage.googleapis.com/inversoft_products_j098230498/products/fusionauth/1.15.8/fusionauth-search_1.15.8-1_all.deb
+
+# Install missing dependencies
+- name: Installing missing dependencies
+  apt:
+    update_cache: yes
+    state: fixed

app/gitlab/tasks/main.yml

@@ -12,6 +12,7 @@
   when: ansible_os_family == "Debian" and ansible_distribution_major_version == "9"
 
 # Install Gitlab
+# CE vs EE see https://about.gitlab.com/install/ce-or-ee/?distro=debian
 - name: Installing Gitlab
   apt:
     update_cache: yes

app/konga-0.14.7/files/konga.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=Konga NodeJS Website
+After=network.target
+
+[Service]
+Type=simple
+User=toor
+WorkingDirectory=/var/www/konga
+ExecStart=/usr/bin/node --harmony app.js --prod
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target

app/konga-0.14.7/tasks/main.yml

@@ -0,0 +1,82 @@
+---
+# Install build-essential for konga
+# Required during npm install phase (needs make, g++, etc...)
+- name: Installing build-essential for konga
+  apt:
+    update_cache: yes
+    state: present
+    name:
+      - build-essential
+
+# Create /var/www folder
+- name: Creating /var/www directory
+  file:
+    path: /var/www
+    state: directory
+    owner: toor
+    group: toor
+    mode: '0755'
+
+# Create /var/www/konga folder
+- name: Creating /var/www/konga directory
+  file:
+    path: /var/www/konga
+    state: directory
+    owner: toor
+    group: toor
+    mode: '0755'
+
+# Git clone https://github.com/pantsel/konga.git
+- name: Git clone https://github.com/pantsel/konga.git tag 0.14.7
+  git:
+    clone: yes
+    force: yes
+    repo: https://github.com/pantsel/konga.git
+    dest: /var/www/konga
+    version: 0.14.7
+    depth: 1
+
+# Ensure konga git contents owned by toor
+- name: Ensuring konga git contents owned by toor
+  file:
+    path: /var/www/konga
+    state: directory
+    owner: toor
+    group: toor
+    recurse: yes
+
+# Delete package-lock.json
+- name: Deleting konga package-lock.json
+  file:
+    path: /var/www/konga/package-lock.json
+    state: absent
+
+# Install konga npm packages
+- name: Installing konga NPM packages
+  npm:
+    path: /var/www/konga
+
+# Install konga bower dependencies
+- name: Installing konga bower dependencies
+  shell: npm run bower-deps
+  args:
+    chdir: /var/www/konga
+
+# Ensure konga git contents owned by toor
+- name: Ensuring konga git contents owned by toor
+  file:
+    path: /var/www/konga
+    state: directory
+    owner: toor
+    group: toor
+    recurse: yes
+
+# Copy konga systemd unit file
+- name: Copying konga.service systemd unit file
+  copy:
+    src: konga.service
+    dest: "/etc/systemd/system/konga.service"
+    owner: root
+    group: root
+    mode: '0644' # -rw-r--r--
+  #NOnotify: reload konga # NO because you need to copy your own .env first