CHANGELOG.md

 # Changelog
 
-## [Unreleased]
+## [0.3.1] - 2020-03-18
 
-No unreleased changes yet.
+* Repair rocket chat installation
+* Rocket Chat supports e2e encryption by default
+* Upgrade Nextcloud chart version
+* Single Sign-on related Jobs are now cleaned up after a successful installation
+
+Known issues:
+
+* Same as 0.3.0
 
 ## [0.3.0] - 2020-01-20
 

Makefile

+.DEFAULT_GOAL := help
+
+help:
+	# See Makefile for available targets.
+
+freeze:
+	# pip wrongly adds `pkg-resources==0.0.0` which will break some systems, see
+	# https://open.greenhost.net/openappstack/openappstack/issues/498#note_15057
+	pip3 freeze | grep -v "pkg-resources" > requirements-stable.txt

VERSION

-0.3.0
+0.3.1

ansible/bootstrap.yml

@@ -61,6 +61,9 @@
           name: local-flux
         tags: ['flux']
         when: local_flux
+      - import_role:
+          name: additional_config
+        tags: ['additional']
     always:
       - import_role:
           name: finalize

ansible/roles/additional_config/README.md

+This role configures the cluster after app installation has started via
+flux.
+All resources that are not needed for flux should go here, so we save time by
+starting the flux install process early in the background.

ansible/roles/additional_config/tasks/dns.yml

+---
+- name: Use core-dns service for system resolver
+  tags:
+    - dns
+    - core-dns
+  lineinfile:
+    path: /etc/resolv.conf
+    insertbefore: BOF
+    line: nameserver 10.43.0.10

ansible/roles/additional_config/tasks/logging.yml

+---
+- name: Logrotate config for OAS logs
+  copy:
+    src: etc/logrotate.d/OpenAppStack
+    dest: /etc/logrotate.d/
+    mode: '0644'

ansible/roles/additional_config/tasks/main.yml

+---
+- import_tasks: logging.yml
+- import_tasks: dns.yml

ansible/roles/apps/tasks/cert-manager.yml

@@ -54,4 +54,10 @@
     flux:
       name: "cert-manager-settings"
       namespace: "oas"
-  include_tasks: flux_secret.yml
+  include_tasks:
+    file: flux_secret.yml
+    apply:
+      tags:
+        - config
+        - flux
+        - cert-manager

ansible/roles/apps/tasks/flux.yml

@@ -32,11 +32,13 @@
   #   # Delete resources originally created by Flux when their manifests
   #   # are removed from the git repo.
   #   --set syncGarbageCollection.enabled=true
+  #   # Set the interval between checks for updates in the git repo to 1 hour.
+  #   --set git.pollInterval=1h
   #   # Helm release name
   #   flux
   #   # Chart name
   #   flux
-  shell: helm upgrade --install --repo "https://charts.fluxcd.io" --namespace oas --version 0.16.0 --set git.url="{{ git_url }}" --set git.branch="{{ git_branch }}" --set git.path="{{ git_path }}" --set git.readonly=true --set registry.excludeImage='*' --set sync.state="secret" --set syncGarbageCollection.enabled=true flux flux
+  shell: helm upgrade --install --repo "https://charts.fluxcd.io" --namespace oas --version 0.16.0 --set git.url="{{ git_url }}" --set git.branch="{{ git_branch }}" --set git.path="{{ git_path }}" --set git.readonly=true --set registry.excludeImage='*' --set sync.state="secret" --set syncGarbageCollection.enabled=true --set git.pollInterval=1h flux flux
 
 - name: Install helm-operator
   tags:
@@ -49,9 +51,20 @@
   #   --namespace oas
   #   --version 0.3.0
   #   --set createCRD=true
+  #   # Reconcile actual helm releases with HelmRelease objects with this
+  #   # interval.
+  #   --set chartsSyncInterval=20m
+  #   # Update HelmRelease objects' status with this interval.
+  #   --set statusUpdateInterval=30s
   #   # Helm release name
   #   helm-operator
   #   # Chart name
   #   helm-operator
+  shell: helm upgrade --install --repo "https://charts.fluxcd.io" --namespace oas --version 0.3.0 --set createCRD=true --set chartsSyncInterval=20m --set statusUpdateInterval=30s helm-operator helm-operator
 
