From 6e7e5a9cd751a6ee3a4a19a48236680d99355082 Mon Sep 17 00:00:00 2001 From: marsante Date: Fri, 22 Nov 2024 17:05:28 +0100 Subject: [PATCH] change: Vagrant organization --- .gitignore | 3 +- Vagrantfile | 24 ++- tools/vagrant/README.md | 6 +- tools/vagrant/main.yml | 257 +++---------------------------- tools/vagrant/requirements.yml | 3 + tools/vagrant/secrets-sample.yml | 66 +++----- 6 files changed, 64 insertions(+), 295 deletions(-) create mode 100644 tools/vagrant/requirements.yml diff --git a/.gitignore b/.gitignore index a7c2bbb8..c3b23340 100644 --- a/.gitignore +++ b/.gitignore @@ -20,4 +20,5 @@ config/config.yml public_html/thirdparty public_html/MEDSHAKEEHRPATH tools/docker/.env -tools/docker/orthanc.json \ No newline at end of file +tools/docker/orthanc.json +tools/vagrant/roles \ No newline at end of file diff --git a/Vagrantfile b/Vagrantfile index 10b6473e..05d52b0c 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -1,5 +1,5 @@ Vagrant.configure("2") do |config| - config.vm.box = "debian/bookworm64va" + config.vm.box = "generic/debian12" config.vm.define "msehr" config.vm.hostname = "msehr.local" config.vm.network "private_network", ip: "192.168.56.4" @@ -9,16 +9,26 @@ Vagrant.configure("2") do |config| # config.vm.network "public_network" config.vm.provision "ansible" do |ansible| ansible.playbook = "tools/vagrant/main.yml" + ansible.galaxy_role_file = "tools/vagrant/requirements.yml" + ansible.raw_arguments = ['-D'] end # Pour personnaliser les spécifications de la machine - config.vm.provider "virtualbox" do |v| - v.memory = 512 - v.cpus = 2 - end config.vm.provider "libvirt" do |lb| + # for ubuntu2204 1024 + lb.memory = 512 + lb.cpus = 1 + end + + config.vm.provider "qemu" do |qe| + # for ubuntu2204 1024 + qe.memory = 512 + qe.cpus = 1 + end + + config.vm.provider "virtualbox" do |v| # for ubuntu2204 1024 - lb.memory = 512 - lb.cpus = 2 + v.memory = 512 + v.cpus = 1 end # Pour personnaliser sa clef ssh # config.ssh.insert_key = false diff --git a/tools/vagrant/README.md b/tools/vagrant/README.md index 6d8fab48..55bd4e45 100644 --- a/tools/vagrant/README.md +++ b/tools/vagrant/README.md @@ -1,6 +1,6 @@ ## Prérequis - Avoir [VirtualBox](https://www.virtualbox.org/wiki/Downloads), [Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) > 2.9 et [Vagrant](https://www.vagrantup.com/docs/installation) de configuré sur votre machine. -- Crée dans un but de démo ou de développement, ne pas utiliser en production avec des données réelles sans ajouter des paramètres de sécurité (mot de passe fort, contrôle d'accès). +- Crée dans un but de démo ou de développement, ne pas utiliser en production avec des données réelles sans ajouter des paramètres de sécurité (mot de passe fort, contrôle d'accès, désactivation du mode testing). ## Installation - Cloner le projet. @@ -15,13 +15,11 @@ nano secrets.yml - Taper la commande suivante `vagrant up`. - A la fin de l'exécution de la commande, ouvrir le navigateur se rendre à l'adresse suivante `http://192.168.56.4/install.php`. - Vous pouvez finir la configuration de MedShakeEHR. -- Dans l'écran de configuration rapide cochez la case : `Ne pas créer la base de donnée` -- Le nom d'utilisateur et le mot de passe utilisateur correspondent à ce que vous avez choisi pour les variables `sqlUserAccount:` et `sqlUserPassword:` - [Documentation de MedShakeEHR](https://www.logiciel-cabinet-medical.fr/documentation-technique/) ## Modifications