Initial version copied from Odoo8 role

README.md

@@ -0,0 +1,39 @@
+# Ansible role that configures Odoo 14 in a server or container
+
+To be used with Ansible-pull, typically called from a LXD profile in this way:
+```yaml
+config:
+  user.vendor-data: |
+    #cloud-config
+    package_upgrade: true
+    packages:
+      - python3-pip
+      - python3-venv
+    users:
+      - name: root
+        ssh-import-id: gh:jorgeegomez
+    write_files:
+      - encoding: gzip
+        owner: root:root
+        path: /root/.ssh/id_ed25519
+        permissions: '0600'
+        content: !!binary |
+          H4sICCW ... 🔒 gzipped and base64-encoded private key, registered as
+                      deploy key in Gitea, in both the odoo_running_code and
+                      ansible-role-odoo8container repos.         ... AAA==
+      - encoding: gzip
+        owner: root:root
+        path: /root/.ssh/id_ed25519.pub
+        permissions: '0644'
+        content: !!binary |
+          H4sICCW ... 🔒 gzipped and base64-encoded corresponding public key ... AAA==
+      - encoding: gzip
+        owner: root:root
+        path: /root/.ssh/known_hosts
+        permissions: '0644'
+        content: !!binary |
+          H4sICPS ... 🔒 gzipped and base64-encoded host key for gitea ... AAA==
+    runcmd:
+      - [ ansible-pull, -U, "ssh://git@gitea.agofer.net:22001/jegomez/ansible-role-odoo14-lxd.git" ]
+description: LXD profile for Odoo 14
+```

hosts

@@ -0,0 +1 @@
+localhost ansible_connection=local

local.yml

@@ -0,0 +1,5 @@
+- hosts: localhost
+  gather_facts: yes
+  user: root
+  roles:
+    - odoo

