Add git hosting plugin to redmine

jcamins · Dec 28, 2014 · b340f3a · b340f3a
1 parent b222b1c
commit b340f3a
Show file tree

Hide file tree

Showing 7 changed files with 287 additions and 14 deletions.
diff --git a/roles/redmine/files/add_redmine_to_gitolite.pl b/roles/redmine/files/add_redmine_to_gitolite.pl
@@ -0,0 +1,38 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+use File::Temp qw/tempdir/;
+use File::Copy;
+use Sys::Hostname;
+
+my $fh;
+my $hostname = hostname;
+
+my $dir = tempdir();
+system("git clone /home/git/repositories/gitolite-admin.git $dir");
+chdir "$dir";
+
+if (! -f "$dir/keydir/redmine.pub") {
+    open ($fh, "<", "$dir/conf/gitolite.conf");
+    my @lines = <$fh>;
+    close $fh;
+    open ($fh, ">", "$dir/conf/gitolite.conf");
+    my $inadmin;
+    foreach my $line (@lines) {
+        chomp $line;
+        if (!$inadmin && $line =~ /^repo\s*gitolite-admin/) {
+            $inadmin = 1;
+        } elsif ($inadmin && $line =~ /RW\+/) {
+            $line .= ' redmine' unless ($line =~ /redmine/);
+            $inadmin = 0;
+        }
+        print $fh "$line\n";
+    }
+    close $fh;
+    system("sudo -u redmine cat /var/lib/redmine/.ssh/id_rsa.pub > $dir/keydir/redmine.pub");
+    system("git add conf/gitolite.conf keydir/redmine.pub");
+    system("git commit --author='git on $hostname <git\@$hostname>' -m 'Add redmine to gitolite-admin repo'");
+    system("gitolite push");
+}
+chdir "/tmp";
diff --git a/roles/redmine/tasks/git_hosting.yml b/roles/redmine/tasks/git_hosting.yml
@@ -0,0 +1,52 @@
+---
+# Install the git_hosting plugin
+
+- name: Get bootstrap-kit Redmine plugin
+  git: repo=https://github.com/jbox-web/redmine_bootstrap_kit.git dest=/usr/share/redmine/plugins/redmine_bootstrap_kit
+
+- name: Get git_hosting plugin
+  git: repo=https://github.com/jbox-web/redmine_git_hosting.git dest=/usr/share/redmine/plugins/redmine_git_hosting version={{ redmine_git_hosting_version }}
+
+- name: Install required gems for Redmine
+  command: /usr/local/bin/bundle install --without development test chdir=/usr/share/redmine
+
+- name: Run plugin migration
+  command: /usr/local/bin/rake redmine:plugins:migrate chdir=/usr/share/redmine
+  environment:
+    RAILS_ENV: production
+    NAME: redmine_git_hosting
+  notify: restart apache
+
+- name: Copy SSH keys for Redmine to git hosting plugin
+  file: src=/var/lib/redmine/.ssh/id_rsa{{ item }} dest=/usr/share/redmine/plugins/redmine_git_hosting/ssh_keys/redmine_gitolite_admin_id_rsa{{ item }} owner=redmine state=hard
+  with_items:
+  - ""
+  - ".pub"
+
+- name: Copy SSH public key for Redmine to gitolite
+  file: src=/var/lib/redmine/.ssh/id_rsa.pub dest=/home/git/redmine_gitolite_admin_id_rsa.pub owner=git group=git mode=0644 state=hard
+
+- name: Install sudoers file for redmine and git
+  template: src=etc_sudoers.d_redmine-gitolite.j2 dest=/etc/sudoers.d/redmine-gitolite mode=0440 owner=root group=root
+
+- name: Create log files for git_hosting
+  file: path=/usr/share/redmine/log/git_hosting.log mode=0644 owner=redmine state=touch
+
+- name: Change ownership of git_hosting directories
+  file: path=/usr/share/redmine/plugins/redmine_git_hosting/bin mode=0755 owner=redmine state=directory recurse=yes
+
+- name: Create known_hosts file for redmine
+  file: path=/var/lib/redmine/.ssh/known_hosts mode=0644 owner=redmine state=touch
+
+- name: Add localhost as known host for redmine
+  shell: 'grep -qE "`ssh-keyscan localhost`" /var/lib/redmine/.ssh/known_hosts || ssh-keyscan localhost >> /var/lib/redmine/.ssh/known_hosts'
+  sudo: yes
+  sudo_user: redmine
+
+- name: Copy script to add redmine permissions to gitolite
+  copy: src=add_redmine_to_gitolite.pl dest=/tmp/add_redmine_to_gitolite mode=0755
+
+- name: Add redmine permissions to gitolite
+  command: /tmp/add_redmine_to_gitolite
+  sudo: yes
+  sudo_user: git
diff --git a/roles/redmine/tasks/main.yml b/roles/redmine/tasks/main.yml
@@ -2,3 +2,4 @@
 