de la configuration - si vous avez installé au préalable `vagrant-hostsupdater`, vous pouvez directement taper msehr.local dans la barre d'adresse. -- si vous avez libvirt et virtualbox d'installés sur la même machine, précisez `--provider virtualbox` ou `--provider libvirt`. +- si vous avez libvirt ou qemu et virtualbox d'installés sur la même machine, précisez `--provider virtualbox` ou `--provider libvirt` ou `--provider qemu`. - pour libvirt je vous conseille de changer l'adresse du `private network` pour éviter les conflits avec virtualbox - Pour arrêter la machine virtuelle taper `vagrant halt`. - Pour détruire les fichiers de la machine virtuelle taper `vagrant destroy`. diff --git a/tools/vagrant/main.yml b/tools/vagrant/main.yml index 1ea4c0d8..deef1d75 100644 --- a/tools/vagrant/main.yml +++ b/tools/vagrant/main.yml @@ -1,250 +1,33 @@ --- -- hosts: msehr - become: yes - vars_files: +- name: Install MedShakeEHR on Vagrant VM + hosts: msehr + become: true + vars_files: - secrets.yml + pre_tasks: + - name: Update APT cache & Upgrade OS + ansible.builtin.apt: + update_cache: true + cache_valid_time: 3600 + upgrade: dist + roles: + - { role: marsante.medshakeehr } tasks: - - name: Set timezone - timezone: - name: "{{ timezone }}" - - - name: Install packages - apt: - name: "{{ msehrPackages }}" - update_cache: yes - state: latest - - - name: - ufw: - state: enabled - rule: allow - name: '{{ item }}' - loop: - - OpenSSH - - WWW Full - - - name: create APT auto-upgrades configuration - template: - src: templates/20auto-upgrades.j2 - dest: /etc/apt/apt.conf.d/20auto-upgrades - owner: root - group: root - mode: 0644 - - - name: create unattended-upgrades configuration - template: - src: templates/50unattended-upgrades.j2 - dest: /etc/apt/apt.conf.d/50unattended-upgrades - owner: root - group: root - mode: 0644 - - - name: sync sources with working directory - copy: + - name: Sync sources with working directory + ansible.builtin.copy: src: /vagrant/ - dest: /opt/ehr - remote_src: yes - directory_mode: yes + dest: "{{ msehr_dir }}" + remote_src: true + directory_mode: true + mode: preserve when: stage == "testing" - name: Add good permissions and ownership to medshakeehr folder ansible.builtin.file: - path: /opt/ehr + path: "{{ msehr_dir }}" state: directory - recurse: yes + recurse: true owner: www-data group: "{{ user }}" mode: '0755' - - - name: check if MedShakeEHR exist - stat: - path: opt/ehr/public_html - register: msehr - - - name: Creating MEDSHAKEEHRPATH file - copy: - dest: /opt/ehr/public_html/MEDSHAKEEHRPATH - content: | - /opt/ehr - owner: www-data - group: "{{user}}" - mode: '0755' - when: not msehr.stat.exists - - - name: Composer upgrade on /ehr - shell: cd /opt/ehr && composer upgrade --no-cache - become: yes - become_user: www-data - - - name: Composer upgrade on /ehr/public_html - shell: cd /opt/ehr/public_html && composer upgrade --no-cache - become: yes - become_user: www-data - - - name: register php version - shell: 'php -r "echo PHP_VERSION;" | cut -c1-3' - register: php_version - - - name: Setup php.ini configuration. - template: - src: templates/php.ini.j2 - dest: "/etc/php/{{ php_version.stdout }}/apache2/php.ini" - owner: root - group: root - mode: 0644 - - - name: Creates SSL directory - file: - path: "/etc/ssl/{{ domain }}" - state: directory - recurse: yes - owner: root - group: root - mode: '0755' - - - name: create private key - openssl_privatekey: - path: "/etc/ssl/{{ domain }}/{{ domain }}.key" - size: 4096 - state: present - - - name: Generate an OpenSSL Certificate Signing Request with Subject information - openssl_csr: - path: "/etc/ssl/{{ domain }}/{{ domain }}.csr" - privatekey_path: "/etc/ssl/{{ domain }}/{{ domain }}.key" - country_name: "{{ countryName }}" - locality_name: "{{ localityName }}" - organization_name: "{{ organizationName }}" - email_address: "{{ emailAdress }}" - common_name: "{{ domain }}" - subject_alt_name: 'DNS:"{{ domain }}"' - state: present - - - name: Generate a Self Signed OpenSSL certificate - openssl_certificate: - path: "/etc/ssl/{{ domain }}/{{ domain }}.pem" - privatekey_path: "/etc/ssl/{{ domain }}/{{ domain }}.key" - csr_path: "/etc/ssl/{{ domain }}/{{ domain }}.csr" - provider: selfsigned - selfsigned_not_after: +3650d - state: present - - - name: Setup vhosts configuration. - template: - src: templates/msehr.vhost.conf.j2 - dest: "/etc/apache2/sites-available/{{ domain }}.conf" - owner: root - group: root - mode: 0644 - - - name: Enabled mod_rewrite, mod_headers and mod_ssl - apache2_module: - state: present - name: "{{ item }}" - with_items: - - headers - - rewrite - - ssl - notify: Restart Apache - - - name: deregister default vhosts - command: a2dissite {{item}} - with_items: - - 000-default.conf - - default-ssl.conf - notify: Restart Apache - - - name: register default vhosts - command: a2ensite {{item}} - with_items: - - "{{ domain }}" - notify: Restart Apache - - - name: Set ServerTokens Prod - lineinfile: - path: /etc/apache2/conf-available/security.conf - regexp: '^ServerTokens OS' - line: ServerTokens Prod - state: present - notify: Restart Apache - - - name: Set ServerSignature Off - lineinfile: - path: /etc/apache2/conf-available/security.conf - regexp: '^ServerSignature On' - line: ServerSignature Off - state: present - notify: Restart Apache - - - name: Set the root password - mysql_user: login_user=root login_password="{{ sqlRootPassword }}" user=root password="{{ sqlRootPassword }}" - - - name: Secure the root user for IPV6 localhost (::1) - mysql_user: login_user=root login_password="{{ sqlRootPassword }}" user=root password="{{ sqlRootPassword }}" host="::1" - - - name: Secure the root user for IPV4 localhost (127.0.0.1) - mysql_user: login_user=root login_password="{{ sqlRootPassword }}" user=root password="{{ sqlRootPassword }}" host="127.0.0.1" - - - name: Secure the root user for localhost domain - mysql_user: login_user=root login_password="{{ sqlRootPassword }}" user=root password="{{ sqlRootPassword }}" host="localhost" - - - name: Secure the root user for server_hostname domain - mysql_user: login_user=root login_password="{{ sqlRootPassword }}" user=root password="{{ sqlRootPassword }}" host="{{ ansible_fqdn }}" - - - name: Deletes anonymous server user - mysql_user: login_user=root login_password="{{ sqlRootPassword }}" user="" host_all=yes state=absent - - - name: Removes the test database - mysql_db: login_user=root login_password="{{ sqlRootPassword }}" db=test state=absent - - - name: Create database user with password and all database privileges and 'WITH GRANT OPTION' - mysql_user: - name: "{{ sqlUserAccount }}" - password: "{{ sqlUserPassword }}" - login_user: root - login_password: "{{ sqlRootPassword }}" - priv: 'medshakeehr.