From 1e779e283e7721963dbd9fa94514d764d09d582f Mon Sep 17 00:00:00 2001 From: "Jorge E. Gomez" Date: Wed, 16 Dec 2020 14:24:52 -0500 Subject: [PATCH] Initial version copied from Odoo8 role --- README.md | 39 ++ hosts | 1 + local.yml | 5 + roles/odoo/files/custom_502.html | 363 ++++++++++++++++++ roles/odoo/files/logrotate | 11 + roles/odoo/files/nginx.conf | 73 ++++ .../odoo/files/remove_remote_connections.sql | 34 ++ roles/odoo/files/systemd_unit | 16 + roles/odoo/tasks/main.yml | 147 +++++++ roles/odoo/templates/odoo.conf.j2 | 47 +++ roles/odoo/vars/main/main.yml | 39 ++ roles/odoo/vars/vault.yml | 7 + 12 files changed, 782 insertions(+) create mode 100644 README.md create mode 100644 hosts create mode 100644 local.yml create mode 100644 roles/odoo/files/custom_502.html create mode 100644 roles/odoo/files/logrotate create mode 100644 roles/odoo/files/nginx.conf create mode 100644 roles/odoo/files/remove_remote_connections.sql create mode 100644 roles/odoo/files/systemd_unit create mode 100644 roles/odoo/tasks/main.yml create mode 100644 roles/odoo/templates/odoo.conf.j2 create mode 100644 roles/odoo/vars/main/main.yml create mode 100644 roles/odoo/vars/vault.yml diff --git a/README.md b/README.md new file mode 100644 index 0000000..f52d76a --- /dev/null +++ b/README.md @@ -0,0 +1,39 @@ +# Ansible role that configures Odoo 14 in a server or container + +To be used with Ansible-pull, typically called from a LXD profile in this way: +```yaml +config: + user.vendor-data: | + #cloud-config + package_upgrade: true + packages: + - python3-pip + - python3-venv + users: + - name: root + ssh-import-id: gh:jorgeegomez + write_files: + - encoding: gzip + owner: root:root + path: /root/.ssh/id_ed25519 + permissions: '0600' + content: !!binary | + H4sICCW ... 🔒 gzipped and base64-encoded private key, registered as + deploy key in Gitea, in both the odoo_running_code and + ansible-role-odoo8container repos. ... AAA== + - encoding: gzip + owner: root:root + path: /root/.ssh/id_ed25519.pub + permissions: '0644' + content: !!binary | + H4sICCW ... 🔒 gzipped and base64-encoded corresponding public key ... AAA== + - encoding: gzip + owner: root:root + path: /root/.ssh/known_hosts + permissions: '0644' + content: !!binary | + H4sICPS ... 🔒 gzipped and base64-encoded host key for gitea ... AAA== + runcmd: + - [ ansible-pull, -U, "ssh://git@gitea.agofer.net:22001/jegomez/ansible-role-odoo14-lxd.git" ] +description: LXD profile for Odoo 14 +``` diff --git a/hosts b/hosts new file mode 100644 index 0000000..2302eda --- /dev/null +++ b/hosts @@ -0,0 +1 @@ +localhost ansible_connection=local diff --git a/local.yml b/local.yml new file mode 100644 index 0000000..864fe39 --- /dev/null +++ b/local.yml @@ -0,0 +1,5 @@ +- hosts: localhost + gather_facts: yes + user: root + roles: + - odoo diff --git a/roles/odoo/files/custom_502.html b/roles/odoo/files/custom_502.html new file mode 100644 index 0000000..2351e6d --- /dev/null +++ b/roles/odoo/files/custom_502.html @@ -0,0 +1,363 @@ + + + +Error 502 + + + +
+
+

Error

+

502

+

Falla en la aplicación

+
+
+
+
+
+
+
+
+
+
+
+
+
    +
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
    +
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
    +
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
    +
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
    +
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
    +
+
+
+
+
+
+
+ +
