From: rominique Date: Sun, 14 Apr 2024 23:06:31 +0000 (+0200) Subject: decorrelation SITE et sous domain X-Git-Url: https://git.cyclocoop.org/?a=commitdiff_plain;h=d2ef9c4c99e81dc58f3d4346c362eae2c4d7915b;p=lhc%2Fansible.git decorrelation SITE et sous domain ajout backup et restore pour update nextcloud debut partie option www et WP --- diff --git a/creation_nouveau_site.yml b/creation_nouveau_site.yml index 9923ad6..083f23c 100644 --- a/creation_nouveau_site.yml +++ b/creation_nouveau_site.yml @@ -13,7 +13,7 @@ vars_prompt: - name: SITE - prompt: 'quel type de site?(ex: nuage, www, wiki, paheko ou gestion)' + prompt: 'quel type de site?(ex: nuage, www, paheko ou WP)' private: false default: "nuage" @@ -32,55 +32,38 @@ private: false default: "lhc" - - name: config_php - prompt: 'Faut-il configurer un pool PHP?(ex: oui/non)' - private: false - default: "non" - - name: besoin_https prompt: 'Faut-il configurer un certificat ssl pour le HTTPS?(ex: oui/non)' private: false default: "non" - - name: sftp - prompt: 'besoin de configurer un accès SFTP pour ce compte (ex: oui/non)' - private: false - default: "non" - - - name: sftp_key - prompt: "Entrer la clé publique à autoriser pour l'acces SFTP (si nécessaire)" - private: false - default: "non" - - pre_tasks: + # pre_tasks: - - name: Vérifier le sigle n'est pas déjà utilisé - ansible.builtin.lineinfile: - dest: /etc/passwd - search_string: "site_{{ SIGLE }}_{{ SITE }}" - state: absent - check_mode: true - changed_when: false - register: presence_sigle - failed_when: presence_sigle.changed + # - name: Vérifier le sigle n'est pas déjà utilisé + # ansible.builtin.lineinfile: + # dest: /etc/passwd + # search_string: "site_{{ SIGLE }}_{{ SITE }}" + # state: absent + # check_mode: true + # changed_when: false + # register: presence_sigle + # failed_when: presence_sigle.changed tasks: - name: Inclure la configuration d'un site web basique ansible.builtin.include_tasks: tasks/config_www.yml + - name: Inclure les configurations optionnelles d'un site www + ansible.builtin.include_tasks: tasks/config_options_www.yml + when: SITE != 'nuage' + - name: Inclure la configuration nginx ansible.builtin.include_tasks: tasks/config_nginx.yml vars: template_site: "{{ SITE }}" when: besoin_https == 'non' -# scenario pre-install nginx sans ssl -# test installed=false or needupgrade:true -# test installed=true et needupgrade:false -# puis certbot à la fin -# puis template nginx ssl pour test manuel - - name: Bloc permettant de générer les certificats SSL when: besoin_https == 'oui' block: @@ -113,7 +96,15 @@ - name: Inclure la configuration d'un pool PHP ansible.builtin.include_tasks: tasks/config_pool_php.yml - when: config_php == 'oui' or SITE == 'paheko' or SITE == 'gestion' or SITE == 'nuage' + when: config_php == 'oui' or SITE == 'paheko' or SITE == 'WP' or SITE == 'nuage' + + - name: Inclure la configuration d'une bdd postgres + ansible.builtin.include_tasks: tasks/config_bdd_postgres.yml + when: config_bdd == 'postgres' or SITE == 'nuage' + + - name: Inclure la configuration d'une bdd mariadb + ansible.builtin.include_tasks: tasks/config_bdd_mariadb.yml + when: config_bdd == 'mariadb' or SITE == 'WP' - name: Inclure la configuration nextcloud si besoin ansible.builtin.include_tasks: tasks/config_nuage.yml @@ -121,7 +112,11 @@ - name: Inclure la configuration paheko si besoin ansible.builtin.include_tasks: tasks/config_paheko.yml - when: SITE == 'paheko' or SITE == 'gestion' + when: SITE == 'paheko' + + - name: Inclure la configuration WP si besoin + ansible.builtin.include_tasks: tasks/config_wp.yml + when: SITE == 'WP' - name: Inclure le configuration du backup ansible.builtin.include_tasks: tasks/config_backup.yml diff --git a/host_vars/ligatures.yml b/host_vars/ligatures.yml index d614963..77a50a5 100644 --- a/host_vars/ligatures.yml +++ b/host_vars/ligatures.yml @@ -4,10 +4,12 @@ nextcloud_sources_files_path: "/home/sites/data/nextcloud/sources" nextcloud_common_files_path: "/home/sites/data/nextcloud/common" nextcloud_webroot: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/nuage" nextcloud_source: "{{ nextcloud_sources_files_path }}/nextcloud-{{ nouvelle_version }}" +nextcloud_old_source: "{{ nextcloud_sources_files_path }}/nextcloud-{{ ancienne_version }}" nextcloud_symbolic_source: "../../../nextcloud/sources/nextcloud-{{ nouvelle_version }}" nextcloud_common: "{{ nextcloud_common_files_path }}/nextcloud-{{ nouvelle_version }}" -nextcloud_symbolic_common: "../../../nextcloud/common/nextcloud-{{ nouvelle_version }}" +nextcloud_old_common: "{{ nextcloud_common_files_path }}/nextcloud-{{ ancienne_version }}" +nextcloud_symbolic_common: "../../../nextcloud/common.config.php" php_fpm_service: php{{ php_version}}-fpm php_version: '8.2' postgres_version: 15 -nextcloud_db_name: "php_{{ SIGLE }}_nuage" \ No newline at end of file +nextcloud_db_name: "{{ nextcloud_php_user}}" \ No newline at end of file diff --git a/tasks/backup_nextcloud.yml b/tasks/backup_nextcloud.yml new file mode 100644 index 0000000..f985f82 --- /dev/null +++ b/tasks/backup_nextcloud.yml @@ -0,0 +1,30 @@ +- name: Active le mode maintenance # noqa : command-instead-of-module + become_user: "{{ nextcloud_php_user }}" + become: true + ansible.builtin.command: './console maintenance:mode --on' + args: + chdir: "{{ nextcloud_webroot }}" + +- name: Create a dump of the postgreSQL database # noqa : command-instead-of-module + become: true + become_user: "{{ nextcloud_php_user }}" + ansible.builtin.command: "pg_dump -f /tmp/dump.pgc -F c -O -b {{ nextcloud_db_name }}" + args: + chdir: "{{ nextcloud_webroot }}" + +- name: Copy nextcloud config file + become: true + ansible.builtin.copy: + src: "{{ nextcloud_webroot }}/config/config.php" + dest: "{{ nextcloud_webroot }}/config/config.php.bak" + remote_src: true # because the src is already on the remote host + owner: "{{ nextcloud_php_user }}" + group: "{{ nextcloud_websrv_user }}" + mode: '640' + +- name: Desactive le mode maintenance # noqa : command-instead-of-module + become_user: "{{ nextcloud_php_user }}" + become: true + ansible.builtin.command: './console maintenance:mode --off' + args: + chdir: "{{ nextcloud_webroot }}" \ No newline at end of file diff --git a/tasks/config_WP.yml b/tasks/config_WP.yml new file mode 100644 index 0000000..cee9b66 --- /dev/null +++ b/tasks/config_WP.yml @@ -0,0 +1,38 @@ +- name: Etckeeper commit if necessary + ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ SITE }}" + +- name: Install required packages + ansible.builtin.apt: + name: + - ghostscript + - php + - php-mysqli + - php-curl +# - php-dom + - php-exif + - php-igbinary + - php-mbstring + - imagemagick + - php-imagick + - php-intl + - php-openssl + - libxml + - php-xml + - libzip + - php-zip + - php-redis + state: present + register: php_install + +- name: Enable PHP modules + ansible.builtin.command: phpenmod imagick intl + when: php_install.changed + + +- name: Recharger PHP et nginx + ansible.builtin.service: + name: "{{ item }}" + state: reloaded + loop: + - "php{{ php_version }}-fpm" + - "nginx" diff --git a/tasks/config_mariadb.yml b/tasks/config_mariadb.yml new file mode 100644 index 0000000..06652ce --- /dev/null +++ b/tasks/config_mariadb.yml @@ -0,0 +1,328 @@ +- name: Etckeeper commit if necessary + ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ SITE }}" + ignore_errors: true + +- name: Install required packages + ansible.builtin.apt: + name: +# - php-ctype + - php-curl +# - php-dom +# - php-fileinfo + - php-gd + - php-json + - "php{{ php_version }}-xml" + - php-mbstring +# - php-openssl +# - php-posix +# - php-session +# - php-simplexml +# - php-xmlreader +# - php-xmlwriter + - php-zip +# - php-zlib +# - php-pdo_pgsql + - "php{{ php_version }}-pgsql" + - php-pgsql + - php-intl + - php-bz2 +# - php-sodium + - php-gmp +# - php-exif + - php-redis + - php-imagick + - python3-psycopg2 # module ansible psql + state: present + +- name: Boucle d'ajout du user php dans plusieurs groupe + ansible.builtin.user: + name: "php_{{ SIGLE }}_{{ SITE }}" + groups: "{{ item }}" + append: true + loop: + - nextcloud + - postgres-data + - redis + - "site_{{ SIGLE }}_{{ SITE }}" + +- name: Bloc nouvelle version nextcloud + when: nouvelle_version is undefined + block: + - name: Demande la version de nextcloud à installer + ansible.builtin.pause: + prompt: "Quelle version de nextcloud doit être utilisée" + echo: true + register: nextcloud_version_prompt + + - name: Definir nouvelle_version + ansible.builtin.set_fact: + nouvelle_version: "{{ nextcloud_version_prompt.user_input }}" + +- name: Bloc ancienne version nextcloud + when: ancienne_version is undefined + block: + - name: Demande la version de nextcloud déjà installée + ansible.builtin.pause: + prompt: "Quelle version de nextcloud déjà installée" + echo: true + register: ancienne_version_prompt + + - name: Definir ancienne_version + ansible.builtin.set_fact: + ancienne_version: "{{ ancienne_version_prompt.user_input }}" + +- name: Inclure la verif de l'install nextcloud + ansible.builtin.include_tasks: tasks/verif_installation_nextcloud.yml + +- name: PostgreSQL - nextcloud_php_user role is created + become_user: postgres + become: true + community.postgresql.postgresql_user: + name: "{{ nextcloud_php_user }}" + state: present + role_attr_flags: CREATEDB + +- name: PostgreSQL - nextcloud_db_name database is created + become_user: postgres + become: true + community.postgresql.postgresql_db: + name: "{{ nextcloud_db_name }}" + state: "{{ item }}" + owner: "{{ nextcloud_php_user }}" + loop: + - absent + - present + +- name: Pour chaque base, ajouter les droits suivants à l'utilisateur php + become_user: postgres + become: true + community.postgresql.postgresql_privs: + db: "{{ item.db }}" + privs: "{{ item.privs }}" + type: "{{ item.type |default(omit) }}" + objs: "{{ item.objs }}" + role: "{{ item.role }}" + grant_option: "{{ item.grant_option |default(omit) }}" + loop_control: + label: "{{ item.name }}" + loop: + - db: "{{ nextcloud_db_name }}" + privs: "ALL" + type: "schema" + objs: "public" + role: "{{ nextcloud_php_user }}" + grant_option: true + name: "GRANT ALL ON SCHEMA public TO php_{{ SIGLE }}_nuage WITH GRANT OPTION;" + +- name: Autoriser l'utilisateur php à se connecter à la bdd nextcloud + community.postgresql.postgresql_pg_hba: + dest: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf" + contype: local + users: "php_{{ SIGLE }}_{{ SITE }}" + databases: "php_{{ SIGLE }}_{{ SITE }}" + method: peer + keep_comments_at_rules: true + comment: "autoriser le user php_{{ SIGLE }}_{{ SITE }} à se connecter à la bdd du meme nom" + +- name: Boucle création des répertoires app, config et data nextcloud + ansible.builtin.file: + path: "{{ item.path }}" + state: "{{ item.state }}" + owner: "{{ item.owner }}" + group: "{{ item.group }}" + mode: "{{ item.mode }}" + loop_control: + label: "{{ item.path }}" + loop: + - path: "{{ nextcloud_webroot }}/apps" + state: directory + owner: "{{ nextcloud_php_user }}" + group: "{{ nextcloud_websrv_user }}" + mode: '2750' + - path: "{{ nextcloud_webroot }}/config" + state: directory + owner: "{{ nextcloud_php_user }}" + group: "{{ nextcloud_websrv_user }}" + mode: '2750' + - path: "{{ nextcloud_webroot }}/data" + state: directory + owner: "{{ nextcloud_php_user }}" + group: "{{ nextcloud_websrv_user }}" + mode: '2750' + +- name: Create nextcloud root dir symbolic link + ansible.builtin.file: + src: "{{ nextcloud_symbolic_source }}" + dest: "{{ nextcloud_webroot }}/nextcloud" + owner: nextcloud + group: nextcloud + state: link + follow: false + +- name: Create nextcloud common app dir symbolic link + ansible.builtin.file: + src: "{{ nextcloud_symbolic_common }}" + dest: "{{ nextcloud_webroot }}/common" + owner: nextcloud + group: nextcloud + state: link + follow: false + +- name: Créer les fichiers spécifiques nextcloud + ansible.builtin.template: + src: "templates/{{ item.src }}" + dest: "{{ nextcloud_webroot }}/{{ item.dest }}" + owner: "{{ item.owner }}" + group: "{{ item.group }}" + mode: "{{ item.mode }}" + loop: + - src: "nextcloud_cron.j2" + dest: "cron" + owner: "{{ nextcloud_php_user }}" + group: "{{ nextcloud_websrv_user }}" + mode: '750' + - src: "nextcloud_console.j2" + dest: "console" + owner: "{{ nextcloud_websrv_user }}" + group: "{{ nextcloud_websrv_user }}" + mode: '750' + - src: "nextcloud_install_config.j2" + dest: "config/config.php" + owner: "{{ nextcloud_php_user }}" + group: "{{ nextcloud_websrv_user }}" + mode: '640' + +- name: Recharger plusieurs services + ansible.builtin.service: + name: "{{ item }}" + state: reloaded + loop: + - "postgresql" + - "php{{ php_version }}-fpm" + +- name: Lancement du script d'installation nextcloud # noqa : command-instead-of-module + become_user: "{{ nextcloud_php_user }}" + become: true + ansible.builtin.command: > + ./console maintenance:install + --database='pgsql' + --database-name="php_{{ SIGLE }}_{{ SITE }}" + --database-user="php_{{ SIGLE }}_{{ SITE }}" + --database-host="/var/run/postgresql/" + --database-pass="" + --admin-user='admin' + --admin-pass='ckoideja' + --data-dir="/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/data/" + args: + chdir: "{{ nextcloud_webroot }}" + register: install_result + ignore_errors: true + +- name: Afficher les logs du script d'install + ansible.builtin.debug: + var: install_result + when: install_result is defined + +- name: Afficher les logs du script d'install + ansible.builtin.fail: + msg: "Le script d'install a échoué: Voir les logs ci-dessus" + when: install_result.failed + +- name: Créer les fichiers spécifiques nextcloud + ansible.builtin.template: + src: "templates/{{ item.src }}" + dest: "{{ nextcloud_webroot }}/{{ item.dest }}" + owner: "{{ item.owner }}" + group: "{{ item.group }}" + mode: "{{ item.mode }}" + loop: + - src: "nextcloud_sigle_config.j2" + dest: "config/{{ SIGLE }}.config.php" + owner: "{{ nextcloud_php_user }}" + group: "{{ nextcloud_websrv_user }}" + mode: '640' + +- name: Creation d'un lien symbolique vers le configuration nextcloud commun + ansible.builtin.file: + src: "../../../../nextcloud/common.config.php" + path: "{{ nextcloud_webroot }}/config/common.config.php" + owner: nextcloud + group: nextcloud + state: link + follow: false + +- name: Pour chaque base, ajouter les droits suivants à l'utilisateur php + become_user: postgres + become: true + community.postgresql.postgresql_privs: + db: "{{ item.db }}" + privs: "{{ item.privs }}" + type: "{{ item.type | default(omit) }}" + objs: "{{ item.objs }}" + role: "{{ item.role }}" + grant_option: "{{ item.grant_option | default(omit) }}" + loop_control: + label: "{{ item.name }}" + loop: + - db: "{{ nextcloud_db_name }}" + privs: "USAGE,CREATE" + type: "schema" + objs: "public" + role: "{{ nextcloud_php_user }}" + name: "GRANT USAGE,CREATE ON SCHEMA public TO php_{{ SIGLE }}_nuage;" + # - db: "{{ nextcloud_db_name }}" + # privs: "SELECT" + # type: "table" + # objs: "pg_namespace" + # role: "{{ nextcloud_php_user }}" + # name: "GRANT SELECT ON TABLE pg_namespace TO php_{{ SIGLE }}_nuage;" + # - db: "{{ nextcloud_db_name }}" + # privs: "SELECT" + # type: "table" + # objs: "pg_collation" + # role: "{{ nextcloud_php_user }}" + # name: "GRANT SELECT ON TABLE pg_collation TO php_{{ SIGLE }}_nuage;" + # - db: "{{ nextcloud_db_name }}" + # privs: "SELECT" + # type: "table" + # objs: "pg_index" + # role: "{{ nextcloud_php_user }}" + # name: "GRANT SELECT ON TABLE pg_index TO php_{{ SIGLE }}_nuage;" + # - db: "{{ nextcloud_db_name }}" + # privs: "SELECT" + # type: "table" + # objs: "pg_attrdef" + # role: "{{ nextcloud_php_user }}" + # name: "GRANT SELECT ON TABLE pg_attrdef TO php_{{ SIGLE }}_nuage;" + # - db: "{{ nextcloud_db_name }}" + # privs: "SELECT" + # type: "table" + # objs: "pg_description" + # role: "{{ nextcloud_php_user }}" + # name: "GRANT SELECT ON TABLE pg_description TO php_{{ SIGLE }}_nuage;" + # - db: "{{ nextcloud_db_name }}" + # privs: "SELECT" + # type: "table" + # objs: "pg_settings" + # role: "{{ nextcloud_php_user }}" + # name: "GRANT SELECT ON TABLE pg_settings TO php_{{ SIGLE }}_nuage;" + # - db: "{{ nextcloud_db_name }}" + # privs: "SELECT" + # objs: "pg_database" + # role: "{{ nextcloud_php_user }}" + # name: "GRANT SELECT ON pg_database TO php_{{ SIGLE }}_nuage;" + +- name: Creation d'un fichier cron pour /etc/cron.d + ansible.builtin.cron: + name: "nextcloud {{ SIGLE }}_{{ SITE }} taches d'arriere plan toutes les 5 mins" + minute: "*/5" + user: "php_{{ SIGLE }}_{{ SITE }}" + job: "{{ nextcloud_webroot }}/cron" + +- name: Recharger plusieurs services + ansible.builtin.service: + name: "{{ item }}" + state: reloaded + loop: + - "php{{ php_version }}-fpm" + - "nginx" diff --git a/tasks/config_nginx.yml b/tasks/config_nginx.yml index cb833aa..f932ac8 100644 --- a/tasks/config_nginx.yml +++ b/tasks/config_nginx.yml @@ -45,4 +45,4 @@ ansible.builtin.service: name: nginx state: reloaded - when: SITE != 'nuage' and SITE != 'paheko' and SITE != 'gestion' and template_site == 'http' + when: SITE != 'nuage' and SITE != 'paheko' and SITE != 'WP' and template_site == 'http' diff --git a/tasks/config_nuage.yml b/tasks/config_nuage.yml index 06652ce..f0678ec 100644 --- a/tasks/config_nuage.yml +++ b/tasks/config_nuage.yml @@ -30,6 +30,7 @@ - php-gmp # - php-exif - php-redis + - imagemagick - php-imagick - python3-psycopg2 # module ansible psql state: present @@ -242,7 +243,7 @@ group: "{{ nextcloud_websrv_user }}" mode: '640' -- name: Creation d'un lien symbolique vers le configuration nextcloud commun +- name: Creation d'un lien symbolique vers la configuration nextcloud common ansible.builtin.file: src: "../../../../nextcloud/common.config.php" path: "{{ nextcloud_webroot }}/config/common.config.php" diff --git a/tasks/config_options_www.yml b/tasks/config_options_www.yml new file mode 100644 index 0000000..8f4a943 --- /dev/null +++ b/tasks/config_options_www.yml @@ -0,0 +1,46 @@ +- name: Bloc demande sous-domaine + block: + + - name: Demande sous-domaine + ansible.builtin.pause: + prompt: 'quel sous-domaine faut-il configurer?