*:ALL,GRANT' - state: present - - - name: Ensure MedShakeEHR database is present. - mysql_db: - name: "{{ sqlDbName }}" - login_user: "{{ sqlUserAccount }}" - login_password: "{{ sqlUserPassword }}" - collation: utf8_general_ci - encoding: utf8 - state: present - - - name: Gather package facts - package_facts: - manager: apt - - - name: Setup orthanc configuration. - template: - src: templates/orthanc.conf.j2 - dest: "/etc/orthanc/orthanc.json" - owner: root - group: root - mode: 0644 - when: "'orthanc' in ansible_facts.packages" - - - name: check if config.yml exist - stat: - path: /opt/ehr/config/config.yml - register: ymlconfig - - - name: Execute MedShakeEHR cli installation script - shell: "/usr/bin/php /opt/ehr/public_html/install.php -s localhost -N -d {{ sqlDbName }} -u {{ sqlUserAccount }} -p \"{{ sqlUserPassword }}\" -r https -D {{ domain }}" - become: true - become_user: www-data - environment: - MEDSHAKEEHRPATH: /opt/ehr - when: not ymlconfig.stat.exists - - handlers: - - name: Restart Apache - service: - name: apache2 - state: restarted - diff --git a/tools/vagrant/requirements.yml b/tools/vagrant/requirements.yml new file mode 100644 index 00000000..5a6c0457 --- /dev/null +++ b/tools/vagrant/requirements.yml @@ -0,0 +1,3 @@ +--- +roles: + - name: marsante.medshakeehr diff --git a/tools/vagrant/secrets-sample.yml b/tools/vagrant/secrets-sample.yml index 37fb0a9b..16ee1e8c 100644 --- a/tools/vagrant/secrets-sample.yml +++ b/tools/vagrant/secrets-sample.yml @@ -1,50 +1,24 @@ --- user: vagrant -countryName: FR -localityName: Paris -organizationName: Dr Strange -emailAdress: email@domain.tld -sqlRootPassword: root -sqlUserAccount: user -sqlUserPassword: user -sqlDbName: medshakeehr +country_name: FR +locality_name: Paris +organization_name: Dr Strange +email_address: email@domain.tld +sql_root_password: root +sql_user: user +sql_user_password: user +sql_database: medshakeehr +# msehr_base_release: "8.1.3" +# msehr_base_repo_url: "https://codeload.github.com/MedShake/MedShakeEHR-base/tar.gz/refs/tags/" +# msehr_base_checksum: "sha256:08feee449b9a04a5ae7fedd5eecc55e237fd749b40d469a695e74f4cec06eb79" +msehr_dir: /var/www/ehr timezone: Europe/Paris -domain: msehr.local -uploadMaxFilesize: upload_max_filesize = 20M -postMaxsize: post_max_size = 20M -maxInputVars: max_input_vars = 10000 -errorReporting: error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT -displayErrors: Off -displayStartupErrors: Off +msehr_domain: msehr.local +upload_max_filesize: 20M +post_maxsize: 20M +max_input_vars: 10000 +error_reporting: 'E_ALL & ~E_DEPRECATED & ~E_STRICT' +display_errors: 'Off' +display_startup_errors: 'Off' +msehr_packages: ['acl', 'apache2', 'composer', 'curl', 'ghostscript', 'git', 'grub2', 'imagemagick', 'mariadb-server', 'ntp', 'pdftk-java', 'php', 'php-bcmath', 'php-curl', 'php-gd', 'php-gnupg', 'php-imagick', 'php-imap', 'php-intl', 'php-json', 'php-mysql', 'php-soap', 'php-xml', 'php-yaml', 'php-zip', 'python3-mysqldb', 'python3-openssl', 'ufw', 'unattended-upgrades' ] stage: "testing" -msehrPackages: - - acl - - apache2 - - composer - - curl - - ghostscript - - git - # for ubuntu2204 grub2 - - grub - - imagemagick - - mariadb-server - - ntp - - pdftk - - php - - php-bcmath - - php-curl - - php-gd - - php-gnupg - - php-imagick - - php-imap - - php-intl - - php-json - - php-mysql - - php-soap - - php-xml - - php-yaml - - php-zip - - python3-mysqldb - - python3-openssl - - ufw - - unattended-upgrades