From: rominique Date: Thu, 29 Aug 2024 09:58:44 +0000 (+0200) Subject: mise à jour nom de tâche X-Git-Url: https://git.cyclocoop.org/?a=commitdiff_plain;h=HEAD;hp=127e62e0da098421ca5cfa85e73648419c9ea17b;p=lhc%2Fansible.git mise à jour nom de tâche --- diff --git a/creation_nouveau_site.yml b/creation_nouveau_site.yml index c5ca22c..526cc6c 100644 --- a/creation_nouveau_site.yml +++ b/creation_nouveau_site.yml @@ -4,14 +4,15 @@ # pour ne jouer que la partie permettant de générer le certificat SSL pour le HTTPS lancer la commance ci-dessous: # ansible-playbook creation_nouveau_site.yml --tags "https" +# pour ne jouer que la partie permettant de configrer un accès SFTP lancer la commance ci-dessous: +# ansible-playbook creation_nouveau_site.yml --tags "https" + - name: Promp pour définir les variables du nouveau ite hosts: ligatures become: true # toutes les tâches seront pas défaut éxécuter en tant que root vars: # config_nginx: true à l'avenir on pourrait demander à l'utilisateur de choisir si il veut configurer nginx - # nouvelle_version: 27.1.7 # nextcloud - # ancienne_version: 27.1.6 # nextcloud vars_prompt: @@ -54,12 +55,14 @@ tasks: - - name: Inclure la configuration d'un site web basique - ansible.builtin.include_tasks: tasks/config_www.yml - - name: Inclure les configurations optionnelles d'un site www ansible.builtin.include_tasks: tasks/config_options_www.yml - when: SITE != 'nuage' + tags: + - https + - sftp + + - name: Inclure la configuration d'un site web basique + ansible.builtin.include_tasks: tasks/config_www.yml - name: Inclure la configuration nginx ansible.builtin.include_tasks: tasks/config_nginx.yml @@ -76,12 +79,21 @@ vars: template_site: 'http' - - name: Générer un certififat avec certbot # noqa : command-instead-of-module + - name: Générer le certififat du sous-domaine avec certbot # noqa : command-instead-of-module become: true ansible.builtin.command: 'certbot certonly -n --nginx -d {{ config_ss_domain | default(SITE) }}.{{ DOMAIN }}.{{ TLD }}' register: certbot_log ignore_errors: true changed_when: false + when: config_ss_domain != 'www' + + - name: Générer le certififat du domaine et du sous-domaine avec certbot quand le sous domaine est www # noqa : command-instead-of-module + become: true + ansible.builtin.command: 'certbot certonly -n --nginx -d {{ DOMAIN }}.{{ TLD }} -d {{ config_ss_domain | default(SITE) }}.{{ DOMAIN }}.{{ TLD }}' + register: certbot_log + ignore_errors: true + changed_when: false + when: config_ss_domain == 'www' - name: Afficher les logs certbot ansible.builtin.debug: @@ -103,11 +115,11 @@ when: config_php == 'oui' or SITE == 'paheko' or SITE == 'WP' or SITE == 'nuage' - name: Inclure la configuration d'une bdd postgres - ansible.builtin.include_tasks: tasks/config_bdd_postgres.yml + ansible.builtin.include_tasks: tasks/config_postgres.yml when: config_bdd == 'postgres' or SITE == 'nuage' - name: Inclure la configuration d'une bdd mariadb - ansible.builtin.include_tasks: tasks/config_bdd_mariadb.yml + ansible.builtin.include_tasks: tasks/config_mariadb.yml when: config_bdd == 'mariadb' or SITE == 'WP' - name: Inclure la configuration nextcloud si besoin @@ -119,12 +131,16 @@ when: SITE == 'paheko' - name: Inclure la configuration WP si besoin - ansible.builtin.include_tasks: tasks/config_wp.yml + ansible.builtin.include_tasks: tasks/config_WP.yml when: SITE == 'WP' - name: Inclure le configuration du backup ansible.builtin.include_tasks: tasks/config_backup.yml - name: Inclure le configuration SFTP - ansible.builtin.include_tasks: tasks/config_sftp.yml - when: sftp_key =! '' and sftp_key =! 'non' + ansible.builtin.include_tasks: + file: tasks/config_sftp.yml + apply: + tags: sftp + when: sftp_key != '' and sftp_key != 'non' + tags: sftp diff --git a/host_vars/ligatures.yml b/host_vars/ligatures.yml index 77a50a5..23b2bef 100644 --- a/host_vars/ligatures.yml +++ b/host_vars/ligatures.yml @@ -4,10 +4,8 @@ nextcloud_sources_files_path: "/home/sites/data/nextcloud/sources" nextcloud_common_files_path: "/home/sites/data/nextcloud/common" nextcloud_webroot: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/nuage" nextcloud_source: "{{ nextcloud_sources_files_path }}/nextcloud-{{ nouvelle_version }}" -nextcloud_old_source: "{{ nextcloud_sources_files_path }}/nextcloud-{{ ancienne_version }}" nextcloud_symbolic_source: "../../../nextcloud/sources/nextcloud-{{ nouvelle_version }}" nextcloud_common: "{{ nextcloud_common_files_path }}/nextcloud-{{ nouvelle_version }}" -nextcloud_old_common: "{{ nextcloud_common_files_path }}/nextcloud-{{ ancienne_version }}" nextcloud_symbolic_common: "../../../nextcloud/common.config.php" php_fpm_service: php{{ php_version}}-fpm php_version: '8.2' diff --git a/tasks/backup_nextcloud.yml b/tasks/backup_nextcloud.yml index dd20660..328052c 100644 --- a/tasks/backup_nextcloud.yml +++ b/tasks/backup_nextcloud.yml @@ -8,7 +8,7 @@ - name: Create a dump