correction de config_postgres

[lhc/ansible.git] / tasks / config_nuage.yml

- name: Etckeeper commit if necessary
  ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ config_ss_domain }}"
  ignore_errors: true

- name: Install required packages
  ansible.builtin.apt:
    name:
#      - php-ctype
      - php-curl
#      - php-dom
#      - php-fileinfo
      - php-gd
      - php-json
      - "php{{ php_version }}-xml"
      - php-mbstring
#      - php-openssl
#      - php-posix
#      - php-session
#      - php-simplexml
#      - php-xmlreader
#      - php-xmlwriter
      - php-zip
#      - php-zlib
#      - php-pdo_pgsql
      - "php{{ php_version }}-pgsql"
      - php-pgsql
      - php-intl
      - php-bz2
#      - php-sodium
      - php-gmp
#      - php-exif
      - php-redis
      - imagemagick
      - php-imagick
      - python3-psycopg2 # module ansible psql
    state: present

- name: Boucle d'ajout du user php dans plusieurs groupe
  ansible.builtin.user:
    name: "php_{{ SIGLE }}_{{ config_ss_domain }}"
    groups: "{{ item }}"
    append: true
  loop:
    - nextcloud
    - postgres-data
    - redis
    - "site_{{ SIGLE }}_{{ config_ss_domain }}"

- name: Bloc nouvelle version nextcloud
  when: nouvelle_version is undefined
  block:
    - name: Demande la version de nextcloud à installer
      ansible.builtin.pause:
        prompt: "Quelle version de nextcloud doit être utilisée"
        echo: true
      register: nextcloud_version_prompt

    - name: Definir nouvelle_version
      ansible.builtin.set_fact:
        nouvelle_version: "{{ nextcloud_version_prompt.user_input }}"

- name: Bloc ancienne version nextcloud
  when: ancienne_version is undefined
  block:
    - name: Demande la version de nextcloud déjà installée
      ansible.builtin.pause:
        prompt: "Quelle version de nextcloud déjà installée"
        echo: true
      register: ancienne_version_prompt

    - name: Definir ancienne_version
      ansible.builtin.set_fact:
        ancienne_version: "{{ ancienne_version_prompt.user_input }}"

- name: Inclure la verif de l'install nextcloud
  ansible.builtin.include_tasks: tasks/verif_installation_nextcloud.yml

- name: Pour chaque base, ajouter les droits suivants à l'utilisateur php
  become_user: postgres
  become: true
  community.postgresql.postgresql_privs:
    db: "{{ item.db }}"
    privs: "{{ item.privs }}"
    type: "{{ item.type |default(omit) }}"
    objs: "{{ item.objs }}"
    role: "{{ item.role }}"
    grant_option: "{{ item.grant_option |default(omit) }}"
  loop_control:
    label: "{{ item.name }}"
  loop:
    - db: "{{ nextcloud_db_name }}"
      privs: "ALL"
      type: "schema"
      objs: "public"
      role: "{{ nextcloud_php_user }}"
      grant_option: true
      name: "GRANT ALL ON SCHEMA public TO php_{{ SIGLE }}_nuage WITH GRANT OPTION;"

- name: Boucle création des répertoires app, config et data nextcloud
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: "{{ item.state }}"
    owner: "{{ item.owner }}"
    group: "{{ item.group }}"
    mode: "{{ item.mode }}"
  loop_control:
    label: "{{ item.path }}"
  loop:
    - path: "{{ nextcloud_webroot }}/apps"
      state: directory
      owner: "{{ nextcloud_php_user }}"
      group: "{{ nextcloud_websrv_user }}"
      mode: '2750'
    - path: "{{ nextcloud_webroot }}/config"
      state: directory
      owner: "{{ nextcloud_php_user }}"
      group: "{{ nextcloud_websrv_user }}"
      mode: '2750'
    - path: "{{ nextcloud_webroot }}/data"
      state: directory
      owner: "{{ nextcloud_php_user }}"
      group: "{{ nextcloud_websrv_user }}"
      mode: '2750'

- name: Create nextcloud root dir symbolic link
  ansible.builtin.file:
    src: "{{ nextcloud_symbolic_source }}"
    dest: "{{ nextcloud_webroot }}/nextcloud"
    owner: nextcloud
    group: nextcloud
    state: link
    follow: false

- name: Create nextcloud common app dir symbolic link
  ansible.builtin.file:
    src: "{{ nextcloud_common }}"
    dest: "{{ nextcloud_webroot }}/common"
    owner: nextcloud
    group: nextcloud
    state: link
    follow: false

- name: Créer les fichiers spécifiques nextcloud
  ansible.builtin.template:
    src: "templates/{{ item.src }}"
    dest: "{{ nextcloud_webroot }}/{{ item.dest }}"
    owner: "{{ item.owner }}"
    group: "{{ item.group }}"
    mode: "{{ item.mode }}"
  loop:
    - src: "nextcloud_cron.j2"
      dest: "cron"
      owner: "{{ nextcloud_php_user }}"
      group: "{{ nextcloud_websrv_user }}"
      mode: '750'
    - src: "nextcloud_console.j2"
      dest: "console"
      owner: "{{ nextcloud_websrv_user }}"
      group: "{{ nextcloud_websrv_user }}"
      mode: '750'
    - src: "nextcloud_install_config.j2"
      dest: "config/config.php"
      owner: "{{ nextcloud_php_user }}"
      group: "{{ nextcloud_websrv_user }}"
      mode: '640'

