diff options
Diffstat (limited to 'ansible')
-rw-r--r-- | ansible/odoo/README.md | 14 | ||||
-rw-r--r-- | ansible/odoo/docker/Dockerfile | 10 | ||||
-rw-r--r-- | ansible/odoo/docker/Makefile | 6 | ||||
-rwxr-xr-x | ansible/odoo/docker/set-admin-passwd.sh | 15 | ||||
-rw-r--r-- | ansible/odoo/group_vars/all/vault.yml | 22 | ||||
-rw-r--r-- | ansible/odoo/odoo.yml | 25 | ||||
-rw-r--r-- | ansible/odoo/restart.yml | 0 |
7 files changed, 85 insertions, 7 deletions
diff --git a/ansible/odoo/README.md b/ansible/odoo/README.md new file mode 100644 index 0000000..b91871b --- /dev/null +++ b/ansible/odoo/README.md @@ -0,0 +1,14 @@ +Creating new passwords: + + > python + import passlib.hash + password = "123" + passlib.hash.pbkdf2_sha512.hash(password, rounds=25000) + + +Testing passwords: + + grep admin_password /etc/odoo/odoo.conf + mysalt = "gzDG.J.TkrKWstaa03qPEQ" + mypassword = "123" + passlib.hash.pbkdf2_sha512.hash(mypassword, salt=passlib.utils.binary.ab64_decode(mysalt), rounds=25000) diff --git a/ansible/odoo/docker/Dockerfile b/ansible/odoo/docker/Dockerfile new file mode 100644 index 0000000..130adea --- /dev/null +++ b/ansible/odoo/docker/Dockerfile @@ -0,0 +1,10 @@ +FROM odoo:12 + +RUN pip3 install phonenumbers +COPY ./set-admin-passwd.sh / +VOLUME ["/var/lib/odoo", "/mnt/extra-addons"] + +EXPOSE 8069 8072 +USER odoo +ENTRYPOINT ["/set-admin-passwd.sh"] +CMD ["odoo"] diff --git a/ansible/odoo/docker/Makefile b/ansible/odoo/docker/Makefile new file mode 100644 index 0000000..d399777 --- /dev/null +++ b/ansible/odoo/docker/Makefile @@ -0,0 +1,6 @@ +TAG=trygvis/odoo:12 + +all: + docker pull odoo:12 + docker build -t $(TAG) . + docker push $(TAG) diff --git a/ansible/odoo/docker/set-admin-passwd.sh b/ansible/odoo/docker/set-admin-passwd.sh new file mode 100755 index 0000000..4c363b1 --- /dev/null +++ b/ansible/odoo/docker/set-admin-passwd.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +set -euo pipefail + +: ${ADMIN_PASSWD:=`< /dev/urandom tr -dc A-Za-z0-9 | head -c16; echo`} + +# /etc/odoo is owned by root, can't create new files. +TMPFILE=$(mktemp) +sed -e "/^admin_passwd/d" \ + -e "$ a admin_passwd = $ADMIN_PASSWD" \ + $ODOO_RC > $TMPFILE +cat $TMPFILE > $ODOO_RC +rm -f $TMPFILE + +exec /entrypoint.sh "${@}" diff --git a/ansible/odoo/group_vars/all/vault.yml b/ansible/odoo/group_vars/all/vault.yml new file mode 100644 index 0000000..51fc326 --- /dev/null +++ b/ansible/odoo/group_vars/all/vault.yml @@ -0,0 +1,22 @@ +$ANSIBLE_VAULT;1.1;AES256 +33376165656465643937383762303633323963333639363264336433333632663665383761303862 +3865383832383637343835333335666539636535353836310a383837623134306333323134366534 +31656331313934616432363965373866663563616361303531353139616133613266346237623330 +6365316338613965390a636336303734653961613964366532383735366536383132343165376338 +36333263313832376339356365613363326665363861653338333765613934626262323563393934 +33656437616134316132623665353330633838313262653831663665636138613538373330316664 +31306534623263386537363034313838303037643862663630336433666533316634393639343362 +34353862643162383337333163366538326466386534343133646565636565316632343964353533 +37393266336438613838346132306135363138666337366233303436643366646230643830393538 +37303830613662383363343330383966323661333761393237343361363265383065626238366363 +30353532346663613033373966623734636533623861333766663035316462326264333634303531 +33343934623034363731613966616631336330366364613961323266373739323461376264623737 +66316332643364633765303133623130613736643830666661623131366338663465333966306464 +61376463626636636437633266303534383634393039613364623262646562303439333239376133 +63666338366434363137633331343364353966303538336266363762666636343065373339353037 +35373933313664663632613935333535643530386364336563313764323665633934316365323331 +65663735366234336533306630383830366633383532373032663835613336613932373162613462 +35646134316462643936653631623537383036663361373437633561613334626133373136376530 +34383539363462613635376232363534653230643639323964613639303639363030316466333237 +32373539646566383937383761666462633937343435613631636261616137343766363235373139 +6235 diff --git a/ansible/odoo/odoo.yml b/ansible/odoo/odoo.yml index 6897034..d018bf8 100644 --- a/ansible/odoo/odoo.yml +++ b/ansible/odoo/odoo.yml @@ -1,5 +1,12 @@ - hosts: - numquam + vars: + container_name: odoo + docker_tag: trygvis/odoo:12 + # Maximum allowed CPU time per request (default 60). + limit_time_cpu: 120 + # Maximum allowed Real time per request (default 120). + limit_time_real: 500 tasks: - become: yes file: @@ -17,25 +24,29 @@ [Service] TimeoutStartSec=0 Restart=always - ExecStartPre=-/usr/bin/docker stop odoo - ExecStartPre=-/usr/bin/docker rm odoo - ExecStartPre=/usr/bin/docker pull odoo + ExecStartPre=-/usr/bin/docker stop {{ container_name }} + ExecStartPre=-/usr/bin/docker rm {{ container_name }} + ExecStartPre=/usr/bin/docker pull {{ docker_tag }} ExecStart=/usr/bin/docker run \ -e HOST=172.17.0.1 \ -e PORT=5432 \ -e USER=odoo \ -e PASSWORD=odoo \ + -e ADMIN_PASSWD={{ admin_passwd }} \ -p 8069:8069 \ --mount source=odoo-data,target=/var/lib/odoo \ --mount source=odoo-extra-addons,target=/mnt/extra-addons \ - --name odoo -t \ - odoo \ + -t \ + --name {{ container_name }} \ + {{ docker_tag }} \ --workers=5 \ --http-port=8069 \ --longpolling-port=8070 \ --email-from=odoo@trygvis.io \ --smtp=172.17.0.1 \ - --proxy-mode + --proxy-mode \ + --limit-time-cpu={{ limit_time_cpu }} \ + --limit-time-real={{ limit_time_real }} \ [Install] WantedBy=multi-user.target @@ -58,4 +69,4 @@ unit: docker.odoo.service enabled: yes state: restarted - when: service_file.changed + when: service_file.changed or force_restart diff --git a/ansible/odoo/restart.yml b/ansible/odoo/restart.yml new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/ansible/odoo/restart.yml |