tasks/config_nuage.yml

   1 - name: Etckeeper commit if necessary
   2   ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ SITE }}"
   3   ignore_errors: true
   4
   5 - name: Install required packages
   6   ansible.builtin.apt:
   7     name:
   8 #      - php-ctype
   9       - php-curl
  10 #      - php-dom
  11 #      - php-fileinfo
  12       - php-gd
  13       - php-json
  14       - "php{{ php_version }}-xml"
  15       - php-mbstring
  16 #      - php-openssl
  17 #      - php-posix
  18 #      - php-session
  19 #      - php-simplexml
  20 #      - php-xmlreader
  21 #      - php-xmlwriter
  22       - php-zip
  23 #      - php-zlib
  24 #      - php-pdo_pgsql
  25       - "php{{ php_version }}-pgsql"
  26       - php-pgsql
  27       - php-intl
  28       - php-bz2
  29 #      - php-sodium
  30       - php-gmp
  31 #      - php-exif
  32       - php-redis
  33       - imagemagick
  34       - php-imagick
  35       - python3-psycopg2 # module ansible psql
  36     state: present
  37
  38 - name: Boucle d'ajout du user php dans plusieurs groupe
  39   ansible.builtin.user:
  40     name: "php_{{ SIGLE }}_{{ SITE }}"
  41     groups: "{{ item }}"
  42     append: true
  43   loop:
  44     - nextcloud
  45     - postgres-data
  46     - redis
  47     - "site_{{ SIGLE }}_{{ SITE }}"
  48
  49 - name: Bloc nouvelle version nextcloud
  50   when: nouvelle_version is undefined
  51   block:
  52     - name: Demande la version de nextcloud à installer
  53       ansible.builtin.pause:
  54         prompt: "Quelle version de nextcloud doit être utilisée"
  55         echo: true
  56       register: nextcloud_version_prompt
  57
  58     - name: Definir nouvelle_version
  59       ansible.builtin.set_fact:
  60         nouvelle_version: "{{ nextcloud_version_prompt.user_input }}"
  61
  62 - name: Bloc ancienne version nextcloud
  63   when: ancienne_version is undefined
  64   block:
  65     - name: Demande la version de nextcloud déjà installée
  66       ansible.builtin.pause:
  67         prompt: "Quelle version de nextcloud déjà installée"
  68         echo: true
  69       register: ancienne_version_prompt
  70
  71     - name: Definir ancienne_version
  72       ansible.builtin.set_fact:
  73         ancienne_version: "{{ ancienne_version_prompt.user_input }}"
  74
  75 - name: Inclure la verif de l'install nextcloud
  76   ansible.builtin.include_tasks: tasks/verif_installation_nextcloud.yml
  77
  78 - name: PostgreSQL - nextcloud_php_user role is created
  79   become_user: postgres
  80   become: true
  81   community.postgresql.postgresql_user:
  82     name: "{{ nextcloud_php_user }}"
  83     state: present
  84     role_attr_flags: CREATEDB
  85
  86 - name: PostgreSQL -  nextcloud_db_name  database is created
  87   become_user: postgres
  88   become: true
  89   community.postgresql.postgresql_db:
  90     name: "{{ nextcloud_db_name }}"
  91     state: "{{ item }}"
  92     owner: "{{ nextcloud_php_user }}"
  93   loop:
  94     - absent
  95     - present
  96
  97 - name: Pour chaque base, ajouter les droits suivants à l'utilisateur php
  98   become_user: postgres
  99   become: true
 100   community.postgresql.postgresql_privs:
 101     db: "{{ item.db }}"
 102     privs: "{{ item.privs }}"
 103     type: "{{ item.type |default(omit) }}"
 104     objs: "{{ item.objs }}"
 105     role: "{{ item.role }}"
 106     grant_option: "{{ item.grant_option |default(omit) }}"
 107   loop_control:
 108     label: "{{ item.name }}"
 109   loop:
 110     - db: "{{ nextcloud_db_name }}"
 111       privs: "ALL"
 112       type: "schema"
 113       objs: "public"
 114       role: "{{ nextcloud_php_user }}"
 115       grant_option: true
 116       name: "GRANT ALL ON SCHEMA public TO php_{{ SIGLE }}_nuage WITH GRANT OPTION;"
 117
 118 - name: Autoriser l'utilisateur php à se connecter à la bdd nextcloud
 119   community.postgresql.postgresql_pg_hba:
