From: rominique <romain.legoff@heureux-cyclage.org>
Date: Tue, 9 Apr 2024 15:21:12 +0000 (+0200)
Subject: corrections du scenario nuage
X-Git-Url: https://git.cyclocoop.org/?a=commitdiff_plain;h=2ea484b79f456fc11514abcdf138582d892e718f;p=lhc%2Fansible.git

corrections du scenario nuage
support hors https pas ok
support de SITE=test-nuage NON
---

diff --git a/creation_nouveau_site.yml b/creation_nouveau_site.yml
index 89338c1..becb28f 100644
--- a/creation_nouveau_site.yml
+++ b/creation_nouveau_site.yml
@@ -57,7 +57,7 @@
     - name: Vérifier le sigle n'est pas déjà utilisé
       ansible.builtin.lineinfile:
         dest: /etc/passwd
-        search_string: "site_{{ SIGLE }}"
+        search_string: "site_{{ SIGLE }}_{{ SITE }}"
         state: absent
       check_mode: true
       changed_when: false
diff --git a/tasks/config_nuage.yml b/tasks/config_nuage.yml
index 8ed1afd..06652ce 100644
--- a/tasks/config_nuage.yml
+++ b/tasks/config_nuage.yml
@@ -1,5 +1,6 @@
 - name: Etckeeper commit if necessary
   ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ SITE }}"
+  ignore_errors: true
 
 - name: Install required packages
   ansible.builtin.apt:
@@ -44,7 +45,7 @@
     - redis
     - "site_{{ SIGLE }}_{{ SITE }}"
 
-- name: Bloc nextcloud_version
+- name: Bloc nouvelle version nextcloud
   when: nouvelle_version is undefined
   block:
     - name: Demande la version de nextcloud à installer
@@ -57,6 +58,9 @@
       ansible.builtin.set_fact:
         nouvelle_version: "{{ nextcloud_version_prompt.user_input }}"
 
+- name: Bloc ancienne version nextcloud
+  when: ancienne_version is undefined
+  block:
     - name: Demande la version de nextcloud déjà installée
       ansible.builtin.pause:
         prompt: "Quelle version de nextcloud déjà installée"
@@ -188,6 +192,14 @@
       group: "{{ nextcloud_websrv_user }}"
       mode: '640'
 
+- name: Recharger plusieurs services
+  ansible.builtin.service:
+    name: "{{ item }}"
+    state: reloaded
+  loop:
+    - "postgresql"
+    - "php{{ php_version }}-fpm"
+
 - name: Lancement du script d'installation nextcloud # noqa : command-instead-of-module
   become_user: "{{ nextcloud_php_user }}"
   become: true
@@ -195,11 +207,12 @@
           ./console maintenance:install
           --database='pgsql'
           --database-name="php_{{ SIGLE }}_{{ SITE }}"
-          --database-user="php_{{ SIGLE }}_{{ SITE }}/data/"
+          --database-user="php_{{ SIGLE }}_{{ SITE }}"
           --database-host="/var/run/postgresql/"
+          --database-pass=""
           --admin-user='admin'
           --admin-pass='ckoideja'
-          --data-dir="/home/sites/data/$TLD/{{ DOMAIN }}/{{ SITE }}/data/"
+          --data-dir="/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/data/"
   args:
     chdir: "{{ nextcloud_webroot }}"
   register: install_result
@@ -210,6 +223,11 @@
     var: install_result
   when: install_result is defined
 
+- name: Afficher les logs du script d'install
+  ansible.builtin.fail:
+    msg: "Le script d'install a échoué: Voir les logs ci-dessus"
+  when: install_result.failed
+
 - name: Créer les fichiers spécifiques nextcloud
   ansible.builtin.template:
     src: "templates/{{ item.src }}"
@@ -226,33 +244,23 @@
 
 - name: Creation d'un lien symbolique vers le configuration nextcloud commun
   ansible.builtin.file:
-    src: "../../../../nextcloud/common/common.config.php"
-    dest: "config/common.config.php"
+    src: "../../../../nextcloud/common.config.php"
+    path: "{{ nextcloud_webroot }}/config/common.config.php"
     owner: nextcloud
     group: nextcloud
     state: link
     follow: false
 
