collab: Initial version of role

roles/collab/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+moin_version: 1.9.8
+tmpfs_context: system_u:object_r:httpd_sys_rw_content_t:s0

roles/collab/files/collab-htaccess

@@ -0,0 +1,15 @@
+htaccess                                                                      <
+RewriteEngine On
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteRule ^(.*)$ wsgi/$1 [QSA,PT,L]
+
+<Files wsgi>
+  SetHandler wsgi-script
+</Files>
+
+AuthType	Basic
+AuthName	"Password Required (cancel for help)"
+AuthUserFile	/srv/wikis/collab/run/.htpasswd
+AuthGroupFile	/srv/wikis/collab/run/.htgroup
+
+Require valid-user

roles/collab/files/collab-init.sh

@@ -0,0 +1,20 @@
+#!/bin/sh
+
+set -e
+
+if ! test -e /srv/wikis/collab/log/moinmoin.log; then
+    install -m 0660 -o collab -g collab /dev/null /srv/wikis/collab/log/moinmoin.log
+fi
+
+if ! test -d /srv/wikis/collab/underlay/pages; then
+    cp -R /usr/share/moin/underlay/pages /srv/wikis/collab/underlay
+    chmod -R g=u,o-rwx /srv/wikis/collab/underlay/pages
+    chown -R collab:collab /srv/wikis/collab/underlay/pages
+fi
+
+if ! test -d /srv/wikis/collab/wikis/collab; then
+    su -s /bin/sh - collab -c "collab-create collab collab && collab-account-create -f -r collab"
+    su -s /bin/sh - collab -c "env PYTHONPATH=/srv/wikis/collab/wikis/collab/config python -m MoinMoin.packages -u collab i /srv/wikis/collab/underlay/pages/LanguageSetup/attachments/English--all_pages.zip"
+    su -s /bin/sh - collab -c "env PYTHONPATH=/srv/wikis/collab/wikis/collab/config python -m MoinMoin.packages -u collab i /var/lib/collab/CollabBase.zip"
+    su -s /bin/sh - collab -c "gwiki-rehash /srv/wikis/collab/wikis/collab"
+fi

roles/collab/files/collab.ini

@@ -0,0 +1,19 @@
+[collab]
+logconf=/srv/wikis/collab/config/logging.conf
+## directory also in per instance configs
+farmconf=/srv/wikis/collab/config/collabfarm.py
+## also in <htmldir>/.htaccess
+htpasswd=/srv/wikis/collab/run/.htpasswd
+htgroup=/srv/wikis/collab/run/.htgroup
+## also in collabfarm.py
+htmldir=/srv/wikis/collab/htdocs
+userdir=/srv/wikis/collab/user
+cachedir=/srv/wikis/collab/cache
+wikidir=/srv/wikis/collab/wikis
+## only here
+baseinstancedir=/srv/wikis/collab/wikis/collab
+archivedir=/srv/wikis/collab/archive
+piddir=/srv/wikis/collab/run
+helperuser=collab
+## for collab-auth-ejabberd
+cacherefreshtime=30

