diff --git a/README.md b/README.md index 0d1601b..8f82217 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,16 @@ # sympa -This is an Ansible role which sets up a sympa + +This is an Ansible role which sets up a [Sympa](https://sympa.org) mailing list manager. ## Requirements -Debian or Ubuntu with a webserver that serves the sympa web app and a mysql database for it. +Debian stretch or Ubuntu server. MySQL/MariaDB or PostgreSQL database options. Database manager can be previously installed in the host (default) or optionnally installed by the role itself. Webserver for Sympa should be configured elsewhere. ## Role Variables -For the full documentation see https://sympa-community.github.io/, this was tested with Sympa Version 6.2.16 +For the full documentation see https://sympa-community.github.io/, this role was tested with Sympa Version 6.2.16 (Debian stretch sympa package). ### List Templates `sympa_template_lists` is a list of templates to be defined. @@ -58,7 +59,7 @@ Each entry consists of the following: | `name` | :heavy_check_mark: | Name of the auth option like ldap, user_table | | `options` | :heavy_check_mark: | Dict of options for the auth method | -## Example +#### Example ```yaml sympa_auth: @@ -90,7 +91,7 @@ Each list entry contains the following: | `path` | :heavy_check_mark: | Path of the category | | `title` | :heavy_check_mark: | Title of the category | -## Example +#### Example ```yaml sympa_topics: @@ -100,6 +101,13 @@ title: Art title: Expressionism ``` +### Database manager + +| Name | Required/Default | Description | +|:---------------------------|:------------------:|:------------------------------------------------------------------------------------------| +| `sympa_db_type` | `mysql` | Choice of database manager. `MySQL` or `PostgreSQL`. `mysql` and `Pg` values are acceptable, but deprecated. Other database options are not managed. | +| `sympa_install_db_package` | `False` | Whether the db manager is installed previously (`False`) or the role installs it (`True`) | + ### Sympa Variables | Name | Required/Default | Description | @@ -207,3 +215,4 @@ This work is licensed under a [Creative Commons Attribution-ShareAlike 4.0 Inter ## Author Information * [Fritz Otlinghaus (Scriptkiddi)](https://github.com/Scriptkiddi) _fritz.otlinghaus@stuvus.uni-stuttgart.de_ +* [UdelaR Interior](https://github.com/UdelaRInterior) contributions \ No newline at end of file diff --git a/defaults/main.yml b/defaults/main.yml index e5b7b95..861e037 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,4 +1,7 @@ --- +## Sympa Ansible role default variables + +sympa_domain: "{{ ansible_fqdn }}" sympa_show_default_templates: false sympa_template_lists: [] ## Define the following variables for ldap alias manager @@ -8,9 +11,13 @@ sympa_template_lists: [] # ssl: true # queue_transport: sympa # bouncequeue_transport: sympabounce + +## Database variables +sympa_db_type: mysql #'MySQL' or 'mysql'. or 'PostgreSQL' or 'Pg'. 'mysql' and 'Pg' values are deprecated +sympa_install_db_package: False # 'True' for this role to install mysql or postgresql package, 'False' if installed elsewhere sympa_db_name: sympa sympa_db_host: localhost -sympa_db_port: 3306 +sympa_db_port: "{{ 5432 if sympa_db_type == 'PostgreSQL' else 3306 }}" sympa_db_user: sympa sympa_lang: en sympa_auth: @@ -113,4 +120,21 @@ sympa_default_home: home sympa_edit_list: owner sympa_ldap_force_canonical_email: 1 sympa_review_page_size: 25 +sympa_webserver_type: Other # 'Other' or 'Apache 2' sympa_web_page_title: Mailing lists service + +sympa_apache2_configure: false +sympa_www_domain: '{{ sympa_domain }}' +sympa_server_admin: 'listmaster@{{ sympa_domain }}' +sympa_wwsympa_url: 'https://{{ sympa_www_domain }}/{{ sympa_script_alias }}' +sympa_script_alias: wws +sympa_static_alias: static-sympa + +## SSL webserver certificates +sympa_ssl_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem +sympa_ssl_cert_key_file: /etc/ssl/private/ssl-cert-snakeoil.key +## It's worthful to install certbot and define +# sympa_ssl_cert_file: /etc/letsencrypt/live/{{ sympa_www_domain }}/cert.pem +# sympa_ssl_cert_key_file: /etc/letsencrypt/live/{{ sympa_www_domain }}/privkey.pem + +... diff --git a/tasks/main.yml b/tasks/main.yml index 03848d1..95e98a8 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,36 +1,43 @@ -- name: Set database to mysql - debconf: - name: sympa - question: sympa/database-type - value: mysql - vtype: select +--- +## Sympa configuration main tasks file -- name: Set webserver to other - debconf: - name: sympa - question: wwsympa/webserver_type - value: Other - vtype: select +- name: Check that "debconf" and "debconf-utils" are installed + apt: + name: + - debconf + - debconf-utils + state: latest + +- name: MySQL/MariaDB configuration + include_tasks: mysql.yml + when: sympa_db_type == 'MySQL' or sympa_db_type == 'mysql' + tags: mysql -- name: "Set dbconfig-install to no" +- name: PostgreSQL configuration + include_tasks: postgresql.yml + when: sympa_db_type == 'PostgreSQL' or sympa_db_type == 'Pg' + tags: postgresql + +- name: Set debconf options for sympa debconf: - name: sympa - question: sympa/dbconfig-install - value: no - vtype: boolean - changed_when: false - -- name: Create a new database with name '{{ sympa_db_name }}' - mysql_db: - name: "{{ sympa_db_name }}" - encoding: utf8 - -- name: Create DB user '{{ sympa_db_user }}' - mysql_user: - name: "{{ sympa_db_user }}" - password: "{{ sympa_db_password | mandatory }}" - priv: '{{ sympa_db_name }}.