roles/odoo/files/custom_502.html

@@ -0,0 +1,363 @@
+<!DOCTYPE html>
+<html style="height: 100%">
+<head>
+<title>Error 502</title>
+<style>
+body,
+html {
+    padding: 0;
+    margin: 0;
+    font-family: 'Quicksand', sans-serif;
+    font-weight: 400;
+    overflow: hidden;
+}
+
+.writing {
+    width: 320px;
+    height: 200px;
+    background-color: #3f3f3f;
+    border: 1px solid #bbbbbb;
+    border-radius: 6px 6px 4px 4px;
+    position: relative;
+}
+
+.writing .topbar{
+    position: absolute;
+    width: 100%;
+    height: 12px;
+    background-color: #f1f1f1;
+    border-top-left-radius: 4px;
+    border-top-right-radius: 4px;
+}
+
+.writing .topbar div{
+    height: 6px;
+    width: 6px;
+    border-radius: 50%;
+    margin: 3px;
+    float: left;
+}
+
+.writing .topbar div.green{
+    background-color: #60d060;
+}
+.writing .topbar div.red{
+    background-color: red;
+}
+.writing .topbar div.yellow{
+    background-color: #e6c015;
+}
+
+.writing .code {
+    padding: 15px;
+}
+
+.writing .code ul {
+    list-style: none;
+    margin: 0;
+    padding: 0;
+}
+
+.writing .code ul li {
+    background-color: #9e9e9e;
+    width: 0;
+    height: 7px;
+    border-radius: 6px;
+    margin: 10px 0;
+}
+
+.container {
+    display: -webkit-box;
+    display: -ms-flexbox;
+    display: flex;
+    -webkit-box-align: center;
+        -ms-flex-align: center;
+            align-items: center;
+    -webkit-box-pack: center;
+        -ms-flex-pack: center;
+            justify-content: center;
+    height: 100vh;
+    width: 100%;
+    -webkit-transition: -webkit-transform .5s;
+    transition: -webkit-transform .5s;
+    transition: transform .5s;
+    transition: transform .5s, -webkit-transform .5s;
+}
+
+.stack-container {
+    position: relative;
+    width: 420px;
+    height: 210px;
+    -webkit-transition: width 1s, height 1s;
+    transition: width 1s, height 1s;
+}
+
+.pokeup {
+    -webkit-transition: all .3s ease;
+    transition: all .3s ease;
+}
+
+.pokeup:hover {
+    -webkit-transform: translateY(-10px);
+            transform: translateY(-10px);
+    -webkit-transition: .3s ease;
+    transition: .3s ease;
+}
+
+
+.error {
+    width: 400px;
+    padding: 40px;
+    text-align: center;
+}
+
+.error h1 {
+    font-size: 125px;
+    padding: 0;
+    margin: 0;
+    font-weight: 700;
+}
+
+.error h2 {
+    margin: -30px 0 0 0;
+    padding: 0px;
+    font-size: 47px;
+    letter-spacing: 12px;
+}
+
+.perspec {
+    -webkit-perspective: 1000px;
+            perspective: 1000px;
+}
+
+.writeLine{
+    -webkit-animation: writeLine .4s linear forwards;
+            animation: writeLine .4s linear forwards;
+}
+
+.explode{
+    -webkit-animation: explode .5s ease-in-out forwards;
+            animation: explode .5s ease-in-out forwards;
+}
+
+.card {
+    -webkit-animation: tiltcard .5s ease-in-out 1s forwards;
+            animation: tiltcard .5s ease-in-out 1s forwards;
+    position: absolute;
+}
+
+@-webkit-keyframes tiltcard {
+    0% {
+        -webkit-transform: rotateY(0deg);
+                transform: rotateY(0deg);
+    }
+
+    100% {
+        -webkit-transform: rotateY(-30deg);
+                transform: rotateY(-30deg);
+    }
+}
+
+@keyframes tiltcard {
+    0% {
+        -webkit-transform: rotateY(0deg);
+                transform: rotateY(0deg);
+    }
+
+    100% {
+        -webkit-transform: rotateY(-30deg);
+                transform: rotateY(-30deg);
+    }
+}
+
+@-webkit-keyframes explode {
+    0% {
+        -webkit-transform: translate(0, 0) scale(1);
+                transform: translate(0, 0) scale(1);
+    }
+
+    100% {
+        -webkit-transform: translate(var(--spreaddist), var(--vertdist)) scale(var(--scaledist));
+                transform: translate(var(--spreaddist), var(--vertdist)) scale(var(--scaledist));
+    }
+}
+
+@keyframes explode {
+    0% {
+        -webkit-transform: translate(0, 0) scale(1);
+                transform: translate(0, 0) scale(1);
+    }
+
+    100% {
+        -webkit-transform: translate(var(--spreaddist), var(--vertdist)) scale(var(--scaledist));
+                transform: translate(var(--spreaddist), var(--vertdist)) scale(var(--scaledist));
+    }
+}
+
+@-webkit-keyframes writeLine {
+    0% {
+        width:0;
+    }
+
+    100% {
+        width: var(--linelength);
+    }
+}
+
+@keyframes writeLine {
+    0% {
+        width:0;
+    }
+
+    100% {
+        width: var(--linelength);
+    }
+}
+
+@media screen and (max-width: 1000px) {
+    .container {
+      -webkit-transform: scale(.85);
+              transform: scale(.85);
+    }
+  }
+
+  @media screen and (max-width: 850px) {
+    .container {
+      -webkit-transform: scale(.75);
+              transform: scale(.75);
