#SPDX-License-Identifier: MIT-0 --- # tasks file for opnform # ===================================================================== # 0. VALIDATION # ===================================================================== - name: Validate required secrets ansible.builtin.assert: that: - opnform_app_key | length > 0 - opnform_app_key is match('^base64:[A-Za-z0-9+/=]+$') - opnform_jwt_secret | length > 0 - opnform_front_api_secret | length > 0 - opnform_db_password | length > 0 fail_msg: >- OpnForm requires opnform_app_key (prefix 'base64:'), opnform_jwt_secret, opnform_front_api_secret and opnform_db_password. Generate with: openssl rand -base64 32 The app_key MUST be prefixed with "base64:" Provide via OpenBao, Ansible Vault or extra-vars. success_msg: Secrets validation passed - name: Validate OIDC configuration when enabled ansible.builtin.assert: that: - opnform_oidc_client_secret | length > 0 fail_msg: >- opnform_oidc_client_secret must be set when opnform_oidc_enabled is true. when: opnform_oidc_enabled | bool # ===================================================================== # 1. PREPARATION # ===================================================================== - name: Ensure required packages are installed ansible.builtin.package: name: - python3-docker state: present - name: Create docker compose directory ansible.builtin.file: path: "{{ opnform_docker_compose_dir }}" state: directory mode: '0755' - name: Create OpnForm data directories ansible.builtin.file: path: "{{ item }}" state: directory mode: "0755" loop: - "{{ opnform_docker_volume_dir }}" - "{{ opnform_storage_dir }}" - "{{ opnform_db_data_dir }}" - "{{ opnform_redis_data_dir }}" # ===================================================================== # 2. CONFIGURATION FILES # ===================================================================== - name: Deploy nginx ingress configuration ansible.builtin.template: src: nginx.conf.j2 dest: "{{ opnform_docker_compose_dir }}/nginx.conf" mode: '0644' notify: restart opnform - name: Deploy docker-compose file ansible.builtin.template: src: docker-compose.yml.j2 dest: "{{ opnform_docker_compose_dir }}/docker-compose.yml" mode: '0644' notify: restart opnform # ===================================================================== # 3. CONTAINER STARTUP # ===================================================================== - name: Start opnform containers community.docker.docker_compose_v2: project_src: "{{ opnform_docker_compose_dir }}" state: present wait: true wait_timeout: 180 # ===================================================================== # 4. WAIT FOR API READINESS # ===================================================================== - name: Wait for API container to be healthy ansible.builtin.command: cmd: docker inspect --format='{% raw %}{{.State.Health.Status}}{% endraw %}' opnform-api register: api_health until: api_health.stdout == "healthy" retries: 30 delay: 10 changed_when: false - name: Display deployment info ansible.builtin.debug: msg: |- OpnForm deployed at {{ opnform_base_url }} Default credentials (from API container logs on first start): Email: admin@opnform.com Password: password On first login you will be prompted to change email and password. If login does not respond, the DB seed may have failed. Run: docker compose -f {{ opnform_docker_compose_dir }}/docker-compose.yml exec api php artisan migrate:refresh --seed docker compose -f {{ opnform_docker_compose_dir }}/docker-compose.yml exec api php artisan app:init-project OIDC: {% if opnform_oidc_enabled %}enabled (configure via Admin UI){% else %}disabled{% endif %}