*:ALL,GRANT' - no_log: True + name: "{{ item.name }}" + question: "{{ item.question }}" + value: "{{ item.value }}" + vtype: "{{ item.vtype }}" + loop: + ## set the database type + - { name: 'sympa', question: 'sympa/database-type', value: '{{ sympa_db_type }}' , vtype: select } + ## This Ansible role configures the database, not dbconfig at sympa package installation + - { name: 'sympa', question: 'sympa/dbconfig-install', value: 'false' , vtype: boolean } + ## Set the sympa database name + - { name: 'sympa', question: 'sympa/db/dbname', value: '{{ sympa_db_name }}' , vtype: string } + ## Set the sympa database user + - { name: 'sympa', question: 'sympa/db/app-user', value: '{{ sympa_db_user }}' , vtype: string } + ## Use the localhost for database (and not a distant host to define) + - { name: 'sympa', question: 'sympa/remote/host', value: 'localhost' , vtype: select } + ## Set the webserver type + - { name: 'sympa', question: 'wwsympa/webserver_type', value: '{{ sympa_webserver_type }}' , vtype: select } + - name: Create sympa dir file: @@ -51,6 +58,7 @@ name: - sympa - fcgiwrap + state: latest - name: Fix permissions file: @@ -173,3 +181,5 @@ minute: "0" hour: "2" job: "/usr/lib/sympa/bin/sympa.pl --reload_list_config" + +... diff --git a/tasks/mysql.yml b/tasks/mysql.yml new file mode 100644 index 0000000..feb20d1 --- /dev/null +++ b/tasks/mysql.yml @@ -0,0 +1,52 @@ +--- +## MySQL configuration for sympa + +- name: Check MySQL installation + block: + - name: Gather installed packages + package_facts: + manager: auto + + - name: Check if mysql server package is installed + assert: + that: > + ansible_facts.packages['default-mysql-server'] is defined or + ansible_facts.packages['mysql-server'] is defined or + ansible_facts.packages['mariadb-server-10.1'] is defined + ## The last condition could be replaced by a jinja2 json_query filter to match any version + fail_msg: "No mysql package found. We stop, because we can't install sympa without its database. Sorry." + success_msg: "mysql package found. We can continue!" + when: not sympa_install_db_package + +- name: Install MySQL packages + apt: + name: + - default-mysql-server + - python-dev + - default-libmysqlclient-dev + state: present + when: sympa_install_db_package + +- name: Install pip, if not yet installed + apt: + name: python-pip + state: present + +- name: install mysqlclient pip module, if not yet installed + pip: + name: mysqlclient + state: present + +- name: Create a new database with name '{{ sympa_db_name }}' + mysql_db: + name: "{{ sympa_db_name }}" + encoding: utf8 + +- name: Create DB user '{{ sympa_db_user }}' + mysql_user: + name: "{{ sympa_db_user }}" + password: "{{ sympa_db_password | mandatory }}" + priv: '{{ sympa_db_name }}.*:ALL,GRANT' + no_log: True + +... diff --git a/tasks/postgresql.yml b/tasks/postgresql.yml new file mode 100644 index 0000000..f9699d0 --- /dev/null +++ b/tasks/postgresql.yml @@ -0,0 +1,63 @@ +--- +## PostgreSQL installation and configuration for sympa + +- name: Check PostgreSQL installation + block: + - name: Gather installed packages + package_facts: + manager: auto + + - name: Check if postgresql server package is installed + assert: + that: ansible_facts.packages['postgresql'] is defined + fail_msg: "No postgresql package found. We stop, because we can't install sympa without its database. Sorry." + success_msg: "postgresql package found. We can continue!" + when: not sympa_install_db_package + +- name: Install PostgreSQL + apt: + state: present + update_cache: yes + cache_valid_time: 3600 + name: + - postgresql + - postgresql-contrib + - libpq-dev + - python-psycopg2 + - dbconfig-pgsql + when: sympa_install_db_package + tags: postgresql + +- name: Create sympa database + become: true + become_user: postgres + postgresql_db: + name: "{{ sympa_db_name }}" + encoding: UTF-8 + lc_collate: es_UY.UTF-8 + lc_ctype: es_UY.UTF-8 + template: template0 + state: present + tags: postgresql + +- name: Create sympa user with access to the database + become: true + become_user: postgres + postgresql_user: + db: "{{ sympa_db_name }}" + name: "{{ sympa_db_user }}" + password: "{{ sympa_db_password | mandatory }}" + priv: ALL + state: present + + +## Debconf keys for sympa database + +- name: Set password debconf option for Sympa PostgreSQL database + debconf: + name: sympa + question: sympa/pgsql/app-pass + value: "{{ sympa_db_password | mandatory }}" + vtype: password + +... diff --git a/templates/sympa.conf.j2 b/templates/sympa.conf.j2 index 3dea6f0..95f64b9 100644 --- a/templates/sympa.conf.j2 +++ b/templates/sympa.conf.j2 @@ -283,7 +283,7 @@ parsed_family_files {{ sympa_parsed_family_files }} ## db_type ## Type of the database (mysql|Pg|Oracle|Sybase|SQLite) ## Be careful to the case -db_type mysql +db_type {{ sympa_db_type }} ## db_name ## Name of the database