+    }
+  }
+
+  @media screen and (max-width: 775px) {
+    .container {
+      -ms-flex-wrap: wrap-reverse;
+          flex-wrap: wrap-reverse;
+      -webkit-box-align: inherit;
+          -ms-flex-align: inherit;
+              align-items: inherit;
+    }
+  }
+
+  @media screen and (max-width: 370px) {
+    .container {
+        -webkit-transform: scale(.6);
+                transform: scale(.6);
+      }
+  }
+</style>
+</head>
+<body>
+    <div class="container">
+        <div class="error">
+            <h1>Error</h1>
+            <h2>502</h2>
+            <p>Falla en la aplicaci&oacute;n</p>
+        </div>
+        <div class="stack-container">
+            <div class="card-container">
+                <div class="perspec" style="--spreaddist: 125px; --scaledist: .75; --vertdist: -25px;">
+                    <div class="card">
+                        <div class="writing">
+                            <div class="topbar">
+                                <div class="red"></div>
+                                <div class="yellow"></div>
+                                <div class="green"></div>
+                            </div>
+                            <div class="code">
+                                <ul>
+                                </ul>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+            <div class="card-container">
+                <div class="perspec" style="--spreaddist: 100px; --scaledist: .8; --vertdist: -20px;">
+                    <div class="card">
+                        <div class="writing">
+                            <div class="topbar">
+                                <div class="red"></div>
+                                <div class="yellow"></div>
+                                <div class="green"></div>
+                            </div>
+                            <div class="code">
+                                <ul>
+                                </ul>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+            <div class="card-container">
+                <div class="perspec" style="--spreaddist:75px; --scaledist: .85; --vertdist: -15px;">
+                    <div class="card">
+                        <div class="writing">
+                            <div class="topbar">
+                                <div class="red"></div>
+                                <div class="yellow"></div>
+                                <div class="green"></div>
+                            </div>
+                            <div class="code">
+                                <ul>
+                                </ul>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+            <div class="card-container">
+                <div class="perspec" style="--spreaddist: 50px; --scaledist: .9; --vertdist: -10px;">
+                    <div class="card">
+                        <div class="writing">
+                            <div class="topbar">
+                                <div class="red"></div>
+                                <div class="yellow"></div>
+                                <div class="green"></div>
+                            </div>
+                            <div class="code">
+                                <ul>
+                                </ul>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+            <div class="card-container">
+                <div class="perspec" style="--spreaddist: 25px; --scaledist: .95; --vertdist: -5px;">
+                    <div class="card">
+                        <div class="writing">
+                            <div class="topbar">
+                                <div class="red"></div>
+                                <div class="yellow"></div>
+                                <div class="green"></div>
+                            </div>
+                            <div class="code">
+                                <ul>
+                                </ul>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+            <div class="card-container">
+                <div class="perspec" style="--spreaddist: 0px; --scaledist: 1; --vertdist: 0px;">
+                    <div class="card">
+                        <div class="writing">
+                            <div class="topbar">
+                                <div class="red"></div>
+                                <div class="yellow"></div>
+                                <div class="green"></div>
+                            </div>
+                            <div class="code">
+                                <ul>
+                                </ul>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+
+    </div>
+</body>
+</html>

