From: rominique Date: Thu, 27 Jun 2024 23:59:56 +0000 (+0200) Subject: correction de config_postgres X-Git-Url: http://git.cyclocoop.org/www.monlien.com?a=commitdiff_plain;h=HEAD;p=lhc%2Fansible.git correction de config_postgres --- diff --git a/tasks/config_nuage.yml b/tasks/config_nuage.yml index 85d8a5e..0f03c5c 100644 --- a/tasks/config_nuage.yml +++ b/tasks/config_nuage.yml @@ -75,25 +75,6 @@ - name: Inclure la verif de l'install nextcloud ansible.builtin.include_tasks: tasks/verif_installation_nextcloud.yml -- name: PostgreSQL - nextcloud_php_user role is created - become_user: postgres - become: true - community.postgresql.postgresql_user: - name: "{{ nextcloud_php_user }}" - state: present - role_attr_flags: CREATEDB - -- name: PostgreSQL - nextcloud_db_name database is created - become_user: postgres - become: true - community.postgresql.postgresql_db: - name: "{{ nextcloud_db_name }}" - state: "{{ item }}" - owner: "{{ nextcloud_php_user }}" - loop: - - absent - - present - - name: Pour chaque base, ajouter les droits suivants à l'utilisateur php become_user: postgres become: true @@ -115,16 +96,6 @@ grant_option: true name: "GRANT ALL ON SCHEMA public TO php_{{ SIGLE }}_nuage WITH GRANT OPTION;" -- name: Autoriser l'utilisateur php à se connecter à la bdd nextcloud - community.postgresql.postgresql_pg_hba: - dest: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf" - contype: local - users: "php_{{ SIGLE }}_{{ config_ss_domain }}" - databases: "php_{{ SIGLE }}_{{ config_ss_domain }}" - method: peer - keep_comments_at_rules: true - comment: "autoriser le user php_{{ SIGLE }}_{{ config_ss_domain }} à se connecter à la bdd du meme nom" - - name: Boucle création des répertoires app, config et data nextcloud ansible.builtin.file: path: "{{ item.path }}" @@ -193,12 +164,11 @@ group: "{{ nextcloud_websrv_user }}" mode: '640' -- name: Recharger plusieurs services +- name: Recharger php ansible.builtin.service: name: "{{ item }}" state: reloaded loop: - - "postgresql" - "php{{ php_version }}-fpm" - name: Lancement du script d'installation nextcloud # noqa : command-instead-of-module diff --git a/tasks/config_postgres.yml b/tasks/config_postgres.yml index fe6a511..e7051fa 100644 --- a/tasks/config_postgres.yml +++ b/tasks/config_postgres.yml @@ -1,84 +1,8 @@ -- name: Etckeeper commit if necessary - ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ config_ss_domain }}" - ignore_errors: true - -- name: Install required packages - ansible.builtin.apt: - name: -# - php-ctype - - php-curl -# - php-dom -# - php-fileinfo - - php-gd - - php-json - - "php{{ php_version }}-xml" - - php-mbstring -# - php-openssl -# - php-posix -# - php-session -# - php-simplexml -# - php-xmlreader -# - php-xmlwriter - - php-zip -# - php-zlib -# - php-pdo_pgsql - - "php{{ php_version }}-pgsql" - - php-pgsql - - php-intl - - php-bz2 -# - php-sodium - - php-gmp -# - php-exif - - php-redis - - php-imagick - - python3-psycopg2 # module ansible psql - state: present - -- name: Boucle d'ajout du user php dans plusieurs groupe - ansible.builtin.user: - name: "php_{{ SIGLE }}_{{ config_ss_domain }}" - groups: "{{ item }}" - append: true - loop: - - nextcloud - - postgres-data - - redis - - "site_{{ SIGLE }}_{{ config_ss_domain }}" - -- name: Bloc nouvelle version nextcloud - when: nouvelle_version is undefined - block: - - name: Demande la version de nextcloud à installer - ansible.builtin.pause: - prompt: "Quelle version de nextcloud doit être utilisée" - echo: true - register: nextcloud_version_prompt - - - name: Definir nouvelle_version - ansible.builtin.set_fact: - nouvelle_version: "{{ nextcloud_version_prompt.user_input }}" - -- name: Bloc ancienne version nextcloud - when: ancienne_version is undefined - block: - - name: Demande la version de nextcloud déjà installée - ansible.builtin.pause: - prompt: "Quelle version de nextcloud déjà installée" - echo: true - register: ancienne_version_prompt - - - name: Definir