-- name: Create sigle nextcloud config
-  become_user: "{{ nextcloud_php_user }}"
-  become: true
-  ansible.builtin.template:
-    src: templates/sigle.config.php.j2
-    dest: "{{ nextcloud_webroot }}/config/sigle.config.php"
-    owner: "{{ nextcloud_php_user }}"
-    group: "{{ nextcloud_websrv_user }}"
-    mode: '640' # or u=rwx,g=r,o=
-
 - name: Pour chaque base, ajouter les droits suivants à l'utilisateur php
   become_user: postgres
   become: true
   community.postgresql.postgresql_privs:
     db: "{{ item.db }}"
     privs: "{{ item.privs }}"
-    type: "{{ item.type |default(omit) }}"
+    type: "{{ item.type | default(omit) }}"
     objs: "{{ item.objs }}"
     role: "{{ item.role }}"
-    grant_option: "{{ item.grant_option |default(omit) }}"
+    grant_option: "{{ item.grant_option | default(omit) }}"
   loop_control:
     label: "{{ item.name }}"
   loop:
@@ -262,47 +270,47 @@
       objs: "public"
       role: "{{ nextcloud_php_user }}"
       name: "GRANT USAGE,CREATE ON SCHEMA public TO php_{{ SIGLE }}_nuage;"
-    - db: "{{ nextcloud_db_name }}"
-      privs: "SELECT"
-      type: "table"
-      objs: "pg_namespace"
-      role: "{{ nextcloud_php_user }}"
-      name: "GRANT SELECT ON TABLE pg_namespace TO php_{{ SIGLE }}_nuage;"
-    - db: "{{ nextcloud_db_name }}"
-      privs: "SELECT"
-      type: "table"
-      objs: "pg_collation"
-      role: "{{ nextcloud_php_user }}"
-      name: "GRANT SELECT ON TABLE pg_collation TO php_{{ SIGLE }}_nuage;"
-    - db: "{{ nextcloud_db_name }}"
-      privs: "SELECT"
-      type: "table"
-      objs: "pg_index"
-      role: "{{ nextcloud_php_user }}"
-      name: "GRANT SELECT ON TABLE pg_index TO php_{{ SIGLE }}_nuage;"
-    - db: "{{ nextcloud_db_name }}"
-      privs: "SELECT"
-      type: "table"
-      objs: "pg_attrdef"
-      role: "{{ nextcloud_php_user }}"
-      name: "GRANT SELECT ON TABLE pg_attrdef TO php_{{ SIGLE }}_nuage;"
-    - db: "{{ nextcloud_db_name }}"
-      privs: "SELECT"
-      type: "table"
-      objs: "pg_description"
-      role: "{{ nextcloud_php_user }}"
-      name: "GRANT SELECT ON TABLE pg_description TO php_{{ SIGLE }}_nuage;"
-    - db: "{{ nextcloud_db_name }}"
-      privs: "SELECT"
-      type: "table"
-      objs: "pg_settings"
-      role: "{{ nextcloud_php_user }}"
-      name: "GRANT SELECT ON TABLE pg_settings TO php_{{ SIGLE }}_nuage;"
-    - db: "{{ nextcloud_db_name }}"
-      privs: "SELECT"
-      objs: "pg_database"
-      role: "{{ nextcloud_php_user }}"
-      name: "GRANT SELECT ON pg_database TO php_{{ SIGLE }}_nuage;"
+    # - db: "{{ nextcloud_db_name }}"
+    #   privs: "SELECT"
+    #   type: "table"
+    #   objs: "pg_namespace"
+    #   role: "{{ nextcloud_php_user }}"
+    #   name: "GRANT SELECT ON TABLE pg_namespace TO php_{{ SIGLE }}_nuage;"
+    # - db: "{{ nextcloud_db_name }}"
+    #   privs: "SELECT"
+    #   type: "table"
+    #   objs: "pg_collation"
+    #   role: "{{ nextcloud_php_user }}"
+    #   name: "GRANT SELECT ON TABLE pg_collation TO php_{{ SIGLE }}_nuage;"
+    # - db: "{{ nextcloud_db_name }}"
+    #   privs: "SELECT"
+    #   type: "table"
+    #   objs: "pg_index"
+    #   role: "{{ nextcloud_php_user }}"
+    #   name: "GRANT SELECT ON TABLE pg_index TO php_{{ SIGLE }}_nuage;"
+    # - db: "{{ nextcloud_db_name }}"
+    #   privs: "SELECT"
+    #   type: "table"
+    #   objs: "pg_attrdef"
+    #   role: "{{ nextcloud_php_user }}"
+    #   name: "GRANT SELECT ON TABLE pg_attrdef TO php_{{ SIGLE }}_nuage;"
+    # - db: "{{ nextcloud_db_name }}"
+    #   privs: "SELECT"
+    #   type: "table"
+    #   objs: "pg_description"
+    #   role: "{{ nextcloud_php_user }}"
+    #   name: "GRANT SELECT ON TABLE pg_description TO php_{{ SIGLE }}_nuage;"
+    # - db: "{{ nextcloud_db_name }}"
+    #   privs: "SELECT"
+    #   type: "table"
+    #   objs: "pg_settings"
+    #   role: "{{ nextcloud_php_user }}"
+    #   name: "GRANT SELECT ON TABLE pg_settings TO php_{{ SIGLE }}_nuage;"
+    # - db: "{{ nextcloud_db_name }}"
+    #   privs: "SELECT"
+    #   objs: "pg_database"
+    #   role: "{{ nextcloud_php_user }}"
+    #   name: "GRANT SELECT ON pg_database TO php_{{ SIGLE }}_nuage;"
 