(ex: www/gestion)' + echo: true + register: config_ss_domain_promp + + - name: Definir config_ss_domain + ansible.builtin.set_fact: + config_ss_domain: "{{ config_ss_domain_promp.user_input | default(SITE) }}" + +- name: Bloc demande des autres options + when: SITE != 'WP' and SITE != 'paheko' + block: + + - name: Demande php + ansible.builtin.pause: + prompt: 'Faut-il configurer un pool PHP?(ex: oui/non)' + echo: true + register: config_php_promp + + - name: Definir config_php + ansible.builtin.set_fact: + config_php: "{{ config_php_promp.user_input | default('non') }}" + + - name: Demande bdd + ansible.builtin.pause: + prompt: 'Faut-il configurer une base de données SQL?(ex: mariadb/postgres/non)' + echo: true + register: config_bdd_promp + + - name: Definir config_bdd + ansible.builtin.set_fact: + config_bdd: "{{ config_bdd_promp.user_input | default('non') }}" + + - name: Demande sftp_key + ansible.builtin.pause: + prompt: 'besoin de configurer un accès SFTP pour ce compte (vide ou clé public)' + echo: true + register: sftp_key_promp + + - name: Definir sftp_key + ansible.builtin.set_fact: + sftp_key: "{{ sftp_key_promp.user_input | default('non') }}" diff --git a/tasks/config_paheko.yml b/tasks/config_paheko.yml index 48f1c96..2c5748d 100644 --- a/tasks/config_paheko.yml +++ b/tasks/config_paheko.yml @@ -8,6 +8,7 @@ - php-sqlite3 - php-intl - php-cli + - imagemagick - php-imagick - php-mbstring - php-gnupg @@ -18,17 +19,6 @@ ansible.builtin.command: phpenmod sqlite3 imagick intl when: php_install.changed -- name: Ajout de l'utilisateur php_SIGLE_SITE - ansible.builtin.user: - name: "php_{{ SIGLE }}_{{ SITE }}" - home: "/etc/php/{{ php_version }}/fpm/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}" - shell: /bin/false - system: true - append: true - create_home: false - password: '!' -# group: "php_{{ SIGLE }}_{{ SITE }}" - - name: Bloc paheko_version when: paheko_version is undefined block: @@ -110,6 +100,7 @@ src: "/home/sites/data/paheko/{{ paheko_version }}/" dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}" remote_src: true # because the config file is already in the nextcloud_tmp_path + mode: '2750' - name: Modification du propriétaire group et droits du dossier ansible.builtin.file: @@ -120,14 +111,6 @@ mode: '2750' recurse: true -- name: Boucle d'ajout du user php dans plusieurs groupe - ansible.builtin.user: - name: "php_{{ SIGLE }}_{{ SITE }}" - groups: "{{ item }}" - append: true - loop: - - "site_{{ SIGLE }}_{{ SITE }}" - # - name: Change displayed icon # ansible.builtin.copy: # src: "{{ icon }}" diff --git a/tasks/config_pool_php.yml b/tasks/config_pool_php.yml index 05287b2..970a039 100644 --- a/tasks/config_pool_php.yml +++ b/tasks/config_pool_php.yml @@ -71,15 +71,9 @@ owner: "root" group: "root" mode: '640' # or u=rwx,g=r,o= - when: SITE == 'nuage' or SITE == 'paheko' or SITE == 'gestion' + when: SITE == 'nuage' or SITE == 'paheko' or SITE == 'WP' - name: ATTENTION la config php n'a pas été créer ansible.builtin.debug: msg: "Il n'y a pas de templates php pour votre site, il faudra le créer manuellement" - when: SITE != 'nuage' and SITE != 'paheko' and SITE != 'gestion' - -- name: recharger PHP service - ansible.builtin.service: - name: "php{{ php_version }}-fpm" - state: reloaded - when: SITE != 'nuage' and SITE != 'paheko' and SITE == 'gestion' + when: SITE != 'nuage' and SITE != 'paheko' or SITE != 'WP' diff --git a/tasks/config_postgres.yml b/tasks/config_postgres.yml new file mode 100644 index 0000000..06652ce --- /dev/null +++ b/tasks/config_postgres.yml @@ -0,0 +1,328 @@ +- name: Etckeeper commit if necessary + ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ SITE }}" + ignore_errors: true + +- name: Install required packages + ansible.builtin.apt: + name: +# - php-ctype + - php-curl +# - php-dom +# - php-fileinfo + - php-gd + - php-json + - "php{{ php_version }}-xml" + - php-mbstring +# - php-openssl +# - php-posix +# - php-session +# - php-simplexml +# - php-xmlreader +# - php-xmlwriter + - php-zip +# - php-zlib +# - php-pdo_pgsql + - "php{{ php_version }}-pgsql" + - php-pgsql + - php-intl + - php-bz2 +# - php-sodium + - php-gmp +# - php-exif + - php-redis + - php-imagick + - python3-psycopg2 # module ansible psql + state: present + +- name: Boucle d'ajout du user php dans plusieurs groupe + ansible.builtin.user: + name: "php_{{ SIGLE }}_{{ SITE }}" + groups: "{{ item }}" + append: true + loop: + - nextcloud + - postgres-data + - redis + - "site_{{ SIGLE }}_{{ SITE }}" + +- name: Bloc nouvelle version nextcloud + when: nouvelle_version is undefined + block: + - name: Demande la version de nextcloud à installer + ansible.builtin.pause: + prompt: "Quelle version de nextcloud doit être utilisée" + echo: true + register: nextcloud_version_prompt + + - name: Definir nouvelle_version + ansible.builtin.set_fact: + nouvelle_version: "{{ nextcloud_version_prompt.user_input }}" + +- name: Bloc ancienne version nextcloud + when: ancienne_version is undefined + block: + - name: Demande la version de nextcloud déjà installée + ansible.builtin.pause: + prompt: "Quelle version de nextcloud déjà installée" + echo: true + register: ancienne_version_prompt + + - name: Definir ancienne_version + ansible.builtin.set_fact: + ancienne_version: "{{ ancienne_version_prompt.user_input }}" + +- name: Inclure la verif de l'install nextcloud + ansible.builtin.include_tasks: tasks/verif_installation_nextcloud.yml + +- name: PostgreSQL - nextcloud_php_user role is created + become_user: postgres + become: true + community.postgresql.postgresql_user: + name: "{{ nextcloud_php_user }}" + state: present + role_attr_flags: CREATEDB + +- name: PostgreSQL - nextcloud_db_name database is created + become_user: postgres + become: true + community.postgresql.postgresql_db: + name: "{{ nextcloud_db_name }}" + state: "{{ item }}" + owner: "{{ nextcloud_php_user }}" + loop: + - absent + - present + +- name: Pour chaque base, ajouter les droits suivants à l'utilisateur php + become_user: postgres + become: true + community.postgresql.postgresql_privs: + db: "{{ item.db }}" + privs: "{{ item.privs }}" + type: "{{ item.type |default(omit) }}" + objs: "{{ item.objs }}" + role: "{{ item.role }}" + grant_option: "{{ item.grant_option |default(omit) }}" + loop_control: + label: "{{ item.name }}" + loop: + - db: "{{ nextcloud_db_name }}" + privs: "ALL" + type: "schema" + objs: "public" + role: "{{ nextcloud_php_user }}" + grant_option: true + name: "GRANT ALL ON SCHEMA public TO php_{{ SIGLE }}_nuage WITH GRANT OPTION;" + +- name: Autoriser l'utilisateur php à se connecter à la bdd nextcloud + community.postgresql.postgresql_pg_hba: + dest: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf" + contype: local + users: "php_{{ SIGLE }}_{{ SITE }}" + databases: "php_{{ SIGLE }}_{{ SITE }}" + method: peer + keep_comments_at_rules: true + comment: "autoriser le user php_{{ SIGLE }}_{{ SITE }} à se connecter à la bdd du meme nom" + +- name: Boucle création des répertoires app, config et data nextcloud + ansible.builtin.file: + path: "{{ item.path }}" + state: "{{ item.state }}" + owner: "{{ item.owner }}" + group: "{{ item.group }}" + mode: "{{ item.mode }}" + loop_control: + label: "{{ item.path }}" + loop: + - path: "{{ nextcloud_webroot }}/apps" + state: directory + owner: "{{ nextcloud_php_user }}" + group: "{{ nextcloud_websrv_user }}" + mode: '2750' + - path: "{{ nextcloud_webroot }}/config" + state: directory + owner: "{{ nextcloud_php_user }}" + group: "{{ nextcloud_websrv_user }}" + mode: '2750' + - path: "{{ nextcloud_webroot }}/data" + state: directory + owner: "{{ nextcloud_php_user }}" + group: "{{ nextcloud_websrv_user }}" + mode: '2750' + +- name: Create nextcloud root dir symbolic link + ansible.builtin.file: + src: "{{ nextcloud_symbolic_source }}" + dest: "{{ nextcloud_webroot }}/nextcloud" + owner: nextcloud + group: nextcloud + state: link + follow: false + +- name: Create nextcloud common app dir symbolic link + ansible.builtin.file: + src: "{{ nextcloud_symbolic_common }}" + dest: "{{ nextcloud_webroot }}/common" + owner: nextcloud + group: nextcloud + state: link + follow: false + +- name: Créer les fichiers spécifiques nextcloud + ansible.builtin.template: + src: "templates/{{ item.src }}" + dest: "{{ nextcloud_webroot }}/{{ item.dest }}" + owner: "{{ item.owner }}" + group: "{{ item.group }}" + mode: "{{ item.mode }}" + loop: + - src: "nextcloud_cron.j2" + dest: "cron" + owner: "{{ nextcloud_php_user }}" + group: "{{ nextcloud_websrv_user }}" + mode: '750' + - src: "nextcloud_console.j2" + dest: "console" + owner: "{{ nextcloud_websrv_user }}" + group: "{{ nextcloud_websrv_user }}" + mode: '750' + - src: "nextcloud_install_config.j2" + dest: "config/config.php" + owner: "{{ nextcloud_php_user }}" + group: "{{ nextcloud_websrv_user }}" + mode: '640' + +- name: Recharger plusieurs services + ansible.builtin.service: + name: "{{ item }}" + state: reloaded + loop: + - "postgresql" + - "php{{ php_version }}-fpm" + +- name: Lancement du script d'installation nextcloud # noqa : command-instead-of-module + become_user: "{{ nextcloud_php_user }}" + become: true + ansible.builtin.command: > + ./console maintenance:install + --database='pgsql' + --database-name="php_{{ SIGLE }}_{{ SITE }}" + --database-user="php_{{ SIGLE }}_{{ SITE }}" + --database-host="/var/run/postgresql/" + --database-pass="" + --admin-user='admin' + --admin-pass='ckoideja' + --data-dir="/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/data/" + args: + chdir: "{{ nextcloud_webroot }}" + register: install_result + ignore_errors: true + +- name: Afficher les logs du script d'install + ansible.builtin.debug: + var: install_result + when: install_result is defined + +- name: Afficher les logs du script d'install + ansible.builtin.fail: + msg: "Le script d'install a échoué: Voir les logs ci-dessus" + when: install_result.failed + +- name: Créer les fichiers spécifiques nextcloud + ansible.builtin.template: + src: "templates/{{ item.src }}" + dest: "{{ nextcloud_webroot }}/{{ item.dest }}" + owner: "{{ item.owner }}" + group: "{{ item.group }}" + mode: "{{ item.mode }}" + loop: + - src: "nextcloud_sigle_config.j2" + dest: "config/{{ SIGLE }}.config.php" + owner: "{{ nextcloud_php_user }}" + group: "{{ nextcloud_websrv_user }}" + mode: '640' + +- name: Creation d'un lien symbolique vers le configuration nextcloud commun + ansible.builtin.file: + src: "../../../../nextcloud/common.config.php" + path: "{{ nextcloud_webroot }}/config/common.config.php" + owner: nextcloud + group: nextcloud + state: link + follow: false + +- name: Pour chaque base, ajouter les droits suivants à l'utilisateur php + become_user: postgres + become: true + community.postgresql.postgresql_privs: + db: "{{ item.db }}" + privs: "{{ item.privs }}" + type: "{{ item.type | default(omit) }}" + objs: "{{ item.objs }}" + role: "{{ item.role }}" + grant_option: "{{ item.grant_option | default(omit) }}" + loop_control: + label: "{{ item.name }}" + loop: + - db: "{{ nextcloud_db_name }}" + privs: "USAGE,CREATE" + type: "schema" + objs: "public" + role: "{{ nextcloud_php_user }}" + name: "GRANT USAGE,CREATE ON SCHEMA public TO php_{{ SIGLE }}_nuage;" + # - db: "{{ nextcloud_db_name }}" + # privs: "SELECT" + # type: "table" + # objs: "pg_namespace" + # role: "{{ nextcloud_php_user }}" + # name: "GRANT SELECT ON TABLE pg_namespace TO php_{{ SIGLE }}_nuage;" + # - db: "{{ nextcloud_db_name }}" + # privs: "SELECT" + # type: "table" + # objs: "pg_collation" + # role: "{{ nextcloud_php_user }}" + # name: "GRANT SELECT ON TABLE pg_collation TO php_{{ SIGLE }}_nuage;" + # - db: "{{ nextcloud_db_name }}" + # privs: "SELECT" + # type: "table" + # objs: "pg_index" + # role: "{{ nextcloud_php_user }}" + # name: "GRANT SELECT ON TABLE pg_index TO php_{{ SIGLE }}_nuage;" + # - db: "{{ nextcloud_db_name }}" + # privs: "SELECT" + # type: "table" + # objs: "pg_attrdef" + # role: "{{ nextcloud_php_user }}" + # name: "GRANT SELECT ON TABLE pg_attrdef TO php_{{ SIGLE }}_nuage;" + # - db: "{{ nextcloud_db_name }}" + # privs: "SELECT" + # type: "table" + # objs: "pg_description" + # role: "{{ nextcloud_php_user }}" + # name: "GRANT SELECT ON TABLE pg_description TO php_{{ SIGLE }}_nuage;" + # - db: "{{ nextcloud_db_name }}" + # privs: "SELECT" + # type: "table" + # objs: "pg_settings" + # role: "{{ nextcloud_php_user }}" + # name: "GRANT SELECT ON TABLE pg_settings TO php_{{ SIGLE }}_nuage;" + # - db: "{{ nextcloud_db_name }}" + # privs: "SELECT" + # objs: "pg_database" + # role: "{{ nextcloud_php_user }}" + # name: "GRANT SELECT ON pg_database TO php_{{ SIGLE }}_nuage;" + +- name: Creation d'un fichier cron pour /etc/cron.d + ansible.builtin.cron: + name: "nextcloud {{ SIGLE }}_{{ SITE }} taches d'arriere plan toutes les 5 mins" + minute: "*/5" + user: "php_{{ SIGLE }}_{{ SITE }}" + job: "{{ nextcloud_webroot }}/cron" + +- name: Recharger plusieurs services + ansible.builtin.service: + name: "{{ item }}" + state: reloaded + loop: + - "php{{ php_version }}-fpm" + - "nginx" diff --git a/tasks/restore_nextcloud.yml