ancienne_version - ansible.builtin.set_fact: - ancienne_version: "{{ ancienne_version_prompt.user_input }}" - -- name: Inclure la verif de l'install nextcloud - ansible.builtin.include_tasks: tasks/verif_installation_nextcloud.yml - - name: PostgreSQL - nextcloud_php_user role is created become_user: postgres become: true community.postgresql.postgresql_user: - name: "{{ nextcloud_php_user }}" + name: "php_{{ SIGLE }}_{{ config_ss_domain }}" state: present role_attr_flags: CREATEDB @@ -86,34 +10,13 @@ become_user: postgres become: true community.postgresql.postgresql_db: - name: "{{ nextcloud_db_name }}" + name: "php_{{ SIGLE }}_{{ config_ss_domain }}" state: "{{ item }}" - owner: "{{ nextcloud_php_user }}" + owner: "php_{{ SIGLE }}_{{ config_ss_domain }}" loop: - absent - present -- name: Pour chaque base, ajouter les droits suivants à l'utilisateur php - become_user: postgres - become: true - community.postgresql.postgresql_privs: - db: "{{ item.db }}" - privs: "{{ item.privs }}" - type: "{{ item.type |default(omit) }}" - objs: "{{ item.objs }}" - role: "{{ item.role }}" - grant_option: "{{ item.grant_option |default(omit) }}" - loop_control: - label: "{{ item.name }}" - loop: - - db: "{{ nextcloud_db_name }}" - privs: "ALL" - type: "schema" - objs: "public" - role: "{{ nextcloud_php_user }}" - grant_option: true - name: "GRANT ALL ON SCHEMA public TO php_{{ SIGLE }}_nuage WITH GRANT OPTION;" - - name: Autoriser l'utilisateur php à se connecter à la bdd nextcloud community.postgresql.postgresql_pg_hba: dest: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf" @@ -124,205 +27,9 @@ keep_comments_at_rules: true comment: "autoriser le user php_{{ SIGLE }}_{{ config_ss_domain }} à se connecter à la bdd du meme nom" -- name: Boucle création des répertoires app, config et data nextcloud - ansible.builtin.file: - path: "{{ item.path }}" - state: "{{ item.state }}" - owner: "{{ item.owner }}" - group: "{{ item.group }}" - mode: "{{ item.mode }}" - loop_control: - label: "{{ item.path }}" - loop: - - path: "{{ nextcloud_webroot }}/apps" - state: directory - owner: "{{ nextcloud_php_user }}" - group: "{{ nextcloud_websrv_user }}" - mode: '2750' - - path: "{{ nextcloud_webroot }}/config" - state: directory - owner: "{{ nextcloud_php_user }}" - group: "{{ nextcloud_websrv_user }}" - mode: '2750' - - path: "{{ nextcloud_webroot }}/data" - state: directory - owner: "{{ nextcloud_php_user }}" - group: "{{ nextcloud_websrv_user }}" - mode: '2750' - -- name: Create nextcloud root dir symbolic link - ansible.builtin.file: - src: "{{ nextcloud_symbolic_source }}" - dest: "{{ nextcloud_webroot }}/nextcloud" - owner: nextcloud - group: nextcloud - state: link - follow: false - -- name: Create nextcloud common app dir symbolic link - ansible.builtin.file: - src: "{{ nextcloud_symbolic_common }}" - dest: "{{ nextcloud_webroot }}/common" - owner: nextcloud - group: nextcloud - state: link - follow: false - -- name: Créer les fichiers spécifiques nextcloud - ansible.builtin.template: - src: "templates/{{ item.src }}" - dest: "{{ nextcloud_webroot }}/{{ item.dest }}" - owner: "{{ item.owner }}" - group: "{{ item.group }}" - mode: "{{ item.mode }}" - loop: - - src: "nextcloud_cron.j2" - dest: "cron" - owner: "{{ nextcloud_php_user }}" - group: "{{ nextcloud_websrv_user }}" - mode: '750' - - src: "nextcloud_console.j2" - dest: "console" - owner: "{{ nextcloud_websrv_user }}" - group: "{{ nextcloud_websrv_user }}" - mode: '750' - - src: "nextcloud_install_config.j2" - dest: "config/config.php" - owner: "{{ nextcloud_php_user }}" - group: "{{ nextcloud_websrv_user }}" - mode: '640' - -- name: Recharger plusieurs services - ansible.builtin.service: - name: "{{ item }}" - state: reloaded - loop: - - "postgresql" - - "php{{ php_version }}-fpm" - -- name: Lancement du script d'installation nextcloud # noqa : command-instead-of-module - become_user: "{{ nextcloud_php_user }}" - become: true - ansible.builtin.command: > - ./console