 - name: Creation d'un fichier cron pour /etc/cron.d
   ansible.builtin.cron:
@@ -316,6 +324,5 @@
     name: "{{ item }}"
     state: reloaded
   loop:
-    - "postgresql"
     - "php{{ php_version }}-fpm"
     - "nginx"
diff --git a/tasks/config_pool_php.yml b/tasks/config_pool_php.yml
index 8b9916b..05287b2 100644
--- a/tasks/config_pool_php.yml
+++ b/tasks/config_pool_php.yml
@@ -82,4 +82,4 @@
   ansible.builtin.service:
     name: "php{{ php_version }}-fpm"
     state: reloaded
-  when: SITE != 'nuage' or SITE != 'paheko' or SITE == 'gestion'
+  when: SITE != 'nuage' and SITE != 'paheko' and SITE == 'gestion'
diff --git a/tasks/verif_installation_nextcloud.yml b/tasks/verif_installation_nextcloud.yml
index 4ee4e46..bb679e4 100644
--- a/tasks/verif_installation_nextcloud.yml
+++ b/tasks/verif_installation_nextcloud.yml
@@ -10,18 +10,6 @@
     path: "{{ nextcloud_common }}"
   register: new_nextcloud_common
 
-# - name: Obtenir l'ancienne version  # noqa : command-instead-of-module
-#   become_user: "{{ nextcloud_websrv_user }}"
-#   become: true
-#   ansible.builtin.command: '{{ nextcloud_webroot }}/console status --output=json'
-#   register: result
-
-# - name: Enregistrer l'ancienne version
-#   ansible.builtin.set_fact:
-#     ancienne_version: "{{ tmp.versionstring }}"
-#   vars:
-#     tmp: "{{ result.stdout | from_json }}"
-
 - name: Include download_nextcloud_source tasks
   ansible.builtin.include_tasks: tasks/download_nextcloud_source.yml
   when: not new_nextcloud_source.stat.exists
diff --git a/templates/nextcloud_sigle_config.j2 b/templates/nextcloud_sigle_config.j2
index e4b913b..1554b62 100644
--- a/templates/nextcloud_sigle_config.j2
+++ b/templates/nextcloud_sigle_config.j2
@@ -5,8 +5,8 @@ $TLD = '{{ TLD }}';
 $SIGLE = '{{ SIGLE }}';
 {# $SECRET= 'fAn4PEVgj7h/FsdrIsbx5TplGneU+Ou882A7k2V81S7VN7iV';
 $PASSWORDSALT = '1pqoguNi6JUhSHaoKWhDSWFP9nn8Mg';
-$INSTANCEID = 'ocsb50eb0b5c'; #}
-$MAIL_SMTPPASSWORD = '{{ MAIL_SMTPPASSWORD }}';
+$INSTANCEID = 'ocsb50eb0b5c'; 
+$MAIL_SMTPPASSWORD = '{{ MAIL_SMTPPASSWORD }}';#}
 
 $CONFIG = [
   'apps_paths' => [
@@ -27,8 +27,8 @@ $CONFIG = [
     ],
   ],
   'datadirectory' => "/home/sites/data/$TLD/$DOMAIN/$SITE/data/",
-  'dbname' => "php_{$SIGLE}_test_nuage",
-  'dbuser' => "php_{$SIGLE}_test_nuage",
+  'dbname' => "php_{$SIGLE}_{$SITE}",
+  'dbuser' => "php_{$SIGLE}_{$SITE}",
   'overwrite.cli.url' => "http://$SITE.$DOMAIN.$TLD",
   'mail_smtpmode' => 'smtp',
   'mail_smtpsecure' => 'ssl',
@@ -39,12 +39,9 @@ $CONFIG = [
   'mail_smtpauth' => 1,
   'mail_smtphost' => "smtp.$DOMAIN.$TLD",
   'mail_smtpname' => "$SITE@$DOMAIN.$TLD",
-  'mail_smtppassword' => "$MAIL_SMTPPASSWORD",
   'mail_smtpport' => '465',
   'trusted_domains' => [
     0 => "$SITE.$DOMAIN.$TLD",
   ],
-  {# 'secret' => "$SECRET",
-  'passwordsalt' => "$PASSWORDSALT",
-  'instanceid' => "$INSTANCEID", #}
+  {# 'mail_smtppassword' => "$MAIL_SMTPPASSWORD", #}
 ];
\ No newline at end of file
diff --git a/templates/nginx_nuage_server.j2 b/templates/nginx_nuage_server.j2
index 7a0dd2f..5c84236 100644
--- a/templates/nginx_nuage_server.j2
+++ b/templates/nginx_nuage_server.j2
@@ -7,6 +7,7 @@ server {
        listen 80;
        server_name {{ SITE }}.{{ DOMAIN }}.{{ TLD }};
        #disable_symlinks if_not_owner;
+{% if ssl_ready is defined and ssl_ready %}
 
        # Prevent nginx HTTP Server Detection
        server_tokens off;
@@ -16,6 +17,7 @@ server {
 
        access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
        error_log  /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+
 }
 server {
        listen 443 ssl http2;
@@ -25,7 +27,6 @@ server {
        root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/nextcloud;
 
        disable_symlinks if_not_owner;
-{% if ssl_ready is defined and ssl_ready %}
        ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem;
 {% endif %}