Webarchitects OpenProject Ansible Role

Currently this role only installs OpenProject, configuration needs to be done using the wizard:

sudo openproject configure

Manually configure outgoing email so that a password reset can be sent for the admin account:

openproject config:set OPENPROJECT_EMAIL__DELIVERY__METHOD=smtp
openproject config:set OPENPROJECT_MAIL__FROM=openproject@$(hostname -f)
openproject config:set OPENPROJECT_SMTP__ADDRESS=localhost
openproject config:set OPENPROJECT_SMTP__PORT=25
openproject config:set OPENPROJECT_SMTP__DOMAIN=$(hostname -f)
openproject config:set OPENPROJECT_SMTP__AUTHENTICATION=none
openproject config:set OPENPROJECT_SMTP__ENABLE__STARTTLS__AUTO=false
openproject config:set OPENPROJECT_SMTP__OPENSSL__VERIFY__MODE=none
openproject restart

Get all the environment variables:

openproject run bundle exec rake setting:available_envs

Other settings that might need fixing:

openproject config:get OPENPROJECT_HOST__NAME
openproject config:get OPENPROJECT_HTTPS

For example:

openproject config:set OPENPROJECT_HOST__NAME=openproject.$(hostname -f)
openproject config:set OPENPROJECT_HTTPS=true

This role doesn't upgrade OpenProject but it does update the apt config so that it can then be done manually:

apt-get install --only-upgrade openproject
openproject configure

See the upgrade instructions and version release notes.

Notes

• The upgrade to OpenProject 13.4.0 required the following to be run:

sudo -i
su - postgresql
psql openproject
GRANT CREATE ON SCHEMA public TO openproject;
\q
exit
exit

• The default Apache config doesn't work with Let's Encrypt and the Includes for non existant files causes a problem, the following config with the users role replicates the Apache config provided by OpenProject:

users:
  openproject:
    users_apache_virtual_hosts:
      openproject:
        users_apache_server_name: "{{ inventory_hostname }}"
        users_apache_vhost_docroot: false
        users_apache_expires: medium
        users_apache_directories:
          "/opt/openproject/public":
            users_apache_override:
              - "None"
            users_apache_options:
              - "-Indexes"
        users_apache_headers:
          - type: request
            action: setifempty
            arg: X-Forwarded-Proto https
        users_apache_alias:
          - url: /assets
            path: /opt/openproject/public/assets
          - url: /uploads
            path: /opt/openproject/public/uploads
        users_apache_locations:
          - location: "/"
            proxy_pass: http://127.0.0.1:6000/
            reverse: true
          - location: "/assets"
            proxy_pass: "!"
          - match: "^/sys"
            authname: Local connections only
            authtype: None
            require:
              - local
    users_editor: vim
    users_home_mode: "0755"
    users_shell: /bin/bash
    users_skel: /usr/local/etc/skel.d/www
    users_state: present
    users_system: true

TODO

• The /etc/openproject/installer.dat file could be created by this role and openproject configure could be run, see #1.

Repository

The primary URL of this repo is https://git.coop/webarch/openproject however it is also mirrored to GitHub and available via Ansible Galaxy.

If you use this role please use a tagged release, see the release notes.

Copyright

Copyright 2023-2024 Chris Croome, <[email protected]>.

This role is released under the same terms as Ansible itself, the GNU GPLv3.