+ + diff --git a/roles/odoo/files/logrotate b/roles/odoo/files/logrotate new file mode 100644 index 0000000..c5bad7f --- /dev/null +++ b/roles/odoo/files/logrotate @@ -0,0 +1,11 @@ +/var/log/odoo/*.log { + daily + dateext + dateyesterday + rotate 30 + compress + delaycompress + copytruncate + missingok + notifempty +} diff --git a/roles/odoo/files/nginx.conf b/roles/odoo/files/nginx.conf new file mode 100644 index 0000000..7570f4f --- /dev/null +++ b/roles/odoo/files/nginx.conf @@ -0,0 +1,73 @@ +upstream odoo8 { + server 127.0.0.1:8090 weight=1 fail_timeout=0; +} + +upstream odoo8-im { + server 127.0.0.1:8082 weight=1 fail_timeout=0; +} + +server { + # server port and name + listen 80; + server_name _; + + # Specifies the maximum accepted body size of a client request, + # as indicated by the request header Content-Length. + client_max_body_size 200m; + + ssl off; + + # increase proxy buffer to handle some Odoo web requests + proxy_buffers 16 64k; + proxy_buffer_size 128k; + # force timeouts if the backend dies + proxy_connect_timeout 180m; + proxy_send_timeout 180m; + proxy_read_timeout 180m; + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; + + gzip on; + gzip_min_length 1100; + gzip_buffers 4 32k; + gzip_types text/plain application/x-javascript text/xml text/css; + gzip_vary on; + + # set headers + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; + + # by default, do not forward anything + proxy_redirect off; + proxy_buffering off; + + error_page 502 /custom_502.html; + + location = /custom_502.html { + root /usr/share/nginx/html; + internal; + } + + location / { + proxy_pass http://odoo8; + } + + location /longpolling { + proxy_pass http://odoo8-im; + } + + # Cache some static data in memory for 2 hours. + # Under heavy load this should relieve stress on the Odoo web interface + location /web/static/ { + proxy_cache_valid 200 120m; + proxy_buffering on; + expires 864000; + proxy_pass http://odoo8; + } + location /website/static/ { + proxy_cache_valid 200 120m; + proxy_buffering on; + expires 864000; + proxy_pass http://odoo8; + } +} diff --git a/roles/odoo/files/remove_remote_connections.sql b/roles/odoo/files/remove_remote_connections.sql new file mode 100644 index 0000000..061e4e2 --- /dev/null +++ b/roles/odoo/files/remove_remote_connections.sql @@ -0,0 +1,34 @@ +-- Update production Odoo database to delete remote connection servers +-- (email and electronic invoice) and change the password for user sistemas + +UPDATE "res_company" SET "ei_automatic_gen"=false,"ei_ack_folder"='/INVOICE/LAB/800216499/800216499_01/OUT/Acuse_Recibo/',"ei_dian_result_folder"='/INVOICE/LAB/800216499/800216499_01/OUT/Dian_result',"ei_write_folder"='/INVOICE/LAB/800216499/800216499_01/IN/',"ei_automatic_read"=false,"ei_error_folder"='/INVOICE/LAB/800216499/800216499_01/OUT/Error/',"ei_decision_folder"='/INVOICE/LAB/800216499/800216499_01/OUT/Aceptacion_y_rechazo/',"ei_server_type"='test',"xml_automatic_generation"=false,"sftp_url"='fecolab.cen.biz',"ei_voucher_folder"='/INVOICE/LAB/800216499/800216499_01/OUT/Comprobantes/' WHERE id IN (1); + +UPDATE "ir_cron" SET "active"=false WHERE id IN (25); + +UPDATE "ir_cron" SET "active"=false WHERE id IN (27); + +UPDATE "auth_oauth_provider" SET "client_id"='839348907645-51gmj31708h2vuts2sorqh842uhohoce.apps.googleusercontent.com' WHERE id IN (3); + +UPDATE "res_users" SET "password_crypt"='$pbkdf2-sha512$6400$tnYOAUCoNSbkHKMUAmAMgQ$UTwtQj2mGD1KnW5.S7dq0qxMw5M4tuWb2ckr8vB8k7MLrwG5aDyWDA6sLXawE..xrLDjvYrtxgIRvNf97knYVQ' WHERE id IN (5); + +UPDATE "res_users" SET "password"='' WHERE id = 5; + +UPDATE "res_users" SET "share"=false WHERE id = 5; + +delete from wkf_instance where res_id=1 and res_type='fetchmail.server'; + +delete from fetchmail_server where id