tasks/config_postgres.yml

   1 - name: Etckeeper commit if necessary
   2   ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ SITE }}"
   3   ignore_errors: true
   4
   5 - name: Install required packages
   6   ansible.builtin.apt:
   7     name:
   8 #      - php-ctype
   9       - php-curl
  10 #      - php-dom
  11 #      - php-fileinfo
  12       - php-gd
  13       - php-json
  14       - "php{{ php_version }}-xml"
  15       - php-mbstring
  16 #      - php-openssl
  17 #      - php-posix
  18 #      - php-session
  19 #      - php-simplexml
  20 #      - php-xmlreader
  21 #      - php-xmlwriter
  22       - php-zip
  23 #      - php-zlib
  24 #      - php-pdo_pgsql
  25       - "php{{ php_version }}-pgsql"
  26       - php-pgsql
  27       - php-intl
  28       - php-bz2
  29 #      - php-sodium
  30       - php-gmp
  31 #      - php-exif
  32       - php-redis
  33       - php-imagick
  34       - python3-psycopg2 # module ansible psql
  35     state: present
  36
  37 - name: Boucle d'ajout du user php dans plusieurs groupe
  38   ansible.builtin.user:
  39     name: "php_{{ SIGLE }}_{{ SITE }}"
  40     groups: "{{ item }}"
  41     append: true
  42   loop:
  43     - nextcloud
  44     - postgres-data
  45     - redis
  46     - "site_{{ SIGLE }}_{{ SITE }}"
  47
  48 - name: Bloc nouvelle version nextcloud
  49   when: nouvelle_version is undefined
  50   block:
  51     - name: Demande la version de nextcloud à installer
  52       ansible.builtin.pause:
  53         prompt: "Quelle version de nextcloud doit être utilisée"
  54         echo: true
  55       register: nextcloud_version_prompt
  56
  57     - name: Definir nouvelle_version
  58       ansible.builtin.set_fact:
  59         nouvelle_version: "{{ nextcloud_version_prompt.user_input }}"
  60
  61 - name: Bloc ancienne version nextcloud
  62   when: ancienne_version is undefined
  63   block:
  64     - name: Demande la version de nextcloud déjà installée
  65       ansible.builtin.pause:
  66         prompt: "Quelle version de nextcloud déjà installée"
  67         echo: true
  68       register: ancienne_version_prompt
  69
  70     - name: Definir ancienne_version
  71       ansible.builtin.set_fact:
  72         ancienne_version: "{{ ancienne_version_prompt.user_input }}"
  73
  74 - name: Inclure la verif de l'install nextcloud
  75   ansible.builtin.include_tasks: tasks/verif_installation_nextcloud.yml
  76
  77 - name: PostgreSQL - nextcloud_php_user role is created
  78   become_user: postgres
  79   become: true
  80   community.postgresql.postgresql_user:
  81     name: "{{ nextcloud_php_user }}"
  82     state: present
  83     role_attr_flags: CREATEDB
  84
  85 - name: PostgreSQL -  nextcloud_db_name  database is created
  86   become_user: postgres
  87   become: true
  88   community.postgresql.postgresql_db:
  89     name: "{{ nextcloud_db_name }}"
  90     state: "{{ item }}"
  91     owner: "{{ nextcloud_php_user }}"
  92   loop:
  93     - absent
  94     - present
  95
  96 - name: Pour chaque base, ajouter les droits suivants à l'utilisateur php
  97   become_user: postgres
  98   become: true
  99   community.postgresql.postgresql_privs:
 100     db: "{{ item.db }}"
 101     privs: "{{ item.privs }}"
 102     type: "{{ item.type |default(omit) }}"
 103     objs: "{{ item.objs }}"
 104     role: "{{ item.role }}"
 105     grant_option: "{{ item.grant_option |default(omit) }}"
 106   loop_control:
 107     label: "{{ item.name }}"
 108   loop:
 109     - db: "{{ nextcloud_db_name }}"
 110       privs: "ALL"
 111       type: "schema"
 112       objs: "public"
 113       role: "{{ nextcloud_php_user }}"
 114       grant_option: true
 115       name: "GRANT ALL ON SCHEMA public TO php_{{ SIGLE }}_nuage WITH GRANT OPTION;"
 116
 117 - name: Autoriser l'utilisateur php à se connecter à la bdd nextcloud
 118   community.postgresql.postgresql_pg_hba:
