Role rework, update to latest Roundcube 1.3

[ganto]

As @drybjed has started refreshing the mail stack, I thought it would finally be time to also update the roles that I contributed. Starting with the (hopefully) easier one, I reworked the Roundcube role which is currently stuck at upstream release 1.1.x so that it can finally also install the latest 1.3.0 release (Fixes #19).

I also updated the DebOps dependencies and ported the role to debops.php (Fixes #9).

I still have to check how (if) I want to support older distribution releases. At the moment the PR depends on PHP composer which is only available in stretch/xenial and newer.

[drybjed]

Very nice work! 👍 I'll look at it in a few days while working on Dovecot support.

[ganto]

@cultcom If you like, can you also have a look at the proposed changes? I didn't had time yet, to add an installation method via archive download therefore I couldn't really implement a fix for #17

I know, the PHP package installation is still kind of a mess. Unfortunately it seems that there is now way that we can still support Jessie or comparably old Ubuntu releases as their PHP dependencies are too old and they miss PHP composer. Not sure yet how to handle that. If you want to test, just make sure, that you have Debian Stretch or something comparable new.

[drybjed]

Very nice work! There are some changes I would like to see, check the other comments.

I'm fine with sticking to the Debian Stable release and dropping support for Oldstable due to composer support. It will happen sooner or later, and since the role is not yet part of the DebOps core, I think that's fine.

[drybjed]

I'm not sure how that will be parsed by yaml2rst. Perhaps a better way would be to move the list of included packages to the comment above, and make it an inline list instead of one entry for a line, which should make the comment smaller. Ditto for other instances.

[ganto]

I copied that from debops.owncloud. Will have a look at it.

[drybjed]

The convention I'm using is to have the list of packages in a variable named with a prefix, ie.:

roundcube__base_packages: [ 'curl', 'file', 'unzip' ]

Then the users are free to use the "normal" variation in an inventory if they wish:

roundcube__packages: []

[drybjed]

You could convert the defaults/main.yml to the current standard by using the section headers with just one line underneath, and include vim fold markers. The whole file should also be enclosed in vim folds with a file header. See for example debops.apt role.

[drybjed]

Perhaps using a domain directly here should be dropped, since the role maintains just one Roundcube install. This would also avoid issues if the roundcube__domain value is changed. Multiple Roundcube installations on one host could be handled via internal LXC containers if necessary.

[drybjed]

Not necessarily in this PR, but role could check if a MariaDB database is installed on the host via Ansible facts and switch to MariaDB database automatically - one less thing to handle via inventory. You can see how it's done in debops.gitlab role.

[drybjed]

If the database user account is handled by debops.mariadb role, the password stored in the secret/ directory is in a different directory. Did you test this PR with a MariaDB database?

[ganto]

I don't fully understand. This would give the debops.mariadb role the path to store the password. Works perfectly fine.

See:

• https://github.com/debops-contrib/ansible-roundcube/pull/24/files#diff-7eeda618087b49ae876084ab6c73fdbbR232
• https://github.com/ganto/ansible-roundcube/blob/5e8c63943219bf8fe298389b18ccb8ce60344a7b/defaults/main.yml#L255
• https://github.com/debops-contrib/ansible-roundcube/pull/24/files#diff-5c059070706cb70613b3010f4f0e679eR51

[drybjed]

With the YAML text block above, the vim fold marker will be included in the configuration file. It won't prevent nginx from working but looks wonky. Put the php_upstream key below the YAML text block to avoid this.

[drybjed]

Why is this needed? It seems to be a roundabout way to copy the contents of the dist file to another file right next to it. Won't simple cp or even fancy copy module with remote_src: True do the trick?

[ganto]

Actually I'm not fully sure 😉 No, of course at the moment not. But I wanted to have a way to influence the composer.json so that I can remove/add some packages according to our needs. E.g. add the LDAP driver. The idea was, to install as much as possible via package manager and only the remaining via composer. But I didn't test yet, if that works.

[ganto]

Hmn, after updating the issue in the debops.php role (debops/ansible-php#41), there is the next issue with composer...

Loading composer repositories with package information
Reading composer.json of kolab/net_ldap3 (pear-Net-LDAP3-1.0.0)
Reading composer.json of kolab/net_ldap3 (pear-Net-LDAP3-1.0.1)
Reading composer.json of kolab/net_ldap3 (pear-Net-LDAP3-1.0.2)
Reading composer.json of kolab/net_ldap3 (pear-Net-LDAP3-1.0.3)
Reading composer.json of kolab/net_ldap3 (pear-Net-LDAP3-1.0.4)
Reading composer.json of kolab/net_ldap3 (pear-Net-LDAP3-1.0.5)
Reading composer.json of kolab/net_ldap3 (pear-Net-LDAP3-1.0.6)
Reading composer.json of kolab/net_ldap3 (master)
                                                 
