add experimental rocket.chat role

roles/rocketchat/DESIGN.md

@@ -0,0 +1,14 @@
+# Design Description for Rocket.Chat Role
+
+This role installs Rocket.Chat using the official "manual installation".
+
+MongoDB is installed using the official upstream debian packages. The most-recent version is used automatically.
+
+Node.js v12.x is installed using the official upstream debian packages.
+
+https://docs.rocket.chat/installing-and-updating/manual-installation/debian
+https://docs.rocket.chat/installing-and-updating/manual-installation/configuring-ssl-reverse-proxy
+
+https://docs.mongodb.com/manual/tutorial/install-mongodb-on-debian/
+
+https://github.com/nodesource/distributions/blob/master/README.md

roles/rocketchat/defaults/main.yml

@@ -0,0 +1,7 @@
+rocketchat_subdomain: "chat"
+rocketchat_domain: "{{ rocketchat_subdomain }}.{{ domain }}"
+
+rocketchat_internal_port: "3042"
+
+rocketchat_version: "3.15.0"
+rocketchat_release: "https://cdn-download.rocket.chat/build/rocket.chat-{{ rocketchat_version }}.tgz"

roles/rocketchat/files/etc_mongod.conf

@@ -0,0 +1,44 @@
+# mongod.conf
+
+# for documentation of all options, see:
+#   http://docs.mongodb.org/manual/reference/configuration-options/
+
+# Where and how to store data.
+storage:
+  dbPath: /var/lib/mongodb
+  journal:
+    enabled: true
+  engine: wiredTiger
+#  mmapv1:
+#  wiredTiger:
+
+# where to write logging data.
+systemLog:
+  destination: file
+  logAppend: true
+  path: /var/log/mongodb/mongod.log
+
+# network interfaces
+net:
+  port: 27017
+  bindIp: 127.0.0.1
+
+
+# how the process runs
+processManagement:
+  timeZoneInfo: /usr/share/zoneinfo
+
+#security:
+
+#operationProfiling:
+
+replication:
+  replSetName: rs01
+
+#sharding:
+
+## Enterprise-Only Options:
+
+#auditLog:
+
+#snmp:

roles/rocketchat/handlers/main.yml

@@ -0,0 +1,5 @@
+- name: restart apache
+  service: name=apache2 state=restarted
+
+- name: restart mongod
+  service: name=mongod state=restarted