IN (1); + +delete from wkf_instance where res_id=1 and res_type='ir.mail_server'; + +delete from ir_mail_server where id IN (1); + +delete from wkf_instance where res_id=4 and res_type='ir.mail_server'; + +delete from ir_mail_server where id IN (4); + +delete from wkf_instance where res_id=5 and res_type='ir.mail_server'; + +delete from ir_mail_server where id IN (5); + +delete from ir_model_data where id IN (1576); diff --git a/roles/odoo/files/systemd_unit b/roles/odoo/files/systemd_unit new file mode 100644 index 0000000..fcae4a7 --- /dev/null +++ b/roles/odoo/files/systemd_unit @@ -0,0 +1,16 @@ +[Unit] +Description=Odoo +Requires=postgresql.service +After=network.target postgresql.service + +[Service] +Type=simple +SyslogIdentifier=odoo +PermissionsStartOnly=true +User=odoo +Group=odoo +ExecStart=/home/odoo/.venv/odoo/bin/python /opt/odoo/odoo/odoo-bin -c /etc/odoo/odoo.conf +StandardOutput=journal+console + +[Install] +WantedBy=multi-user.target diff --git a/roles/odoo/tasks/main.yml b/roles/odoo/tasks/main.yml new file mode 100644 index 0000000..ea0a513 --- /dev/null +++ b/roles/odoo/tasks/main.yml @@ -0,0 +1,147 @@ +--- + +- name: Install apt packages + apt: + name: '{{ apt_packages }}' + +- name: Create odoo user + user: + name: odoo + comment: Odoo 14 user + shell: /bin/bash + +- name: Prepare folders for Odoo + file: + path: '{{ item }}' + state: directory + mode: '0755' + owner: odoo + loop: + - /var/log/odoo + - /opt + - /home/odoo/.local/share/Odoo/filestore/agofer + - /home/odoo/src + - /etc/odoo + +- name: Install python packages + pip: + virtualenv: /home/odoo/.venv/odoo + virtualenv_python: python3.8 + name: '{{ python_packages }}' + +- name: Clone current Odoo code + git: + repo: 'ssh://git@gitea.agofer.net:22001/Agofer/odoo14_running_code.git' + dest: /opt + depth: 1 + +- name: Install python requirements for Odoo + pip: + virtualenv: /home/odoo/.venv/odoo + virtualenv_python: python3.8 + requirements: /opt/odoo/odoo/requirements.txt + +- name: Download and install wkhtmltopdf + apt: + deb: https://github.com/wkhtmltopdf/wkhtmltopdf/releases/download/0.12.5/wkhtmltox_0.12.5-1.focal_amd64.deb + +- name: Link wkhtmltopdf scripts + file: + dest: '/usr/bin/{{ item }}' + src: '/usr/local/bin/{{ item }}' + state: link + loop: + - wkhtmltopdf + - wkhtmltoimage + +- name: Create odoo database user + become: true + become_user: postgres + postgresql_user: + name: '{{ item }}' + role_attr_flags: SUPERUSER + loop: + - odoo + - agofer + +- name: Retrieve database backup + synchronize: + mode: pull + compress: no + src: rsync://backups.bogota.agofer/db14/db_odoo_agofer.gz + dest: /home/odoo/db_odoo_agofer.sql.gz + +# name: Uncompress database backup due to Ansible bug +# command: +# cmd: gunzip /home/odoo/db_odoo_agofer.sql.gz +# creates: /home/odoo/db_odoo_agofer.sql + +- name: Create database + become: true + become_user: postgres + postgresql_db: + name: agofer + owner: odoo + +- name: Restore database + become: true + become_user: postgres + postgresql_db: + name: agofer + state: restore + target: /home/odoo/db_odoo_agofer.sql.gz + +- name: Configure Odoo log rotation + copy: + src: logrotate + dest: /etc/logrotate.d/odoo + mode: '0644' + +- name: Configure Nginx + copy: + src: custom_502.html + dest: /etc/nginx/custom_502.html + mode: '0644' + +- copy: + src: nginx.conf + dest: /etc/nginx/sites-available/odoo14 + mode: '0644' + +- file: + state: link + src: /etc/nginx/sites-available/odoo14 + dest: /etc/nginx/sites-enabled/odoo14 + +- file: + state: link + src: /etc/nginx/custom_502.html + dest: /usr/share/nginx/html/custom_502.html + +- file: + state: absent + path: /etc/nginx/sites-enabled/default + +- name: Restart Nginx + systemd: + name: nginx + state: restarted + +- name: Configure Odoo + template: + src: odoo.conf.j2 + dest: /etc/odoo/odoo.conf + mode: '0640' + owner: odoo + group: odoo + +- copy: + src: systemd_unit + dest: /etc/systemd/system/odoo.service + +- name: Enable and restart Odoo service + systemd: + name: odoo + enabled: true + state: started + diff --git a/roles/odoo/templates/odoo.conf.j2 b/roles/odoo/templates/odoo.conf.j2 new file mode 100644 index 0000000..4461ce2 --- /dev/null +++ b/roles/odoo/templates/odoo.conf.j2 @@ -0,0 +1,47 @@ +[options] +#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# Configuracion Odoo 14 para Agofer +#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +; Contrasena para administracion de base de datos: +admin_passwd = {{ adminpass }} +db_user = odoo +db_name = agofer +list_db = True +dbfilter = ^agofer$ +addons_path = /opt/odoo/odoo/addons,/opt/odoo/community/addons,/opt/extended +without_demo = True +test_enable = False +timezone = America/Bogota +unaccent = True + +#----------------------------------------------------------------------------- +# Registro +#----------------------------------------------------------------------------- +# syslog = True +logfile = /var/log/odoo/odoo-server.log +logrotate = False +# ['debug_rpc_answer', 'debug_rpc', 'debug', 'debug_sql', +# 'info', 'warn', 'error', 'critical'] +log_level = warn + +#----------------------------------------------------------------------------- +# Rendimiento +#----------------------------------------------------------------------------- +#osv_memory_age_limit = 0.5 +workers = 4 +limit_time_cpu = 12000 +limit_time_real = 24000 +limit-memory-soft = 8053063680 +limit-memory-hard = 9395240960 + +#----------------------------------------------------------------------------- +# Acceso +#----------------------------------------------------------------------------- +proxy_mode = True +xmlrpcs = False +longpolling_port = 8082 +xmlrpc_port = 8090 +xmlrpc_interface = 127.0.0.1 +netrpc_interface = 127.0.0.1 + diff --git a/roles/odoo/vars/main/main.yml b/roles/odoo/vars/main/main.yml new file mode 100644 index 0000000..56b6871 --- /dev/null +++ b/roles/odoo/vars/main/main.yml @@ -0,0 +1,39 @@ +--- + +adminpass: '{{ vault_adminpass }}' + +apt_packages: + - build-essential + - nginx + - python3-venv + - python3-dev + - libpq-dev + - libxml2-dev + - libxslt1-dev + - libsasl2-dev + - libldap2-dev + - libssl-dev + - libjpeg-dev + - libfreetype6-dev + - zlib1g-dev + - zip + - unzip + - libcups2-dev + - fontconfig + - libjpeg-turbo8 + - libxrender1 + - xfonts-75dpi + - xfonts-base + - libtiff5-dev + - libjpeg8-dev + - libopenjp2-7-dev + - liblcms2-dev + - libwebp-dev + - libharfbuzz-dev + - libfribidi-dev + - libxcb1-dev + +python_packages: + - setuptools + - wheel + - paramiko diff --git a/roles/odoo/vars/vault.yml b/roles/odoo/vars/vault.yml new file mode 100644 index 0000000..782c08c --- /dev/null +++ b/roles/odoo/vars/vault.yml @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +66653830636139353764356363313765383435316164373665356537623563333165646530656130 +6366303863663861623161303639376639323639303633610a393234663539353130653438313433 +64306536383230636331646239313535346135353762383139656162316636393537373139643562 +3034376331353462340a313735323765656562343263313137613630646538653931643730353264 +33383561326633613231363634613839303462373431313130653431656437633861636461393635 +3137386137643535396333636337356631633734383162336333