roles/odoo/files/logrotate

@@ -0,0 +1,11 @@
+/var/log/odoo/*.log {
+    daily
+    dateext
+    dateyesterday
+    rotate 30
+    compress
+    delaycompress
+    copytruncate
+    missingok
+    notifempty
+}

roles/odoo/files/nginx.conf

@@ -0,0 +1,73 @@
+upstream odoo8 {
+    server 127.0.0.1:8090 weight=1 fail_timeout=0;
+}
+
+upstream odoo8-im {
+    server 127.0.0.1:8082 weight=1 fail_timeout=0;
+}
+
+server {
+    # server port and name
+    listen 80;
+    server_name _;
+
+    # Specifies the maximum accepted body size of a client request,
+    # as indicated by the request header Content-Length.
+    client_max_body_size 200m;
+
+    ssl off;
+
+    # increase proxy buffer to handle some Odoo web requests
+    proxy_buffers 16 64k;
+    proxy_buffer_size 128k;
+    # force timeouts if the backend dies
+    proxy_connect_timeout 180m;
+    proxy_send_timeout 180m;
+    proxy_read_timeout 180m;
+    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
+
+    gzip on;
+    gzip_min_length 1100;
+    gzip_buffers 4 32k;
+    gzip_types text/plain application/x-javascript text/xml text/css;
+    gzip_vary on;
+
+    # set headers
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
+
+    # by default, do not forward anything
+    proxy_redirect off;
+    proxy_buffering off;
+
+    error_page 502 /custom_502.html;
+
+    location = /custom_502.html {
+        root /usr/share/nginx/html;
+        internal;
+    }
+
+    location / {
+        proxy_pass http://odoo8;
+    }
+
+    location /longpolling {
+        proxy_pass http://odoo8-im;
+    }
+
+    # Cache some static data in memory for 2 hours.
+    # Under heavy load this should relieve stress on the Odoo web interface
+    location /web/static/ {
+        proxy_cache_valid 200 120m;
+        proxy_buffering on;
+        expires 864000;
+        proxy_pass http://odoo8;
+    }
+    location /website/static/ {
+        proxy_cache_valid 200 120m;
+        proxy_buffering on;
+        expires 864000;
+        proxy_pass http://odoo8;
+    }
+}

roles/odoo/files/remove_remote_connections.sql

@@ -0,0 +1,34 @@
+-- Update production Odoo database to delete remote connection servers
+-- (email and electronic invoice) and change the password for user sistemas
+
+UPDATE "res_company" SET "ei_automatic_gen"=false,"ei_ack_folder"='/INVOICE/LAB/800216499/800216499_01/OUT/Acuse_Recibo/',"ei_dian_result_folder"='/INVOICE/LAB/800216499/800216499_01/OUT/Dian_result',"ei_write_folder"='/INVOICE/LAB/800216499/800216499_01/IN/',"ei_automatic_read"=false,"ei_error_folder"='/INVOICE/LAB/800216499/800216499_01/OUT/Error/',"ei_decision_folder"='/INVOICE/LAB/800216499/800216499_01/OUT/Aceptacion_y_rechazo/',"ei_server_type"='test',"xml_automatic_generation"=false,"sftp_url"='fecolab.cen.biz',"ei_voucher_folder"='/INVOICE/LAB/800216499/800216499_01/OUT/Comprobantes/' WHERE id IN (1);
+
+UPDATE "ir_cron" SET "active"=false WHERE id IN (25);
+
+UPDATE "ir_cron" SET "active"=false WHERE id IN (27);
+
+UPDATE "auth_oauth_provider" SET "client_id"='839348907645-51gmj31708h2vuts2sorqh842uhohoce.apps.googleusercontent.com' WHERE id IN (3);
+
+UPDATE "res_users" SET "password_crypt"='$pbkdf2-sha512$6400$tnYOAUCoNSbkHKMUAmAMgQ$UTwtQj2mGD1KnW5.S7dq0qxMw5M4tuWb2ckr8vB8k7MLrwG5aDyWDA6sLXawE..xrLDjvYrtxgIRvNf97knYVQ' WHERE id IN (5);
+
+UPDATE "res_users" SET "password"='' WHERE id = 5;
+
+UPDATE "res_users" SET "share"=false WHERE id = 5;
+
+delete from wkf_instance where res_id=1 and res_type='fetchmail.server';
+
+delete from fetchmail_server where id IN (1);
+
+delete from wkf_instance where res_id=1 and res_type='ir.mail_server';
+
+delete from ir_mail_server where id IN (1);
+
+delete from wkf_instance where res_id=4 and res_type='ir.mail_server';
+
+delete from ir_mail_server where id IN (4);
+
+delete from wkf_instance where res_id=5 and res_type='ir.mail_server';
+
+delete from ir_mail_server where id IN (5);
+
+delete from ir_model_data where id IN (1576);

