├── .ansible-lint ├── .gitignore ├── .travis.yml ├── .yamllint ├── LICENSE ├── README.md ├── defaults └── main.yml ├── handlers └── main.yml ├── meta └── main.yml ├── tasks ├── letsencrypt.yml ├── main.yml ├── mongodb.yml ├── nginx.yml ├── nodejs.yml └── upgrade.yml ├── templates ├── mongod.conf.j2 ├── nginx.conf.j2 ├── rocket_chat.conf.j2 ├── rocketchat.service.j2 ├── rocketchat@.service.j2 ├── rocketchat_upstart.j2 └── ssl.inc.j2 ├── tests ├── Dockerfile.centos-7 ├── Dockerfile.debian-buster ├── Dockerfile.debian-jessie ├── Dockerfile.debian-stretch ├── Dockerfile.ubuntu-14.04 ├── Dockerfile.ubuntu-16.04 ├── Dockerfile.ubuntu-18.04 ├── Vagrantfile ├── ansible.cfg ├── dhparam_INSECURE.pem ├── provision.yml └── travis.yml └── vars ├── Debian.yml ├── Debian_10.yml ├── Debian_8.yml ├── Debian_9.yml ├── Fedora_2x.yml ├── RedHat.yml ├── RedHat_7.yml ├── Ubuntu.yml ├── Ubuntu_14.yml ├── Ubuntu_16.yml ├── Ubuntu_18.yml └── main.yml /.ansible-lint: -------------------------------------------------------------------------------- 1 | exclude_paths: [] 2 | parseable: true 3 | quiet: true 4 | skip_list: [305] 5 | use_default_rules: true 6 | verbosity: 1 7 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | tests/.vagrant/ 2 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | os: linux 3 | dist: xenial 4 | 5 | env: 6 | - distribution: centos 7 | version: 7 8 | 9 | - distribution: debian 10 | version: stretch 11 | 12 | # - distribution: debian 13 | # version: jessie 14 | 15 | - distribution: debian 16 | version: buster 17 | 18 | - distribution: ubuntu 19 | version: 14.04 20 | 21 | - distribution: ubuntu 22 | version: 16.04 23 | 24 | - distribution: ubuntu 25 | version: 18.04 26 | 27 | # - distribution: ubuntu 28 | # version: 20.04 29 | 30 | services: 31 | - docker 32 | 33 | before_install: 34 | - 'sudo docker pull ${distribution}:${version}' 35 | - 'sudo docker build --no-cache --rm --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' 36 | 37 | script: 38 | - container_id=$(mktemp) 39 | - 'sudo docker run --detach --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro --volume="${PWD}":/etc/ansible/roles/Rocket.Chat.Ansible:ro ${distribution}-${version}:ansible > "${container_id}"' 40 | 41 | # Verify Ansible is available in the container. 42 | - sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible --version 43 | 44 | # Verify Ansible Scripts 45 | - 'sudo docker exec "$(cat ${container_id})" env ANSIBLE_FORCE_COLOR=1 ansible-playbook -v /etc/ansible/roles/Rocket.Chat.Ansible/tests/travis.yml --syntax-check' 46 | - 'sudo docker exec "$(cat ${container_id})" env ANSIBLE_FORCE_COLOR=1 ansible-playbook -v /etc/ansible/roles/Rocket.Chat.Ansible/tests/travis.yml' 47 | # - > 48 | # sudo docker exec "$(cat ${container_id})" env ANSIBLE_FORCE_COLOR=1 ansible-playbook -v /etc/ansible/roles/Rocket.Chat.Ansible/tests/travis.yml 49 | # | grep -q 'changed=0.*failed=0' 50 | # && (echo 'Idempotence test: pass' && exit 0) 51 | # || (echo 'Idempotence test: fail' && exit 1) 52 | - 'sudo docker rm -f "$(cat ${container_id})"' 53 | 54 | #notifications: 55 | # webhooks: https://galaxy.ansible.com/api/v1/notifications/ 56 | -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- 1 | --- 2 | extends: default 3 | rules: 4 | line-length: 5 | max: 120 6 | level: warning -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2015 Rocket.Chat 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Rocket.Chat [![Ansible Galaxy](https://img.shields.io/badge/galaxy-RocketChat.Server-blue.svg?style=flat)](https://galaxy.ansible.com/RocketChat/Server/) [![Travis-CI](https://travis-ci.org/RocketChat/Rocket.Chat.Ansible.svg?branch=master)](https://travis-ci.org/RocketChat/Rocket.Chat.Ansible) 2 | =========== 3 | Deploy [Rocket.Chat](http://rocket.chat), the ultimate open source web chat platform, with [Ansible](http://ansible.com)! 4 | 5 | Notes 6 | -------- 7 | - `master` has been rebased on `v2.0` and is now the most current code of the role (Instead of it being the 1.9-compatible version.) If you want the latest code, just don't include any version at all and `ansible-galaxy` will pull in the latest tag, or you can include `version: master` to always be current with development. 8 | - `v1.9` users can continue to use tags `v1.9` and `v1.9.0`, and an `ansible_1.9` branch remains, though little if any backports will be made there. 9 | 10 | Features 11 | -------- 12 | - __Optional full stack deployment:__ 13 | Fully deploy [Rocket.Chat](http://rocket.chat), including [MongoDB](http://mongodb.com) & an [Nginx](https://www.nginx.com/) reverse SSL proxy. 14 | Or, deploy [Rocket.Chat](http://rocket.chat) and integrate with your existing [MongoDB](http://mongodb.com) and/or [Nginx](https://www.nginx.com/) instances/deployment methods. 15 | 16 | - __Optional automatic SSL cert generation:__ 17 | Automatically generate SSL certs for HTTPS connectivity via an [Nginx](https://www.nginx.com/) reverse proxy. 18 | Or, deploy your own SSL certs! 19 | 20 | - __Optional automatic upgrades [requires Ansible 2.0]:__ 21 | If a new version of [Rocket.Chat](http://rocket.chat) is released, or if you want to follow development for testing purposes, simply update the `rocket_chat_version` to whichever release you wish to deploy (see [the Rocket.Chat releases page](https://rocket.chat/releaes), set `rocket_chat_automatic_upgrades` to `true` and let this role do the rest! 22 | If there's a change to the code deployed to your [Rocket.Chat](http://rocket.chat) server (either because of a remote change to the `rocket_chat_version` you're following, 'latest' or 'develop' for instance, or because you set a new `rocket_chat_version` to fetch), this role will handle the upgrade and redeployment of the [Rocket.Chat](http://rocket.chat) service, keeping your data in tact. 23 | _Note: This functionality requires Ansible 2.0. See how to fetch the 2.0 version of this role in the [Install from Ansible Galaxy section](#install-the-ansible-20-version-of-this-role)_ 24 | 25 | Supported Platforms 26 | ------------------- 27 | ### Debian 28 | - Strect (9) 29 | - Buster (10) 30 | 31 | ### Ubuntu 32 | - Bionic Beaver: 18.04 LTS 33 | - Xenial: 16.04 LTS 34 | - Trusty: 14.04 LTS 35 | 36 | ### EL (RHEL/CentOS) 37 | - 7 38 | 39 | If you'd like to see your distribution/operating system supported, please [raise an issue](https://github.com/RocketChat/Rocket.Chat.Ansible/issues)! 40 | 41 | Running into problems? 42 | ---------------------- 43 | Please be sure you've read the [FAQ](#faq) and all documentation before raising an issue. 44 | 45 | Role Variables 46 | -------------- 47 | All variables have sane defaults set in [`defaults/main.yml`](defaults/main.yml) 48 | ### Defaults 49 | 50 | | Name | Default Value | Description | 51 | |---------------------------|-----------------------|------------------------------------| 52 | | `rocket_chat_automatic_upgrades` | false | A boolean value that determines whether or not to upgrade Rocket.Chat upon source code changes | 53 | | `rocket_chat_upgrade_backup` | true | A boolean value that determines whether or not to back up the current Rocket.Chat version when upgrading | 54 | | `rocket_chat_upgrade_backup_path` | `"{{ rocket_chat_application_path }}"`| The path to store the back up of Rocket.Chat when `rocket_chat_upgrade_backup` is `true` | 55 | | `rocket_chat_application_path` | `/var/lib/rocket.chat` | The destination on the filesystem to deploy Rocket.Chat to | 56 | | `rocket_chat_version` | `latest` | The version of Rocket.Chat to deploy; see the [Rocket.Chat releases page](https://rocket.chat/releases) for available options | 57 | | `rocket_chat_tarball_remote` | See [`defaults/main.yml`](defaults/main.yml) | The remote URL to fetch the Rocket.Chat tarball from (uses `rocket_chat_version`) | 58 | | `rocket_chat_tarball_sha256sum` | See [`defaults/main.yml`](defaults/main.yml) | The SHA256 hash sum of the Rocket.Chat tarball being fetched | 59 | | `rocket_chat_tarball_fetch_timeout` | 100 | The time (in seconds) before the attempt to fetch the Rocket.Chat tarball fails | 60 | | `rocket_chat_tarball_validate_remote_cert` | true | A boolean value that determines wether or not to validate the SSL certs for the Rocket.Chat tarball remote | 61 | | `rocket_chat_service_user` | `rocketchat` | The name of the user that will run the Rocket.Chat server process | 62 | | `rocket_chat_service_group` | `rocketchat` | The name of the primary group for the `rocket_chat_service_user` user | 63 | | `rocket_chat_service_host` | `"{{ ansible_fqdn }}"` | The FQDN of the Rocket.Chat system | 64 | | `rocket_chat_service_port` | 3000 | The TCP port Rocket.Chat listens on | 65 | | `rocket_chat_service_extra_instances` | `[]` | List of TCP port numbers for additional rocketchat service instances to handle more users on one machine | 66 | | `rocket_chat_node_version` | `4.5.0` | The version of NodeJS to install that `n` understands | 67 | | `rocket_chat_node_prefix` | `/usr/local/n/versions/node/{{ rocket_chat_node_version }}` | The path to the `node` binary directory that n installs | 68 | | `rocket_chat_npm_dist` | `/usr/bin/npm` | The path to the original `npm` binary, before n installs any Node versions | 69 | | `rocket_chat_include_mongodb` | true | A boolean value that determines whether or not to deploy MongoDB | 70 | | `rocket_chat_mongodb_keyserver` | keyserver.ubuntu.com | The GPG key server to use when importing the MongoDB repo key | 71 | | `rocket_chat_mongodb_gpg_key` | `7F0CEB10` | The GPG key fingerprint to import for the MongoDB repo | 72 | | `rocket_chat_mongodb_user` | not used by default | Username to be used when connecting to MongoDB. If you set this, you should also define `rocket_chat_mongodb_password`, otherwise no user/pass is used to connect to MongoDB | 73 | | `rocket_chat_mongodb_password` | not used by default | Password to be used when connecting to MongoDB. If you set this, you should also define `rocket_chat_mongodb_user`, otherwise no user/pass is used to connect to MongoDB | 74 | | `rocket_chat_mongodb_server` | 127.0.0.1 | The IP/FQDN of the MongoDB host | 75 | | `rocket_chat_mongodb_port` | 27017 | The TCP port to contact the MongoDB host host via | 76 | | `rocket_chat_mongodb_database` | rocketchat | The MongoDB database to be used for Rocket.Chat | 77 | | `rocket_chat_mongodb_use_tls` | false | Whether or not to use TLS to connect to the MongoDB DB | 78 | | `rocket_chat_mongodb_packages` | `mongodb` | The name of the MongoDB package(s) to install (differs for different distros - see `vars/`) | 79 | | `rocket_chat_mongodb_config_template` | [`mongod.conf.j2`](templates/mongod.conf.j2) | The `/etc/mongod.conf` template to deploy | 80 | | `rocket_chat_mongodb_org_pkgs` | false | true (Debian/Ubuntu) | Use official MongoDB.org community edition packages or not | 81 | | `rocket_chat_mongodb_org_version` | 3.4 | Version string of official packages to install | 82 | | `rocket_chat_mongodb_service_name` | `mongod` | The name of the systemd service unit and mongodb config file in /etc | 