change: Vagrant organization

.gitignore

@@ -20,4 +20,5 @@ config/config.yml
 public_html/thirdparty
 public_html/MEDSHAKEEHRPATH
 tools/docker/.env
-tools/docker/orthanc.json
+tools/docker/orthanc.json
+tools/vagrant/roles

Vagrantfile

@@ -1,5 +1,5 @@
 Vagrant.configure("2") do |config|
-  config.vm.box = "debian/bookworm64va"
+  config.vm.box = "generic/debian12"
   config.vm.define "msehr"
   config.vm.hostname = "msehr.local"
   config.vm.network "private_network", ip: "192.168.56.4"
@@ -9,16 +9,26 @@ Vagrant.configure("2") do |config|
   # config.vm.network "public_network"
   config.vm.provision "ansible" do |ansible|
       ansible.playbook = "tools/vagrant/main.yml"
+      ansible.galaxy_role_file = "tools/vagrant/requirements.yml"
+      ansible.raw_arguments = ['-D']
   end
   # Pour personnaliser les spécifications de la machine
-  config.vm.provider "virtualbox" do |v|
-      v.memory = 512
-      v.cpus = 2
-    end
   config.vm.provider "libvirt" do |lb|
+    # for ubuntu2204 1024
+    lb.memory = 512
+    lb.cpus = 1
+  end
+
+  config.vm.provider "qemu" do |qe|
+    # for ubuntu2204 1024
+    qe.memory = 512
+    qe.cpus = 1
+  end
+
+  config.vm.provider "virtualbox" do |v|
       # for ubuntu2204 1024
-      lb.memory = 512
-      lb.cpus = 2
+      v.memory = 512
+      v.cpus = 1
     end
   # Pour personnaliser sa clef ssh
   # config.ssh.insert_key = false

tools/vagrant/README.md

@@ -1,6 +1,6 @@
 ## Prérequis
 - Avoir [VirtualBox](https://www.virtualbox.org/wiki/Downloads), [Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) > 2.9 et [Vagrant](https://www.vagrantup.com/docs/installation) de configuré sur votre machine.
-- Crée dans un but de démo ou de développement, ne pas utiliser en production avec des données réelles sans ajouter des paramètres de sécurité (mot de passe fort, contrôle d'accès).
+- Crée dans un but de démo ou de développement, ne pas utiliser en production avec des données réelles sans ajouter des paramètres de sécurité (mot de passe fort, contrôle d'accès, désactivation du mode testing).
 
 ## Installation 
 - Cloner le projet.
@@ -15,13 +15,11 @@ nano secrets.yml
 - Taper la commande suivante `vagrant up`.
 - A la fin de l'exécution de la commande, ouvrir le navigateur se rendre à l'adresse suivante `http://192.168.56.4/install.php`.
 - Vous pouvez finir la configuration de MedShakeEHR.
-- Dans l'écran de configuration rapide cochez la case : `Ne pas créer la base de donnée`
-- Le nom d'utilisateur et le mot de passe utilisateur correspondent à ce que vous avez choisi pour les variables `sqlUserAccount:` et `sqlUserPassword:`
 - [Documentation de MedShakeEHR](https://www.logiciel-cabinet-medical.fr/documentation-technique/)
 
 ## Modifications de la configuration
 - si vous avez installé au préalable `vagrant-hostsupdater`, vous pouvez directement taper msehr.local dans la barre d'adresse.
-- si vous avez libvirt et virtualbox d'installés sur la même machine, précisez `--provider virtualbox` ou `--provider libvirt`. 
+- si vous avez libvirt ou qemu et virtualbox d'installés sur la même machine, précisez `--provider virtualbox` ou `--provider libvirt` ou `--provider qemu`. 
 - pour libvirt je vous conseille de changer l'adresse du `private network` pour éviter les conflits avec virtualbox
 - Pour arrêter la machine virtuelle taper `vagrant halt`.
 - Pour détruire les fichiers de la machine virtuelle taper `vagrant destroy`.

