Skip to content

Latest commit

 

History

History
122 lines (104 loc) · 4.6 KB

README.md

File metadata and controls

122 lines (104 loc) · 4.6 KB

Passbolt

Ansible role to install and configure passbolt app on RHEL/CentOS (for now) based distro.

Role Variables

These are settable variables for this role and are pre-defined into defaults/main.yml with default values. You might need to override them according to your need. Most of them are not suitable for a production environment.

Base variables

passbolt_version: # Defines app release version
passbolt_archive: # Defines app archive full name
passbolt_dl_url: # Defines download url to retrieve and install app

Variables related to PHP-fpm configuration

passbolt_php_fpm_includedir: # Defines php-fpm pools config directory
passbolt_php_fpm_pool: # Defines app pool config absolute path
passbolt_php_fpm_user: # Defines which user php-fpm will run the app from
passbolt_php_fpm_group: # Defines which group php-fpm will run the app from
passbolt_php_fpm_owner: # Defines the owner of php-fpm socket
passbolt_php_fpm_group: # Defines the group of php-fpm socket
passbolt_php_fpm_mode: # Defines the mode of php-fpm socket (mostly if using file-based socket)
passbolt_php_fpm_whitelist: # Defines a list of IP/hostname to allow to talk to php-fpm
passbolt_php_fpm_listen: # Defines php-fpm socket method (file-based, host:port, etc)
passbolt_php_fpm_listen_port: # Defines php-fpm socket port when not using `unix:`-based uri from passbolt_php_fpm_listen

Variable related to database setup

passbolt_dbhost: # Defines database server hostname to conntect to
passbolt_dbuser: # Defines database user
passbolt_dbpass: # Defines database password
passbolt_dbname: # Defines database name to connect to

Variables related to SMTP setup

passbolt_smtp_host: # Defines SMTP server hostname to connect to
passbolt_smtp_port: # Defines SMTP server port
passbolt_smtp_auth: # Defines SMTP authentication method (TLS, SSL). Leave it blank for none.
passbolt_smtp_user: # Defines SMTP user (if authentication is set)
passbolt_smtp_pass: # Defines SMTP password (if authentication is set)
passbolt_smtp_timeout: # Defines SMTP connection timeout allowed
passbolt_smtp_sender: # Defines name of the sender
passbolt_smtp_sender_email: # Defines email of the sender

passbolt_error_report: # Defines if app has to send out any catched SQL error
passbolt_error_report_email: # Defines recipient to send notification out

Dependencies

  • geerlingguy.repo-remi When variable passbolt_install_php is true.

  • jdauphant.nginx When variable passbolt_install_webserver is true.

  • geerlingguy.php when variable passbolt_install_php is true.

  • geerlingguy.mysql When variable passbolt_install_dbserver is true.

Note that if you manage to use different roles than those above, consider setting those variable to False and make sure to run and deploy them first.

Also, you may replace nginx web server by apache or else if this is what your infrastructure is running for. This role doesn't come with a pre-defined web configuration. It's set through NGINX variables provided by this role (see tests/test.yml for more details).

Example Playbook

    - hosts: vault-servers
      vars:
        nginx_sites:
            passbolt:
                - listen 443 ssl
                - server_name vault.domain.tld
                - ssl_certificate     /etc/ssl/domain.tld.cert
                - ssl_certificate_key /etc/ssl/domain.tld.key
                - server_tokens off
                - root "{{ passbolt_webroot }}"
                - location / { try_files $uri /index.php$is_args$args; }
                - location ~ \.php(/|$) {
                  fastcgi_pass {{ passbolt_php_fpm_listen }};
                  fastcgi_split_path_info ^(.+\.php)(/.*)$;
                  fastcgi_read_timeout 500;
                  include fastcgi_params;
                  fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
                  fastcgi_param SERVER_NAME $http_host;
                  fastcgi_param DOCUMENT_ROOT $realpath_root;
                  internal;
                  }
      roles:
         - {
            role: laxathom.passbolt
        }

Testing

  • Host requirements
    • docker engine. Make sure it's installed and running.

Set up ansible env

printf '[defaults]\nroles_path=../\nhost_key_checking = False' > ansible.cfg

Install tests requirement

% ansible-galaxy install -r tests/requirements.yml -p tests/roles

then run the playbook for deployment test

% sudo ansible-playbook -vv -i tests/inventory tests/test.yml

Once done, you should be able to hit the deployed & running application at http://localhost:8080/