maintenance:install - --database='pgsql' - --database-name="php_{{ SIGLE }}_{{ config_ss_domain }}" - --database-user="php_{{ SIGLE }}_{{ config_ss_domain }}" - --database-host="/var/run/postgresql/" - --database-pass="" - --admin-user='admin' - --admin-pass='ckoideja' - --data-dir="/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/data/" - args: - chdir: "{{ nextcloud_webroot }}" - register: install_result - ignore_errors: true - -- name: Afficher les logs du script d'install - ansible.builtin.debug: - var: install_result - when: install_result is defined - -- name: Afficher les logs du script d'install - ansible.builtin.fail: - msg: "Le script d'install a échoué: Voir les logs ci-dessus" - when: install_result.failed - -- name: Créer les fichiers spécifiques nextcloud - ansible.builtin.template: - src: "templates/{{ item.src }}" - dest: "{{ nextcloud_webroot }}/{{ item.dest }}" - owner: "{{ item.owner }}" - group: "{{ item.group }}" - mode: "{{ item.mode }}" - loop: - - src: "nextcloud_sigle_config.j2" - dest: "config/{{ SIGLE }}.config.php" - owner: "{{ nextcloud_php_user }}" - group: "{{ nextcloud_websrv_user }}" - mode: '640' - -- name: Creation d'un lien symbolique vers le configuration nextcloud commun - ansible.builtin.file: - src: "../../../../nextcloud/common.config.php" - path: "{{ nextcloud_webroot }}/config/common.config.php" - owner: nextcloud - group: nextcloud - state: link - follow: false - -- name: Pour chaque base, ajouter les droits suivants à l'utilisateur php - become_user: postgres - become: true - community.postgresql.postgresql_privs: - db: "{{ item.db }}" - privs: "{{ item.privs }}" - type: "{{ item.type | default(omit) }}" - objs: "{{ item.objs }}" - role: "{{ item.role }}" - grant_option: "{{ item.grant_option | default(omit) }}" - loop_control: - label: "{{ item.name }}" - loop: - - db: "{{ nextcloud_db_name }}" - privs: "USAGE,CREATE" - type: "schema" - objs: "public" - role: "{{ nextcloud_php_user }}" - name: "GRANT USAGE,CREATE ON SCHEMA public TO php_{{ SIGLE }}_nuage;" - # - db: "{{ nextcloud_db_name }}" - # privs: "SELECT" - # type: "table" - # objs: "pg_namespace" - # role: "{{ nextcloud_php_user }}" - # name: "GRANT SELECT ON TABLE pg_namespace TO php_{{ SIGLE }}_nuage;" - # - db: "{{ nextcloud_db_name }}" - # privs: "SELECT" - # type: "table" - # objs: "pg_collation" - # role: "{{ nextcloud_php_user }}" - # name: "GRANT SELECT ON TABLE pg_collation TO php_{{ SIGLE }}_nuage;" - # - db: "{{ nextcloud_db_name }}" - # privs: "SELECT" - # type: "table" - # objs: "pg_index" - # role: "{{ nextcloud_php_user }}" - # name: "GRANT SELECT ON TABLE pg_index TO php_{{ SIGLE }}_nuage;" - # - db: "{{ nextcloud_db_name }}" - # privs: "SELECT" - # type: "table" - # objs: "pg_attrdef" - # role: "{{ nextcloud_php_user }}" - # name: "GRANT SELECT ON TABLE pg_attrdef TO php_{{ SIGLE }}_nuage;" - # - db: "{{ nextcloud_db_name }}" - # privs: "SELECT" - # type: "table" - # objs: "pg_description" - # role: "{{ nextcloud_php_user }}" - # name: "GRANT SELECT ON TABLE pg_description TO php_{{ SIGLE }}_nuage;" - # - db: "{{ nextcloud_db_name }}" - # privs: "SELECT" - # type: "table" - # objs: "pg_settings" - # role: "{{ nextcloud_php_user }}" - # name: "GRANT SELECT ON TABLE pg_settings TO php_{{ SIGLE }}_nuage;" - # - db: "{{ nextcloud_db_name }}" - # privs: "SELECT" - # objs: "pg_database" - # role: "{{ nextcloud_php_user }}" - # name: "GRANT SELECT ON pg_database TO php_{{ SIGLE }}_nuage;" - -- name: Creation d'un fichier cron pour /etc/cron.d - ansible.builtin.cron: - name: "nextcloud {{ SIGLE }}_{{ config_ss_domain }} taches d'arriere plan toutes les 5 mins" - minute: "*/5" - user: "php_{{ SIGLE }}_{{ config_ss_domain }}" - job: "{{ nextcloud_webroot }}/cron" - -- name: Recharger plusieurs services +- name: Recharger postgresql ansible.builtin.service: name: "{{ item }}" state: reloaded loop: - - "php{{ php_version }}-fpm" - - "nginx" + - "postgresql" \ No newline at end of file