tools/vagrant/main.yml

@@ -1,250 +1,33 @@
 ---
-- hosts: msehr
-  become: yes
-  vars_files: 
+- name: Install MedShakeEHR on Vagrant VM
+  hosts: msehr
+  become: true
+  vars_files:
     - secrets.yml
+  pre_tasks:
+    - name: Update APT cache & Upgrade OS
+      ansible.builtin.apt:
+        update_cache: true
+        cache_valid_time: 3600
+        upgrade: dist
+  roles:
+    - { role: marsante.medshakeehr }
 
   tasks:
-    - name: Set timezone 
-      timezone:
-        name: "{{ timezone }}"
-
-    - name: Install packages
-      apt: 
-        name: "{{ msehrPackages }}"
-        update_cache: yes 
-        state: latest
-
-    - name: 
-      ufw:
-        state: enabled
-        rule: allow
-        name: '{{ item }}'
-      loop:
-        - OpenSSH
-        - WWW Full
-
-    - name: create APT auto-upgrades configuration
-      template:
-        src: templates/20auto-upgrades.j2
-        dest: /etc/apt/apt.conf.d/20auto-upgrades
-        owner: root
-        group: root
-        mode: 0644
-
-    - name: create unattended-upgrades configuration
-      template:
-        src: templates/50unattended-upgrades.j2
-        dest: /etc/apt/apt.conf.d/50unattended-upgrades
-        owner: root
-        group: root
-        mode: 0644
-
-    - name: sync sources with working directory
-      copy: 
+    - name: Sync sources with working directory
+      ansible.builtin.copy:
         src: /vagrant/
-        dest: /opt/ehr 
-        remote_src: yes 
-        directory_mode: yes
+        dest: "{{ msehr_dir }}"
+        remote_src: true
+        directory_mode: true
+        mode: preserve
       when: stage == "testing"
 