83 | | `rocket_chat_include_nginx`| true | A boolean value that determines whether or not to deploy Nginx | 84 | | `rocket_chat_ssl_generate_certs` | true | A boolean value that determines whether or not to generate the Nginx SSL certs | 85 | | `rocket_chat_ssl_key_path` | `/etc/nginx/rocket_chat.key` | The destination path for the Nginx SSL private key | 86 | | `rocket_chat_ssl_cert_path` | `/etc/nginx/rocket_chat.crt` | The destination path for the Nginx SSL certificate | 87 | | `rocket_chat_ssl_deploy_data` | false | A boolean value that determines whether or not to deploy custom SSL data (cert/key files) | 88 | | `rocket_chat_ssl_key_file` | `~` | If not using SSL cert generation, this is the path to the Nginx SSL private key on the Ansible control node, for deployment | 89 | | `rocket_chat_ssl_cert_file` | `~` | If not using SSL cert generation, this is the path to the Nginx SSL cert on the Ansible control node, for deployment | 90 | | `rocket_chat_nginx_enable_pfs` | true | A boolean value that determines whether or not to enable [PFS](http://en.wikipedia.org/wiki/Perfect_forward_secrecy) when deploying Nginx | 91 | | `rocket_chat_nginx_generate_pfs_key` | true | A boolean value that determines whether or not to generate a PFS key file | 92 | | `rocket_chat_nginx_pfs_key_numbits` | 2048 | Numbits to pass to OpenSSL when generating a PFS key file | 93 | | `rocket_chat_nginx_pfs_key_path` | `/etc/nginx/rocket_chat.pem` | The destination path for the Nginx PFS key file | 94 | | `rocket_chat_nginx_pfs_file` | `~` | If not using PFS key generation, this is the path to the Nginx PFS key on the Ansible control node, for deployment | 95 | | `rocket_chat_nginx_listen_ssl_port` | `443` | The SSL port on which Ngnix listens to | 96 | | `rocket_chat_nginx_listen_port` | `80` | The port on which Ngnix listens to | 97 | 98 | Some variables differ between operating systems/distributions. 99 | These are set in the `vars/` directory, typically in a file named after the distribution. 100 | 101 | ### RHEL/CentOS variables 102 | Set in [`vars/RedHat.yml`](vars/RedHat.yml) 103 | 104 | | Name | Default Value | Description | 105 | |---------------------------|-----------------------|------------------------------------| 106 | | `rocket_chat_dep_packages` | - git | A list of Rocket.Chat dependencies to install | 107 | | | - GraphicsMagick | | 108 | | | - nodejs | | 109 | | | - npm | | 110 | | | - make | | 111 | | `rocket_chat_mongodb_packages` | - mongodb | A list of MongoDB server packages to install | 112 | | | - mongodb-server | | 113 | | `rocket_chat_mongodb_repl_lines` | `'replSet=001-rs'` | The value for the MongoDB replica set | 114 | | `rocket_chat_mongodb_fork` | `true` | A boolean value that sets whether or not to fork the MongoDB server process | 115 | | `rocket_chat_mongodb_pidfile_path` | `/var/run/mongodb/mongodb.pid` | The path to the pidfile for the MongoDB server process | 116 | | `rocket_chat_mongodb_logpath` | `/var/log/mongodb/mongod.log` | The log file path for the MongoDB server | 117 | | `rocket_chat_mongodb_unixsocketprefix` | `/var/run/mongodb` | The path for the MongoDB UNIX socket prefix | 118 | | `rocket_chat_mongodb_dbpath` | `/var/lib/mongodb` | The path for MongoDB to store its databases | 119 | | `rocket_chat_nginx_process_user` | `nginx` | The user for that will be used to spawn the Nginx server process | 120 | 121 | ### RHEL/CentOS 7 variables 122 | Set in [`vars/RedHat_7.yml`](vars/RedHat_7.yml) 123 | 124 | | Name | Default Value | Description | 125 | |---------------------------|-----------------------|------------------------------------| 126 | | `rocket_chat_service_update_command` | `systemctl daemon-reload ; systemctl restart rocketchat` | The command to use to inform the service management system when a service manifest has changed | 127 | | `rocket_chat_service_template` | | | 128 | | ` src` | `rocketchat.service.j2` | The source template to deploy for the Rocket.Chat service manifest | 129 | | ` dest` | `/usr/lib/systemd/system/rocketchat.service` | The destination to deploy the Rocket.Chat service manifest to | 130 | | `rocket_chat_tarball_validate_remote_cert` | false | A boolean value that determines wether or not to validate the SSL certs for the Rocket.Chat tarball remote | 131 | 132 | ### Debian variables 133 | Set in [`vars/Debian.yml`](vars/Debian.yml) 134 | 135 | | Name | Default Value | Description | 136 | |---------------------------|-----------------------|------------------------------------| 137 | | `rocket_chat_dep_packages` | - git | A list of Rocket.Chat dependencies to install | 138 | | | - graphicsmagick | | 139 | | | - nodejs | | 140 | | | - npm | | 141 | | | - make | | 142 | | `rocket_chat_mongodb_packages` | - mongodb-server | A list of MongoDB server packages to install | 143 | | | - mongodb-shell | | 144 | | `rocket_chat_mongodb_repl_lines` | ` replication:` | The value for the MongoDB replica set | 145 | | | ` replSetName: "001-rs"` | | 146 | | `rocket_chat_nginx_process_user` | `www-data` | The user for that will be used to spawn the Nginx server process | 147 | 148 | ### Debian 8 variables 149 | Set in [`vars/Debian_8.yml`](vars/Debian_8.yml) 150 | 151 | | Name | Default Value | Description | 152 | |---------------------------|-----------------------|------------------------------------| 153 | | `rocket_chat_service_update_command` | `systemctl daemon-reload ; systemctl restart rocketchat` | The command to use to inform the service management system when a service manifest has changed | 154 | | `rocket_chat_service_template` | | | 155 | | ` src` | `rocketchat.service.j2` | The source template to deploy for the Rocket.Chat service manifest | 156 | | ` dest` | `/etc/systemd/system/rocketchat.service` | The destination to deploy the Rocket.Chat service manifest to | 157 | | `rocket_chat_mongodb_apt_repo` | `deb http://repo.mongodb.org/apt/debian wheezy/mongodb-org/3.0 main` | The APT repository for MongoDB | 158 | 159 | ### Ubuntu variables 160 | Set in [`vars/Ubuntu.yml`](vars/Ubuntu.yml) 161 | 162 | | Name | Default Value | Description | 163 | |---------------------------|-----------------------|------------------------------------| 164 | | `rocket_chat_dep_packages` | - git | A list of Rocket.Chat dependencies to install | 165 | | | - graphicsmagick | | 166 | | | - nodejs | | 167 | | | - npm | | 168 | | | - make | | 169 | | `rocket_chat_mongodb_packages` | - mongodb-server | A list of MongoDB server packages to install | 170 | | | - mongodb-shell | | 171 | | `rocket_chat_mongodb_repl_lines` | ` replication:` | The value for the MongoDB replica set | 172 | | | ` replSetName: "001-rs"` | | 173 | | `rocket_chat_nginx_process_user` | `www-data` | The user for that will be used to spawn the Nginx server process | 174 | 175 | ### Ubuntu 16 variables 176 | Set in [`vars/Ubuntu_15.yml`](vars/Ubuntu_15.yml) 177 | 178 | | Name | Default Value | Description | 179 | |---------------------------|-----------------------|------------------------------------| 180 | | `rocket_chat_service_update_command` | `systemctl daemon-reload ; systemctl restart rocketchat` | The command to use to inform the service management system when a service manifest has changed | 181 | | `rocket_chat_service_template` | | | 182 | | ` src` | `rocketchat.service.j2` | The source template to deploy for the Rocket.Chat service manifest | 183 | | ` dest` | `/etc/systemd/system/rocketchat.service` | The destination to deploy the Rocket.Chat service manifest to | 184 | | `rocket_chat_mongodb_apt_repo` | `deb http://repo.mongodb.org/apt/debian wheezy/mongodb-org/3.0 main` | The APT repository for MongoDB | 185 | 186 | ### Ubuntu 14 variables 187 | Set in [`vars/Ubuntu_14.yml`](vars/Ubuntu_14.yml) 188 | 189 | | Name | Default Value | Description | 190 | |---------------------------|-----------------------|------------------------------------| 191 | | `rocket_chat_service_update_command` | `initctl reload-configuration ; service rocketchat restart` | The command to use to inform the service management system when a service manifest has changed | 192 | | `rocket_chat_service_template` | | | 193 | | ` src` | `rocketchat_upstart.j2` | The source template to deploy for the Rocket.Chat service manifest | 194 | | ` dest` | `/etc/init/rocketchat.conf` | The destination to deploy the Rocket.Chat service manifest to | 195 | | `rocket_chat_mongodb_apt_repo` | `deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse` | The APT repository for MongoDB | 196 | | `rocket_chat_tarball_validate_remote_cert` | false | A boolean value that determines wether or not to validate the SSL certs for the Rocket.Chat tarball remote | 197 | 198 | 199 | Install this role from Ansible Galaxy 200 | ------------------------------------- 201 | This role is available for download from [Ansible Galaxy](http://galaxy.ansible.com). 202 | To install this role, and track it in your Ansible code-base, use something similar to the following in your [`requirements.yml`](http://docs.ansible.com/ansible/galaxy.html#id8): 203 | 204 | ``` yaml 205 | - src: RocketChat.Server 206 | version: v1.9.0 207 | path: roles/external/ 208 | 209 | ``` 210 | _Note: you must specify `version` as `v1.9.0` if you're still using Ansible 1.9.4_ 211 | 212 | ### Install the Ansible 2.0 version of this role 213 | With the release of Ansible 2.0, this role is officially supported with some performance enhancements and extra features (automatic upgrades, for instance). 214 | To use the Ansible 2.0 version of this role, you can install it using the `ansible-galaxy` command line tool using a `requirements.yml` (both mentioned above) to specify the version you wish to use. 215 | 216 | Here's an example `requirements.yml` file to install via `ansible-galaxy` will fetch the Ansible 2.0 code: 217 | ``` yaml 218 | - src: RocketChat.Server 219 | path: roles/external 220 | ``` 221 | ##### Note: `master` has been rebased on v2.0 and is now the most current code of the role. If you want the latest just don't include any version at all and `ansible-galaxy` will pull in the latest tag, or you can include `version: master` to always be current. 222 | 223 | Example Playbook 224 | ---------------- 225 | 226 | A simple playbook to run this role on all `chat_servers` systems: 227 | ``` yaml 228 | - hosts: chat_servers 229 | roles: 230 | - RocketChat.Server 231 | ``` 232 | 233 | A playbook to deploy Rocket.Chat to `chat_servers` but exclude the deployment of MongoDB and use an external instance. Also permit automatic upgrades of Rocket.Chat (Ansible 2.0 required for `rocket_chat_automatic_upgrades`! See the [Install from Ansible Galaxy secion](#install-the-ansible-20-version-of-this-role)): 234 | ``` yaml 235 | - hosts: chat_servers 236 | 237 | vars: 238 | rocket_chat_automatic_upgrades: true 239 | rocket_chat_include_mongodb: false 240 | rocket_chat_mongodb_server: 10.19.3.24 241 | 242 | roles: 243 | - RocketChat.Server 244 | ``` 245 | 246 | FAQ 247 | --- 248 | - **When I try to deploy using this role, it fails on the `Fetch the Rocket.Chat binary tarball` task** 249 | If deployment fails with a message similar to the following, this is because the role hasn't been updated to reflect the SHA256 hash sum of the latest Rocket.Chat release tarball 250 | ``` 251 | TASK [RocketChat.Server : Fetch the Rocket.Chat binary tarball] **************** 252 | fatal: [chat1]: FAILED! => {"changed": false, "failed": true, "msg": "The checksum for /var/lib/rocket.chat/rocket.chat-latest.tgz did not match e6caca890c86f79595da14398dd3ab0c0d3222932d6a8a1b38c6e5082531acd2; it was 21ef5ee220671e5f514f240d1423514c5780d81d6ffba8720d19660079099925."