roles/odoo/files/systemd_unit

@@ -0,0 +1,16 @@
+[Unit]
+Description=Odoo
+Requires=postgresql.service
+After=network.target postgresql.service
+
+[Service]
+Type=simple
+SyslogIdentifier=odoo
+PermissionsStartOnly=true
+User=odoo
+Group=odoo
+ExecStart=/home/odoo/.venv/odoo/bin/python /opt/odoo/odoo/odoo-bin -c /etc/odoo/odoo.conf
+StandardOutput=journal+console
+
+[Install]
+WantedBy=multi-user.target

roles/odoo/tasks/main.yml

@@ -0,0 +1,147 @@
+---
+
+- name: Install apt packages
+  apt:
+    name: '{{ apt_packages }}'
+
+- name: Create odoo user
+  user:
+    name: odoo
+    comment: Odoo 14 user
+    shell: /bin/bash
+
+- name: Prepare folders for Odoo
+  file:
+    path: '{{ item }}'
+    state: directory
+    mode: '0755'
+    owner: odoo
+  loop:
+    - /var/log/odoo
+    - /opt
+    - /home/odoo/.local/share/Odoo/filestore/agofer
+    - /home/odoo/src
+    - /etc/odoo
+
+- name: Install python packages
+  pip:
+    virtualenv: /home/odoo/.venv/odoo
+    virtualenv_python: python3.8
+    name: '{{ python_packages }}'
+
+- name: Clone current Odoo code
+  git:
+    repo: 'ssh://git@gitea.agofer.net:22001/Agofer/odoo14_running_code.git'
+    dest: /opt
+    depth: 1
+
+- name: Install python requirements for Odoo
+  pip:
+    virtualenv: /home/odoo/.venv/odoo
+    virtualenv_python: python3.8
+    requirements: /opt/odoo/odoo/requirements.txt
+
+- name: Download and install wkhtmltopdf
+  apt:
+    deb: https://github.com/wkhtmltopdf/wkhtmltopdf/releases/download/0.12.5/wkhtmltox_0.12.5-1.focal_amd64.deb
+
+- name: Link wkhtmltopdf scripts
+  file:
+    dest: '/usr/bin/{{ item }}'
+    src: '/usr/local/bin/{{ item }}'
+    state: link
+  loop:
+    - wkhtmltopdf
+    - wkhtmltoimage
+
+- name: Create odoo database user
+  become: true
+  become_user: postgres
+  postgresql_user:
+    name: '{{ item }}'
+    role_attr_flags: SUPERUSER
+  loop:
+    - odoo
+    - agofer
+
+- name: Retrieve database backup
+  synchronize:
+    mode: pull
+    compress: no
+    src: rsync://backups.bogota.agofer/db14/db_odoo_agofer.gz
+    dest: /home/odoo/db_odoo_agofer.sql.gz
+
+# name: Uncompress database backup due to Ansible bug
+# command:
+#   cmd: gunzip /home/odoo/db_odoo_agofer.sql.gz
+#   creates: /home/odoo/db_odoo_agofer.sql
+
+- name: Create database
+  become: true
+  become_user: postgres
+  postgresql_db:
+    name: agofer
+    owner: odoo
+
+- name: Restore database
+  become: true
+  become_user: postgres
+  postgresql_db:
+    name: agofer
+    state: restore
+    target: /home/odoo/db_odoo_agofer.sql.gz
+
+- name: Configure Odoo log rotation
+  copy:
+    src: logrotate
+    dest: /etc/logrotate.d/odoo
+    mode: '0644'
+
+- name: Configure Nginx
+  copy:
+    src: custom_502.html
+    dest: /etc/nginx/custom_502.html
+    mode: '0644'
+
+- copy:
+    src: nginx.conf
+    dest: /etc/nginx/sites-available/odoo14
+    mode: '0644'
+
+- file:
+    state: link
+    src: /etc/nginx/sites-available/odoo14
+    dest: /etc/nginx/sites-enabled/odoo14
+
+- file:
+    state: link
+    src: /etc/nginx/custom_502.html
+    dest: /usr/share/nginx/html/custom_502.html
+
+- file:
+    state: absent
+    path: /etc/nginx/sites-enabled/default
+
+- name: Restart Nginx
+  systemd:
+    name: nginx
+    state: restarted
+
+- name: Configure Odoo
+  template:
+    src: odoo.conf.j2
+    dest: /etc/odoo/odoo.conf
+    mode: '0640'
+    owner: odoo
+    group: odoo
+
+- copy:
+    src: systemd_unit
+    dest: /etc/systemd/system/odoo.service
+
+- name: Enable and restart Odoo service
+  systemd:
+    name: odoo
+    enabled: true
+    state: started
+