roles/rocketchat/tasks/main.yml

@@ -0,0 +1,2 @@
+---
+- include: rocketchat.yml tags=rocketchat

roles/rocketchat/tasks/rocketchat.yml

@@ -0,0 +1,140 @@
+- name: Ensure repository key for MongoDB is in place for Rocket.Chat
+  apt_key: url=https://www.mongodb.org/static/pgp/server-4.4.asc state=present
+  tags:
+    - dependencies
+
+- name: Add MongoDB repository for Rocket.Chat
+  apt_repository: repo="deb http://repo.mongodb.org/apt/debian stretch/mongodb-org/4.4 main"
+  tags:
+    - dependencies
+  when: ansible_distribution_version == '9'
+
+- name: Add MongoDB repository for Rocket.Chat
+  apt_repository: repo="deb http://repo.mongodb.org/apt/debian buster/mongodb-org/4.4 main"
+  tags:
+    - dependencies
+  when: ansible_distribution_version == '10'
+
+- name: Check if Node.js is installed
+  command: dpkg-query -l nodejs
+  register: nodejs_deb_check
+
+- name: Add Node.js repository for Rocket.Chat
+  shell: curl -fsSL https://deb.nodesource.com/setup_12.x | sudo -E bash -
+  when: nodejs_deb_check.stdout.find('no packages found') != -1
+
+- name: Install MongoDB and other Rocket.Chat dependencies
+  apt:
+    name: "{{ packages }}"
+    state: present
+    update_cache: yes
+  vars:
+    packages:
+    - build-essential
+    - mongodb-org
+    - nodejs
+    - fontconfig
+    - graphicsmagick
+  tags:
+    - dependencies
+
+- name: Install proper Node.js version and dependencies for Rocket.Chat
+  shell: sudo npm install -g inherits n && sudo n 12.18.4
+
+- name: Create temporary Rocket.Chat directory
+  file: state=directory path=/root/rocketchat
+
+- name: Download Rocket.Chat {{ rocketchat_version }} release
+  get_url:
+    url="{{ rocketchat_release }}"
+    dest=/root/rocketchat/rocketchat-{{ rocketchat_version }}.tar.gz
+
+- name: Check if temporary Rocket.Chat {{ rocketchat_version }} directory already exists
+  stat:
+    path: /root/rocketchat/{{ rocketchat_version }}
+  register: rocketchat_unpack_check
+
+- name: Create temporary Rocket.Chat {{ rocketchat_version }} directory
+  file: state=directory path=/root/rocketchat/{{ rocketchat_version }}
+
+- name: Unpack Rocket.Chat {{ rocketchat_version }} source
+  shell: tar xzvf /root/rocketchat/rocketchat-{{ rocketchat_version }}.tar.gz -C /root/rocketchat/{{ rocketchat_version }}
+  args:
+    chdir: /root/rocketchat
+    creates: /root/rocketchat/{{ rocketchat_version }}/bundle
+
+- name: Install Rocket.Chat {{ rocketchat_version }} source
+  shell: cd /root/rocketchat/{{ rocketchat_version }}/bundle/programs/server && npm install --unsafe-perm
+  when: not rocketchat_unpack_check.stat.exists
+
+- name: Create /usr/local/bin/Rocket.Chat
+  file: state=directory path=/usr/local/bin/Rocket.Chat
+
+- name: Stop old Rocket.Chat instance
+  service: name=rocketchat state=stopped
+  ignore_errors: True
+
+- name: Copy Rocket.Chat to /usr/local/bin/Rocket.Chat
+  shell: cp -R /root/rocketchat/{{ rocketchat_version }}/bundle/. /usr/local/bin/Rocket.Chat/
+
+- name: Add rocketchat group
+  group:
+    name: rocketchat
+    state: present
+
+- name: Add rocketchat user
+  user:
+    name: rocketchat
+    create_home: no
+    shell: /bin/bash
+    password_lock: yes
+    state: present
+    system: yes
+    group: rocketchat
+
+- name: Fix Rocket.Chat permissions
+  shell: sudo chown -R rocketchat:rocketchat /usr/local/bin/Rocket.Chat
+
+- name: Create the Rocket.Chat service file
+  template:
+    src=lib_systemd_system_rocketchat.j2
+    dest=/lib/systemd/system/rocketchat.service
+    owner=root
+    group=root
+
+- name: Add modified MongoDB config file for Rocket.Chat
+  copy:
+    src=etc_mongod.conf
+    dest=/etc/mongod.conf
+    owner=root
+    group=root
+  notify: restart mongod
+
+- name: Register new MongoDB service for Rocket.Chat
+  systemd: name=mongod daemon_reload=yes enabled=yes
+
+- name: Start new MongoDB instance for Rocket.Chat
+  service: name=mongod state=restarted
+
+- name: Initiate MongoDB replication set for Rocket.Chat
+  shell: sudo mongo --eval "if (rs.status().codeName == \"NotYetInitialized\") printjson(rs.initiate())"
+
+- name: Register new Rocket.Chat service
+  systemd: name=rocketchat daemon_reload=yes enabled=yes
+
+- name: Start new Rocket.Chat instance
+  service: name=rocketchat state=started
+
+- name: Create the Apache Rocket.Chat sites config files
+  template:
+    src=etc_apache2_sites-available_rocketchat.j2
+    dest=/etc/apache2/sites-available/rocketchat_{{ item.name }}.conf
+    owner=root
+    group=root
+  notify: restart apache
+  with_items: "{{ virtual_domains }}"
+
+- name: Enable Apache sites (creates new sites-enabled symlinks)
+  command: a2ensite rocketchat_{{ item }}.conf creates=/etc/apache2/sites-enabled/rocketchat_{{ item }}.conf
+  notify: restart apache
+  with_items: "{{ virtual_domains | json_query('[*].name') }}"

roles/rocketchat/templates/etc_apache2_sites-available_rocketchat.j2

@@ -0,0 +1,29 @@
+<VirtualHost *:80>
+    ServerName {{ rocketchat_subdomain }}.{{ item.name }}
+
+    Redirect temp / https://{{ rocketchat_subdomain }}.{{ item.name }}/
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName {{ rocketchat_subdomain }}.{{ item.name }}
+
+    SSLEngine               On
+    Options                 -Indexes
+    HostnameLookups         Off
+    LogLevel                warn
+    ErrorLog                /var/log/apache2/rocketchat.info-error_log
+    CustomLog               /var/log/apache2/rocketchat.info-access_log common
+
+
+    RewriteEngine On
+    RewriteCond %{HTTP:CONNECTION} Upgrade [NC]
+    RewriteCond %{HTTP:Upgrade} =websocket [NC]
+    RewriteRule /(.*)           ws://localhost:{{ rocketchat_internal_port }}/$1 [P,L]
+    RewriteCond %{HTTP:Upgrade} !=websocket [NC]
+    RewriteRule /(.*)           http://localhost:{{ rocketchat_internal_port }}/$1 [P,L]
+
+    ProxyRequests           Off
+    ProxyPreserveHost       On
+    ProxyPass               / http://localhost:{{ rocketchat_internal_port }}/
+    ProxyPassReverse        / http://localhost:{{ rocketchat_internal_port }}/
+</VirtualHost>

roles/rocketchat/templates/lib_systemd_system_rocketchat.j2

@@ -0,0 +1,12 @@
+[Unit]
+Description=The Rocket.Chat server
+After=network.target remote-fs.target nss-lookup.target apache2.service mongod.service
+[Service]
+ExecStart=/usr/local/bin/node /usr/local/bin/Rocket.Chat/main.js
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=rocketchat
+User=rocketchat
+Environment=MONGO_URL=mongodb://localhost:27017/rocketchat?replicaSet=rs01 MONGO_OPLOG_URL=mongodb://localhost:27017/local?replicaSet=rs01 ROOT_URL=https://{{ rocketchat_domain }}/ PORT={{ rocketchat_internal_port }}
+[Install]
+WantedBy=multi-user.target