 - include: redmine.yml tags=redmine
 
+- include: git_hosting.yml tags=redmine
diff --git a/roles/redmine/tasks/redmine.yml b/roles/redmine/tasks/redmine.yml
@@ -2,17 +2,20 @@
 # This playbook heavily based on https://github.com/amree/ansible-redmine and https://github.com/dpausp/ansible-playbook-redmine
 
 - name: Create Redmine user
-  user: name={{ redmine_system_username }} home=/var/lib/redmine state=present
+  user: name=redmine home=/var/lib/redmine generate_ssh_key=yes state=present
 
 - name: Install system packages required for Redmine
   apt: pkg={{ item }} state=present
   with_items:
   - libapache2-mod-passenger
   - libpq-dev
   - imagemagick
+  - libicu-dev
   - libmagickwand-dev
   - libxslt1-dev
   - libxml2-dev
+  - liblockfile-ruby
+  - libnet-ssh2-ruby
 
 - name: Install bundler
   gem: name=bundler state=latest user_install=no
@@ -27,19 +30,19 @@
   postgresql_db: login_host=localhost login_user={{ db_admin_username }} login_password="{{ db_admin_password }}" name={{ redmine_db_database }} owner={{ redmine_db_username }} state=present
 
 - name: Install Redmine configuration file
-  template: src=config_configuration.yml.j2 dest=/usr/share/redmine/config/configuration.yml mode=0644 owner={{ redmine_system_username }}
+  template: src=config_configuration.yml.j2 dest=/usr/share/redmine/config/configuration.yml mode=0644 owner=redmine
 
 - name: Install Redmine database configuration
-  template: src=config_database.yml.j2 dest=/usr/share/redmine/config/database.yml mode=0644 owner={{ redmine_system_username }}
+  template: src=config_database.yml.j2 dest=/usr/share/redmine/config/database.yml mode=0644 owner=redmine
 
 - name: Configure logs
-  template: src=config_additional_environment.rb.j2 dest=/usr/share/redmine/config/additional_environment.rb mode=0644 owner={{ redmine_system_username }}
+  template: src=config_additional_environment.rb.j2 dest=/usr/share/redmine/config/additional_environment.rb mode=0644 owner=redmine
 
 - name: Create log files
-  file: path=/var/log/{{ item }} mode=0644 owner={{ redmine_system_username }} state=touch
+  file: path=/var/log/{{ item }} mode=0644 owner=redmine state=touch
   with_items:
-    - redmine.log
-    - redmine_scm_stderr.log
+  - redmine.log
+  - redmine_scm_stderr.log
 
 - name: Install required gems for Redmine
   command: /usr/local/bin/bundle install --without development test chdir=/usr/share/redmine
@@ -58,15 +61,15 @@
     RAILS_ENV: production
     REDMINE_LANG: "{{ redmine_language }}"
 
-- name: Change directory ownership
-  file: path=/usr/share/redmine owner={{ redmine_system_username }} recurse=yes
+- name: Change config.ru ownership
+  file: path=/usr/share/redmine/config.ru owner=redmine
 
 - name: Change directory permissions
-  file: path=/usr/share/redmine/{{ item }} owner={{ redmine_system_username }} mode=755 state=directory
+  file: path=/usr/share/redmine/{{ item }} owner=redmine mode=755 state=directory
   with_items:
-    - public/plugin_assets
-    - tmp
-    - tmp/pdf
+  - public/plugin_assets
+  - tmp
+  - tmp/pdf
 
 - name: Configure the Apache HTTP server for Redmine
   template: src=etc_apache2_sites-available_redmine.j2 dest=/etc/apache2/sites-available/redmine.conf group=root owner=root