} 253 | ``` 254 | Right now, maintenance of this variable is a manual process. In the meantime you can simply set this variable's value yourself; via `host_vars`, `group_vars`, `vars` in your playbook, or with `-e` when running `ansible-playbook`, etc. 255 | 256 | Available tags 257 | -------------- 258 | To run a specific set of plays, with the `--tags` flag, the available tags are: 259 | - `vars` 260 | - `build` 261 | - `mongodb` 262 | - `repo` 263 | - `nginx` 264 | - `upgrade` 265 | - `service` 266 | 267 | Management of the Rocket.Chat service 268 | ------------------------------------- 269 | This role will deploy a service named `rocketchat`. 270 | You can use your native service management system to start/stop/reload/restart the service. 271 | 272 | Testing via Vagrant 273 | ------------------- 274 | To test this role, you'll find a `Vagrantfile` and `provision.yml` playbook in the `tests/` directory. 275 | This is, as you might have guessed, for running test deployments via [Vagrant](https://vagrantup.com). 276 | 277 | If you'd like to test some changes, or simply see how the role works/provision a little play Rocket.Chat server locally, 278 | you can `cd` into `tests/` and run `vagrant up` (provided you have Vagrant & VirtualBox installed). 279 | 280 | If you take a look at the `Vagrantfile`, you'll see there's a deployment for each currently supported platform - simply comment out any you don't want to deploy (don't forget their Ansible config at the bottom, either!). 281 | Once deployment is finished, if you want to try Rocket.Chat out, you can visit `http://localhost:4000` in your browser (the port `4000` varies here, based on which platform you're deploying, see the `forwarded_port` value for your platform). 282 | 283 | TODO 284 | ---- 285 | * [ ] Use Let's Encrypt for SSL 286 | 287 | License 288 | ------- 289 | MIT 290 | 291 | Issues/Contributions 292 | -------------------- 293 | Feel free to: 294 | [Raise an issue](https://github.com/RocketChat/Rocket.Chat.Ansible/issues) 295 | [Contribute](https://github.com/RocketChat/Rocket.Chat.Ansible/pulls) 296 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults/main.yml: Defaults for RocketChat.Ansible 3 | rocket_chat_automatic_upgrades: false 4 | rocket_chat_upgrade_backup: true 5 | rocket_chat_upgrade_backup_path: "{{ rocket_chat_application_path }}" 6 | rocket_chat_application_path: /var/lib/rocket.chat 7 | # "latest" implies latest stable here, can be "0.61.2", for example 8 | rocket_chat_version: latest 9 | rocket_chat_tarball_remote: https://releases.rocket.chat/{{ rocket_chat_version }}/download 10 | rocket_chat_tarball_asc_remote: https://releases.rocket.chat/{{ rocket_chat_version }}/asc 11 | # Using the sha256sum is deprecated in favor of GPG verifying 12 | rocket_chat_tarball_sha256sum: 0 13 | rocket_chat_tarball_gpg_key: 0E163286C20D07B9787EBE9FD7F9D0414FD08104 14 | rocket_chat_tarball_gpg_keyserver: ha.pool.sks-keyservers.net 15 | rocket_chat_tarball_check_checksum: false 16 | rocket_chat_tarball_check_pgp: true 17 | rocket_chat_tarball_fetch_timeout: 100 18 | rocket_chat_tarball_validate_remote_cert: true 19 | rocket_chat_pgp_command: gpg2 20 | rocket_chat_service_user: rocketchat 21 | rocket_chat_service_group: rocketchat 22 | rocket_chat_service_host: "{{ ansible_fqdn }}" 23 | rocket_chat_service_port: 3000 24 | rocket_chat_service_environment: {} 25 | rocket_chat_service_extra_instances: [] 26 | rocket_chat_node_version: 12.16.1 27 | rocket_chat_node_prefix: /usr/local/n/versions/node/{{ rocket_chat_node_version }} 28 | rocket_chat_node_path: "{{ rocket_chat_node_prefix }}/bin/node" 29 | rocket_chat_npm_version: 6.14.0 30 | rocket_chat_npm_path: "{{ rocket_chat_node_prefix }}/bin/npm" 31 | rocket_chat_npm_dist: /usr/bin/npm 32 | 33 | # MongoDB settings 34 | rocket_chat_mongodb_packages: mongodb 35 | rocket_chat_mongodb_service_name: mongodb 36 | rocket_chat_mongodb_service_user: mongodb 37 | rocket_chat_include_mongodb: true 38 | rocket_chat_mongodb_keyserver: hkp://keyserver.ubuntu.com:80 39 | rocket_chat_mongodb_gpg_key: 0C49F3730359A14518585931BC711F9BA15703C6 40 | rocket_chat_mongodb_server: 127.0.0.1 41 | rocket_chat_mongodb_port: 27017 42 | rocket_chat_mongodb_config: /etc/mongod.conf 43 | rocket_chat_mongodb_config_template: mongod.conf.j2 44 | # Currently only for Debian/Ubuntu based 45 | rocket_chat_mongodb_org_pkgs: false 46 | rocket_chat_mongodb_org_version: 3.4 47 | # MongoDB connection settings: 48 | rocket_chat_mongodb_database: rocketchat 49 | rocket_chat_mongodb_use_tls: false 50 | rocket_chat_mongodb_user: ~ 51 | rocket_chat_mongodb_password: ~ 52 | 53 | # nginx settings 54 | rocket_chat_include_nginx: true 55 | rocket_chat_ssl_generate_certs: true 56 | rocket_chat_ssl_key_path: /etc/nginx/rocket_chat.key 57 | rocket_chat_ssl_cert_path: /etc/nginx/rocket_chat.crt 58 | rocket_chat_ssl_deploy_data: false 59 | rocket_chat_ssl_key_file: ~ 60 | rocket_chat_ssl_cert_file: ~ 61 | rocket_chat_nginx_enable_pfs: true 62 | rocket_chat_nginx_generate_pfs_key: true 63 | rocket_chat_nginx_pfs_key_numbits: 2048 64 | rocket_chat_nginx_pfs_key_path: /etc/nginx/rocket_chat.pem 65 | rocket_chat_nginx_pfs_file: ~ 66 | rocket_chat_nginx_listen_port: 80 67 | rocket_chat_nginx_listen_ssl_port: 443 68 | 69 | # letsencrypt settings 70 | rocket_chat_include_letsencrypt: false 71 | rocket_chat_letsencrypt_email: ~ 72 | rocket_chat_letsencrypt_account_key: /etc/nginx/acme-tiny_account.key 73 | rocket_chat_letsencrypt_csr: /etc/nginx/acme-tiny_{{ rocket_chat_service_host }}.csr 74 | rocket_chat_letsencrypt_domain: "{{ rocket_chat_service_host }}" 75 | rocket_chat_letsencrypt_acmetiny_path: /opt/acme-tiny 76 | rocket_chat_letsencrypt_wellknown_path: /var/www/letsencrypt 77 | rocket_chat_letsencrypt_ca_cert: https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem 78 | rocket_chat_letsencrypt_force_renew: false 79 | -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers/main.yml: Handlers for RocketChat.Ansible 3 | - name: Reload the Nginx service 4 | service: 5 | name: nginx 6 | state: reloaded 7 | 8 | - name: Restart the MongoDB service 9 | service: 10 | name: "{{ rocket_chat_mongodb_service_name }}" 11 | state: restarted 12 | 13 | - name: Upgrade Rocket.Chat 14 | import_tasks: upgrade.yml 15 | when: ('stat' in rocket_chat_deploy_state) 16 | and (rocket_chat_deploy_state.stat.exists | bool) 17 | tags: upgrade 18 | 19 | - name: Update the Rocket.Chat service configuration 20 | shell: "{{ rocket_chat_service_update_command }}" 21 | when: (rocket_chat_service_update_command is defined) 22 | and (rocket_chat_service_update_command) 23 | 24 | - name: Restart the Rocket.Chat service 25 | service: 26 | name: rocketchat 27 | state: restarted 28 | 29 | - name: Restart the Rocket.Chat@ services 30 | service: 31 | name: "rocketchat@{{ item }}" 32 | state: restarted 33 | with_list: "{{ rocket_chat_service_extra_instances }}" 34 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: 4 | - Calum MacRae 5 | - Michael Goodwin 6 | description: Deploy Rocket.Chat 7 | license: MIT 8 | min_ansible_version: 2.3.0 9 | platforms: 10 | - name: CentOS 11 | versions: 12 | - 7 13 | - name: EL 14 | versions: 15 | - 7 16 | - name: Fedora 17 | versions: 18 | - all 19 | - name: Ubuntu 20 | versions: 21 | - trusty 22 | - xenial 23 | - bionic 24 | - name: Debian 25 | versions: 26 | - buster 27 | - stretch 28 | - buster 29 | galaxy_tags: 30 | - cloud 31 | - database 32 | - database:nosql 33 | - networking 34 | - packaging 35 | - system 36 | - web 37 | - chat 38 | dependencies: [] 39 | -------------------------------------------------------------------------------- /tasks/letsencrypt.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # possibly just copy the script into files and include it w/ the role? 4 | - name: Clone acme-tiny to /opt [Let's Encrypt!] 5 | git: 6 | dest: "{{ rocket_chat_letsencrypt_acmetiny_path }}" 7 | repo: https://github.com/diafygi/acme-tiny.git 8 | force: yes 9 | update: yes 10 | 11 | - name: Ensure letsencrypt well-known dir exists [Let's Encrypt!] 12 | file: 13 | path: "{{ rocket_chat_letsencrypt_wellknown_path }}" 14 | state: directory 15 | owner: "{{ rocket_chat_nginx_process_user }}" 16 | setype: httpd_sys_content_t 17 | recurse: yes 18 | 19 | - name: Restore SELinux contexts for well-know dir [Let's Encrypt!:SELinux] 20 | command: restorecon -R "{{ rocket_chat_letsencrypt_wellknown_path }}" 21 | when: ('status' in ansible_selinux) 22 | and ((ansible_selinux.status | lower) == "enabled") 23 | 24 | - name: Generate acme-tiny Let's Encrypt account key [Let's Encrypt!] 25 | shell: >- 26 | openssl genrsa -out {{ rocket_chat_letsencrypt_account_key }} 4096 27 | args: 28 | creates: "{{ rocket_chat_letsencrypt_account_key }}" 29 | 30 | - name: Check if acme-tiny Let's Encrypt CSR exists [Let's Encrypt!] 31 | stat: 32 | path: "{{ rocket_chat_letsencrypt_csr }}" 33 | register: csr_path 34 | 35 | - name: Generate acme-tiny Let's Encrypt CSR [Let's Encrypt!] 36 | shell: >- 37 | openssl req -new -sha256 -key {{ rocket_chat_ssl_key_path }} 38 | -subj "/CN={{ rocket_chat_letsencrypt_domain | default(rocket_chat_service_host) }}" 39 | -out {{ rocket_chat_letsencrypt_csr }} 40 | register: csr_gen_result 41 | when: 42 | - (key_gen_result is changed) 43 | or (('stat' in csr_path) 44 | and (not (csr_path.stat.exists | bool))) 45 | 46 | - name: Setup script in cron.daily [Let's Encrypt!] 47 | copy: 48 | dest: /etc/cron.monthly/acme-tiny_renew.sh 49 | mode: 0755 50 | content: | 51 | #!/bin/bash 52 | python {{ rocket_chat_letsencrypt_acmetiny_path }}/acme_tiny.py \ 53 | --account-key {{ rocket_chat_letsencrypt_account_key }} \ 54 | --csr {{ rocket_chat_letsencrypt_csr }} \ 55 | --acme-dir {{ rocket_chat_letsencrypt_wellknown_path }} \ 56 | > {{ rocket_chat_ssl_cert_path }} || exit 57 | curl -s {{ rocket_chat_letsencrypt_ca_cert }} \ 58 | >> {{ rocket_chat_ssl_cert_path }} && 59 | nginx -t && nginx -s reload 60 | 61 | - name: Run acme-tiny_renew.sh (first run cert creation) [Let's Encrypt!] 