added rt5 role

d4c6a167 · putro · 968e6c41 · d4c6a167 · d4c6a167 · d4c6a167
Commit d4c6a167 authored 1 year ago by putro
--- a/roles/rt5/defaults/main.yml
+++ b/roles/rt5/defaults/main.yml
+---
+# Value of the $rtname RT config.
+helpdesk_app_name: "{{ domain_public[0] }}"
+# Organization.
+helpdesk_organization: "{{ domain_public[0] }}"
+# Set to the default queue if you so desire.
+# helpdesk_default_queue: helpdesk
+# the following variables are superseded by those set in
+# ai3/prod/group_vars/all/config.yml
+# Set the following to true only once you've run 'in-container
+# helpdesk-rt5 rt-setup-fulltext-index'.
+helpdesk_fulltext_enabled: false
+# Set to true if you have a GPG keyring in
+# credentials_dir/gpg/helpdesk.
+helpdesk_gpg_enabled: false
+# Describe the queues and their associated email addresses.
+#helpdesk_queues:
+#  - name: helpdesk
+#    addr: help@autistici.org
+helpdesk_queues: []
--- a/roles/rt5/files/rt5.cron
+++ b/roles/rt5/files/rt5.cron
+# Disable unwanted notifications.
+MAILTO=""
+PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin
+10 0 * * * root in-container helpdesk-rt5 rt-email-digest -m daily
+12 0 * * 0 root in-container helpdesk-rt5 rt-email-digest -m weekly
+14 * * * * root in-container helpdesk-rt5 rt-email-dashboards
+16 0 * * * root in-container helpdesk-rt5 rt-externalize-attachments
+33 * * * * root in-container helpdesk-rt5 rt-fulltext-indexer --quiet
+49 4 * * * root in-container helpdesk-rt5 rt-clean-sessions --older 3D --skip-user
+20 5 * * * root in-container helpdesk-rt5 rt-shredder --plugin "Tickets=query,LastUpdated < '30 days ago' AND ( Status = 'resolved' OR Status = 'rejected' OR Status = 'deleted');limit,20" --sqldump /tmp/deleted-tickets-`date +\%Y-\%m-\%d_\%H-\%M-\%S`.sql --force >/dev/null 2>&1 && rm /tmp/deleted-tickets*
--- a/roles/rt5/handlers/main.yml
+++ b/roles/rt5/handlers/main.yml
+---
+- listen: restart rt5
+  systemd:
+    name: docker-helpdesk-rt5
+    state: restarted
--- a/roles/rt5/tasks/gpg.yml
+++ b/roles/rt5/tasks/gpg.yml
+---
+- name: Create /etc/rt5/gnupg
+  file:
+    path: /etc/rt5/gnupg
+    state: directory
+    owner: docker-helpdesk
+    group: docker-helpdesk
+    mode: 0700
+# Only install a fresh keyring if it isn't already there: RT4
+# modifies it in place, and we don't have an easy way to say
+# add-a-key-if-it-isnt-there (yet).
+- stat:
+    path: /etc/rt5/gnupg/pubring.kbx
+  register: rt5_pubring
+- name: Copy public keyring
+  copy:
+    src: "{{ credentials_dir }}/gpg/helpdesk/"
+    dest: "/etc/rt5/gnupg/"
+    owner: docker-helpdesk
+    group: docker-helpdesk
+    mode: 0600
+    directory_mode: 0700
+  when: "not rt5_pubring.stat.exists"
--- a/roles/rt5/tasks/main.yml
+++ b/roles/rt5/tasks/main.yml
+---
+- file:
+    path: /etc/rt5
+    state: directory
+- file:
+    path: /var/lib/rt5
+    state: directory
+    owner: docker-helpdesk
+    group: docker-helpdesk
+    mode: 0700
+- template:
+    src: rt5.pm.j2
+    dest: /etc/rt5/rt5.pm
+  notify: restart rt5
+- template:
+    src: sendmail.json.j2
+    dest: /etc/rt5/sendmail.json
+# This is a tiny instance.
+- include_role:
+    name: float-util-mariadb
+  vars:
+    mariadb_instance: rt4
+    mariadb_port: 3337
+    mariadb_metrics_port: 9337
+    mariadb_settings:
+      key_buffer_size: "64M"
+      thread_stack: "192K"
+      sort_buffer_size: "8M"
+      tmp_table_size: "16M"
+      max_heap_table_size: "16M"
+      join_buffer_size: "256K"
+      query_cache_limit: 1048576
+      query_cache_size: "32M"
+      query_cache_type: 1
+      table_open_cache: 128
+      innodb_buffer_pool_size: "128M"
+- name: Create MySQL database
+  mysql_db:
+    name: rt4
+    login_unix_socket: "/var/run/mariadb-rt4/server.sock"
+- name: Setup rt5 MySQL user
+  mysql_user:
+    name: rt4
+    host: "{{ item }}"
+    password: "{{ rt4_mysql_password }}"
+    login_unix_socket: "/var/run/mariadb-rt4/server.sock"
+    priv: "rt4.*:ALL"
+    state: present
+  loop:
+    - localhost
+    - "%"
+- name: Create rt5 SSO session key
+  shell: "dd if=/dev/urandom of=/etc/rt5/sso_session_key bs=32 count=1"
+  args:
+    creates: /etc/rt5/sso_session_key
+- name: Install rt5 cron jobs
+  copy:
+    src: rt5.cron
+    dest: /etc/cron.d/rt5
+- import_tasks: gpg.yml
+  when: helpdesk_gpg_enabled
--- a/roles/rt5/templates/rt5.pm.j2
+++ b/roles/rt5/templates/rt5.pm.j2
+# Set the Organization name and our public URL.