roles/collab/meta/main.yml

@@ -0,0 +1,4 @@
+---
+dependencies:
+  - {role: epel-repo}
+  - {role: apache}

roles/collab/tasks/main.yml

@@ -0,0 +1,221 @@
+---
+- name: install dependencies
+  package:
+    name: "{{ item }}"
+    state: installed
+  with_items:
+    - git
+    - graphviz-python
+    - m2crypto
+    - mod_wsgi
+    - patch
+    - python2-pip
+    - python2-setuptools
+
+- name: download moin package
+  get_url:
+    url: "https://static.moinmo.in/files/moin-{{ moin_version }}.tar.gz"
+    dest: /usr/local/src
+    checksum: sha1:bead31f53152395aa93c31dc3e0a8a417be39ccd
+
+- name: extract moin package
+  unarchive:
+    src: "/usr/local/src/moin-{{ moin_version }}.tar.gz"
+    dest: /usr/local/src
+    owner: root
+    group: "{{ ansible_wheel }}"
+    creates: "/usr/local/src/moin-{{ moin_version }}"
+    remote_src: true
+
+- name: copy graphingwiki packages
+  git:
+    dest: "/usr/local/src/{{ item }}"
+    repo: "https://github.com/graphingwiki/{{ item }}.git"
+  with_items:
+    - graphingwiki
+    - collabbackend
+
+- name: patch moin source
+  patch:
+    src: "moin-{{ moin_version }}.patch"
+    basedir: "/usr/local/src/moin-{{ moin_version }}"
+
+- name: copy moin htdocs
+  command: "cp -a /usr/local/src/moin-{{ moin_version }}/MoinMoin/web/static/htdocs /usr/local/src/moin-{{ moin_version }}/wiki"
+  args:
+    creates: "/usr/local/src/moin-{{ moin_version }}/wiki/htdocs"
+
+- name: install graphigwiki packages
+  pip:
+    name: [/usr/local/src/graphingwiki, /usr/local/src/collabbackend]
+    umask: "0022"
+    extra_args: --egg --no-index
+
+- name: install moin
+  pip:
+    name: "/usr/local/src/moin-{{ moin_version }}"
+    umask: "0022"
+    extra_args: --no-index
+
+- name: create group collab
+  group:
+    name: collab
+    gid: 1003
+
+- name: create user collab
+  user:
+    name: collab
+    comment: Service Collab
+    uid: 1003
+    group: collab
+    home: /var/lib/collab
+    shell: /sbin/nologin
+
+- name: create .profile for user collab
+  copy:
+    content: "umask 077\n"
+    dest: /var/lib/collab/.profile
+    mode: 0440
+    owner: collab
+    group: collab
+
+- name: create config directories
+  file:
+    path: "{{ item }}"
+    mode: 0755
+    owner: root
+    group: "{{ ansible_wheel }}"
+    state: directory
+  with_items:
+    - /etc/local
+    - /etc/local/collab
+
+- name: create collab.ini
+  copy:
+    src: collab.ini
+    dest: /etc/local/collab/collab.ini
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: set selinux contexts from data directory
+  sefcontext:
+    path: /export/wikis(/.*)?
+    setype: httpd_sys_rw_content_t
+- name: create data directgory
+  file:
+    path: /export/wikis
+    mode: 0755
+    owner: root
+    group: root
+    seuser: _default
+    setype: _default
+    state: directory
+
+- name: link data directory
+  file:
+    src: /export/wikis
+    dest: /srv/wikis
+    state: link
+
+- name: create data directories
+  file:
+    state: directory
+    path: "{{ item }}"
+    mode: 02770
+    owner: collab
+    group: collab
+  with_items:
+    - "/srv/wikis/collab"
+    - "/srv/wikis/collab/archive"
+    - "/srv/wikis/collab/cache"
+    - "/srv/wikis/collab/config"
+    - "/srv/wikis/collab/htdocs"
+    - "/srv/wikis/collab/log"
+    - "/srv/wikis/collab/run"
+    - "/srv/wikis/collab/underlay"
+    - "/srv/wikis/collab/user"
+    - "/srv/wikis/collab/wikis"
+
+- name: create tmpfs mount for cache
+  mount:
+    state: mounted
+    path: "/export/wikis/collab/cache"
+    src: none
+    fstype: tmpfs
+    opts: "uid=collab,gid=collab,mode=2770,context=\"{{ tmpfs_context }}\""
+
+- name: install htdocs/.htaccess
+  copy:
+    src: collab-htaccess
+    dest: collab-htaccess
+    mode: 0660
+    owner: collab
+    group: collab
+
+- name: copy configs from collabbackend archive
+  copy:
+    src: "/usr/local/src/collabbackend/config/{{ item }}"
+    dest: /srv/wikis/collab/config/{{ item }}
+    mode: 0660
+    owner: collab
+    group: collab
+    remote_src: true
+  with_items:
+    - collabfarm.py
+    - intermap.txt
+    - logging.conf
+
+- name: extract CollabBase.zip from collabbackend archive
+  copy:
+    src: /usr/local/src/collabbackend/packages/CollabBase.zip
+    dest: /var/lib/collab/CollabBase.zip
+    mode: 0660
+    owner: collab
+    group: collab
+    remote_src: true
+
+- name: initialize collab
+  script: collab-init.sh
+  args:
+    creates: /srv/wikis/collab/wikis/collab
+
+- name: add collab-htaccess cron job
+  cron:
+    name: collab-htaccess
+    user: collab
+    job: /usr/bin/collab-htaccess
+
+- name: link collab to apache htdocs
+  file:
+    src: /srv/wikis/collab/htdocs
+    dest: "/srv/web/{{ inventory_hostname }}/collab"
+    owner: root
+    group: "{{ ansible_wheel }}"
+    state: link
+    follow: false
+
+- name: link moin static to apache htdocs
+  file:
+    src: /usr/share/moin/htdocs
+    dest: "/srv/web/{{ inventory_hostname }}/moin_static"
+    owner: root
+    group: "{{ ansible_wheel }}"
+    state: link
+    follow: false
+
+- name: add apache to collab group
+  user:
+    name: apache
+    groups: collab
+    append: yes
+  notify: restart apache
+
+- name: create apache config
+  template:
+    src: collab.conf.j2
+    dest: /etc/httpd/conf.local.d/collab.conf
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: restart apache

roles/collab/templates/collab.conf.j2

@@ -0,0 +1,8 @@
+<Directory "/srv/web/{{ inventory_hostname }}/collab">
+  Options +ExecCGI
+  AllowOverride All
+  WSGIProcessGroup collab
+  WSGIRestrictProcess collab
+</Directory>
+
+WSGIDaemonProcess collab user=collab group=collab umask=0007 processes={{ ansible_processor_vcpus }} threads=20 maximum-requests=4000 display-name=%{GROUP}