X-Git-Url: https://git.cyclocoop.org/?a=blobdiff_plain;f=tasks%2Fconfig_nuage.yml;h=8ed1afd2809ee96491cb6bc44c9e372f14f36356;hb=5f7ed8e1233e5b2bb33ac343113d3fa5bfe77ec3;hp=8f59cf0b968777cd0d390e3d7dda2f7e751d0afc;hpb=0e7e1f059f943f6617400cc32d155d73b4b4b9a3;p=lhc%2Fansible.git diff --git a/tasks/config_nuage.yml b/tasks/config_nuage.yml index 8f59cf0..8ed1afd 100644 --- a/tasks/config_nuage.yml +++ b/tasks/config_nuage.yml @@ -1,3 +1,6 @@ +- name: Etckeeper commit if necessary + ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ SITE }}" + - name: Install required packages ansible.builtin.apt: name: @@ -27,7 +30,7 @@ # - php-exif - php-redis - php-imagick - - python3-psycopg2 #module ansible psql + - python3-psycopg2 # module ansible psql state: present - name: Boucle d'ajout du user php dans plusieurs groupe @@ -67,7 +70,7 @@ - name: Inclure la verif de l'install nextcloud ansible.builtin.include_tasks: tasks/verif_installation_nextcloud.yml -- name: "[PostgreSQL] - {{ nextcloud_php_user }} role is created." +- name: PostgreSQL - nextcloud_php_user role is created become_user: postgres become: true community.postgresql.postgresql_user: @@ -75,7 +78,7 @@ state: present role_attr_flags: CREATEDB -- name: "[PostgreSQL] - {{ nextcloud_db_name }} database is created." +- name: PostgreSQL - nextcloud_db_name database is created become_user: postgres become: true community.postgresql.postgresql_db: @@ -92,7 +95,7 @@ community.postgresql.postgresql_privs: db: "{{ item.db }}" privs: "{{ item.privs }}" - type: "{{ item.type |default(omit)}}" + type: "{{ item.type |default(omit) }}" objs: "{{ item.objs }}" role: "{{ item.role }}" grant_option: "{{ item.grant_option |default(omit) }}" @@ -111,11 +114,11 @@ community.postgresql.postgresql_pg_hba: dest: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf" contype: local - users: "php_{{ SIGLE}}_{{SITE}}" - databases: "php_{{ SIGLE}}_{{SITE}}" + users: "php_{{ SIGLE }}_{{ SITE }}" + databases: "php_{{ SIGLE }}_{{ SITE }}" method: peer keep_comments_at_rules: true - comment: "autoriser le user php_{{ SIGLE}}_{{SITE}} à se connecter à la bdd du meme nom" + comment: "autoriser le user php_{{ SIGLE }}_{{ SITE }} à se connecter à la bdd du meme nom" - name: Boucle création des répertoires app, config et data nextcloud ansible.builtin.file: @@ -161,12 +164,12 @@ state: link follow: false -- name: créer les fichiers spécifiques nextcloud +- name: Créer les fichiers spécifiques nextcloud ansible.builtin.template: src: "templates/{{ item.src }}" dest: "{{ nextcloud_webroot }}/{{ item.dest }}" owner: "{{ item.owner }}" - group: "{{ item.group}}" + group: "{{ item.group }}" mode: "{{ item.mode }}" loop: - src: "nextcloud_cron.j2" @@ -185,128 +188,134 @@ group: "{{ nextcloud_websrv_user }}" mode: '640' -# - name: Lancement du script d'installation nextcloud # noqa : command-instead-of-module -# become_user: "{{ nextcloud_php_user }}" -# become: true -# ansible.builtin.command: > -# ./console maintenance:install -# --database='pgsql' -# --database-name="php_{{ SIGLE }}_{{ SITE }}" -# --database-user="php_{{ SIGLE }}_{{ SITE }}/data/" -# --database-host="/var/run/postgresql/" -# --admin-user='admin' -# --admin-pass='ckoideja' -# --data-dir="/home/sites/data/$TLD/{{ DOMAIN }}/{{ SITE }}/data/" -# args: -# chdir: "{{ nextcloud_webroot }}" -# register: install_result +- name: Lancement du script d'installation nextcloud # noqa : command-instead-of-module + become_user: "{{ nextcloud_php_user }}" + become: true + ansible.builtin.command: > + ./console maintenance:install + --database='pgsql' + --database-name="php_{{ SIGLE }}_{{ SITE }}" + --database-user="php_{{ SIGLE }}_{{ SITE }}/data/" + --database-host="/var/run/postgresql/" + --admin-user='admin' + --admin-pass='ckoideja' + --data-dir="/home/sites/data/$TLD/{{ DOMAIN }}/{{ SITE }}/data/" + args: + chdir: "{{ nextcloud_webroot }}" + register: install_result + ignore_errors: true -# - name: créer les fichiers spécifiques nextcloud -# ansible.builtin.template: -# src: "templates/{{ item.src }}" -# dest: "{{ nextcloud_webroot }}/{{ item.dest }}" -# owner: "{{ item.owner }}" -# group: "{{ item.group}}" -# mode: "{{ item.mode }}" -# loop: -# - src: "nextcloud_sigle_config.j2" -# dest: "config/{{ SIGLE }}.config.php" -# owner: "{{ nextcloud_php_user }}" -# group: "{{ nextcloud_websrv_user }}" -# mode: '640' +- name: Afficher les logs du script d'install + ansible.builtin.debug: + var: install_result + when: install_result is defined -# - name: Creation d'un lien symbolique vers le configuration nextcloud commun -# ansible.builtin.file: -# src: "../../../../nextcloud/common/common.config.php" -# dest: "config/common.config.php" -# owner: nextcloud -# group: nextcloud -# state: link -# follow: false +- name: Créer les fichiers spécifiques nextcloud + ansible.builtin.template: + src: "templates/{{ item.src }}" + dest: "{{ nextcloud_webroot }}/{{ item.dest }}" + owner: "{{ item.owner }}" + group: "{{ item.group }}" + mode: "{{ item.mode }}" + loop: + - src: "nextcloud_sigle_config.j2" + dest: "config/{{ SIGLE }}.config.php" + owner: "{{ nextcloud_php_user }}" + group: "{{ nextcloud_websrv_user }}" + mode: '640' -# - name: Create sigle nextcloud config -# become_user: "{{ nextcloud_php_user }}" -# become: true -# ansible.builtin.template: -# src: templates/sigle.config.php.j2 -# dest: "{{ nextcloud_webroot }}/config/sigle.config.php" -# owner: "{{ nextcloud_php_user }}" -# group: "{{ nextcloud_websrv_user }}" -# mode: '640' # or u=rwx,g=r,o= +- name: Creation d'un lien symbolique vers le configuration nextcloud commun + ansible.builtin.file: + src: "../../../../nextcloud/common/common.config.php" + dest: "config/common.config.php" + owner: nextcloud + group: nextcloud + state: link + follow: false -# - name: Pour chaque base, ajouter les droits suivants à l'utilisateur php -# become_user: postgres -# become: true -# community.postgresql.postgresql_privs: -# db: "{{ item.db }}" -# privs: "{{ item.privs }}" -# type: "{{ item.type |default(omit)}}" -# objs: "{{ item.objs }}" -# role: "{{ item.role }}" -# grant_option: "{{ item.grant_option |default(omit) }}" -# loop_control: -# label: "{{ item.name }}" -# loop: -# - db: "{{ nextcloud_db_name }}" -# privs: "USAGE,CREATE" -# type: "schema" -# objs: "public" -# role: "{{ nextcloud_php_user }}" -# name: "GRANT USAGE,CREATE ON SCHEMA public TO php_{{ SIGLE }}_nuage;" -# - db: "{{ nextcloud_db_name }}" -# privs: "SELECT" -# type: "table" -# objs: "pg_namespace" -# role: "{{ nextcloud_php_user }}" -# name: "GRANT SELECT ON TABLE pg_namespace TO php_{{ SIGLE }}_nuage;" -# - db: "{{ nextcloud_db_name }}" -# privs: "SELECT" -# type: "table" -# objs: "pg_collation" -# role: "{{ nextcloud_php_user }}" -# name: "GRANT SELECT ON TABLE pg_collation TO php_{{ SIGLE }}_nuage;" -# - db: "{{ nextcloud_db_name }}" -# privs: "SELECT" -# type: "table" -# objs: "pg_index" -# role: "{{ nextcloud_php_user }}" -# name: "GRANT SELECT ON TABLE pg_index TO php_{{ SIGLE }}_nuage;" -# - db: "{{ nextcloud_db_name }}" -# privs: "SELECT" -# type: "table" -# objs: "pg_attrdef" -# role: "{{ nextcloud_php_user }}" -# name: "GRANT SELECT ON TABLE pg_attrdef TO php_{{ SIGLE }}_nuage;" -# - db: "{{ nextcloud_db_name }}" -# privs: "SELECT" -# type: "table" -# objs: "pg_description" -# role: "{{ nextcloud_php_user }}" -# name: "GRANT SELECT ON TABLE pg_description TO php_{{ SIGLE }}_nuage;" -# - db: "{{ nextcloud_db_name }}" -# privs: "SELECT" -# type: "table" -# objs: "pg_settings" -# role: "{{ nextcloud_php_user }}" -# name: "GRANT SELECT ON TABLE pg_settings TO php_{{ SIGLE }}_nuage;" -# - db: "{{ nextcloud_db_name }}" -# privs: "SELECT" -# objs: "pg_database" -# role: "{{ nextcloud_php_user }}" -# name: "GRANT SELECT ON pg_database TO php_{{ SIGLE }}_nuage;" +- name: Create sigle nextcloud config + become_user: "{{ nextcloud_php_user }}" + become: true + ansible.builtin.template: + src: templates/sigle.config.php.j2 + dest: "{{ nextcloud_webroot }}/config/sigle.config.php" + owner: "{{ nextcloud_php_user }}" + group: "{{ nextcloud_websrv_user }}" + mode: '640' # or u=rwx,g=r,o= -# - name: Creation d'un fichier cron pour /etc/cron.d -# ansible.builtin.cron: -# name: "nextcloud {{ SIGLE }}_{{ SITE }} taches d'arriere plan " -# minute: "5" -# user: "php_{{ SIGLE}}_{{SITE}}" -# job: "{{ nextcloud_source }}/cron" +- name: Pour chaque base, ajouter les droits suivants à l'utilisateur php + become_user: postgres + become: true + community.postgresql.postgresql_privs: + db: "{{ item.db }}" + privs: "{{ item.privs }}" + type: "{{ item.type |default(omit) }}" + objs: "{{ item.objs }}" + role: "{{ item.role }}" + grant_option: "{{ item.grant_option |default(omit) }}" + loop_control: + label: "{{ item.name }}" + loop: + - db: "{{ nextcloud_db_name }}" + privs: "USAGE,CREATE" + type: "schema" + objs: "public" + role: "{{ nextcloud_php_user }}" + name: "GRANT USAGE,CREATE ON SCHEMA public TO php_{{ SIGLE }}_nuage;" + - db: "{{ nextcloud_db_name }}" + privs: "SELECT" + type: "table" + objs: "pg_namespace" + role: "{{ nextcloud_php_user }}" + name: "GRANT SELECT ON TABLE pg_namespace TO php_{{ SIGLE }}_nuage;" + - db: "{{ nextcloud_db_name }}" + privs: "SELECT" + type: "table" + objs: "pg_collation" + role: "{{ nextcloud_php_user }}" + name: "GRANT SELECT ON TABLE pg_collation TO php_{{ SIGLE }}_nuage;" + - db: "{{ nextcloud_db_name }}" + privs: "SELECT" + type: "table" + objs: "pg_index" + role: "{{ nextcloud_php_user }}" + name: "GRANT SELECT ON TABLE pg_index TO php_{{ SIGLE }}_nuage;" + - db: "{{ nextcloud_db_name }}" + privs: "SELECT" + type: "table" + objs: "pg_attrdef" + role: "{{ nextcloud_php_user }}" + name: "GRANT SELECT ON TABLE pg_attrdef TO php_{{ SIGLE }}_nuage;" + - db: "{{ nextcloud_db_name }}" + privs: "SELECT" + type: "table" + objs: "pg_description" + role: "{{ nextcloud_php_user }}" + name: "GRANT SELECT ON TABLE pg_description TO php_{{ SIGLE }}_nuage;" + - db: "{{ nextcloud_db_name }}" + privs: "SELECT" + type: "table" + objs: "pg_settings" + role: "{{ nextcloud_php_user }}" + name: "GRANT SELECT ON TABLE pg_settings TO php_{{ SIGLE }}_nuage;" + - db: "{{ nextcloud_db_name }}" + privs: "SELECT" + objs: "pg_database" + role: "{{ nextcloud_php_user }}" + name: "GRANT SELECT ON pg_database TO php_{{ SIGLE }}_nuage;" + +- name: Creation d'un fichier cron pour /etc/cron.d + ansible.builtin.cron: + name: "nextcloud {{ SIGLE }}_{{ SITE }} taches d'arriere plan toutes les 5 mins" + minute: "*/5" + user: "php_{{ SIGLE }}_{{ SITE }}" + job: "{{ nextcloud_webroot }}/cron" -# - name: Recharger plusieurs services -# ansible.builtin.service: -# name: "{{ item }}" -# state: reloaded -# loop: -# - "postgresql" -# - "php{{ php_version }}-fpm" -# - "nginx" +- name: Recharger plusieurs services + ansible.builtin.service: + name: "{{ item }}" + state: reloaded + loop: + - "postgresql" + - "php{{ php_version }}-fpm" + - "nginx"