+Set($rtname, '{{ helpdesk_app_name }}');
+Set($WebBaseURL , 'https://helpdesk.autistici.org');
+Set($Organization, '{{ helpdesk_organization }}');
+Set($WebDomain, 'helpdesk.{{ domain_public[0] }}');
+Set($WebPort, 443);
+Set($WebPath, '/rt');
+Set($CanonicalizeRedirectURLs, 1);
+Set($CanonicalizeURLsInFeeds, 1);
+# Queues.
+{% if helpdesk_default_queue is defined %}
+Set($DefaultQueue, '{{ helpdesk_default_queue }}');
+{% endif %}
+# Enable SSO authentication (tells RT to read the authenticated
+# username from the REMOTE_USER environment variable).
+Set($WebRemoteUserAuth, 1);
+Set($WebRemoteUserContinuous, 1);
+Set($WebRemoteUserAutocreate, 1);
+Set($WebFallbackToRTLogin, 0);
+# Security-related parameters that have bad default values.
+Set($RestrictReferrer, 0);
+#Set(%ReferrerComponents, ( '/' => 1, '/index.html' => 1 ));
+Set($WebSecureCookies, 1);
+Set($WebHttpOnlyCookies, 1);
+Set($RestrictLoginReferrer, 1);
+#Set($DisallowExecuteCode, 1);
+Set($Framebusting, 1);
+Set($MessageBoxRichText, undef);
+Set($MaxInlineBody, 10000000);
+Set($PreferRichText, undef);
+# Mailer configuration, with our public conversation and
+# comment addresses. VERP is experimentally enabled.
+Set($NotifyActor, 1);
+Set($CorrespondAddress, 'help@{{ domain_public[0] }}');
+Set($CommentAddress, 'help-comment@{{ domain_public[0] }}');
+Set($SetOutgoingMailFrom, 'help@{{ domain_public[0] }}');
+Set($VERPPrefix, 'help+');
+Set($VERPDomain, '{{ domain_public[0] }}');
+# Default timezone is UTC.
+Set($Timezone, 'UTC');
+# Store attachments on disk.
+Set(%ExternalStorage,
+    Type => 'Disk',
+    Path => '/data/attachments',
+);
+# Database connection parameters.
+Set($DatabaseType, 'mysql');
+Set($DatabaseHost, '127.0.0.1');
+Set($DatabaseRTHost, '127.0.0.1');
+Set($DatabasePort, 3337);
+Set($DatabaseUser, 'rt5');
+Set($DatabaseAdmin, 'rt5');
+Set($DatabasePassword, '{{ rt4_mysql_password }}');
+Set($DatabaseName, 'rt4');
+# Plugins.
+Plugin('RT::Extension::ExtractCustomFieldValues');
+Plugin('RT::Extension::CommandByMail');
+Set(@MailPlugins, qw(Auth::MailFrom Action::CommandByMail));
+Set($CommandByMailGroup, '111');
+{% if helpdesk_fulltext_enabled %}
+Set(%FullTextSearch,
+    Enable     => 1,
+    Indexed    => 1,
+    Table      => 'AttachmentsIndex',
+);
+{% endif %}
+{% if helpdesk_gpg_enabled %}
+Set( %Crypt,
+        RejectOnMissingPrivateKey => 0,
+        RejectOnBadData => 0
+);
+Set(%GnuPG,
+    Enable => 1,
+    OutgoingMessageFormat => 'RFC',
+    GnuPG => '/usr/bin/gpg'
+);
+Set(%GnuPGOptions,
+	'use-agent' => undef,
+	'no-permission-warning' => undef,
+    'homedir' => "/config/gnupg",
+	'passphrase' => '',
+	'trust-model' => 'always',
+	'pinentry-mode' => 'loopback',
+	'keyserver' => 'hkp://keys.openpgp.org',
+	'auto-key-locate' => 'local,keyserver',
+	'keyserver-options' => 'auto-key-retrieve'
+);
+{% endif %}
--- a/roles/rt5/templates/sendmail.json.j2
+++ b/roles/rt5/templates/sendmail.json.j2
+{"smtp_server": "mail-frontend.{{ domain }}:10025"}