- name: Recharger php
  ansible.builtin.service:
    name: "{{ item }}"
    state: reloaded
  loop:
    - "php{{ php_version }}-fpm"

- name: Lancement du script d'installation nextcloud # noqa : command-instead-of-module
  become_user: "{{ nextcloud_php_user }}"
  become: true
  ansible.builtin.command: >
          ./console maintenance:install
          --database='pgsql'
          --database-name="php_{{ SIGLE }}_{{ config_ss_domain }}"
          --database-user="php_{{ SIGLE }}_{{ config_ss_domain }}"
          --database-host="/var/run/postgresql/"
          --database-pass=""
          --admin-user='admin'
          --admin-pass='ckoideja'
          --data-dir="/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/data/"
  args:
    chdir: "{{ nextcloud_webroot }}"
  register: install_result
  ignore_errors: true

- name: Afficher les logs du script d'install
  ansible.builtin.debug:
    var: install_result
  when: install_result is defined

- name: Afficher les logs du script d'install
  ansible.builtin.fail:
    msg: "Le script d'install a échoué: Voir les logs ci-dessus"
  when: install_result.failed

- name: Créer les fichiers spécifiques nextcloud
  ansible.builtin.template:
    src: "templates/{{ item.src }}"
    dest: "{{ nextcloud_webroot }}/{{ item.dest }}"
    owner: "{{ item.owner }}"
    group: "{{ item.group }}"
    mode: "{{ item.mode }}"
  loop:
    - src: "nextcloud_sigle_config.j2"
      dest: "config/{{ SIGLE }}.config.php"
      owner: "{{ nextcloud_php_user }}"
      group: "{{ nextcloud_websrv_user }}"
      mode: '640'

- name: Creation d'un lien symbolique vers la configuration nextcloud common
  ansible.builtin.file:
    src: "../../../../nextcloud/common.config.php"
    path: "{{ nextcloud_webroot }}/config/common.config.php"
    owner: nextcloud
    group: nextcloud
    state: link
    follow: false

- name: Pour chaque base, ajouter les droits suivants à l'utilisateur php
  become_user: postgres
  become: true
  community.postgresql.postgresql_privs:
    db: "{{ item.db }}"
    privs: "{{ item.privs }}"
    type: "{{ item.type | default(omit) }}"
    objs: "{{ item.objs }}"
    role: "{{ item.role }}"
    grant_option: "{{ item.grant_option | default(omit) }}"
  loop_control:
    label: "{{ item.name }}"
  loop:
    - db: "{{ nextcloud_db_name }}"
      privs: "USAGE,CREATE"
      type: "schema"
      objs: "public"
      role: "{{ nextcloud_php_user }}"
      name: "GRANT USAGE,CREATE ON SCHEMA public TO php_{{ SIGLE }}_nuage;"
    # - db: "{{ nextcloud_db_name }}"
    #   privs: "SELECT"
    #   type: "table"
    #   objs: "pg_namespace"
    #   role: "{{ nextcloud_php_user }}"
    #   name: "GRANT SELECT ON TABLE pg_namespace TO php_{{ SIGLE }}_nuage;"
    # - db: "{{ nextcloud_db_name }}"
    #   privs: "SELECT"
    #   type: "table"
    #   objs: "pg_collation"
    #   role: "{{ nextcloud_php_user }}"
    #   name: "GRANT SELECT ON TABLE pg_collation TO php_{{ SIGLE }}_nuage;"
    # - db: "{{ nextcloud_db_name }}"
    #   privs: "SELECT"
    #   type: "table"
    #   objs: "pg_index"
    #   role: "{{ nextcloud_php_user }}"
    #   name: "GRANT SELECT ON TABLE pg_index TO php_{{ SIGLE }}_nuage;"
    # - db: "{{ nextcloud_db_name }}"
    #   privs: "SELECT"
    #   type: "table"
    #   objs: "pg_attrdef"
    #   role: "{{ nextcloud_php_user }}"
    #   name: "GRANT SELECT ON TABLE pg_attrdef TO php_{{ SIGLE }}_nuage;"
    # - db: "{{ nextcloud_db_name }}"
    #   privs: "SELECT"
    #   type: "table"
    #   objs: "pg_description"
    #   role: "{{ nextcloud_php_user }}"
    #   name: "GRANT SELECT ON TABLE pg_description TO php_{{ SIGLE }}_nuage;"
    # - db: "{{ nextcloud_db_name }}"
    #   privs: "SELECT"
    #   type: "table"
    #   objs: "pg_settings"
    #   role: "{{ nextcloud_php_user }}"
    #   name: "GRANT SELECT ON TABLE pg_settings TO php_{{ SIGLE }}_nuage;"
    # - db: "{{ nextcloud_db_name }}"
    #   privs: "SELECT"
    #   objs: "pg_database"
    #   role: "{{ nextcloud_php_user }}"
    #   name: "GRANT SELECT ON pg_database TO php_{{ SIGLE }}_nuage;"

- name: Creation d'un fichier cron pour /etc/cron.d
  ansible.builtin.cron:
    name: "nextcloud {{ SIGLE }}_{{ config_ss_domain }} taches d'arriere plan toutes les 5 mins"
    minute: "*/5"
    user: "php_{{ SIGLE }}_{{ config_ss_domain }}"
    job: "{{ nextcloud_webroot }}/cron"

- name: Recharger plusieurs services
  ansible.builtin.service:
    name: "{{ item }}"
    state: reloaded
  loop:
    - "php{{ php_version }}-fpm"
    - "nginx"