-  shell: helm upgrade --install --repo "https://charts.fluxcd.io" --namespace oas --version 0.3.0 --set createCRD=true helm-operator helm-operator
+- name: Install fluxctl via snap
+  tags:
+    - flux
+  command: snap install --classic fluxctl
+  args:
+    creates: /snap/bin/fluxctl

ansible/roles/apps/tasks/local-storage.yml

@@ -8,4 +8,10 @@
     flux:
       name: "local-storage-settings"
       namespace: "oas"
-  include_tasks: flux_secret.yml
+  include_tasks:
+    file: flux_secret.yml
+    apply:
+      tags:
+        - config
+        - flux
+        - local-storage

ansible/roles/apps/tasks/nextcloud.yml

@@ -7,7 +7,13 @@
   vars:
     flux:
       name: "nextcloud-settings"
-  include_tasks: flux_secret.yml
+  include_tasks:
+    file: flux_secret.yml
+    apply:
+      tags:
+        - config
+        - flux
+        - nextcloud
 
 - name: Create persistent volumes for nextcloud data and metadata
   tags:
@@ -19,9 +25,19 @@
       name: "nextcloud-{{ item.name }}"
       namespace: "oas-apps"
       size: "{{ item.size }}"
-  include_tasks: pvc.yml
+  include_tasks:
+    file: pvc.yml
+    apply:
+      tags:
+        - config
+        - nextcloud
+        - storage
   with_items:
     - name: "files"
       size: 2Gi
     - name: "mariadb"
       size: 512Mi
+    - name: "rabbitmq"
+      size: 8Gi
+    - name: "redis"
+      size: 8Gi

ansible/roles/apps/tasks/nginx.yml

@@ -9,4 +9,10 @@
     flux:
       name: "ingress-settings"
       namespace: "oas"
-  include_tasks: flux_secret.yml
+  include_tasks:
+    file: flux_secret.yml
+    apply:
+      tags:
+        - config
+        - flux
+        - nginx

ansible/roles/apps/tasks/prometheus.yml

@@ -40,4 +40,11 @@
     flux:
       name: "monitoring-settings"
       namespace: "oas"
-  include_tasks: flux_secret.yml
+  include_tasks:
+    file: flux_secret.yml
+    apply:
+      tags:
+        - config
+        - flux
+        - monitoring
+        - prometheus

ansible/roles/apps/tasks/pvc.yml

 ---
 - name: Create Persistent Volume Claim for application
-  tags:
-    - storage
   k8s:
     state: present
     definition:

ansible/roles/apps/tasks/rocketchat.yml

@@ -8,4 +8,10 @@
   vars:
     flux:
       name: "rocketchat-settings"
-  include_tasks: flux_secret.yml
+  include_tasks:
+    file: flux_secret.yml
+    apply:
+      tags:
+        - config
+        - flux
+        - rocketchat

ansible/roles/apps/tasks/single-sign-on.yml

@@ -9,4 +9,10 @@
     flux:
       name: "single-sign-on-settings"
       namespace: "oas"
-  include_tasks: flux_secret.yml
+  include_tasks:
+    file: flux_secret.yml
+    apply:
+      tags:
+        - config
+        - flux
+        - single-sign-on

ansible/roles/apps/tasks/wordpress.yml

@@ -7,7 +7,14 @@
   vars:
     flux:
       name: "wordpress-settings"
-  include_tasks: flux_secret.yml
+  include_tasks:
+    file: flux_secret.yml
+    apply:
+      tags:
+        - config
+        - flux
+        - wordpress
+
 
 - name: Create persistent volumes for wordpress data and metadata
   tags:
@@ -19,7 +26,13 @@
       name: "wordpress-{{ item.name }}"
       namespace: "oas-apps"
       size: "{{ item.size }}"
-  include_tasks: pvc.yml
+  include_tasks:
+    file: pvc.yml
+    apply:
+      tags:
+        - config
+        - wordpress
+        - storage
   with_items:
     - name: "files"
       size: 2Gi

ansible/roles/apps/templates/nextcloud-settings.yaml

@@ -90,6 +90,12 @@ postgresql:
 rabbitmq:
   rabbitmq:
     password: "{{ onlyoffice_rabbitmq_password }}"
+  persistence:
+    existingClaim: "nextcloud-rabbitmq"
+
+redis:
+  persistence:
+    existingClaim: "nextcloud-redis"
 
 sociallogin:
   server_name: "sso.{{ domain }}"