 120     dest: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf"
 121     contype: local
 122     users: "php_{{ SIGLE }}_{{ SITE }}"
 123     databases: "php_{{ SIGLE }}_{{ SITE }}"
 124     method: peer
 125     keep_comments_at_rules: true
 126     comment: "autoriser le user php_{{ SIGLE }}_{{ SITE }} à se connecter à la bdd du meme nom"
 127
 128 - name: Boucle création des répertoires app, config et data nextcloud
 129   ansible.builtin.file:
 130     path: "{{ item.path }}"
 131     state: "{{ item.state }}"
 132     owner: "{{ item.owner }}"
 133     group: "{{ item.group }}"
 134     mode: "{{ item.mode }}"
 135   loop_control:
 136     label: "{{ item.path }}"
 137   loop:
 138     - path: "{{ nextcloud_webroot }}/apps"
 139       state: directory
 140       owner: "{{ nextcloud_php_user }}"
 141       group: "{{ nextcloud_websrv_user }}"
 142       mode: '2750'
 143     - path: "{{ nextcloud_webroot }}/config"
 144       state: directory
 145       owner: "{{ nextcloud_php_user }}"
 146       group: "{{ nextcloud_websrv_user }}"
 147       mode: '2750'
 148     - path: "{{ nextcloud_webroot }}/data"
 149       state: directory
 150       owner: "{{ nextcloud_php_user }}"
 151       group: "{{ nextcloud_websrv_user }}"
 152       mode: '2750'
 153
 154 - name: Create nextcloud root dir symbolic link
 155   ansible.builtin.file:
 156     src: "{{ nextcloud_symbolic_source }}"
 157     dest: "{{ nextcloud_webroot }}/nextcloud"
 158     owner: nextcloud
 159     group: nextcloud
 160     state: link
 161     follow: false
 162
 163 - name: Create nextcloud common app dir symbolic link
 164   ansible.builtin.file:
 165     src: "{{ nextcloud_symbolic_common }}"
 166     dest: "{{ nextcloud_webroot }}/common"
 167     owner: nextcloud
 168     group: nextcloud
 169     state: link
 170     follow: false
 171
 172 - name: Créer les fichiers spécifiques nextcloud
 173   ansible.builtin.template:
 174     src: "templates/{{ item.src }}"
 175     dest: "{{ nextcloud_webroot }}/{{ item.dest }}"
 176     owner: "{{ item.owner }}"
 177     group: "{{ item.group }}"
 178     mode: "{{ item.mode }}"
 179   loop:
 180     - src: "nextcloud_cron.j2"
 181       dest: "cron"
 182       owner: "{{ nextcloud_php_user }}"
 183       group: "{{ nextcloud_websrv_user }}"
 184       mode: '750'
 185     - src: "nextcloud_console.j2"
 186       dest: "console"
 187       owner: "{{ nextcloud_websrv_user }}"
 188       group: "{{ nextcloud_websrv_user }}"
 189       mode: '750'
 190     - src: "nextcloud_install_config.j2"
 191       dest: "config/config.php"
 192       owner: "{{ nextcloud_php_user }}"
 193       group: "{{ nextcloud_websrv_user }}"
 194       mode: '640'
 195
 196 - name: Recharger plusieurs services
 197   ansible.builtin.service:
 198     name: "{{ item }}"
 199     state: reloaded
 200   loop:
 201     - "postgresql"
 202     - "php{{ php_version }}-fpm"
 203
 204 - name: Lancement du script d'installation nextcloud # noqa : command-instead-of-module
 205   become_user: "{{ nextcloud_php_user }}"
 206   become: true
 207   ansible.builtin.command: >
 208           ./console maintenance:install
 209           --database='pgsql'
 210           --database-name="php_{{ SIGLE }}_{{ SITE }}"
 211           --database-user="php_{{ SIGLE }}_{{ SITE }}"
 212           --database-host="/var/run/postgresql/"
 213           --database-pass=""
 214           --admin-user='admin'
 215           --admin-pass='ckoideja'
 216           --data-dir="/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/data/"
 217   args:
 218     chdir: "{{ nextcloud_webroot }}"
 219   register: install_result
 220   ignore_errors: true
 221
 222 - name: Afficher les logs du script d'install
 223   ansible.builtin.debug:
 224     var: install_result
 225   when: install_result is defined
 226
 227 - name: Afficher les logs du script d'install
 228   ansible.builtin.fail:
 229     msg: "Le script d'install a échoué: Voir les logs ci-dessus"
 230   when: install_result.failed
 231
 232 - name: Créer les fichiers spécifiques nextcloud
 233   ansible.builtin.template:
 234     src: "templates/{{ item.src }}"
 235     dest: "{{ nextcloud_webroot }}/{{ item.dest }}"
 236     owner: "{{ item.owner }}"
 237     group: "{{ item.group }}"
 238     mode: "{{ item.mode }}"
 239   loop:
 240     - src: "nextcloud_sigle_config.j2"
 241       dest: "config/{{ SIGLE }}.config.php"
 242       owner: "{{ nextcloud_php_user }}"
 243       group: "{{ nextcloud_websrv_user }}"
 244       mode: '640'
 245
 246 - name: Creation d'un lien symbolique vers la configuration nextcloud common
 247   ansible.builtin.file:
 248     src: "../../../../nextcloud/common.config.php"
 249     path: "{{ nextcloud_webroot }}/config/common.config.php"
 250     owner: nextcloud
 251     group: nextcloud
 252     state: link
 253     follow: false
 254
 255 - name: Pour chaque base, ajouter les droits suivants à l'utilisateur php
 256   become_user: postgres
 257   become: true
 258   community.postgresql.postgresql_privs:
 259     db: "{{ item.db }}"
 260     privs: "{{ item.privs }}"
 261     type: "{{ item.type | default(omit) }}"
 262     objs: "{{ item.objs }}"
 263     role: "{{ item.role }}"
 264     grant_option: "{{ item.grant_option | default(omit) }}"
 265   loop_control:
 266     label: "{{ item.name }}"
 267   loop:
 268     - db: "{{ nextcloud_db_name }}"
 269       privs: "USAGE,CREATE"
 270       type: "schema"
 271       objs: "public"
 272       role: "{{ nextcloud_php_user }}"
 273       name: "GRANT USAGE,CREATE ON SCHEMA public TO php_{{ SIGLE }}_nuage;"
 274     # - db: "{{ nextcloud_db_name }}"
 275     #   privs: "SELECT"
 276     #   type: "table"
 277     #   objs: "pg_namespace"
 278     #   role: "{{ nextcloud_php_user }}"
 279     #   name: "GRANT SELECT ON TABLE pg_namespace TO php_{{ SIGLE }}_nuage;"
 280     # - db: "{{ nextcloud_db_name }}"
 281     #   privs: "SELECT"
 282     #   type: "table"
 283     #   objs: "pg_collation"
 284     #   role: "{{ nextcloud_php_user }}"
 285     #   name: "GRANT SELECT ON TABLE pg_collation TO php_{{ SIGLE }}_nuage;"
 286     # - db: "{{ nextcloud_db_name }}"
 287     #   privs: "SELECT"
 288     #   type: "table"
 289     #   objs: "pg_index"
 290     #   role: "{{ nextcloud_php_user }}"
 291     #   name: "GRANT SELECT ON TABLE pg_index TO php_{{ SIGLE }}_nuage;"
 292     # - db: "{{ nextcloud_db_name }}"
 293     #   privs: "SELECT"
 294     #   type: "table"
 295     #   objs: "pg_attrdef"
 296     #   role: "{{ nextcloud_php_user }}"
 297     #   name: "GRANT SELECT ON TABLE pg_attrdef TO php_{{ SIGLE }}_nuage;"
 298     # - db: "{{ nextcloud_db_name }}"
 299     #   privs: "SELECT"
 300     #   type: "table"
 301     #   objs: "pg_description"
 302     #   role: "{{ nextcloud_php_user }}"
 303     #   name: "GRANT SELECT ON TABLE pg_description TO php_{{ SIGLE }}_nuage;"
 304     # - db: "{{ nextcloud_db_name }}"
 305     #   privs: "SELECT"
 306     #   type: "table"
 307     #   objs: "pg_settings"
 308     #   role: "{{ nextcloud_php_user }}"
 309     #   name: "GRANT SELECT ON TABLE pg_settings TO php_{{ SIGLE }}_nuage;"
 310     # - db: "{{ nextcloud_db_name }}"
 311     #   privs: "SELECT"
 312     #   objs: "pg_database"
 313     #   role: "{{ nextcloud_php_user }}"
 314     #   name: "GRANT SELECT ON pg_database TO php_{{ SIGLE }}_nuage;"
 315
 316 - name: Creation d'un fichier cron pour /etc/cron.d
 317   ansible.builtin.cron:
 318     name: "nextcloud {{ SIGLE }}_{{ SITE }} taches d'arriere plan toutes les 5 mins"
 319     minute: "*/5"
 320     user: "php_{{ SIGLE }}_{{ SITE }}"
 321     job: "{{ nextcloud_webroot }}/cron"
 322
 323 - name: Recharger plusieurs services
 324   ansible.builtin.service:
 325     name: "{{ item }}"
 326     state: reloaded
 327   loop:
 328     - "php{{ php_version }}-fpm"
 329     - "nginx"