roles/odoo/templates/odoo.conf.j2

@@ -0,0 +1,47 @@
+[options]
+#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# Configuracion Odoo 14 para Agofer
+#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+; Contrasena para administracion de base de datos:
+admin_passwd = {{ adminpass }}
+db_user = odoo
+db_name = agofer
+list_db = True
+dbfilter = ^agofer$
+addons_path = /opt/odoo/odoo/addons,/opt/odoo/community/addons,/opt/extended
+without_demo = True
+test_enable = False
+timezone = America/Bogota
+unaccent = True
+
+#-----------------------------------------------------------------------------
+# Registro
+#-----------------------------------------------------------------------------
+# syslog = True
+logfile = /var/log/odoo/odoo-server.log
+logrotate = False
+# ['debug_rpc_answer', 'debug_rpc', 'debug', 'debug_sql',
+#  'info', 'warn', 'error', 'critical']
+log_level = warn
+
+#-----------------------------------------------------------------------------
+# Rendimiento
+#-----------------------------------------------------------------------------
+#osv_memory_age_limit = 0.5
+workers = 4
+limit_time_cpu = 12000
+limit_time_real = 24000
+limit-memory-soft = 8053063680
+limit-memory-hard = 9395240960
+
+#-----------------------------------------------------------------------------
+# Acceso
+#-----------------------------------------------------------------------------
+proxy_mode = True
+xmlrpcs = False
+longpolling_port = 8082
+xmlrpc_port = 8090
+xmlrpc_interface = 127.0.0.1
+netrpc_interface = 127.0.0.1
+

roles/odoo/vars/main/main.yml

@@ -0,0 +1,39 @@
+---
+
+adminpass: '{{ vault_adminpass }}'
+
+apt_packages:
+  - build-essential
+  - nginx
+  - python3-venv
+  - python3-dev
+  - libpq-dev
+  - libxml2-dev
+  - libxslt1-dev
+  - libsasl2-dev
+  - libldap2-dev
+  - libssl-dev
+  - libjpeg-dev
+  - libfreetype6-dev
+  - zlib1g-dev
+  - zip
+  - unzip
+  - libcups2-dev
+  - fontconfig
+  - libjpeg-turbo8
+  - libxrender1
+  - xfonts-75dpi
+  - xfonts-base
+  - libtiff5-dev
+  - libjpeg8-dev
+  - libopenjp2-7-dev
+  - liblcms2-dev
+  - libwebp-dev
+  - libharfbuzz-dev
+  - libfribidi-dev
+  - libxcb1-dev
+
+python_packages:
+  - setuptools
+  - wheel
+  - paramiko

roles/odoo/vars/vault.yml

@@ -0,0 +1,7 @@
+$ANSIBLE_VAULT;1.1;AES256
+66653830636139353764356363313765383435316164373665356537623563333165646530656130
+6366303863663861623161303639376639323639303633610a393234663539353130653438313433
+64306536383230636331646239313535346135353762383139656162316636393537373139643562
+3034376331353462340a313735323765656562343263313137613630646538653931643730353264
+33383561326633613231363634613839303462373431313130653431656437633861636461393635
+3137386137643535396333636337356631633734383162336333