     - name: Add good permissions and ownership to medshakeehr folder
       ansible.builtin.file:
-        path: /opt/ehr
+        path: "{{ msehr_dir }}"
         state: directory
-        recurse: yes
+        recurse: true
         owner: www-data
         group: "{{ user }}"
         mode: '0755'
-
-    - name:  check if MedShakeEHR exist
-      stat:
-        path: opt/ehr/public_html
-      register: msehr 
-
-    - name: Creating MEDSHAKEEHRPATH file
-      copy:
-        dest: /opt/ehr/public_html/MEDSHAKEEHRPATH
-        content: |
-          /opt/ehr
-        owner: www-data
-        group: "{{user}}"
-        mode: '0755'
-      when: not msehr.stat.exists 
-
-    - name: Composer upgrade on /ehr
-      shell: cd /opt/ehr && composer upgrade --no-cache   
-      become: yes
-      become_user: www-data
-
-    - name: Composer upgrade on /ehr/public_html
-      shell: cd /opt/ehr/public_html && composer upgrade --no-cache   
-      become: yes
-      become_user: www-data
-
-    - name: register php version
-      shell: 'php -r "echo PHP_VERSION;" | cut -c1-3'
-      register: php_version
-
-    - name: Setup php.ini configuration.
-      template:
-        src: templates/php.ini.j2
-        dest: "/etc/php/{{ php_version.stdout }}/apache2/php.ini"
-        owner: root
-        group: root
-        mode: 0644
-
-    - name: Creates SSL directory
-      file:
-        path: "/etc/ssl/{{ domain }}"
-        state: directory
-        recurse: yes
-        owner: root
-        group: root
-        mode: '0755'
-
-    - name: create private key
-      openssl_privatekey:
-        path: "/etc/ssl/{{ domain }}/{{ domain }}.key"
-        size: 4096
-        state: present
-
-    - name: Generate an OpenSSL Certificate Signing Request with Subject information
-      openssl_csr:
-        path: "/etc/ssl/{{ domain }}/{{ domain }}.csr"
-        privatekey_path: "/etc/ssl/{{ domain }}/{{ domain }}.key"
-        country_name: "{{ countryName }}"
-        locality_name: "{{ localityName }}"
-        organization_name: "{{ organizationName }}"
-        email_address: "{{ emailAdress }}"
-        common_name: "{{ domain }}"
-        subject_alt_name: 'DNS:"{{ domain }}"'
-        state: present
-
-    - name: Generate a Self Signed OpenSSL certificate
-      openssl_certificate:
-        path: "/etc/ssl/{{ domain }}/{{ domain }}.pem"
-        privatekey_path: "/etc/ssl/{{ domain }}/{{ domain }}.key"
-        csr_path: "/etc/ssl/{{ domain }}/{{ domain }}.csr"
-        provider: selfsigned
-        selfsigned_not_after: +3650d
-        state: present
-
-    - name: Setup vhosts configuration.
-      template:
-        src: templates/msehr.vhost.conf.j2
-        dest: "/etc/apache2/sites-available/{{ domain }}.conf"
-        owner: root
-        group: root
-        mode: 0644
-
-    - name: Enabled mod_rewrite, mod_headers and mod_ssl
-      apache2_module: 
-        state: present
-        name: "{{ item }}" 
-      with_items:
-        - headers
-        - rewrite
-        - ssl
-      notify: Restart Apache
-
-    - name: deregister default vhosts
-      command: a2dissite {{item}} 
-      with_items:
-        - 000-default.conf 
-        - default-ssl.conf
-      notify: Restart Apache
-
-    - name: register default vhosts
-      command: a2ensite {{item}} 
-      with_items:
-        - "{{ domain }}"
-      notify: Restart Apache
-
-    - name: Set ServerTokens Prod
-      lineinfile:
-        path: /etc/apache2/conf-available/security.conf
-        regexp: '^ServerTokens OS'
-        line: ServerTokens Prod
-        state: present
-      notify: Restart Apache
-
-    - name: Set ServerSignature Off
-      lineinfile:
-        path: /etc/apache2/conf-available/security.conf
-        regexp: '^ServerSignature On'
-        line: ServerSignature Off
-        state: present
-      notify: Restart Apache
-
-    - name: Set the root password 
-      mysql_user: login_user=root login_password="{{ sqlRootPassword }}" user=root password="{{ sqlRootPassword }}"
-
-    - name: Secure the root user for IPV6 localhost (::1)
-      mysql_user: login_user=root login_password="{{ sqlRootPassword }}" user=root password="{{ sqlRootPassword }}" host="::1"
-
-    - name: Secure the root user for IPV4 localhost (127.0.0.1)
-      mysql_user: login_user=root login_password="{{ sqlRootPassword }}" user=root password="{{ sqlRootPassword }}" host="127.0.0.1"
-
-    - name: Secure the root user for localhost domain
-      mysql_user: login_user=root login_password="{{ sqlRootPassword }}" user=root password="{{ sqlRootPassword }}" host="localhost"
-
-    - name: Secure the root user for server_hostname domain
-      mysql_user: login_user=root login_password="{{ sqlRootPassword }}" user=root password="{{ sqlRootPassword }}" host="{{ ansible_fqdn }}"
-
-    - name: Deletes anonymous server user
-      mysql_user: login_user=root login_password="{{ sqlRootPassword }}" user="" host_all=yes state=absent
-
-    - name: Removes the test database
-      mysql_db: login_user=root login_password="{{ sqlRootPassword }}" db=test state=absent
-
-    - name: Create database user with password and all database privileges and 'WITH GRANT OPTION'
-      mysql_user:
-        name: "{{ sqlUserAccount }}"
-        password: "{{ sqlUserPassword }}"
-        login_user: root
-        login_password: "{{ sqlRootPassword }}"
-        priv: 'medshakeehr.*:ALL,GRANT'
-        state: present    
-
-    - name: Ensure MedShakeEHR database is present.
-      mysql_db:
-        name: "{{ sqlDbName }}"
-        login_user: "{{ sqlUserAccount }}"
-        login_password: "{{ sqlUserPassword }}"
-        collation: utf8_general_ci
-        encoding: utf8
-        state: present
-
-    - name: Gather package facts
-      package_facts:
-        manager: apt
-
-    - name: Setup orthanc configuration.
-      template:
-        src: templates/orthanc.conf.j2
-        dest: "/etc/orthanc/orthanc.json"
-        owner: root
-        group: root
-        mode: 0644
-      when: "'orthanc' in ansible_facts.packages"
-
-    - name:  check if config.yml exist
-      stat:
-        path: /opt/ehr/config/config.yml
-      register: ymlconfig 
-
-    - name: Execute MedShakeEHR cli installation script
-      shell: "/usr/bin/php /opt/ehr/public_html/install.php -s localhost -N -d {{ sqlDbName }} -u {{ sqlUserAccount }} -p \"{{ sqlUserPassword }}\" -r https -D {{ domain }}"
-      become: true
-      become_user: www-data
-      environment:
-        MEDSHAKEEHRPATH: /opt/ehr
-      when: not ymlconfig.stat.exists
-
-  handlers:
-    - name: Restart Apache
-      service:
-        name: apache2
-        state: restarted
-

tools/vagrant/requirements.yml

@@ -0,0 +1,3 @@
+---
+roles: 
+  - name: marsante.medshakeehr