diff --git a/roles/redmine/templates/etc_sudoers.d_redmine-gitolite.j2 b/roles/redmine/templates/etc_sudoers.d_redmine-gitolite.j2
@@ -0,0 +1,2 @@
+redmine        ALL=(git)      NOPASSWD:ALL
+git            ALL=(redmine)  NOPASSWD:ALL
diff --git a/roles/redmine/templates/gitolite.rc.j2 b/roles/redmine/templates/gitolite.rc.j2
@@ -0,0 +1,176 @@
+# configuration variables for gitolite
+
+# This file is in perl syntax.  But you do NOT need to know perl to edit it --
+# just mind the commas, use single quotes unless you know what you're doing,
+# and make sure the brackets and braces stay matched up!
+
+# (Tip: perl allows a comma after the last item in a list also!)
+
+# HELP for commands can be had by running the command with "-h".
+
+# HELP for all the other FEATURES can be found in the documentation (look for
+# "list of non-core programs shipped with gitolite" in the master index) or
+# directly in the corresponding source file.
+
+%RC = (
+
+    # ------------------------------------------------------------------
+
+    # default umask gives you perms of '0700'; see the rc file docs for
+    # how/why you might change this
+    UMASK                           =>  0027,
+
+    # look for "git-config" in the documentation
+    GIT_CONFIG_KEYS                 =>  '.*',
+
+    # comment out if you don't need all the extra detail in the logfile
+    LOG_EXTRA                       =>  1,
+
+    # roles.  add more roles (like MANAGER, TESTER, ...) here.
+    #   WARNING: if you make changes to this hash, you MUST run 'gitolite
+    #   compile' afterward, and possibly also 'gitolite trigger POST_COMPILE'
+    ROLES => {
+        READERS                     =>  1,
+        WRITERS                     =>  1,
+    },
+
+    # ------------------------------------------------------------------
+
+    # rc variables used by various features
+
+    # the 'info' command prints this as additional info, if it is set
+        # SITE_INFO                 =>  'Please see http://blahblah/gitolite for more help',
+
+    # the 'desc' command uses this
+        # WRITER_CAN_UPDATE_DESC    =>  1,
+
+    # the CpuTime feature uses these
+        # display user, system, and elapsed times to user after each git operation
+        # DISPLAY_CPU_TIME          =>  1,
+        # display a warning if total CPU times (u, s, cu, cs) crosses this limit
+        # CPU_TIME_WARN_LIMIT       =>  0.1,
+
+    # the Mirroring feature needs this
+        # HOSTNAME                  =>  "foo",
+
+    # if you enabled 'Shell', you need this
+        # SHELL_USERS_LIST          =>  "$ENV{HOME}/.gitolite.shell-users",
+
+    # ------------------------------------------------------------------
+
+    # suggested locations for site-local gitolite code (see cust.html)
+
+        # this one is managed directly on the server
+        # LOCAL_CODE                =>  "$ENV{HOME}/local",
+
+        # or you can use this, which lets you put everything in a subdirectory
+        # called "local" in your gitolite-admin repo.  For a SECURITY WARNING
+        # on this, see http://gitolite.com/gitolite/cust.html#pushcode
+        # LOCAL_CODE                =>  "$rc{GL_ADMIN_BASE}/local",
+
+    # ------------------------------------------------------------------
+
+    # List of commands and features to enable
+
+    ENABLE => [
+
+        # COMMANDS
+
+            # These are the commands enabled by default
+            'help',
+            'desc',
+            'info',
+            'perms',
+            'writable',
+
+            # Uncomment or add new commands here.
+            # 'create',
+            # 'fork',
+            # 'mirror',
+            # 'sskm',
+            # 'D',
+
+        # These FEATURES are enabled by default.
+
+            # essential (unless you're using smart-http mode)
+            'ssh-authkeys',
+
+            # creates git-config enties from gitolite.conf file entries like 'config foo.bar = baz'
+            'git-config',
+
+            # creates git-daemon-export-ok files; if you don't use git-daemon, comment this out
+            'daemon',
+
+            # creates projects.list file; if you don't use gitweb, comment this out
+            'gitweb',
+
+        # These FEATURES are disabled by default; uncomment to enable.  If you
+        # need to add new ones, ask on the mailing list :-)
+
+        # user-visible behaviour
+
+            # prevent wild repos auto-create on fetch/clone
+            # 'no-create-on-read',
+            # no auto-create at all (don't forget to enable the 'create' command!)
+            # 'no-auto-create',
+
+            # access a repo by another (possibly legacy) name
+            # 'Alias',
+
+            # give some users direct shell access
+            # 'Shell',
+
+            # set default roles from lines like 'option default.roles-1 = ...', etc.
+            # 'set-default-roles',
+
+        # system admin stuff
+
+            # enable mirroring (don't forget to set the HOSTNAME too!)
+            # 'Mirroring',
+
+            # allow people to submit pub files with more than one key in them
+            # 'ssh-authkeys-split',
+
+            # selective read control hack
+            # 'partial-copy',
+
+            # manage local, gitolite-controlled, copies of read-only upstream repos
+            # 'upstream',
+
+            # updates 'description' file instead of 'gitweb.description' config item
+            # 'cgit',
+
+            # allow repo-specific hooks to be added
+            # 'repo-specific-hooks',
+
+        # performance, logging, monitoring...
+
+            # be nice
+            # 'renice 10',
+
+            # log CPU times (user, system, cumulative user, cumulative system)
+            # 'CpuTime',
+
+        # syntactic_sugar for gitolite.conf and included files
+
+            # allow backslash-escaped continuation lines in gitolite.conf
+            # 'continuation-lines',
+
+            # create implicit user groups from directory names in keydir/
+            # 'keysubdirs-as-groups',
+
+            # allow simple line-oriented macros
+            # 'macros',
+
+    ],
+
+);
+
+# ------------------------------------------------------------------------------
+# per perl rules, this should be the last line in such a file:
+1;
+
+# Local variables:
+# mode: perl
+# End:
+# vim: set syn=perl:
diff --git a/vars/defaults.yml b/vars/defaults.yml
@@ -144,8 +144,9 @@ paste_db_username: paste
 # redmine
 redmine_version: 2.6.0
 redmine_domain: "projects.{{ domain }}"
-redmine_system_username: redmine
 redmine_db_database: redmine
 redmine_db_username: redmine
 #redmine_db_password: (required)
 redmine_language: en
+redmine_git_hosting_version: 0.7.8
+