62 | shell: /etc/cron.monthly/acme-tiny_renew.sh 63 | notify: Reload the Nginx service 64 | when: (csr_gen_result is changed) 65 | or (rocket_chat_letsencrypt_force_renew | bool) 66 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks/main.yml: Main tasks for RocketChat.Ansible 3 | 4 | - include_vars: "{{ item }}" 5 | with_first_found: 6 | - "{{ ansible_distribution }}.yml" 7 | - "{{ ansible_os_family }}.yml" 8 | tags: 9 | - vars 10 | - always 11 | 12 | - include_vars: "{{ item }}" 13 | with_first_found: 14 | # Below is for example: Fedora_2x.yml = 20-29 15 | - "{{ ansible_distribution }}_{{ ansible_distribution_major_version[:1] ~ 'x' }}.yml" 16 | - "{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml" 17 | - "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml" 18 | tags: 19 | - vars 20 | - always 21 | 22 | - name: Ensure the Rocket.Chat service group is present 23 | group: 24 | name: "{{ rocket_chat_service_group }}" 25 | state: present 26 | system: true 27 | 28 | - name: Ensure the Rocket.Chat service user is present 29 | user: 30 | comment: Rocket.Chat Service User 31 | name: "{{ rocket_chat_service_user }}" 32 | group: "{{ rocket_chat_service_group }}" 33 | home: "{{ rocket_chat_application_path }}" 34 | createhome: true 35 | shell: /bin/false 36 | state: present 37 | system: true 38 | 39 | - name: Ensure APT cache has been updated recently 40 | apt: 41 | update_cache: yes 42 | cache_valid_time: 3600 43 | when: ((ansible_pkg_mgr | lower) == "apt") 44 | 45 | - name: Install EPEL for RHEL based distros (CentOS/RHEL) 46 | block: 47 | 48 | - name: Ensure the EPEL repository is present 49 | package: 50 | name: epel-release 51 | state: present 52 | 53 | - name: Ensure the EPEL repository GPG key is imported 54 | rpm_key: 55 | key: /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 56 | state: present 57 | 58 | when: ((ansible_distribution | lower) == "centos") 59 | or ((ansible_distribution | lower) == "redhat") 60 | tags: repo 61 | 62 | # https://docs.ansible.com/ansible/latest/become.html#becoming-an-unprivileged-user 63 | - name: Install acl controls 64 | package: 65 | name: acl 66 | state: present 67 | 68 | - name: Check for adequate privilege escalation rights 69 | ping: 70 | become: yes 71 | become_user: "{{ rocket_chat_service_user }}" 72 | ignore_errors: true 73 | register: priv_check_result 74 | - assert: 75 | that: (priv_check_result is succeeded) 76 | msg: > 77 | Check your sudo configuration to ensure that your connecting user 78 | can assume the identities of other users without prompting. 79 | 80 | - name: "Configure /etc/hosts" 81 | lineinfile: 82 | dest: /etc/hosts 83 | line: "{{ item.line }}" 84 | regexp: "{{ item.regexp }}" 85 | insertafter: "{{ item.insertafter | default(omit) }}" 86 | insertbefore: "{{ item.insertbefore | default(omit) }}" 87 | backrefs: "{{ item.backrefs | default(True) }}" 88 | when: ansible_virtualization_type != "docker" 89 | with_items: 90 | - regexp: '^127\.0\.0\.1(.*){{ ansible_nodename }}(.*)' 91 | line: '127.0.0.1 \1 \2' 92 | - regexp: '^127\.0\.0\.1(.*){{ ansible_hostname }}(.*)' 93 | line: '127.0.0.1 \1 \2' 94 | - regexp: '^127\.0\.0\.1[ ]*([^ ].*)[ ]+localhost[ ]+([^ ].*)' 95 | line: '127.0.0.1 localhost \1 \2' 96 | - regexp: '^127\.0\.1\.1' 97 | line: "127.0.1.1 {{ ansible_nodename }} {{ ansible_hostname }}" 98 | insertafter: '^127\.0\.0\.1' 99 | backrefs: no 100 | register: hosts_change_result 101 | 102 | - name: Redefine rocket_chat_dep_packages to add dist specific packages if needed 103 | set_fact: 104 | rocket_chat_dep_packages: 105 | "{{ rocket_chat_dep_packages | union(rocket_chat_dist_specific_packages) | unique }}" 106 | when: 107 | - (rocket_chat_dist_specific_packages is defined) 108 | - (rocket_chat_dist_specific_packages) 109 | 110 | - name: Ensure Rocket.Chat dependencies are installed 111 | package: 112 | name: 113 | "{{ 114 | (ansible_virtualization_type != 'docker') | 115 | ternary( 116 | rocket_chat_dep_packages, 117 | rocket_chat_dep_packages | difference('[\"cron\"]') 118 | ) 119 | }}" 120 | state: present 121 | register: dep_install_result 122 | until: (dep_install_result is succeeded) 123 | retries: 2 124 | tags: packages 125 | 126 | - import_tasks: mongodb.yml 127 | when: (rocket_chat_include_mongodb | bool) 128 | tags: mongodb 129 | 130 | - import_tasks: nodejs.yml 131 | tags: nodejs 132 | 133 | - name: Check to see if this is the initial Rocket.Chat deployment 134 | stat: 135 | path: "{{ rocket_chat_application_path }}/bundle" 136 | register: rocket_chat_deploy_state 137 | 138 | - name: Set the initial Rocket.Chat upgrade status 139 | set_fact: 140 | rocket_chat_upgraded: false 141 | 142 | - name: Setup PGP for verifying the Rocket.Chat tarball 143 | block: 144 | 145 | - name: "Import RochetChat PGP Key from keyserver: {{ rocket_chat_tarball_gpg_keyserver }}" 146 | shell: | 147 | {{ rocket_chat_pgp_command }} \ 148 | --keyserver "{{ rocket_chat_tarball_gpg_keyserver }}" \ 149 | --recv-keys "{{ rocket_chat_tarball_gpg_key }}" 150 | changed_when: "'not changed' not in key_recv_result.stderr" 151 | register: key_recv_result 152 | until: (key_recv_result is succeeded) 153 | retries: 4 154 | 155 | - name: Fetch the Rocket.Chat binary tarball PGP signature 156 | get_url: 157 | url: "{{ rocket_chat_tarball_asc_remote }}" 158 | force: yes 159 | dest: "{{ rocket_chat_application_path }}/rocket.chat-{{ rocket_chat_version }}.asc" 160 | timeout: "{{ rocket_chat_tarball_fetch_timeout }}" 161 | validate_certs: "{{ rocket_chat_tarball_validate_remote_cert }}" 162 | owner: "{{ rocket_chat_service_user }}" 163 | group: "{{ rocket_chat_service_group }}" 164 | register: get_pgp_asc_result 165 | until: (get_pgp_asc_result is succeeded) 166 | retries: 2 167 | when: (rocket_chat_tarball_check_pgp | bool) 168 | tags: pgp 169 | 170 | - name: Fetch the Rocket.Chat binary tarball 171 | get_url: 172 | url: "{{ rocket_chat_tarball_remote }}" 173 | checksum: "{{ (rocket_chat_tarball_check_checksum == false) | ternary(omit, 'sha256: ' + (rocket_chat_tarball_sha256sum|string)) }}" 174 | force: yes 175 | dest: "{{ rocket_chat_application_path }}/rocket.chat-{{ rocket_chat_version }}.tgz" 176 | timeout: "{{ rocket_chat_tarball_fetch_timeout }}" 177 | validate_certs: "{{ rocket_chat_tarball_validate_remote_cert }}" 178 | owner: "{{ rocket_chat_service_user }}" 179 | group: "{{ rocket_chat_service_group }}" 180 | # Temp fix for ansible/ansible#15915 ( Broken include in handlers ) 181 | # https://github.com/ansible/ansible/issues/15915 182 | #notify: Upgrade Rocket.Chat 183 | register: download_result 184 | until: (download_result is succeeded) 185 | retries: 2 186 | changed_when: (download_result is changed) 187 | or (not (rocket_chat_tarball_check_checksum | bool)) 188 | tags: 189 | - download 190 | - pgp 191 | 192 | - name: Verify Rocket.Chat binary tarball with GPG 193 | shell: | 194 | {{ rocket_chat_pgp_command }} \ 195 | --verify rocket.chat-{{ rocket_chat_version }}.asc \ 196 | rocket.chat-{{ rocket_chat_version }}.tgz 197 | args: 198 | chdir: "{{ rocket_chat_application_path }}" 199 | when: (rocket_chat_tarball_check_pgp | bool) 200 | changed_when: false 201 | tags: pgp 202 | 203 | - name: Upgrade Rocket.Chat 204 | include_tasks: upgrade.yml 205 | when: 206 | - ( download_result is changed) 207 | - ('stat' in rocket_chat_deploy_state) 208 | - (rocket_chat_deploy_state.stat.exists | bool) 209 | tags: 210 | - upgrade 211 | 212 | - meta: flush_handlers 213 | 214 | - name: Unpack the Rocket.Chat binary tarball 215 | unarchive: 216 | copy: false 217 | src: "{{ rocket_chat_application_path }}/rocket.chat-{{ rocket_chat_version }}.tgz" 218 | dest: "{{ rocket_chat_application_path }}" 219 | creates: "{{ rocket_chat_application_path }}/bundle" 220 | owner: "{{ rocket_chat_service_user }}" 221 | group: "{{ rocket_chat_service_group }}" 222 | tags: build 223 | 224 | - name: Install Rocket.Chat via NPM 225 | npm: 226 | state: present 227 | path: "{{ rocket_chat_application_path }}/bundle/programs/server" 228 | executable: "{{ rocket_chat_npm_path }}" 229 | production: true 230 | become: true 231 | become_user: "{{ rocket_chat_service_user }}" 232 | environment: 233 | PATH: "{{ rocket_chat_node_prefix }}/bin:{{ ansible_env.PATH }}" 234 | tags: build 235 | 236 | - name: Ensure the Rocket.Chat log file symlink is present [Ubuntu 14] 237 | file: 238 | path: /var/log/rocketchat.log 239 | src: /var/log/upstart/rocketchat.log 240 | state: link 241 | force: yes 242 | when: 243 | - ((ansible_distribution | lower) == "ubuntu") 244 | - ((ansible_distribution_major_version | int) == "14") 245 | tags: build 246 | 247 | - name: Ensure the Rocket.Chat application data permissions are correct 248 | command: >- 249 | chown {{ rocket_chat_service_user }}.{{ rocket_chat_service_group }} 250 | -R {{ rocket_chat_application_path | quote }} 251 | args: 252 | warn: no 253 | tags: build 254 | 255 | - name: Deploy the Rocket.Chat service file 256 | template: 257 | src: "{{ rocket_chat_service_template.src }}" 258 | dest: "{{ rocket_chat_service_template.dest }}" 259 | notify: 260 | - Update the Rocket.Chat service configuration 261 | - Restart the Rocket.Chat service 262 | tags: service 263 | 264 | - name: Deploy the Rocket.Chat@ service file 265 | template: 266 | src: "{{ rocket_chat_service_template_at.src }}" 267 | dest: "{{ rocket_chat_service_template_at.dest }}" 268 | notify: 269 | - Update the Rocket.Chat service configuration 270 | - Restart the Rocket.Chat@ services 271 | tags: service 272 | when: rocket_chat_service_extra_instances 273 | 274 | - meta: flush_handlers 275 | 276 | - name: Stop the Rocket.Chat@ services [UPGRADE] 277 | service: 278 | name: "rocketchat@{{ item }}" 279 | state: restarted 280 | when: (rocket_chat_upgraded | bool) 281 | with_list: "{{ rocket_chat_service_extra_instances }}" 282 | tags: service 283 | 284 | - name: Restart the Rocket.Chat service [UPGRADE] 285 | service: 286 | name: rocketchat 287 | state: restarted 288 | when: (rocket_chat_upgraded | bool) 289 | tags: service 290 | 291 | - name: Ensure the Rocket.Chat service is running/enabled 292 | service: 293 | name: rocketchat 294 | state: started 295 | enabled: true 296 | tags: service 297 | 298 | - name: Ensure the Rocket.Chat@ services are running/enabled 299 | service: 300 | name: "rocketchat@{{ item }}" 301 | state: started 302 | enabled: true 303 | with_list: "{{ rocket_chat_service_extra_instances }}" 304 | tags: service 305 | 306 | - import_tasks: nginx.yml 307 | when: (rocket_chat_include_nginx | bool) 308 | tags: nginx 309 | 310 | - import_tasks: letsencrypt.yml 311 | when: (rocket_chat_include_letsencrypt | bool) 312 | tags: letsencrypt 313 | 314 | - meta: flush_handlers 315 | -------------------------------------------------------------------------------- /tasks/mongodb.