of the postgreSQL database # noqa : command-instead-of-module become: true become_user: "{{ nextcloud_php_user }}" - ansible.builtin.command: "pg_dump -f /tmp/{{ nextcloud_db_name }}.pgc -F c -O -b {{ nextcloud_db_name }}" + ansible.builtin.command: "pg_dump -f {{ nextcloud_webroot }}/data/{{ nextcloud_db_name }}.pgc -F c -O -b {{ nextcloud_db_name }}" args: chdir: "{{ nextcloud_webroot }}" diff --git a/tasks/config_WP.yml b/tasks/config_WP.yml index c328bc0..646a2a4 100644 --- a/tasks/config_WP.yml +++ b/tasks/config_WP.yml @@ -1,25 +1,24 @@ - -- name: Create new app common folder from old version one - become_user: "site_{{ SIGLE }}_{{ SITE }}" - become: true +- name: Copie des fichiers sources WP dans le home du nouveau site ansible.builtin.copy: - src: "/home/sites/data/wordpress" - dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/" + src: "/home/sites/data/wordpress/" + dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/" remote_src: true # because the copy is from remote host to remote host - mode: '754' # or 'u=rwx,g=rx,o=r' + mode: '2750' # or 'u=rwx,g=rx,o=r' + owner: "site_{{ SIGLE }}_{{ config_ss_domain }}" + group: "site_{{ SIGLE }}_{{ config_ss_domain }}" - name: Créer les fichiers spécifiques wp ansible.builtin.template: src: "templates/{{ item.src }}" - dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/{{ item.dest }}" + dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/{{ item.dest }}" owner: "{{ item.owner }}" group: "{{ item.group }}" mode: "{{ item.mode }}" loop: - src: "wp-config.php.j2" dest: "wp-config.php" - owner: "php_{{ SIGLE }}_{{ SITE }}" - group: "site_{{ SIGLE }}_{{ SITE }}" + owner: "php_{{ SIGLE }}_{{ config_ss_domain }}" + group: "site_{{ SIGLE }}_{{ config_ss_domain }}" mode: '640' - name: Recharger PHP et nginx diff --git a/tasks/config_backup.yml b/tasks/config_backup.yml index da885b2..03b2970 100644 --- a/tasks/config_backup.yml +++ b/tasks/config_backup.yml @@ -8,8 +8,8 @@ backup: true register: presence_sigle loop: - - " - /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/config" - - " - /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/data" + - " - /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/config" + - " - /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/data" when: SITE == 'nuage' - name: Mise à jour de la conf de borgmatic pour le backup d'un site non nuage @@ -22,5 +22,5 @@ backup: true register: presence_sigle loop: - - " - /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}" + - " - /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}" when: SITE != 'nuage' diff --git a/tasks/config_mariadb.yml b/tasks/config_mariadb.yml index 3816d0c..6f1ed97 100644 --- a/tasks/config_mariadb.yml +++ b/tasks/config_mariadb.yml @@ -1,22 +1,32 @@ +- name: Etckeeper commit if necessary + ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ config_ss_domain }}" + ignore_errors: true + +- name: Install ansible mysql required packages + ansible.builtin.apt: + name: + - python3-pymysql + - name: Boucle d'ajout du user php dans plusieurs groupe ansible.builtin.user: - name: "php_{{ SIGLE }}_{{ SITE }}" + name: "php_{{ SIGLE }}_{{ config_ss_domain }}" groups: "{{ item }}" append: true loop: - mysql - - "site_{{ SIGLE }}_{{ SITE }}" + - "site_{{ SIGLE }}_{{ config_ss_domain }}" - name: Création de la nouvelle bdd Mariadb community.mysql.mysql_db: - name: "php_{{ SIGLE }}_{{ SITE }}" + name: "php_{{ SIGLE }}_{{ config_ss_domain }}" state: present login_unix_socket: /run/mysqld/mysqld.sock encoding: utf8mb4 # pour WP - name: Créer le user mysql - mysql_user: - name: "php_{{ SIGLE }}_{{ SITE }}" - priv: "php_{{ SIGLE }}_{{ SITE }}.*:ALL" + community.mysql.mysql_user: + name: "php_{{ SIGLE }}_{{ config_ss_domain }}" + priv: "php_{{ SIGLE }}_{{ config_ss_domain }}.*:ALL" + plugin: unix_socket state: present - login_unix_socket: /run/mysqld/mysqld.sock \ No newline at end of file + login_unix_socket: /run/mysqld/mysqld.sock diff --git a/tasks/config_nginx.yml b/tasks/config_nginx.yml index f932ac8..d370f46 100644 --- a/tasks/config_nginx.yml +++ b/tasks/config_nginx.yml @@ -8,7 +8,7 @@ loop_control: label: "{{ item.path }}" loop: - - path: "/etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}" + - path: "/etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}" state: directory owner: 'root' group: 'root' @@ -18,7 +18,7 @@ owner: 'log_sites' group: 'log_sites' mode: '755' - - path: "/home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}" + - path: "/home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}" state: directory owner: 'log_sites' group: 'log_sites' @@ -27,7 +27,7 @@ - name: Création de la conf server nginx ansible.builtin.template: src: "templates/nginx_{{ template_site }}_server.j2" - dest: "/etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/server.conf" + dest: "/etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/server.conf" owner: "root" group: "root" mode: '640' # or u=rwx,g=r,o= @@ -35,14 +35,23 @@ - name: Création de la conf common nginx ansible.builtin.template: src: "templates/nginx_{{ template_site }}_common.j2" - dest: "/etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf" + dest: "/etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/common.conf" owner: "root" group: "root" mode: '640' # or u=rwx,g=r,o= - when: SITE != 'nuage' and template_site != 'http' + when: SITE != 'nuage' and template_site != 'http' and SITE != 'WP' - name: Recharger le service nginx ansible.builtin.service: name: nginx state: reloaded when: SITE != 'nuage' and SITE != 'paheko' and SITE != 'WP' and template_site == 'http' + +# ne jamais executer cette tâche sauf si le playbook est appelé avec le tag https - fin du playbook +- name: Recharger le service nginx + ansible.builtin.service: + name: nginx + state: reloaded + tags: + - https + - never \ No newline at end of file diff --git a/tasks/config_nuage.yml b/tasks/config_nuage.yml index f0678ec..ce1cb6e 100644 --- a/tasks/config_nuage.yml +++ b/tasks/config_nuage.yml @@ -1,5 +1,5 @@ - name: Etckeeper commit if necessary - ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ SITE }}" + ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ config_ss_domain }}" ignore_errors: true - name: Install required packages @@ -37,63 +37,44 @@ - name: Boucle d'ajout du user php dans plusieurs groupe ansible.builtin.user: - name: "php_{{ SIGLE }}_{{ SITE }}" + name: "php_{{ SIGLE }}_{{ config_ss_domain }}" groups: "{{ item }}" append: true loop: - nextcloud - postgres-data - redis - - "site_{{ SIGLE }}_{{ SITE }}" + - "site_{{ SIGLE }}_{{ config_ss_domain }}" - name: Bloc nouvelle version nextcloud when: nouvelle_version is undefined block: - name: Demande la version de nextcloud à installer ansible.builtin.pause: - prompt: "Quelle version de nextcloud doit être utilisée" + prompt: "Quelle version de nextcloud doit être utilisée? (default: 27.1.9)" echo: true register: nextcloud_version_prompt - name: Definir nouvelle_version ansible.builtin.set_fact: - nouvelle_version: "{{ nextcloud_version_prompt.user_input }}" + nouvelle_version: "{{ ( nextcloud_version_prompt.user_input | length == 0 ) | ternary ('27.1.9', nextcloud_version_prompt.user_input) }}" - name: Bloc ancienne version nextcloud when: ancienne_version is undefined block: - name: Demande la version de nextcloud déjà installée ansible.builtin.pause: - prompt: "Quelle version de nextcloud déjà installée" + prompt: "Quelle version de nextcloud déjà installée? (default: 26.0.4.2)" echo: true register: ancienne_version_prompt - name: Definir ancienne_version ansible.builtin.set_fact: - ancienne_version: "{{ ancienne_version_prompt.user_input }}" + ancienne_version: "{{ ( ancienne_version_prompt.user_input | length == 0 ) | ternary ('26.0.4.2', ancienne_version_prompt.user_input) }}" - name: Inclure la verif de l'install nextcloud ansible.builtin.include_tasks: tasks/verif_installation_nextcloud.yml -- name: PostgreSQL - nextcloud_php_user role is created - become_user: postgres - become: true - community.postgresql.postgresql_user: - name: "{{ nextcloud_php_user }}" - state: present - role_attr_flags: CREATEDB - -- name: PostgreSQL - nextcloud_db_name database is created - become_user: postgres - become: true - community.postgresql.postgresql_db: - name: "{{ nextcloud_db_name }}" - state: "{{ item }}" - owner: "{{ nextcloud_php_user }}" - loop: - - absent - - present - - name: Pour chaque base, ajouter les droits suivants à l'utilisateur php become_user: postgres become: true @@ -115,16 +96,6 @@ grant_option: true name: "GRANT ALL ON SCHEMA public TO php_{{ SIGLE }}_nuage WITH GRANT OPTION;" -- name: Autoriser l'utilisateur php à se connecter à la bdd nextcloud - community.postgresql.postgresql_pg_hba: - dest: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf" - contype: local - users: "php_{{ SIGLE }}_{{ SITE }}" - databases: "php_{{ SIGLE }}_{{ SITE }}" - method: peer - keep_comments_at_rules: true - comment: "autoriser le user php_{{ SIGLE }}_{{ SITE }} à se connecter à la bdd du meme nom" - - name: Boucle création des répertoires app, config et data nextcloud ansible.builtin.file: path: "{{ item.path }}" @@ -162,7 +133,7 @@ - name: Create nextcloud common app dir symbolic link ansible.builtin.file: - src: "{{ nextcloud_symbolic_common }}" + src: "{{ nextcloud_common }}" dest: "{{ nextcloud_webroot }}/common" owner: nextcloud group: nextcloud @@ -193,12 +164,11 @@ group: "{{ nextcloud_websrv_user }}" mode: '640' -- name: Recharger plusieurs services +- name: Recharger php ansible.builtin.service: name: "{{ item }}" state: reloaded loop: - - "postgresql" - "php{{ php_version }}-fpm" - name: Lancement du script d'installation nextcloud # noqa : command-instead-of-module @@ -207,13 +177,13 @@ ansible.builtin.command: > ./console maintenance:install --database='pgsql' - --database-name="php_{{ SIGLE }}_{{ SITE }}" - --database-user="php_{{ SIGLE }}_{{ SITE }}" + --database-name="php_{{ SIGLE }}_{{ config_ss_domain }}" + --database-user="php_{{ SIGLE }}_{{ config_ss_domain }}" --database-host="/var/run/postgresql/" --database-pass="" --admin-user='admin' --admin-pass='ckoideja' - --data-dir="/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/data/" + --data-dir="/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/data/" args: chdir: "{{ nextcloud_webroot }}" register: install_result @@ -313,11 +283,12 @@ # role: "{{ nextcloud_php_user }}" # name: "GRANT SELECT ON pg_database TO php_{{ SIGLE }}_nuage;" +# on rend aléatoire la minutes de l'heure à laquelle les tâches d'arriere plan nextcloud tournent entre les différentes instance pour répartir la charge - name: Creation d'un fichier cron pour /etc/cron.d ansible.builtin.cron: - name: "nextcloud {{ SIGLE }}_{{ SITE }} taches d'arriere plan toutes les 5 mins" - minute: "*/5" - user: "php_{{ SIGLE }}_{{ SITE }}" + name: "nextcloud {{ SIGLE }}_{{ config_ss_domain }} taches d'arriere plan toutes les 5 mins" + minute: "{{ 5 | random }}-59/5" + user: "php_{{ SIGLE }}_{{ config_ss_domain }}" job: "{{ nextcloud_webroot }}/cron" - name: Recharger plusieurs services diff --git a/tasks/config_options_www.yml b/tasks/config_options_www.yml index b55a387..132d063 100644 --- a/tasks/config_options_www.yml +++ b/tasks/config_options_www.yml @@ -1,46 +1,51 @@ -- name: Bloc demande sous-domaine - block: - - - name: Demande sous-domaine - ansible.builtin.pause: - prompt: 'quel sous-domaine faut-il configurer?(ex: www/gestion)' - echo: true - register: config_ss_domain_promp - - - name: Definir config_ss_domain - ansible.builtin.set_fact: - config_ss_domain: "{{ config_ss_domain_promp.user_input | default(SITE) }}" - -- name: Bloc demande des autres options - when: SITE != 'paheko' # and SITE != 'WP' - block: - - - name: Demande php - ansible.builtin.pause: - prompt: 'Faut-il configurer un pool PHP?(ex: oui/non)' - echo: true - register: config_php_promp - - - name: Definir config_php - ansible.builtin.set_fact: - config_php: "{{ config_php_promp.user_input | default('non') }}" - - - name: Demande bdd - ansible.builtin.pause: - prompt: 'Faut-il configurer une base de données SQL?(ex: mariadb/postgres/non)' - echo: true - register: config_bdd_promp - - - name: Definir config_bdd - ansible.builtin.set_fact: - config_bdd: "{{ config_bdd_promp.user_input | default('non') }}" - - - name: Demande sftp_key - ansible.builtin.pause: - prompt: 'besoin de configurer un accès SFTP pour ce compte (vide ou clé public)' - echo: true - register: sftp_key_promp - - - name: Definir sftp_key - ansible.builtin.set_fact: - sftp_key: "{{ sftp_key_promp.user_input | default('non') }}" +- name: Demande sous-domaine + tags: + - https + - sftp + ansible.builtin.pause: + prompt: 'quel sous-domaine faut-il configurer?(ex: www/gestion)' + echo: true + register: config_ss_domain_promp + when: SITE != 'nuage' + +- name: Demande php + ansible.builtin.pause: + prompt: 'Faut-il configurer un pool PHP?(oui/non)' + echo: true + register: config_php_promp + when: SITE != 'paheko' and SITE != 'nuage' and SITE != 'WP' + +- name: Demande bdd + ansible.builtin.pause: + prompt: 'Faut-il configurer une base de données SQL?(ex: mariadb/postgres/non)' + echo: true + register: config_bdd_promp + when: SITE != 'paheko' and SITE != 'nuage' and SITE != 'WP' + +- name: Demande sftp_key + ansible.builtin.pause: + prompt: 'besoin de configurer un accès SFTP pour ce compte (vide ou clé public)' + echo: true + register: sftp_key_promp + when: SITE != 'paheko' and SITE != 'nuage' + tags: sftp + +- name: Definir config_ss_domain + tags: + - https + - sftp + ansible.builtin.set_fact: + config_ss_domain: "{{ ( SITE == 'nuage' | default ('') ) | ternary (SITE, config_ss_domain_promp.user_input) }}" + +- name: Definir config_php + ansible.builtin.set_fact: + config_php: "{{ ( config_php_promp.user_input | default ('') | length == 0 ) | ternary ('non', config_php_promp.user_input) }}" + +- name: Definir config_bdd + ansible.builtin.set_fact: + config_bdd: "{{ ( config_bdd_promp.user_input | default ('') | length == 0 ) | ternary ('non', config_bdd_promp.user_input) }}" + +- name: Definir sftp_key + tags: sftp + ansible.builtin.set_fact: + sftp_key: "{{ sftp_key_promp.user_input | default('non') }}" \ No newline at end of file diff --git a/tasks/config_paheko.yml b/tasks/config_paheko.yml index 2c5748d..efc748b 100644 --- a/tasks/config_paheko.yml +++ b/tasks/config_paheko.yml @@ -1,5 +1,5 @@ - name: Etckeeper commit if necessary - ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ SITE }}" + ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ config_ss_domain }}" - name: Install required packages ansible.builtin.apt: @@ -95,19 +95,19 @@ - name: Copie la source paheko vers le home