 119     dest: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf"
 120     contype: local
 121     users: "php_{{ SIGLE }}_{{ SITE }}"
 122     databases: "php_{{ SIGLE }}_{{ SITE }}"
 123     method: peer
 124     keep_comments_at_rules: true
 125     comment: "autoriser le user php_{{ SIGLE }}_{{ SITE }} à se connecter à la bdd du meme nom"
 126
 127 - name: Boucle création des répertoires app, config et data nextcloud
 128   ansible.builtin.file:
 129     path: "{{ item.path }}"
 130     state: "{{ item.state }}"
 131     owner: "{{ item.owner }}"
 132     group: "{{ item.group }}"
 133     mode: "{{ item.mode }}"
 134   loop_control:
 135     label: "{{ item.path }}"
 136   loop:
 137     - path: "{{ nextcloud_webroot }}/apps"
 138       state: directory
 139       owner: "{{ nextcloud_php_user }}"
 140       group: "{{ nextcloud_websrv_user }}"
 141       mode: '2750'
 142     - path: "{{ nextcloud_webroot }}/config"
 143       state: directory
 144       owner: "{{ nextcloud_php_user }}"
 145       group: "{{ nextcloud_websrv_user }}"
 146       mode: '2750'
 147     - path: "{{ nextcloud_webroot }}/data"
 148       state: directory
 149       owner: "{{ nextcloud_php_user }}"
 150       group: "{{ nextcloud_websrv_user }}"
 151       mode: '2750'
 152
 153 - name: Create nextcloud root dir symbolic link
 154   ansible.builtin.file:
 155     src: "{{ nextcloud_symbolic_source }}"
 156     dest: "{{ nextcloud_webroot }}/nextcloud"
 157     owner: nextcloud
 158     group: nextcloud
 159     state: link
 160     follow: false
 161
 162 - name: Create nextcloud common app dir symbolic link
 163   ansible.builtin.file:
 164     src: "{{ nextcloud_symbolic_common }}"
 165     dest: "{{ nextcloud_webroot }}/common"
 166     owner: nextcloud
 167     group: nextcloud
 168     state: link
 169     follow: false
 170
 171 - name: Créer les fichiers spécifiques nextcloud
 172   ansible.builtin.template:
 173     src: "templates/{{ item.src }}"
 174     dest: "{{ nextcloud_webroot }}/{{ item.dest }}"
 175     owner: "{{ item.owner }}"
 176     group: "{{ item.group }}"
 177     mode: "{{ item.mode }}"
 178   loop:
 179     - src: "nextcloud_cron.j2"
 180       dest: "cron"
 181       owner: "{{ nextcloud_php_user }}"
 182       group: "{{ nextcloud_websrv_user }}"
 183       mode: '750'
 184     - src: "nextcloud_console.j2"
 185       dest: "console"
 186       owner: "{{ nextcloud_websrv_user }}"
 187       group: "{{ nextcloud_websrv_user }}"
 188       mode: '750'
 189     - src: "nextcloud_install_config.j2"
 190       dest: "config/config.php"
 191       owner: "{{ nextcloud_php_user }}"
 192       group: "{{ nextcloud_websrv_user }}"
 193       mode: '640'
 194
 195 - name: Recharger plusieurs services
 196   ansible.builtin.service:
 197     name: "{{ item }}"
 198     state: reloaded
 199   loop:
 200     - "postgresql"
 201     - "php{{ php_version }}-fpm"
 202
 203 - name: Lancement du script d'installation nextcloud # noqa : command-instead-of-module
 204   become_user: "{{ nextcloud_php_user }}"
 205   become: true
 206   ansible.builtin.command: >
 207           ./console maintenance:install
 208           --database='pgsql'
 209           --database-name="php_{{ SIGLE }}_{{ SITE }}"
 210           --database-user="php_{{ SIGLE }}_{{ SITE }}"
 211           --database-host="/var/run/postgresql/"
 212           --database-pass=""
 213           --admin-user='admin'
 214           --admin-pass='ckoideja'
 215           --data-dir="/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/data/"
 216   args:
 217     chdir: "{{ nextcloud_webroot }}"
 218   register: install_result
 219   ignore_errors: true
 220
 221 - name: Afficher les logs du script d'install
 222   ansible.builtin.debug:
 223     var: install_result
 224   when: install_result is defined
 225
 226 - name: Afficher les logs du script d'install
 227   ansible.builtin.fail:
 228     msg: "Le script d'install a échoué: Voir les logs ci-dessus"