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks/mongodb.yml: MongoDB configuration for RocketChat.Ansible 3 | - name: Install Official MongoDB.org packages 4 | block: 5 | 6 | - name: Set official package names 7 | set_fact: 8 | rocket_chat_mongodb_packages: 9 | - mongodb-org 10 | - mongodb-org-server 11 | rocket_chat_mongodb_config: /etc/mongod.conf 12 | 13 | - name: Debian/Ubuntu MongoDB.org official pkgs tasks 14 | block: 15 | 16 | - name: Ensure the MongoDB repository key has been imported [Debian] 17 | apt_key: 18 | keyserver: "{{ rocket_chat_mongodb_keyserver }}" 19 | id: "{{ rocket_chat_mongodb_gpg_key }}" 20 | tags: repo 21 | 22 | - name: Ensure the MongoDB repository is present [Debian] 23 | apt_repository: 24 | repo: "{{ rocket_chat_mongodb_apt_repo }}" 25 | state: present 26 | tags: repo 27 | register: rocket_chat_mongodb_repo_state 28 | 29 | when: 30 | - (rocket_chat_mongodb_apt_repo is defined) 31 | - (rocket_chat_mongodb_apt_repo) 32 | - ((ansible_os_family | lower) == "debian") 33 | 34 | - name: RHEL-based MongoDB.org official pkgs tasks 35 | block: 36 | 37 | - name: Ensure the MongoDB repository key has been imported [RHEL] 38 | rpm_key: 39 | key: "{{ rocket_chat_mongodb_rpm_repo.pgp_key }}" 40 | state: present 41 | tags: repo 42 | 43 | - name: Ensure the MongoDB repository is present [RHEL] 44 | yum_repository: 45 | name: "{{ rocket_chat_mongodb_rpm_repo.name }}" 46 | baseurl: "{{ rocket_chat_mongodb_rpm_repo.baseurl }}" 47 | state: present 48 | description: "{{ rocket_chat_mongodb_rpm_repo.desc }}" 49 | gpgcheck: "{{ rocket_chat_mongodb_rpm_repo.gpgcheck }}" 50 | gpgkey: "{{ rocket_chat_mongodb_rpm_repo.pgp_key }}" 51 | tags: repo 52 | register: rocket_chat_mongodb_repo_state 53 | 54 | when: 55 | - (rocket_chat_mongodb_rpm_repo is defined) 56 | - (rocket_chat_mongodb_rpm_repo) 57 | - ((ansible_os_family | lower) == "redhat") 58 | 59 | when: 60 | - (rocket_chat_mongodb_org_pkgs is defined) 61 | - (rocket_chat_mongodb_org_pkgs | bool) 62 | tags: repo 63 | 64 | - name: Ensure MongoDB Server is installed 65 | package: 66 | name: "{{ rocket_chat_mongodb_packages }}" 67 | state: "{{ (rocket_chat_mongodb_repo_state is changed) | ternary('latest','present') }}" 68 | 69 | - name: Deploy MongoDB service configuration 70 | template: 71 | src: "{{ rocket_chat_mongodb_config_template }}" 72 | dest: "{{ rocket_chat_mongodb_config }}" 73 | notify: Restart the MongoDB service 74 | 75 | - meta: flush_handlers 76 | 77 | - name: Ensure the MongoDB service is started/enabled 78 | service: 79 | name: "{{ rocket_chat_mongodb_service_name }}" 80 | state: started 81 | enabled: yes 82 | 83 | - name: Wait for MongoDB to come online 84 | wait_for: 85 | port: "{{ rocket_chat_mongodb_port }}" 86 | host: "{{ rocket_chat_mongodb_server }}" 87 | state: started 88 | 89 | - name: Ensure the MongoDB replSets have been initiated 90 | shell: >- 91 | mongo --quiet --eval 92 | 'JSON.stringify(rs.initiate({_id:"{{ rocket_chat_mongodb_repl_setname }}", 93 | members: [{"_id":1, "host": 94 | "{{ rocket_chat_mongodb_server }}:{{ rocket_chat_mongodb_port }}"}]}))' 95 | become: yes 96 | become_user: "{{ rocket_chat_mongodb_service_user }}" 97 | args: 98 | executable: /bin/bash 99 | register: replSet_result 100 | changed_when: 101 | - not (replSet_result.stdout is search(' Object')) 102 | - ('ok' in (replSet_result.stdout | from_json)) 103 | - (((replSet_result.stdout | from_json).ok | int) == 1) 104 | 105 | - name: Reset replSet config when /etc/hosts changes 106 | shell: >- 107 | mongo --quiet --eval 108 | 'cfg = rs.conf(); 109 | cfg.members[0].host = "{{ ansible_nodename }}"; 110 | rs.reconfig(cfg, {force: true})' 111 | become: yes 112 | become_user: "{{ rocket_chat_mongodb_service_user }}" 113 | when: 114 | - (hosts_change_result is changed) 115 | - ((replSet_result is undefined) or (not (replSet_result is changed))) 116 | args: 117 | executable: /bin/bash 118 | notify: 119 | - Restart the MongoDB service 120 | -------------------------------------------------------------------------------- /tasks/nginx.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks/nginx.yml: Nginx management tasks for RocketChat.Ansible 3 | 4 | - name: Grant Nginx permissions to proxy requests to an upstream [SELinux] 5 | shell: setsebool httpd_can_network_connect on -P 6 | changed_when: false 7 | when: 8 | - ('status' in ansible_selinux) 9 | - (ansible_selinux.status == "enabled") 10 | 11 | - name: Ensure Nginx is present 12 | package: 13 | name: nginx 14 | state: present 15 | 16 | - name: Check if Nginx was compiled with the HTTP/2 module 17 | shell: nginx -V 2>&1 | grep -q 'with-http_v2_module' 18 | register: nginx_http2_module 19 | changed_when: false 20 | failed_when: false 21 | 22 | - name: Gather the current Nginx version string 23 | shell: nginx -v 2>&1 | awk 'BEGIN{ FS="/" } { print $2 }' 24 | register: nginx_version_string 25 | changed_when: false 26 | failed_when: false 27 | 28 | - name: Deactivate default Nginx site. 29 | file: 30 | path: /etc/nginx/sites-enabled/default 31 | state: absent 32 | notify: Reload the Nginx service 33 | 34 | - name: Deploy Nginx configuration 35 | template: 36 | src: "{{ item.src }}" 37 | dest: "{{ item.dest }}" 38 | with_items: 39 | - src: nginx.conf.j2 40 | dest: /etc/nginx/nginx.conf 41 | - src: ssl.inc.j2 42 | dest: /etc/nginx/conf.d/ssl.inc 43 | - src: rocket_chat.conf.j2 44 | dest: /etc/nginx/conf.d/rocket_chat.conf 45 | notify: Reload the Nginx service 46 | 47 | - name: Ensure provided SSL certs have been deployed 48 | copy: 49 | src: "{{ item.src }}" 50 | dest: "{{ item.dest }}" 51 | when: 52 | - not (rocket_chat_ssl_generate_certs | bool) 53 | - (rocket_chat_ssl_deploy_data | bool) 54 | - (rocket_chat_ssl_key_file is defined) 55 | - (rocket_chat_ssl_cert_file is defined) 56 | - (rocket_chat_ssl_key_file) 57 | - (rocket_chat_ssl_cert_file) 58 | with_items: 59 | - src: "{{ rocket_chat_ssl_key_file }}" 60 | dest: "{{ rocket_chat_ssl_key_path }}" 61 | - src: "{{ rocket_chat_ssl_cert_file }}" 62 | dest: "{{ rocket_chat_ssl_cert_path }}" 63 | notify: Reload the Nginx service 64 | 65 | - name: Ensure SSL certs have been generated 66 | shell: >- 67 | openssl req -x509 -newkey rsa:4096 -nodes 68 | -subj "/CN={{ rocket_chat_service_host }}/ 69 | /C=NA/ST=NA/L=NA/O=NA/OU=NA" 70 | -keyout {{ rocket_chat_ssl_key_path }} 71 | -out {{ rocket_chat_ssl_cert_path }} 72 | -days 3650 73 | when: 74 | - (rocket_chat_include_letsencrypt | bool) 75 | or (rocket_chat_ssl_generate_certs | bool) 76 | args: 77 | creates: "{{ rocket_chat_ssl_key_path }}" 78 | notify: Reload the Nginx service 79 | register: key_gen_result 80 | 81 | - name: Ensure provided PFS key has been deployed 82 | copy: 83 | src: "{{ rocket_chat_nginx_pfs_file }}" 84 | dest: "{{ rocket_chat_nginx_pfs_key_path }}" 85 | when: 86 | - (rocket_chat_nginx_pfs_file is defined) 87 | - (rocket_chat_nginx_pfs_file) 88 | - (rocket_chat_nginx_pfs_file | exists) 89 | notify: Reload the Nginx service 90 | tags: pfs 91 | 92 | - name: Ensure the PFS key has been generated (this can take a while!) 93 | shell: >- 94 | openssl dhparam -out {{ rocket_chat_nginx_pfs_key_path }} 95 | {{ rocket_chat_nginx_pfs_key_numbits }} 96 | when: (rocket_chat_nginx_generate_pfs_key | bool) 97 | args: 98 | creates: "{{ rocket_chat_nginx_pfs_key_path }}" 99 | notify: Reload the Nginx service 100 | tags: pfs 101 | 102 | - name: Ensure the Nginx service is running/enabled 103 | service: 104 | name: nginx 105 | state: started 106 | enabled: true 107 | -------------------------------------------------------------------------------- /tasks/nodejs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Ensure link /bin/node -> /bin/nodejs exists 4 | file: 5 | src: /bin/node 6 | dest: /bin/nodejs 7 | state: link 8 | when: (ansible_os_family | lower == "redhat") 9 | 10 | - name: Check for npm 11 | stat: 12 | path: "{{ rocket_chat_npm_dist }}" 13 | register: dist_npm_bin 14 | 15 | - name: Ensure node-version-manager (n) is installed (NPM) 16 | npm: 17 | name: n 18 | global: true 19 | executable: "{{ rocket_chat_npm_dist }}" 20 | when: ('stat' in dist_npm_bin) 21 | and (dist_npm_bin.stat.exists | bool) 22 | 23 | - name: Bootstrap node-version-manager from GitHub 24 | get_url: 25 | url: https://raw.githubusercontent.com/tj/n/master/bin/n 26 | dest: /usr/bin/n 27 | force: yes 28 | mode: 0755 29 | owner: root 30 | validate_certs: true 31 | become: yes 32 | when: ('stat' in dist_npm_bin) 33 | and (not (dist_npm_bin.stat.exists | bool)) 34 | 35 | - name: Check to see if n has installed the required binaries in {{ rocket_chat_node_prefix }} 36 | stat: 37 | path: "{{ rocket_chat_node_path }}" 38 | register: n_node_bin 39 | 40 | - name: "Install the supported NodeJS environment via n [Version: {{ rocket_chat_node_version }}]" 41 | shell: n {{ rocket_chat_node_version }} 42 | when: ('stat' in n_node_bin) 43 | and (not (n_node_bin.stat.exists | bool)) 44 | 45 | - name: Check to see if the proper npm version has already been installed 46 | command: "{{ rocket_chat_npm_path }} --version" 47 | changed_when: false 48 | register: current_npm_version 49 | 50 | - name: "Install the supported NPM version via npm [Version: {{ rocket_chat_npm_version }}]" 51 | npm: 52 | name: npm 53 | version: "{{ rocket_chat_npm_version }}" 54 | path: "{{ rocket_chat_node_prefix }}/lib" 55 | executable: "{{ rocket_chat_npm_path }}" 56 | environment: 57 | PATH: "{{ rocket_chat_node_prefix }}/bin:{{ ansible_env.PATH }}" 58 | when: (current_npm_version != rocket_chat_npm_version) 59 | -------------------------------------------------------------------------------- /tasks/upgrade.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks/upgrade.yml: Rocket.Chat upgrade procedures for RocketChat.Ansible 3 | 4 | - name: Ensure automatic upgrades are permitted [UPGRADE] 5 | fail: 6 | msg: >- 7 | It doesn't look like you've permitted automatic upgrades. 8 | A new version of Rocket.Chat was released. 9 | To permit automatic upgrades set 'rocket_chat_automatic_upgrades' to true 10 | when: not (rocket_chat_automatic_upgrades | bool) 11 | 12 | - name: Ensure the back up directory exists [UPGRADE] 13 | file: 14 | path: "{{ rocket_chat_upgrade_backup_path }}" 15 | state: directory 16 | when: (rocket_chat_upgrade_backup | bool) 17 | 18 | - name: Back up the current Rocket.Chat instance [UPGRADE] 19 | shell: >- 20 | mv {{ rocket_chat_application_path }}/bundle 21 | {{ rocket_chat_upgrade_backup_path }}/backup_{{ ansible_date_time.date }}_{{ (1000|random|string|hash)[:8] }} 22 | when: (rocket_chat_upgrade_backup | bool) 23 | 24 | - name: Delete the current Rocket.Chat instance [UPGRADE] 25 | file: 26 | path: "{{ rocket_chat_application_path }}/bundle" 27 | state: absent 28 | when: not (rocket_chat_upgrade_backup | bool) 29 | 30 | - name: Set the Rocket.Chat upgrade status [UPGRADE] 31 | set_fact: 32 | rocket_chat_upgraded: true 33 | -------------------------------------------------------------------------------- /templates/mongod.conf.j2: -------------------------------------------------------------------------------- 1 | # mongod.conf 2 | 3 | # for documentation of all options, see: 4 | # http://docs.mongodb.org/manual/reference/configuration-options/ 5 | 6 | {% if rocket_chat_mongodb_fork is defined %} 7 | # whether to fork the process or not 8 | fork = {{ rocket_chat_mongodb_fork }} 9 | {% endif %} 10 | {% if rocket_chat_mongodb_pidfile_path is defined %} 11 | 12 | pidfilepath = {{ rocket_chat_mongodb_pidfile_path }} 13 | {% endif %} 14 | {% if rocket_chat_mongodb_logpath is defined %} 15 | 16 | logpath = {{ rocket_chat_mongodb_logpath }} 17 | {% endif %} 18 | {% if rocket_chat_mongodb_unixsocketprefix is defined %} 19 | 20 | unixSocketPrefix = {{ rocket_chat_mongodb_unixsocketprefix }} 21 | {% endif %} 22 | {% if rocket_chat_mongodb_dbpath is defined %} 23 | 24 | dbpath = {{ rocket_chat_mongodb_dbpath }} 25 | {% endif %} 26 | 27 | {% if ansible_os_family == "Debian" %} 28 | # where and how to store data. 29 | storage: 30 | dbPath: /var/lib/mongodb 31 | journal: 32 | enabled: true 33 | 34 | # where to write logging data. 35 | systemLog: 36 | destination: file 37 | logAppend: true 38 | path: /var/log/mongodb/{{ rocket_chat_mongodb_service_name }}.log 39 | # network interfaces 40 | net: 41 | port: {{ rocket_chat_mongodb_port }} 42 | bindIp: {{ rocket_chat_mongodb_server }} 43 | {% endif %} 44 | 45 | # replication 46 | {{ rocket_chat_mongodb_repl_lines }} 47 | -------------------------------------------------------------------------------- /templates/nginx.conf.j2: -------------------------------------------------------------------------------- 1 | user {{ rocket_chat_nginx_process_user }}; 2 | worker_processes auto; 3 | error_log /var/log/nginx/error.log; 4 | pid /run/nginx.pid; 5 | 6 | events { 7 | worker_connections 1024; 8 | } 9 | 10 | http { 11 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 12 | '$status $body_bytes_sent "$http_referer" ' 13 | '"$http_user_agent" "$http_x_forwarded_for"'; 14 | 15 | access_log /var/log/nginx/access.log main; 16 | 17 | sendfile on; 18 | tcp_nopush on; 19 | tcp_nodelay on; 20 | keepalive_timeout 65; 21 | types_hash_max_size 2048; 22 | 23 | include /etc/nginx/mime.types; 24 | default_type application/octet-stream; 25 | 26 | gzip on; 27 | gzip_vary on; 28 | gzip_http_version 1.1; 29 | gzip_comp_level 9; 30 | gzip_proxied any; 31 | gzip_min_length 1024; 32 | gzip_buffers 16 8k; 33 | gzip_types text/plain text/css text/javascript application/x-javascript application/xml text/xml application/json application/javascript application/xml+rss text/x-js; 34 | gzip_disable "MSIE [1-6].(?!.*SV1)"; 35 | gzip_static on; 36 | 37 | # Load modular configuration files from the /etc/nginx/conf.d directory. 38 | # See http://nginx.org/en/docs/ngx_core_module.html#include 39 | # for more information. 40 | include /etc/nginx/conf.d/*.conf; 41 | } 42 | -------------------------------------------------------------------------------- /templates/rocket_chat.conf.j2: -------------------------------------------------------------------------------- 1 | upstream rocket_chat { 2 | server 127.0.0.1:{{ rocket_chat_service_port }}; 3 | {% for port in rocket_chat_service_extra_instances %} 4 | server 127.0.0.1:{{ port }}; 5 | {% endfor %} 6 | } 7 | server { 8 | {% if ansible_default_ipv6.gateway is defined %} 9 | listen [::]:{{ rocket_chat_nginx_listen_port }} ipv6only=on; 10 | {% endif %} 11 | listen {{ rocket_chat_nginx_listen_port }}; 12 | server_name {{ rocket_chat_service_host }}; 13 | {% if rocket_chat_include_letsencrypt|bool %} 14 | location /.well-known/acme-challenge/ { 15 | alias /var/www/letsencrypt/; 16 | try_files $uri =404; 17 | } 18 | {% endif %} 19 | location / { 20 | return 301 https://$host$request_uri; 21 | } 22 | } 23 | 24 | server { 25 | {% if ansible_default_ipv6.gateway is defined %} 26 | listen [::]:{{ rocket_chat_nginx_listen_ssl_port }} ssl ipv6only=on{% if nginx_http2_module.rc == 0 %} http2{% endif %}; 27 | {% endif %} 28 | listen {{ rocket_chat_nginx_listen_ssl_port }} ssl{% if nginx_http2_module.rc == 0 %} http2{% endif %}; 29 | server_name {{ rocket_chat_service_host }}; 30 | 31 | ssl_certificate {{ rocket_chat_ssl_cert_path }}; 32 | ssl_certificate_key {{ rocket_chat_ssl_key_path }}; 33 | 34 | include conf.d/ssl.inc; 35 | 36 | error_page 497 https://$host:$server_port$request_uri; 37 | location / { 38 | proxy_pass http://rocket_chat; 39 | proxy_http_version 1.1; 40 | proxy_set_header Host $host:$server_port; 41 | proxy_set_header Referer $http_referer; 42 | proxy_set_header X-Real-IP $remote_addr; 43 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 44 | proxy_set_header X-Forwarded-Proto https; 45 | proxy_set_header X-Forwarded-Ssl on; 46 | proxy_set_header X-Nginx-Proxy true; 47 | 48 | proxy_set_header Upgrade $http_upgrade; 49 | proxy_set_header Connection "upgrade"; 50 | 51 | proxy_redirect off; 52 | 53 | proxy_send_timeout 86400; 54 | proxy_read_timeout 86400; 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /templates/rocketchat.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Rocket.Chat Server 3 | After=syslog.target 4 | After=network.target 5 | 6 | [Service] 7 | Type=simple 8 | Restart=always 9 | StandardOutput=syslog 10 | SyslogIdentifier=RocketChat 11 | User={{ rocket_chat_service_user }} 12 | Group={{ rocket_chat_service_group }} 13 | Environment=MONGO_URL=mongodb://{{ rocket_chat_mongodb_URI }} 14 | Environment=MONGO_OPLOG_URL=mongodb://{{ rocket_chat_mongodb_server }}:{{ rocket_chat_mongodb_port }}/local 15 | Environment=ROOT_URL=https://{{ rocket_chat_service_host }} 16 | Environment=PORT={{ rocket_chat_service_port }} 17 | Environment=DEPLOY_PLATFORM=ansible 18 | {% for variable, value in rocket_chat_service_environment.items() %} 19 | Environment={{ variable }}={{ value }} 20 | {% endfor -%} 21 | WorkingDirectory={{ rocket_chat_application_path }} 22 | ExecStart={{ rocket_chat_node_path }} {{ rocket_chat_application_path }}/bundle/main.js 23 | 24 | [Install] 25 | WantedBy=multi-user.target 26 | -------------------------------------------------------------------------------- /templates/rocketchat@.service.j2: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Rocket.Chat Server 3 | After=syslog.target 4 | After=network.target 5 | 6 | [Service] 7 | Type=simple 8 | Restart=always 9 | StandardOutput=syslog 10 | SyslogIdentifier=RocketChat 11 | User={{ rocket_chat_service_user }} 12 | Group={{ rocket_chat_service_group }} 13 | Environment=MONGO_URL=mongodb://{{ rocket_chat_mongodb_URI }} 14 | Environment=MONGO_OPLOG_URL=mongodb://{{ rocket_chat_mongodb_server }}:{{ rocket_chat_mongodb_port }}/local 15 | Environment=ROOT_URL=https://{{ rocket_chat_service_host }} 16 | Environment=PORT=%I 17 | Environment=DEPLOY_PLATFORM=ansible 18 | {% for variable, value in rocket_chat_service_environment.items() %} 19 | Environment={{ variable }}={{ value }} 20 | {% endfor -%} 21 | WorkingDirectory={{ rocket_chat_application_path }} 22 | ExecStart={{ rocket_chat_node_path }} {{ rocket_chat_application_path }}/bundle/main.js 23 | 24 | [Install] 25 | WantedBy=rocketchat.service 26 | -------------------------------------------------------------------------------- /templates/rocketchat_upstart.j2: -------------------------------------------------------------------------------- 1 | #!upstart 2 | # 3 | # Rocket.Chat upstart script 4 | 5 | description "Rocket.Chat Server" 6 | 7 | start on startup 8 | stop on shutdown 9 | 10 | console log 11 | respawn 12 | respawn limit 10 5 13 | 14 | env NODE_BIN_DIR="{{ rocket_chat_node_prefix }}/bin" 15 | env NODE_PATH="/usr/local/lib/node_modules" 16 | env APPLICATION_PATH="{{ rocket_chat_application_path }}/bundle/main.js" 17 | 18 | chdir {{ rocket_chat_application_path }} 19 | setuid {{ rocket_chat_service_user }} 20 | setgid {{ rocket_chat_service_group }} 21 | 22 | env MONGO_URL="mongodb://{{ rocket_chat_mongodb_URI }}" 23 | env MONGO_OPLOG_URL="mongodb://{{ rocket_chat_mongodb_server }}:{{ rocket_chat_mongodb_port }}/local" 24 | env ROOT_URL="https://{{ rocket_chat_service_host }}" 25 | env PORT="{{ rocket_chat_service_port }}" 26 | {% for variable, value in rocket_chat_service_environment.items() %} 27 | env {{ variable }}="{{ value }}" 28 | {% endfor -%} 29 | 30 | script 31 | PATH=$NODE_BIN_DIR:$PATH 32 | node $APPLICATION_PATH 33 | end script 34 | -------------------------------------------------------------------------------- /templates/ssl.inc.j2: -------------------------------------------------------------------------------- 1 | 2 | ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; 3 | {% if nginx_version_string.stdout is version_compare('1.1.0','>=') %} 4 | ssl_ecdh_curve secp384r1; 5 | {% endif %} 6 | ssl_prefer_server_ciphers on; 7 | ssl_protocols TLSv1.2 TLSv1.1; 8 | ssl_session_cache shared:SSL:10M; 9 | {% if nginx_version_string.stdout is version_compare('1.5.9','>=') %} 10 | ssl_session_tickets off; 11 | {% endif %} 12 | {% if rocket_chat_nginx_enable_pfs %} 13 | ssl_dhparam {{ rocket_chat_nginx_pfs_key_path }}; 14 | {% endif %} 15 | ssl_stapling on; 16 | ssl_stapling_verify on; 17 | resolver_timeout 5s; 18 | add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; 19 | add_header X-Frame-Options DENY; 20 | add_header X-Content-Type-Options nosniff; 21 | gzip off; 22 | -------------------------------------------------------------------------------- /tests/Dockerfile.centos-7: -------------------------------------------------------------------------------- 1 | FROM centos:7 2 | # Install systemd -- See https://hub.docker.com/_/centos/ 3 | RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs 4 | RUN yum -y update; \ 5 | (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ 6 | rm -f /lib/systemd/system/multi-user.target.wants/*; \ 7 | rm -f /etc/systemd/system/*.wants/*; \ 8 | rm -f /lib/systemd/system/local-fs.target.wants/*; \ 9 | rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ 10 | rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ 11 | rm -f /lib/systemd/system/basic.target.wants/*; \ 12 | rm -f /lib/systemd/system/anaconda.target.wants/*; 13 | # Install Ansible 14 | RUN yum -y install epel-release 15 | RUN yum -y install git ansible sudo 16 | RUN yum clean all 17 | # Disable requiretty 18 | RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers 19 | # Install Ansible inventory file 20 | RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts 21 | VOLUME [ "/sys/fs/cgroup" ] 22 | CMD ["/usr/sbin/init"] 23 | -------------------------------------------------------------------------------- /tests/Dockerfile.debian-buster: -------------------------------------------------------------------------------- 1 | FROM debian:buster 2 | 3 | ENV pip_packages "ansible cryptography" 4 | 5 | # Install dependencies. 