du site become: true -# become_user: "php_{{ SIGLE }}_{{ SITE }}" +# become_user: "php_{{ SIGLE }}_{{ config_ss_domain }}" ansible.builtin.copy: src: "/home/sites/data/paheko/{{ paheko_version }}/" - dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}" + dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}" remote_src: true # because the config file is already in the nextcloud_tmp_path mode: '2750' - name: Modification du propriétaire group et droits du dossier ansible.builtin.file: - path: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/" + path: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/" state: directory - owner: "php_{{ SIGLE }}_{{ SITE }}" - group: "site_{{ SIGLE }}_{{ SITE }}" + owner: "php_{{ SIGLE }}_{{ config_ss_domain }}" + group: "site_{{ SIGLE }}_{{ config_ss_domain }}" mode: '2750' recurse: true diff --git a/tasks/config_pool_php.yml b/tasks/config_pool_php.yml index 970a039..19beffd 100644 --- a/tasks/config_pool_php.yml +++ b/tasks/config_pool_php.yml @@ -1,17 +1,17 @@ - name: Ajout de l'utilisateur php_SIGLE_SITE ansible.builtin.user: - name: "php_{{ SIGLE }}_{{ SITE }}" - home: "/etc/php/{{ php_version }}/fpm/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}" + name: "php_{{ SIGLE }}_{{ config_ss_domain }}" + home: "/etc/php/{{ php_version }}/fpm/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}" shell: /bin/false system: true append: true create_home: false password: '!' -# group: "php_{{ SIGLE }}_{{ SITE }}" +# group: "php_{{ SIGLE }}_{{ config_ss_domain }}" - name: Boucle d'ajout du user php dans plusieurs groupe ansible.builtin.user: - name: "php_{{ SIGLE }}_{{ SITE }}" + name: "php_{{ SIGLE }}_{{ config_ss_domain }}" groups: "{{ item }}" append: true loop: @@ -34,13 +34,13 @@ mode: '1751' - path: "/home/sites/log/php/fpm/{{ TLD }}/{{ DOMAIN }}" state: directory - owner: "php_{{ SIGLE }}_{{ SITE }}" - group: "php_{{ SIGLE }}_{{ SITE }}" + owner: "php_{{ SIGLE }}_{{ config_ss_domain }}" + group: "php_{{ SIGLE }}_{{ config_ss_domain }}" mode: '1751' - - path: "/home/sites/log/php/fpm/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}" + - path: "/home/sites/log/php/fpm/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}" state: directory - owner: "php_{{ SIGLE }}_{{ SITE }}" - group: "php_{{ SIGLE }}_{{ SITE }}" + owner: "php_{{ SIGLE }}_{{ config_ss_domain }}" + group: "php_{{ SIGLE }}_{{ config_ss_domain }}" mode: '750' - name: Boucle création ou modifications des répertoires config d'un pool php @@ -53,7 +53,7 @@ loop_control: label: "{{ item.path }}" loop: - - path: "/etc/php/{{ php_version }}/fpm/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}" + - path: "/etc/php/{{ php_version }}/fpm/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}" state: directory # If directory, all intermediate subdirectories will be created if they do not exist. owner: 'root' group: 'root' @@ -67,13 +67,13 @@ - name: Création de la conf du pool php ansible.builtin.template: src: "templates/php_{{ SITE }}_conf.j2" - dest: "/etc/php/{{ php_version }}/fpm/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/php-fpm.conf" + dest: "/etc/php/{{ php_version }}/fpm/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/php-fpm.conf" owner: "root" group: "root" mode: '640' # or u=rwx,g=r,o= when: SITE == 'nuage' or SITE == 'paheko' or SITE == 'WP' -- name: ATTENTION la config php n'a pas été créer +- name: Message d'alerte si besoin ansible.builtin.debug: - msg: "Il n'y a pas de templates php pour votre site, il faudra le créer manuellement" - when: SITE != 'nuage' and SITE != 'paheko' or SITE != 'WP' + msg: "!!! ATTENTION !!! la config php n'a pas été créer car il n'y a pas de templates php pour votre site, il faudra le créer manuellement" + when: SITE != 'nuage' and SITE != 'paheko' and SITE != 'WP' diff --git a/tasks/config_postgres.yml b/tasks/config_postgres.yml index 06652ce..e7051fa 100644 --- a/tasks/config_postgres.yml +++ b/tasks/config_postgres.yml @@ -1,84 +1,8 @@ -- name: Etckeeper commit if necessary - ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ SITE }}" - ignore_errors: true - -- name: Install required packages - ansible.builtin.apt: - name: -# - php-ctype - - php-curl -# - php-dom -# - php-fileinfo - - php-gd - - php-json - - "php{{ php_version }}-xml" - - php-mbstring -# - php-openssl -# - php-posix -# - php-session -# - php-simplexml -# - php-xmlreader -# - php-xmlwriter - - php-zip -# - php-zlib -# - php-pdo_pgsql - - "php{{ php_version }}-pgsql" - - php-pgsql - - php-intl - - php-bz2 -# - php-sodium - - php-gmp -# - php-exif - - php-redis - - php-imagick - - python3-psycopg2 # module ansible psql - state: present - -- name: Boucle d'ajout du user php dans plusieurs groupe - ansible.builtin.user: - name: "php_{{ SIGLE }}_{{ SITE }}" - groups: "{{ item }}" - append: true - loop: - - nextcloud - - postgres-data - - redis - - "site_{{ SIGLE }}_{{ SITE }}" - -- name: Bloc nouvelle version nextcloud - when: nouvelle_version is undefined - block: - - name: Demande la version de nextcloud à installer - ansible.builtin.pause: - prompt: "Quelle version de nextcloud doit être utilisée" - echo: true - register: nextcloud_version_prompt - - - name: Definir nouvelle_version - ansible.builtin.set_fact: - nouvelle_version: "{{ nextcloud_version_prompt.user_input }}" - -- name: Bloc ancienne version nextcloud - when: ancienne_version is undefined - block: - - name: Demande la version de nextcloud déjà installée - ansible.builtin.pause: - prompt: "Quelle version de nextcloud déjà installée" - echo: true - register: ancienne_version_prompt - - - name: Definir ancienne_version - ansible.builtin.set_fact: - ancienne_version: "{{ ancienne_version_prompt.user_input }}" - -- name: Inclure la verif de l'install nextcloud - ansible.builtin.include_tasks: tasks/verif_installation_nextcloud.yml - - name: PostgreSQL - nextcloud_php_user role is created become_user: postgres become: true community.postgresql.postgresql_user: - name: "{{ nextcloud_php_user }}" + name: "php_{{ SIGLE }}_{{ config_ss_domain }}" state: present role_attr_flags: CREATEDB @@ -86,243 +10,26 @@ become_user: postgres become: true community.postgresql.postgresql_db: - name: "{{ nextcloud_db_name }}" + name: "php_{{ SIGLE }}_{{ config_ss_domain }}" state: "{{ item }}" - owner: "{{ nextcloud_php_user }}" + owner: "php_{{ SIGLE }}_{{ config_ss_domain }}" loop: - absent - present -- name: Pour chaque base, ajouter les droits suivants à l'utilisateur php - become_user: postgres - become: true - community.postgresql.postgresql_privs: - db: "{{ item.db }}" - privs: "{{ item.privs }}" - type: "{{ item.type |default(omit) }}" - objs: "{{ item.objs }}" - role: "{{ item.role }}" - grant_option: "{{ item.grant_option |default(omit) }}" - loop_control: - label: "{{ item.name }}" - loop: - - db: "{{ nextcloud_db_name }}" - privs: "ALL" - type: "schema" - objs: "public" - role: "{{ nextcloud_php_user }}" - grant_option: true - name: "GRANT ALL ON SCHEMA public TO php_{{ SIGLE }}_nuage WITH GRANT OPTION;" - - name: Autoriser l'utilisateur php à se connecter à la bdd nextcloud community.postgresql.postgresql_pg_hba: dest: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf" contype: local - users: "php_{{ SIGLE }}_{{ SITE }}" - databases: "php_{{ SIGLE }}_{{ SITE }}" + users: "php_{{ SIGLE }}_{{ config_ss_domain }}" + databases: "php_{{ SIGLE }}_{{ config_ss_domain }}" method: peer keep_comments_at_rules: true - comment: "autoriser le user php_{{ SIGLE }}_{{ SITE }} à se connecter à la bdd du meme nom" - -- name: Boucle création des répertoires app, config et data nextcloud - ansible.builtin.file: - path: "{{ item.path }}" - state: "{{ item.state }}" - owner: "{{ item.owner }}" - group: "{{ item.group }}" - mode: "{{ item.mode }}" - loop_control: - label: "{{ item.path }}" - loop: - - path: "{{ nextcloud_webroot }}/apps" - state: directory - owner: "{{ nextcloud_php_user }}" - group: "{{ nextcloud_websrv_user }}" - mode: '2750' - - path: "{{ nextcloud_webroot }}/config" - state: directory - owner: "{{ nextcloud_php_user }}" - group: "{{ nextcloud_websrv_user }}" - mode: '2750' - - path: "{{ nextcloud_webroot }}/data" - state: directory - owner: "{{ nextcloud_php_user }}" - group: "{{ nextcloud_websrv_user }}" - mode: '2750' - -- name: Create nextcloud root dir symbolic link - ansible.builtin.file: - src: "{{ nextcloud_symbolic_source }}" - dest: "{{ nextcloud_webroot }}/nextcloud" - owner: nextcloud - group: nextcloud - state: link - follow: false - -- name: Create nextcloud common app dir symbolic link - ansible.builtin.file: - src: "{{ nextcloud_symbolic_common }}" - dest: "{{ nextcloud_webroot }}/common" - owner: nextcloud - group: nextcloud - state: link - follow: false - -- name: Créer les fichiers spécifiques nextcloud - ansible.builtin.template: - src: "templates/{{ item.src }}" - dest: "{{ nextcloud_webroot }}/{{ item.dest }}" - owner: "{{ item.owner }}" - group: "{{ item.group }}" - mode: "{{ item.mode }}" - loop: - - src: "nextcloud_cron.j2" - dest: "cron" - owner: "{{ nextcloud_php_user }}" - group: "{{ nextcloud_websrv_user }}" - mode: '750' - - src: "nextcloud_console.j2" - dest: "console" - owner: "{{ nextcloud_websrv_user }}" - group: "{{ nextcloud_websrv_user }}" - mode: '750' - - src: "nextcloud_install_config.j2" - dest: "config/config.php" - owner: "{{ nextcloud_php_user }}" - group: "{{ nextcloud_websrv_user }}" - mode: '640' - -- name: Recharger plusieurs services - ansible.builtin.service: - name: "{{ item }}" - state: reloaded - loop: - - "postgresql" - - "php{{ php_version }}-fpm" - -- name: Lancement du script d'installation nextcloud # noqa : command-instead-of-module - become_user: "{{ nextcloud_php_user }}" - become: true - ansible.builtin.command: > - ./console maintenance:install - --database='pgsql' - --database-name="php_{{ SIGLE }}_{{ SITE }}" - --database-user="php_{{ SIGLE }}_{{ SITE }}" - --database-host="/var/run/postgresql/" - --database-pass="" - --admin-user='admin' - --admin-pass='ckoideja' - --data-dir="/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/data/" - args: - chdir: "{{ nextcloud_webroot }}" - register: install_result - ignore_errors: true - -- name: Afficher les logs du script d'install - ansible.builtin.debug: - var: install_result - when: install_result is defined - -- name: Afficher les logs du script d'install - ansible.builtin.fail: - msg: "Le script d'install a échoué: Voir les logs ci-dessus" - when: install_result.failed - -- name: Créer les fichiers spécifiques nextcloud - ansible.builtin.template: - src: "templates/{{ item.src }}" - dest: "{{ nextcloud_webroot }}/{{ item.dest }}" - owner: "{{ item.owner }}" - group: "{{ item.group }}" - mode: "{{ item.mode }}" - loop: - - src: "nextcloud_sigle_config.j2" - dest: "config/{{ SIGLE }}.config.php" - owner: "{{ nextcloud_php_user }}" - group: "{{ nextcloud_websrv_user }}" - mode: '640' - -- name: Creation d'un lien symbolique vers le configuration nextcloud commun - ansible.builtin.file: - src: "../../../../nextcloud/common.config.php" - path: "{{ nextcloud_webroot }}/config/common.config.php" - owner: nextcloud - group: nextcloud - state: link - follow: false - -- name: Pour chaque base, ajouter les droits suivants à l'utilisateur php - become_user: postgres - become: true - community.postgresql.postgresql_privs: - db: "{{ item.db }}" - privs: "{{ item.privs }}" - type: "{{ item.type | default(omit) }}" - objs: "{{ item.objs }}" - role: "{{ item.role }}" - grant_option: "{{ item.grant_option | default(omit) }}" - loop_control: - label: "{{ item.name }}" - loop: - - db: "{{ nextcloud_db_name }}" - privs: "USAGE,CREATE" - type: "schema" - objs: "public" - role: "{{ nextcloud_php_user }}" - name: "GRANT USAGE,CREATE ON SCHEMA public TO php_{{ SIGLE }}_nuage;" - # - db: "{{ nextcloud_db_name }}" - # privs: "SELECT" - # type: "table" - # objs: "pg_namespace" - # role: "{{ nextcloud_php_user }}" - # name: "GRANT SELECT ON TABLE pg_namespace TO php_{{ SIGLE }}_nuage;" - # - db: "{{ nextcloud_db_name }}" - # privs: "SELECT" - # type: "table" - # objs: "pg_collation" - # role: "{{ nextcloud_php_user }}" - # name: "GRANT SELECT ON TABLE pg_collation TO php_{{ SIGLE }}_nuage;" - # - db: "{{ nextcloud_db_name }}" - # privs: "SELECT" - # type: "table" - # objs: "pg_index" - # role: "{{ nextcloud_php_user }}" - # name: "GRANT SELECT ON TABLE pg_index TO php_{{ SIGLE }}_nuage;" - # - db: "{{ nextcloud_db_name }}" - # privs: "SELECT" - # type: "table" - # objs: "pg_attrdef" - # role: "{{ nextcloud_php_user }}" - # name: "GRANT SELECT ON TABLE pg_attrdef TO php_{{ SIGLE }}_nuage;" - # - db: "{{ nextcloud_db_name }}" - # privs: "SELECT" - # type: "table" - # objs: "pg_description" - # role: "{{ nextcloud_php_user }}" - # name: "GRANT SELECT ON TABLE pg_description TO php_{{ SIGLE }}_nuage;" - # - db: "{{ nextcloud_db_name }}" - # privs: "SELECT" - # type: "table" - # objs: "pg_settings" - # role: "{{ nextcloud_php_user }}" - # name: "GRANT SELECT ON TABLE pg_settings TO php_{{ SIGLE }}_nuage;" - # - db: "{{ nextcloud_db_name }}" - # privs: "SELECT" - # objs: "pg_database" - # role: "{{ nextcloud_php_user }}" - # name: "GRANT SELECT ON pg_database TO php_{{ SIGLE }}_nuage;" - -- name: Creation d'un fichier cron pour /etc/cron.d - ansible.builtin.cron: - name: "nextcloud {{ SIGLE }}_{{ SITE }} taches d'arriere plan toutes les 5 mins" - minute: "*/5" - user: "php_{{ SIGLE }}_{{ SITE }}" - job: "{{ nextcloud_webroot }}/cron" + comment: "autoriser le user php_{{ SIGLE }}_{{ config_ss_domain }} à se connecter à la bdd du meme nom" -- name: Recharger plusieurs services +- name: Recharger postgresql ansible.builtin.service: name: "{{ item }}" state: reloaded loop: - - "php{{ php_version }}-fpm" - - "nginx" + - "postgresql" \ No newline at end of file diff --git a/tasks/config_sftp.yml b/tasks/config_sftp.yml index 2b8c446..ea023c0 100644 --- a/tasks/config_sftp.yml +++ b/tasks/config_sftp.yml @@ -1,6 +1,6 @@ - name: Ajout de l'utilisateur site_SIGLE_SITE dans le group sftponly et modification du home ansible.builtin.user: - name: "site_{{ SIGLE }}_{{ SITE }}" + name: "site_{{ SIGLE }}_{{ config_ss_domain }}" home: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}" shell: /bin/false groups: sftponly @@ -24,16 +24,16 @@ mode: '2751' - path: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/.ssh" state: directory - owner: "site_{{ SIGLE }}_{{ SITE }}" - group: "site_{{ SIGLE }}_{{ SITE }}" + owner: "site_{{ SIGLE }}_{{ config_ss_domain }}" + group: "site_{{ SIGLE }}_{{ config_ss_domain }}" mode: '2700' - name: Création du fichier authorized_keys ansible.builtin.template: src: "templates/authorized_keys.j2" dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/.ssh/authorized_keys" - owner: "site_{{ SIGLE }}_{{ SITE }}" - group: "site_{{ SIGLE }}_{{ SITE }}" + owner: "site_{{ SIGLE }}_{{ config_ss_domain }}" + group: "site_{{ SIGLE }}_{{ config_ss_domain }}" mode: '600' # verif le serveur openssh est bien config et sinon le faire? + reload diff --git a/tasks/config_www.yml b/tasks/config_www.yml index d01c9bf..b5ac3f4 100644 --- a/tasks/config_www.yml +++ b/tasks/config_www.yml @@ -1,7 +1,7 @@ - name: Ajout de l'utilisateur site_SIGLE_SITE ansible.builtin.user: - name: "site_{{ SIGLE }}_{{ SITE }}" - home: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}" + name: "site_{{ SIGLE }}_{{ config_ss_domain }}" + home: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}" shell: /bin/false groups: www-data system: true @@ -12,7 +12,7 @@ - name: Boucle d'ajout d'user dans le groupe site_SIGLE_SITE ansible.builtin.user: name: "{{ item }}" - groups: "site_{{ SIGLE }}_{{ SITE }}" + groups: "site_{{ SIGLE }}_{{ config_ss_domain }}" append: true loop: - 'www-data' @@ -25,6 +25,8 @@ owner: "{{ item.owner }}" group: "{{ item.group }}" mode: "{{ item.mode }}" + vars: + concat: "site_{{ SIGLE }}_{{ config_ss_domain }}" loop_control: label: "{{ item.path }}" loop: @@ -38,8 +40,8 @@ owner: 'root' group: 'www-data' mode: '2751' - - path: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}" + - path: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}" state: directory - owner: 'root' - group: "site_{{ SIGLE }}_{{ SITE }}" + owner: "{{ ( SITE in ['www','WP'] ) | ternary ( concat , 'root' ) }}" + group: "site_{{ SIGLE }}_{{ config_ss_domain }}" mode: '2750' diff --git a/tasks/download_nextcloud_source.yml b/tasks/download_nextcloud_source.yml index 77a46c6..4c79f2b 100644 --- a/tasks/download_nextcloud_source.yml +++ b/tasks/download_nextcloud_source.yml @@ -7,10 +7,10 @@ mode: '755' # or u=rwx,g=rx,o=rx checksum: "md5:{{ nextcloud_repo_url }}/nextcloud-{{ nouvelle_version }}.tar.bz2.md5" -- name: create nextcloud source dir +- name: Create nextcloud source dir become: true become_user: nextcloud - ansible.builtin.file: + ansible.builtin.file: path: "{{ nextcloud_sources_files_path }}/nextcloud-{{ nouvelle_version }}" state: directory mode: '755' # or u=rwx,g=rx,o=rx @@ -22,17 +22,17 @@ src: "{{ nextcloud_sources_files_path }}/nextcloud-{{ nouvelle_version }}.tar.bz2" dest: "{{ nextcloud_sources_files_path }}/" # mode: '755' # or u=rwx,g=rx,o=rx - remote_src: yes + remote_src: true -- name: "rename nextloud dir to nextcloud-{{ nouvelle_version }}" +- name: Rename nextloud dir to nextcloud-nouvelle_version become: true become_user: nextcloud - ansible.builtin.copy: + ansible.builtin.copy: src: "{{ nextcloud_sources_files_path }}/nextcloud/" dest: "{{ nextcloud_sources_files_path }}/nextcloud-{{ nouvelle_version }}" - remote_src: yes # because the config file is already in the nextcloud_tmp_path + remote_src: true # because the config file is already in the nextcloud_tmp_path -- name: deleted downloaded nextcloud files +- name: Deleted downloaded nextcloud files become: true become_user: nextcloud ansible.builtin.file: @@ -40,4 +40,4 @@ state: absent loop: - "{{ nextcloud_sources_files_path }}/nextcloud-{{ nouvelle_version }}.tar.bz2" - - "{{ nextcloud_sources_files_path }}/nextcloud" \ No newline at end of file + - "{{ nextcloud_sources_files_path }}/nextcloud" diff --git a/tasks/verif_installation_nextcloud.yml b/tasks/verif_installation_nextcloud.yml index bb679e4..d2b2569 100644 --- a/tasks/verif_installation_nextcloud.yml +++ b/tasks/verif_installation_nextcloud.yml @@ -17,12 +17,20 @@ ansible_become: true become_user: nextcloud -- name: Create new app common folder from old version one - become_user: nextcloud +# on utilise une version uniquement si test-nuage a préalablement été mis à jour dans cette version + +- name: fail si test-nuage n'a pas été mis à jour avec cette version + ansible.builtin.fail: + msg: 'il faut déjà mettre à jour test-nuage avec cette version' + when: not new_nextcloud_common.stat.exists and test_nuage is not defined + +- name: Création du dossier common de la nouvelle version en utilisant les apps de l'instance test-nuage become: true ansible.builtin.copy: - src: "{{ nextcloud_common_files_path }}/nextcloud-{{ ancienne_version }}/" + src: "/home/sites/data/org/heureux-cyclage/test-nuage/apps/" dest: "{{ nextcloud_common_files_path }}/nextcloud-{{ nouvelle_version }}" remote_src: true # because the copy is from remote host to remote host mode: '754' # or 'u=rwx,g=rx,o=r' - when: not new_nextcloud_common.stat.exists \ No newline at end of file + owner: nextcloud + group: nextcloud + when: not new_nextcloud_common.stat.exists and test_nuage is defined diff --git a/templates/nextcloud_install_config.j2 b/templates/nextcloud_install_config.j2 index 40dcc52..06e3555 100644 --- a/templates/nextcloud_install_config.j2 +++ b/templates/nextcloud_install_config.j2 @@ -1,5 +1,5 @@