 229   when: install_result.failed
 230
 231 - name: Créer les fichiers spécifiques nextcloud
 232   ansible.builtin.template:
 233     src: "templates/{{ item.src }}"
 234     dest: "{{ nextcloud_webroot }}/{{ item.dest }}"
 235     owner: "{{ item.owner }}"
 236     group: "{{ item.group }}"
 237     mode: "{{ item.mode }}"
 238   loop:
 239     - src: "nextcloud_sigle_config.j2"
 240       dest: "config/{{ SIGLE }}.config.php"
 241       owner: "{{ nextcloud_php_user }}"
 242       group: "{{ nextcloud_websrv_user }}"
 243       mode: '640'
 244
 245 - name: Creation d'un lien symbolique vers le configuration nextcloud commun
 246   ansible.builtin.file:
 247     src: "../../../../nextcloud/common.config.php"
 248     path: "{{ nextcloud_webroot }}/config/common.config.php"
 249     owner: nextcloud
 250     group: nextcloud
 251     state: link
 252     follow: false
 253
 254 - name: Pour chaque base, ajouter les droits suivants à l'utilisateur php
 255   become_user: postgres
 256   become: true
 257   community.postgresql.postgresql_privs:
 258     db: "{{ item.db }}"
 259     privs: "{{ item.privs }}"
 260     type: "{{ item.type | default(omit) }}"
 261     objs: "{{ item.objs }}"
 262     role: "{{ item.role }}"
 263     grant_option: "{{ item.grant_option | default(omit) }}"
 264   loop_control:
 265     label: "{{ item.name }}"
 266   loop:
 267     - db: "{{ nextcloud_db_name }}"
 268       privs: "USAGE,CREATE"
 269       type: "schema"
 270       objs: "public"
 271       role: "{{ nextcloud_php_user }}"
 272       name: "GRANT USAGE,CREATE ON SCHEMA public TO php_{{ SIGLE }}_nuage;"
 273     # - db: "{{ nextcloud_db_name }}"
 274     #   privs: "SELECT"
 275     #   type: "table"
 276     #   objs: "pg_namespace"
 277     #   role: "{{ nextcloud_php_user }}"
 278     #   name: "GRANT SELECT ON TABLE pg_namespace TO php_{{ SIGLE }}_nuage;"
 279     # - db: "{{ nextcloud_db_name }}"
 280     #   privs: "SELECT"
 281     #   type: "table"
 282     #   objs: "pg_collation"
 283     #   role: "{{ nextcloud_php_user }}"
 284     #   name: "GRANT SELECT ON TABLE pg_collation TO php_{{ SIGLE }}_nuage;"
 285     # - db: "{{ nextcloud_db_name }}"
 286     #   privs: "SELECT"
 287     #   type: "table"
 288     #   objs: "pg_index"
 289     #   role: "{{ nextcloud_php_user }}"
 290     #   name: "GRANT SELECT ON TABLE pg_index TO php_{{ SIGLE }}_nuage;"
 291     # - db: "{{ nextcloud_db_name }}"
 292     #   privs: "SELECT"
 293     #   type: "table"
 294     #   objs: "pg_attrdef"
 295     #   role: "{{ nextcloud_php_user }}"
 296     #   name: "GRANT SELECT ON TABLE pg_attrdef TO php_{{ SIGLE }}_nuage;"
 297     # - db: "{{ nextcloud_db_name }}"
 298     #   privs: "SELECT"
 299     #   type: "table"
 300     #   objs: "pg_description"
 301     #   role: "{{ nextcloud_php_user }}"
 302     #   name: "GRANT SELECT ON TABLE pg_description TO php_{{ SIGLE }}_nuage;"
 303     # - db: "{{ nextcloud_db_name }}"
 304     #   privs: "SELECT"
 305     #   type: "table"
 306     #   objs: "pg_settings"
 307     #   role: "{{ nextcloud_php_user }}"
 308     #   name: "GRANT SELECT ON TABLE pg_settings TO php_{{ SIGLE }}_nuage;"
 309     # - db: "{{ nextcloud_db_name }}"
 310     #   privs: "SELECT"
 311     #   objs: "pg_database"
 312     #   role: "{{ nextcloud_php_user }}"
 313     #   name: "GRANT SELECT ON pg_database TO php_{{ SIGLE }}_nuage;"
 314
 315 - name: Creation d'un fichier cron pour /etc/cron.d
 316   ansible.builtin.cron:
 317     name: "nextcloud {{ SIGLE }}_{{ SITE }} taches d'arriere plan toutes les 5 mins"
 318     minute: "*/5"
 319     user: "php_{{ SIGLE }}_{{ SITE }}"
 320     job: "{{ nextcloud_webroot }}/cron"
 321
 322 - name: Recharger plusieurs services
 323   ansible.builtin.service:
 324     name: "{{ item }}"
 325     state: reloaded
 326   loop:
 327     - "php{{ php_version }}-fpm"
 328     - "nginx"