6 | RUN apt-get update \ 7 | && apt-get install -y --no-install-recommends \ 8 | sudo systemd systemd-sysv \ 9 | build-essential wget libffi-dev libssl-dev \ 10 | python3-pip python3-dev python3-setuptools python3-wheel \ 11 | && rm -rf /var/lib/apt/lists/* \ 12 | && rm -Rf /usr/share/doc && rm -Rf /usr/share/man \ 13 | && apt-get clean 14 | 15 | # Install Ansible via pip. 16 | RUN pip3 install $pip_packages 17 | 18 | RUN mkdir -p /etc/ansible && echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts 19 | 20 | ENTRYPOINT ["/bin/systemd"] -------------------------------------------------------------------------------- /tests/Dockerfile.debian-jessie: -------------------------------------------------------------------------------- 1 | FROM debian:jessie 2 | 3 | RUN apt-get update -y && apt-get install -y --no-install-recommends \ 4 | software-properties-common \ 5 | build-essential \ 6 | libffi-dev \ 7 | libssl-dev \ 8 | python-dev \ 9 | python-pip \ 10 | python-yaml \ 11 | git \ 12 | && rm -rf /var/lib/apt/lists/* 13 | 14 | RUN pip install cryptography --upgrade && pip install ansible 15 | 16 | RUN mkdir -p /etc/ansible && echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts 17 | 18 | ENTRYPOINT ["/sbin/init"] -------------------------------------------------------------------------------- /tests/Dockerfile.debian-stretch: -------------------------------------------------------------------------------- 1 | FROM debian:stretch 2 | 3 | RUN apt-get update -y && apt-get install -y --no-install-recommends \ 4 | software-properties-common \ 5 | build-essential \ 6 | libffi-dev \ 7 | libssl-dev \ 8 | python-dev \ 9 | python-pip \ 10 | python-yaml \ 11 | git \ 12 | systemd \ 13 | && rm -rf /var/lib/apt/lists/* 14 | 15 | RUN pip install --upgrade setuptools && pip install ansible 16 | 17 | RUN mkdir -p /etc/ansible && echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts 18 | 19 | ENTRYPOINT ["/bin/systemd"] -------------------------------------------------------------------------------- /tests/Dockerfile.ubuntu-14.04: -------------------------------------------------------------------------------- 1 | # Dockerfile.ubuntu 2 | FROM ubuntu-upstart:14.04 3 | # Install Ansible 4 | #RUN mv /sbin/initctl.distrib /sbin/initctl 5 | RUN apt-get update -y 6 | RUN apt-get install -y python-software-properties software-properties-common 7 | RUN add-apt-repository -y ppa:ansible/ansible 8 | RUN apt-get update -y 9 | RUN apt-get install -y ansible git-core 10 | # Install Ansible inventory file 11 | RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts 12 | -------------------------------------------------------------------------------- /tests/Dockerfile.ubuntu-16.04: -------------------------------------------------------------------------------- 1 | # Dockerfile.ubuntu 2 | FROM ubuntu:16.04 3 | 4 | RUN systemctl mask -- \ 5 | -.mount \ 6 | dev-mqueue.mount \ 7 | dev-hugepages.mount \ 8 | etc-hosts.mount \ 9 | etc-hostname.mount \ 10 | etc-resolv.conf.mount \ 11 | proc-bus.mount \ 12 | proc-irq.mount \ 13 | proc-kcore.mount \ 14 | proc-sys-fs-binfmt_misc.mount \ 15 | proc-sysrq\\\\x2dtrigger.mount \ 16 | sys-fs-fuse-connections.mount \ 17 | sys-kernel-config.mount \ 18 | sys-kernel-debug.mount \ 19 | tmp.mount \ 20 | \ 21 | && systemctl mask -- \ 22 | console-getty.service \ 23 | display-manager.service \ 24 | getty-static.service \ 25 | getty\@tty1.service \ 26 | hwclock-save.service \ 27 | ondemand.service \ 28 | systemd-logind.service \ 29 | systemd-remount-fs.service \ 30 | \ 31 | && ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target \ 32 | \ 33 | && ln -sf /lib/systemd/system/halt.target /etc/systemd/system/sigpwr.target 34 | 35 | RUN apt-get update -qq -y 36 | RUN apt-get install -qq -y python-software-properties software-properties-common \ 37 | rsyslog systemd systemd-cron sudo 38 | RUN sed -i 's/^\($ModLoad imklog\)/#\1/' /etc/rsyslog.conf 39 | #ADD etc/rsyslog.d/50-default.conf /etc/rsyslog.d/50-default.conf 40 | 41 | # Install Ansible 42 | RUN add-apt-repository -y ppa:ansible/ansible 43 | RUN apt-get update -y 44 | RUN apt-get install -y ansible git-core 45 | # Install Ansible inventory file 46 | RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts 47 | 48 | VOLUME ["/sys/fs/cgroup"] 49 | VOLUME ["/run"] 50 | CMD ["/sbin/init"] 51 | 52 | 53 | -------------------------------------------------------------------------------- /tests/Dockerfile.ubuntu-18.04: -------------------------------------------------------------------------------- 1 | FROM ubuntu:18.04 2 | 3 | ENV pip_packages "ansible" 4 | 5 | # Install dependencies. 6 | RUN apt-get update \ 7 | && apt-get install -y --no-install-recommends \ 8 | apt-utils \ 9 | locales \ 10 | python3-setuptools \ 11 | python3-pip \ 12 | software-properties-common git-core\ 13 | rsyslog systemd systemd-cron sudo iproute2 \ 14 | && rm -Rf /var/lib/apt/lists/* \ 15 | && rm -Rf /usr/share/doc && rm -Rf /usr/share/man \ 16 | && apt-get clean 17 | RUN sed -i 's/^\($ModLoad imklog\)/#\1/' /etc/rsyslog.conf 18 | 19 | # Fix potential UTF-8 errors with ansible-test. 20 | RUN locale-gen en_US.UTF-8 21 | 22 | # Install Ansible via Pip. 23 | RUN pip3 install $pip_packages 24 | 25 | # Install Ansible 26 | # RUN add-apt-repository -y ppa:ansible/ansible 27 | # RUN apt-get update -y 28 | # RUN apt-get install -y ansible git-core 29 | 30 | # Install Ansible inventory file. 31 | RUN mkdir -p /etc/ansible 32 | RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts 33 | 34 | # Remove unnecessary getty and udev targets that result in high CPU usage when using 35 | # multiple containers with Molecule (https://github.com/ansible/molecule/issues/1104) 36 | RUN rm -f /lib/systemd/system/systemd*udev* \ 37 | && rm -f /lib/systemd/system/getty.target 38 | 39 | VOLUME ["/sys/fs/cgroup", "/tmp", "/run"] 40 | CMD ["/lib/systemd/systemd"] -------------------------------------------------------------------------------- /tests/Vagrantfile: -------------------------------------------------------------------------------- 1 | ENV['VAGRANT_NO_PARALLEL'] = 'yes'.freeze 2 | TYPE_NAME = 'RocketChat'.freeze 3 | MEM_SIZE = 1024 4 | LV_CPU_MODE = 'host-passthrough'.freeze 5 | ANSIBLE_GROUP_NAME = 'chat_servers'.freeze 6 | SHARED_FOLDER_DISABLED = true 7 | 8 | Vagrant.configure('2') do |config| 9 | config.ssh.insert_key = false 10 | config.ssh.username = 'vagrant' 11 | # Since we're provisioning with ansible through the network stack 12 | # don't bother sharing folders. 13 | config.vm.synced_folder '.', '/vagrant', disabled: SHARED_FOLDER_DISABLED 14 | 15 | def do_ansible(box, box_props, name) 16 | box.vm.provision 'ansible' do |ansible| 17 | ansible.groups = { ANSIBLE_GROUP_NAME => name } 18 | unless box_props['extra_vars'].nil? || box_props['extra_vars'].empty? 19 | ansible.extra_vars = box_props['extra_vars'] 20 | end 21 | ansible.verbose = "vv" 22 | ansible.become = true 23 | ansible.playbook = 'provision.yml' 24 | # ansible.raw_arguments = ['-t check'] 25 | end 26 | end 27 | 28 | # Define here the different box properties 29 | # Ports are computed by id + 4000/4430 30 | boxes = { 31 | 'debian8' => { 32 | 'id' => 0, 33 | 'atlas_name' => 'debian/jessie64' 34 | }, 35 | 'debian9' => { 36 | 'id' => 1, 37 | 'atlas_name' => 'debian/stretch64' 38 | }, 39 | 'ubuntu14' => { 40 | 'id' => 2, 41 | 'atlas_name' => 'ubuntu/trusty64', 42 | # Some random guy's image that looked ok 43 | # Libvirt boxes are hard to come by for trusty64. 44 | 'lv_atlas_name' => 'peru/ubuntu-14.04-server-amd64' 45 | }, 46 | 'ubuntu16' => { 47 | 'id' => 3, 48 | 'atlas_name' => 'generic/ubuntu1604', 49 | 'extra_vars' => { 50 | 'ansible_python_interpreter': '/usr/bin/python3' 51 | } 52 | }, 53 | # 'ubuntu18' => { 54 | # 'id' => 4, 55 | # 'atlas_name' => 'generic/ubuntu1804', 56 | # 'extra_vars' => { 57 | # 'ansible_python_interpreter': '/usr/bin/python3' 58 | # } 59 | # }, 60 | 'centos7' => { 61 | 'id' => 5, 62 | 'atlas_name' => 'centos/7' 63 | }, 64 | 'fedora27' => { 65 | 'id' => 6, 66 | 'atlas_name' => 'fedora/27-cloud-base', 67 | 'extra_vars' => { 68 | 'ansible_python_interpreter': '/usr/bin/python3' 69 | } 70 | } 71 | } 72 | 73 | boxes.each do |name, box_props| 74 | network_args = { 75 | priv_net: { 76 | ip: "192.168.60.#{100 + box_props['id']}" 77 | }, 78 | # Don't iterate the port because we want it to remain the same 79 | fwd_pt_http: { 80 | guest: 3000, 81 | host: 4000 + box_props['id'] 82 | }, 83 | fwd_pt_https: { 84 | guest: 443, 85 | host: 4430 + box_props['id'] 86 | } 87 | } 88 | 89 | # Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1381537 90 | name == 'ubuntu16' && network_args[:priv_net][:auto_config] = false 91 | 92 | config.vm.define name do |machine| 93 | 94 | machine.vm.provider :virtualbox do |vb, override| 95 | vb.customize ['modifyvm', :id, '--memory', MEM_SIZE.to_s] 96 | vb.name = name + '-' + TYPE_NAME 97 | do_ansible(override, box_props, name) 98 | end 99 | 100 | machine.vm.provider :libvirt do |lv, override| 101 | lv.default_prefix = TYPE_NAME 102 | lv.memory = MEM_SIZE 103 | lv.cpu_mode = LV_CPU_MODE 104 | # Override atlas_name with lv_atlas_name if it exists as a way to 105 | # set different boxes for libvirt's provider. 106 | override.vm.box = box_props['lv_atlas_name'] || box_props['atlas_name'] 107 | do_ansible(override, box_props, name) 108 | end 109 | 110 | machine.vm.box = box_props['atlas_name'] 111 | machine.vm.hostname = name + '.dev' 112 | machine.vm.network :private_network, network_args[:priv_net] 113 | machine.vm.network :forwarded_port, network_args[:fwd_pt_http] 114 | machine.vm.network :forwarded_port, network_args[:fwd_pt_https] 115 | end 116 | end 117 | end 118 | -------------------------------------------------------------------------------- /tests/ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | nocows = 1 3 | retry_files_enabled = 0 4 | stdout_callback = debug 5 | callback_whitelist = profile_tasks, timer 6 | pipelining = true 7 | -------------------------------------------------------------------------------- /tests/dhparam_INSECURE.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DH PARAMETERS----- 2 | MIIBCAKCAQEA6sXTxD9z5wQHT39xyag4WEeD9UXf8f7WAswayFSOHq9WfyIEqz9a 3 | DOqUpyjAiJ+lUJzY1CNgFMYOjoJdmNcIphqvHpOAHXQ1R5fzWeeHfiombvi87IEY 4 | EBZHuE3QQT9A6ITqSWOuZc3PPj2Xh9B+M6MjNcwkziwjEnuOKPq+JW8WrIu7CCbj 5 | hkncVLmUYo4k4RjIjzyBnpMXijwhX3egzgza8qyG8zOH5bVr2s8pagA/e0/1lQtS 6 | nbGSenCbgMS13ggNuLMztvijpZbXu3oDA1QRIfiAEjWFFbrU+5rdwhaHXSrctZN4 7 | Or70XB0NO9L2gpaqC5YCjVRG9m27C6HNgwIBAg== 8 | -----END DH PARAMETERS----- 9 | -------------------------------------------------------------------------------- /tests/provision.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # The intent of this playbook is to be run from Vagrant or from a CI like Travis 4 | # or Gitlab, but mostly vagrant. The purpose of the structure of this playbooks is 5 | # so that vagrant can loop through all of the supported boxes in the Vagrantfile 6 | # and pass/fail them based on whether or not the VM still exists and is paused. 7 | # Whereas, since there is a viable status check - successful plays need not keep 8 | # a VM behind. The suspended VMs can thus be started and inspected for problems. 9 | # They are paused to conserve resources on computers that can only handle a few 10 | # VMs at a time. Here we are utilizing the ability of ansible to run both local 11 | # tasks (to manage vagrant) on the provisining system, and capture errors in the 12 | # "rescue:" block. (to keep vagrant from exiting on an ansible error.) 13 | # 14 | # - Michael Goodwin 15 | 16 | - name: Apply the Rocket.Chat role to all chat_servers 17 | hosts: "{{ host_name | default('chat_servers') }}" 18 | become: yes 19 | 20 | vars: 21 | rocket_chat_tarball_check_checksum: false 22 | rocket_chat_service_port: 3000 23 | rocket_chat_service_host: localhost 24 | rocket_chat_automatic_upgrades: true 25 | # Below PEM file is provided so we don't have to wait for it to generate. 