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Installation request for pear/crypt_gpg ~1.6.0 -> satisfiable by pear/crypt_gpg[v1.6.0].
    - pear/crypt_gpg v1.6.0 requires ext-mbstring * -> the requested PHP extension mbstring is missing from your system.
  Problem 2
    - phpunit/phpunit 5.7.21 requires ext-dom * -> the requested PHP extension dom is missing from your system.
    - phpunit/phpunit 5.7.20 requires ext-dom * -> the requested PHP extension dom is missing from your system.
    - phpunit/phpunit 5.7.19 requires ext-dom * -> the requested PHP extension dom is missing from your system.
    - phpunit/phpunit 5.7.18 requires ext-dom * -> the requested PHP extension dom is missing from your system.
    - phpunit/phpunit 5.7.17 requires ext-dom * -> the requested PHP extension dom is missing from your system.
    - phpunit/phpunit 5.7.16 requires ext-dom * -> the requested PHP extension dom is missing from your system.
    - phpunit/phpunit 5.7.15 requires ext-dom * -> the requested PHP extension dom is missing from your system.
    - Installation request for phpunit/phpunit ~5.7.15 -> satisfiable by phpunit/phpunit[5.7.15, 5.7.16, 5.7.17, 5.7.18, 5.7.19, 5.7.20, 5.7.21].

  To enable extensions, verify that they are enabled in your .ini files:
    - /etc/php/7.0/cli/php.ini
    - /etc/php/7.0/cli/conf.d/00-ansible.ini
    - /etc/php/7.0/cli/conf.d/10-opcache.ini
    - /etc/php/7.0/cli/conf.d/10-pdo.ini
    - /etc/php/7.0/cli/conf.d/20-calendar.ini
    - /etc/php/7.0/cli/conf.d/20-ctype.ini
    - /etc/php/7.0/cli/conf.d/20-curl.ini
    - /etc/php/7.0/cli/conf.d/20-exif.ini
    - /etc/php/7.0/cli/conf.d/20-fileinfo.ini
    - /etc/php/7.0/cli/conf.d/20-ftp.ini
    - /etc/php/7.0/cli/conf.d/20-gd.ini
    - /etc/php/7.0/cli/conf.d/20-gettext.ini
    - /etc/php/7.0/cli/conf.d/20-iconv.ini
    - /etc/php/7.0/cli/conf.d/20-json.ini
    - /etc/php/7.0/cli/conf.d/20-mcrypt.ini
    - /etc/php/7.0/cli/conf.d/20-pdo_sqlite.ini
    - /etc/php/7.0/cli/conf.d/20-phar.ini
    - /etc/php/7.0/cli/conf.d/20-posix.ini
    - /etc/php/7.0/cli/conf.d/20-pspell.ini
    - /etc/php/7.0/cli/conf.d/20-readline.ini
    - /etc/php/7.0/cli/conf.d/20-shmop.ini
    - /etc/php/7.0/cli/conf.d/20-sockets.ini
    - /etc/php/7.0/cli/conf.d/20-sqlite3.ini
    - /etc/php/7.0/cli/conf.d/20-sysvmsg.ini
    - /etc/php/7.0/cli/conf.d/20-sysvsem.ini
    - /etc/php/7.0/cli/conf.d/20-sysvshm.ini
    - /etc/php/7.0/cli/conf.d/20-tokenizer.ini
    - /etc/php/7.0/cli/conf.d/30-memory_limit.ini
  You can also run `php --ini` inside terminal to see which files are used by PHP in CLI mode.

[ganto]

The role should be in an acceptable shape now. It is able to successfully setup Roundcube. Some tasks that are still giving me some headache are the PHP composer and JS downloads. They are not especially safe especially regarding man-in-the-middle and I don't know yet, ho well they can handle a Roundcube update. Any suggestions are welcome.

[drybjed]

Very nice work!

[ganto]

There was one more issue popping up. When upgrading the release, Roundcube needs to run a updatedb.sh script. I added this, but when testing the upgrade on a setup with a remote MySQL database, I get the error:

TASK [debops-contrib.roundcube : Update database schema] *****************************************************************************************************************
fatal: [webmail]: FAILED! => {
  "changed": false,
  "cmd": ["php", "bin/updatedb.sh", "--package=roundcube", "--dir=/srv/www/sites/webmail.example.com/public/SQL"],
  "delta": "0:00:00.057101",
  "end": "2017-08-24 12:57:40.265906",
  "failed": true,
  "rc": 255,
  "start": "2017-08-24 12:57:40.208805",
  "stderr": "ERROR: SQLSTATE[HY000] [2002] Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)Error 500: Error connecting to database: SQLSTATE[HY000] [2002] Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)", "stderr_lines": ["ERROR: SQLSTATE[HY000] [2002] Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)Error 500: Error connecting to database: SQLSTATE[HY000] [2002] Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)"],
  "stdout": "",
  "stdout_lines": []
}

When this is fixed, I'm confident, that this PR is in a state where it can be merged.

[ganto]

@drybjed or @ypid: Could you please trigger the documentation rebuild of https://debops-contrib.readthedocs.io/en/latest/? Thanks

[ypid]

Very well done @ganto ! Done and up and running. Enjoy :)

[ganto]

Thanks, glad you like it 👍