26 | rocket_chat_nginx_pfs_file: dhparam_INSECURE.pem 27 | # Below is an example of deploying an old version of Rocket.Chat: 28 | # rocket_chat_version: 0.59.4 29 | # rocket_chat_npm_version: 3.10.9 30 | # rocket_chat_node_version: 4.8.4 31 | 32 | tasks: 33 | 34 | - name: MAIN BLOCK 35 | block: 36 | - name: "Drop in permissive sudoers file for user: {{ ansible_user }}" 37 | lineinfile: 38 | dest: /etc/sudoers.d/{{ ansible_user }} 39 | state: present 40 | create: yes 41 | regexp: '^%{{ ansible_user }}.*' 42 | line: '%{{ ansible_user }} ALL=(ALL) NOPASSWD: ALL' 43 | validate: visudo -cf %s 44 | 45 | - name: Include the Rocket.Chat role 46 | include_role: 47 | name: "{{ role_name | default('../..') }}" 48 | 49 | - name: API CHECK BLOCK 50 | block: 51 | - name: Wait for the Rocket.Chat NodeJS service to come online 52 | wait_for: 53 | port: "{{ rocket_chat_service_port }}" 54 | host: localhost 55 | state: started 56 | timeout: 30 57 | register: api_pre_check 58 | 59 | - name: Do a basic status check of the API 60 | uri: 61 | url: "{{ item }}" 62 | validate_certs: no 63 | with_items: 64 | - https://localhost/api/v1/info 65 | - http://localhost/api/v1/info 66 | register: api_check 67 | failed_when: 68 | - (api_check.status|int != 200) 69 | or (api_check.msg|string is not search('^OK ')) 70 | or (api_check.json.success|bool != True) 71 | when: (api_pre_check | succeeded) 72 | 73 | - name: Destroy the last successful vagrant box 74 | local_action: shell 75 | sleep 5 && vagrant destroy -f "{{ inventory_hostname }}" 76 | become: no 77 | async: 10 78 | poll: 0 79 | when: 80 | - (api_pre_check is succeeded) and (api_check is succeeded) 81 | - ((ansible_virtualization | default(None) | lower) != "docker") 82 | - (lookup('pipe','command -v vagrant') | search('vagrant$')) 83 | 84 | # We use YAML anchoring to duplicate this below 85 | # because Ansible does not supported nested rescue. 86 | rescue: &rescue 87 | - name: Output debug information when the check fails 88 | debug: var="{{ item }}" 89 | when: 90 | - (api_pre_check is defined) 91 | - (api_check is defined) 92 | with_items: 93 | - (api_pre_check | default(None)) 94 | - (api_check | default(None)) 95 | 96 | - name: Stop the last failed vagrant box (in order to continue) 97 | local_action: shell 98 | sleep 5 && vagrant suspend "{{ inventory_hostname }}" 99 | become: no 100 | async: 10 101 | poll: 0 102 | when: 103 | - ((ansible_virtualization | default(None) | lower) != "docker") 104 | - (lookup('pipe','command -v vagrant') | search('vagrant$')) 105 | tags: check 106 | # API BLOCK END 107 | 108 | rescue: *rescue 109 | 110 | # MAIN BLOCK END 111 | -------------------------------------------------------------------------------- /tests/travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | 4 | pre_tasks: 5 | - name: Ensure build dependencies are installed (RedHat) 6 | package: 7 | name: "{{ item }}" 8 | state: present 9 | with_items: 10 | - "@Development tools" 11 | - tar 12 | - unzip 13 | - sudo 14 | - which 15 | when: ansible_os_family == 'RedHat' 16 | 17 | - name: Ensure build dependencies are installed (Debian) 18 | package: 19 | name: "{{ item }}" 20 | state: present 21 | with_items: 22 | - build-essential 23 | - unzip 24 | - tar 25 | - sudo 26 | when: ansible_os_family == 'Debian' 27 | 28 | roles: 29 | - Rocket.Chat.Ansible -------------------------------------------------------------------------------- /vars/Debian.yml: -------------------------------------------------------------------------------- 1 | --- 2 | rocket_chat_dep_packages: 3 | - git 4 | - graphicsmagick 5 | - bash 6 | - make 7 | - wget 8 | # This seems to install something on Docker that causes a failure in the tests 9 | - cron 10 | - gnupg2 11 | 12 | rocket_chat_mongodb_org_pkgs: true 13 | rocket_chat_mongodb_apt_repo: "\ 14 | deb http://repo.mongodb.org/apt/{{ ansible_distribution | lower }} \ 15 | {{ ansible_distribution_release | lower }}/mongodb-org/\ 16 | {{ rocket_chat_mongodb_org_version }} main" 17 | 18 | rocket_chat_mongodb_packages: 19 | - mongodb 20 | - mongodb-server 21 | rocket_chat_mongodb_config: /etc/mongodb.conf 22 | 23 | rocket_chat_mongodb_repl_setname: 001-rs 24 | rocket_chat_mongodb_repl_lines: >- 25 | replication: 26 | replSetName: "{{ rocket_chat_mongodb_repl_setname }}" 27 | 28 | rocket_chat_nginx_process_user: www-data 29 | 30 | rocket_chat_service_update_command: systemctl daemon-reload 31 | rocket_chat_service_template: 32 | src: rocketchat.service.j2 33 | dest: /etc/systemd/system/rocketchat.service 34 | 35 | rocket_chat_service_template_at: 36 | src: rocketchat@.service.j2 37 | dest: /etc/systemd/system/rocketchat@.service 38 | -------------------------------------------------------------------------------- /vars/Debian_10.yml: -------------------------------------------------------------------------------- 1 | --- 2 | rocket_chat_mongodb_org_version: 4.2 3 | rocket_chat_mongodb_gpg_key: E162F504A20CDF15827F718D4B7C549A058F8B6B 4 | rocket_chat_mongodb_service_name: mongod 5 | rocket_chat_mongodb_org_pkgs: true 6 | rocket_chat_mongodb_packages: 7 | - mongodb-org 8 | - mongodb-org-server 9 | 10 | rocket_chat_dist_specific_packages: 11 | - g++ 12 | -------------------------------------------------------------------------------- /vars/Debian_8.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | rocket_chat_dist_specific_packages: 4 | - nodejs 5 | - npm 6 | -------------------------------------------------------------------------------- /vars/Debian_9.yml: -------------------------------------------------------------------------------- 1 | --- 2 | rocket_chat_mongodb_org_version: 4.0 3 | rocket_chat_mongodb_gpg_key: 9DA31620334BD75D9DCB49F368818C72E52529D4 4 | rocket_chat_mongodb_service_name: mongod 5 | rocket_chat_mongodb_org_pkgs: true 6 | rocket_chat_mongodb_packages: 7 | - mongodb-org 8 | - mongodb-org-server 9 | 10 | rocket_chat_dist_specific_packages: 11 | - g++ 12 | -------------------------------------------------------------------------------- /vars/Fedora_2x.yml: -------------------------------------------------------------------------------- 1 | --- 2 | rocket_chat_service_update_command: systemctl daemon-reload 3 | rocket_chat_service_template: 4 | src: rocketchat.service.j2 5 | dest: /usr/lib/systemd/system/rocketchat.service 6 | rocket_chat_service_template_at: 7 | src: rocketchat@.service.j2 8 | dest: /usr/lib/systemd/system/rocketchat@.service 9 | rocket_chat_tarball_validate_remote_cert: true 10 | -------------------------------------------------------------------------------- /vars/RedHat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | rocket_chat_dep_packages: 3 | - git 4 | - GraphicsMagick 5 | - nodejs 6 | - npm 7 | - make 8 | - gcc-c++ 9 | - wget 10 | - crontabs 11 | - policycoreutils-python 12 | - gnupg2 13 | 14 | rocket_chat_mongodb_packages: 15 | - mongodb 16 | - mongodb-server 17 | rocket_chat_mongodb_repl_setname: 001-rs 18 | rocket_chat_mongodb_repl_lines: 'replSet={{ rocket_chat_mongodb_repl_setname }}' 19 | rocket_chat_mongodb_fork: true 20 | rocket_chat_mongodb_pidfile_path: /var/run/mongodb/mongodb.pid 21 | rocket_chat_mongodb_logpath: /var/log/mongodb/mongod.log 22 | rocket_chat_mongodb_unixsocketprefix: /var/run/mongodb 23 | rocket_chat_mongodb_dbpath: /var/lib/mongodb 24 | rocket_chat_mongodb_org_pkgs: false 25 | 26 | rocket_chat_nginx_process_user: nginx 27 | 28 | rocket_chat_mongodb_rpm_repo: 29 | name: mongodb-org-3.4 30 | desc: MongoDB 3.4 Repository 31 | baseurl: https://repo.mongodb.org/yum/amazon/2013.03/mongodb-org/3.4/x86_64/ 32 | pgp_key: https://www.mongodb.org/static/pgp/server-3.4.asc 33 | gpgcheck: true 34 | -------------------------------------------------------------------------------- /vars/RedHat_7.yml: -------------------------------------------------------------------------------- 1 | --- 2 | rocket_chat_service_update_command: systemctl daemon-reload 3 | rocket_chat_service_template: 4 | src: rocketchat.service.j2 5 | dest: /usr/lib/systemd/system/rocketchat.service 6 | rocket_chat_service_template_at: 7 | src: rocketchat@.service.j2 8 | dest: /usr/lib/systemd/system/rocketchat@.service 9 | rocket_chat_tarball_validate_remote_cert: true 10 | -------------------------------------------------------------------------------- /vars/Ubuntu.yml: -------------------------------------------------------------------------------- 1 | --- 2 | rocket_chat_dep_packages: 3 | - git 4 | - graphicsmagick 5 | - nodejs 6 | - npm 7 | - make 8 | - wget 9 | - cron 10 | - gnupg2 11 | 12 | rocket_chat_mongodb_org_pkgs: true 13 | rocket_chat_mongodb_apt_repo: "\ 14 | deb http://repo.mongodb.org/apt/{{ ansible_distribution | lower }} \ 15 | {{ ansible_distribution_release | lower }}/mongodb-org/\ 16 | {{ rocket_chat_mongodb_org_version }} multiverse" 17 | 18 | rocket_chat_mongodb_packages: 19 | - mongodb 20 | - mongodb-server 21 | rocket_chat_mongodb_config: /etc/mongodb.conf 22 | 23 | rocket_chat_mongodb_repl_setname: 001-rs 24 | rocket_chat_mongodb_repl_lines: >- 25 | replication: 26 | replSetName: "{{ rocket_chat_mongodb_repl_setname }}" 27 | 28 | rocket_chat_nginx_process_user: www-data 29 | 30 | rocket_chat_service_update_command: systemctl daemon-reload 31 | rocket_chat_service_template: 32 | src: rocketchat.service.j2 33 | dest: /etc/systemd/system/rocketchat.service 34 | rocket_chat_service_template_at: 35 | src: rocketchat@.service.j2 36 | dest: /etc/systemd/system/rocketchat@.service 37 | -------------------------------------------------------------------------------- /vars/Ubuntu_14.yml: -------------------------------------------------------------------------------- 1 | --- 2 | rocket_chat_service_update_command: initctl reload-configuration 3 | rocket_chat_service_template: 4 | src: rocketchat_upstart.j2 5 | dest: /etc/init/rocketchat.conf 6 | 7 | rocket_chat_tarball_validate_remote_cert: false 8 | -------------------------------------------------------------------------------- /vars/Ubuntu_16.yml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /vars/Ubuntu_18.yml: -------------------------------------------------------------------------------- 1 | --- 2 | rocket_chat_mongodb_org_pkgs: false 3 | -------------------------------------------------------------------------------- /vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # rocket_chat_mongodb_repl_result_obj: "\ 3 | # {{ replSet_result['stdout_lines'][\ 4 | # ((replSet_result['stdout_lines'].index('{'))|int):\ 5 | # ((replSet_result['stdout_lines'].index('}'))|int)+1]\ 6 | # | join | from_json }}" 7 | 8 | rocket_chat_mongodb_URI: "\ 9 | {% set temp_out = 10 | rocket_chat_mongodb_server ~ ':' ~ rocket_chat_mongodb_port -%} 11 | {% if rocket_chat_mongodb_user and rocket_chat_mongodb_password -%} 12 | {% set temp_out = 13 | rocket_chat_mongodb_user 14 | ~ ':' ~ rocket_chat_mongodb_password 15 | ~ '@' ~ temp_out -%} 16 | {% endif -%} 17 | {% set temp_out = 18 | temp_out ~ '/' ~ rocket_chat_mongodb_database -%} 19 | {% if (rocket_chat_mongodb_use_tls | bool) == true -%} 20 | {% set temp_out = temp_out ~ '?ssl=true' -%} 21 | {% endif -%} 22 | {{ temp_out }}" 23 | --------------------------------------------------------------------------------