b/tasks/restore_nextcloud.yml new file mode 100644 index 0000000..1fd5315 --- /dev/null +++ b/tasks/restore_nextcloud.yml @@ -0,0 +1,98 @@ +- name: Active le mode maintenance # noqa : command-instead-of-module + become_user: "{{ nextcloud_php_user }}" + become: true + ansible.builtin.command: './console maintenance:mode --on' + args: + chdir: "{{ nextcloud_webroot }}" + +- name: Update nextcloud root dir symbolic link + become: true + ansible.builtin.file: + src: "../../../nextcloud/sources/nextcloud-{{ ancienne_version }}" + dest: "{{ nextcloud_webroot }}/nextcloud" + owner: nextcloud + group: nextcloud + state: link + follow: false + +- name: Update nextcloud common app dir symbolic link + become: true + ansible.builtin.file: + src: "../../../nextcloud/sources/nextcloud-{{ ancienne_version }}" + dest: "{{ nextcloud_webroot }}/common" + owner: nextcloud + group: nextcloud + state: link + follow: false + +- name: "[PostgreSQL] - {{ nextcloud_db_name }} database is created." + become_user: postgres + become: true + community.postgresql.postgresql_db: + name: "{{ nextcloud_db_name }}" + state: "{{ item }}" + owner: "{{ nextcloud_php_user }}" + target: "/tmp/dump.pgc" + target_opts: "-F c" + loop: + - absent + - present + - restore + +- name: Pour chaque base, ajouter les droits suivants à l'utilisateur php + become_user: postgres + become: true + community.postgresql.postgresql_privs: + db: "{{ item.db }}" + privs: "{{ item.privs }}" + type: "{{ item.type |default(omit) }}" + objs: "{{ item.objs }}" + role: "{{ item.role }}" + grant_option: "{{ item.grant_option |default(omit) }}" + loop_control: + label: "{{ item.name }}" + loop: + - db: "{{ nextcloud_db_name }}" + privs: "ALL" + type: "schema" + objs: "public" + role: "{{ nextcloud_php_user }}" + grant_option: true + name: "GRANT ALL ON SCHEMA public TO php_{{ SIGLE }}_nuage WITH GRANT OPTION;" + +- name: Copy nextcloud config file + become: true + ansible.builtin.copy: + src: "{{ nextcloud_webroot }}/config/config.php.bak" + dest: "{{ nextcloud_webroot }}/config/config.php" + remote_src: true # because the src is already on the remote host + owner: "{{ nextcloud_php_user }}" + group: "{{ nextcloud_websrv_user }}" + mode: '640' + +- name: Desactive le mode maintenance # noqa : command-instead-of-module + become_user: "{{ nextcloud_php_user }}" + become: true + ansible.builtin.command: './console maintenance:mode --off' + args: + chdir: "{{ nextcloud_webroot }}" + +- name: Run nextcloud upgrade script # noqa : command-instead-of-module + become_user: "{{ nextcloud_php_user }}" + become: true + ansible.builtin.command: ./console upgrade + args: + chdir: "{{ nextcloud_webroot }}" + register: nc_upgrade_result + +- name: Obtenir la version actuelle # noqa : command-instead-of-module + become_user: "{{ nextcloud_php_user }}" + become: true + ansible.builtin.command: '{{ nextcloud_webroot }}/console status --output=json' + register: result + +- name: afficher la version actuelle + ansible.builtin.debug: + msg: "La version restaurée est {{ tmp.versionstring }}" + vars: + tmp: "{{ result.stdout | from_json }}" \ No newline at end of file diff --git a/tasks/update_nextcloud.yml b/tasks/update_nextcloud.yml index e7e9855..ad72253 100644 --- a/tasks/update_nextcloud.yml +++ b/tasks/update_nextcloud.yml @@ -1,5 +1,5 @@ - name: Active le mode maintenance # noqa : command-instead-of-module - become_user: "{{ nextcloud_websrv_user }}" + become_user: "{{ nextcloud_php_user }}" become: true ansible.builtin.command: './console maintenance:mode --on' args: @@ -26,14 +26,14 @@ follow: false - name: Desactive le mode maintenance # noqa : command-instead-of-module - become_user: "{{ nextcloud_websrv_user }}" + become_user: "{{ nextcloud_php_user }}" become: true ansible.builtin.command: './console maintenance:mode --off' args: chdir: "{{ nextcloud_webroot }}" - name: Run nextcloud upgrade script # noqa : command-instead-of-module - become_user: "{{ nextcloud_websrv_user }}" + become_user: "{{ nextcloud_php_user }}" become: true ansible.builtin.command: ./console upgrade args: @@ -47,7 +47,7 @@ - name: Bloc de tâches contrôlant la fin de la maintenance de mise à jour block: - name: Wait for nextcloud maintenance mode to become false # noqa : command-instead-of-module - become_user: "{{ nextcloud_websrv_user }}" + become_user: "{{ nextcloud_php_user }}" become: true ansible.builtin.command: ./console status args: @@ -58,7 +58,7 @@ delay: 20 rescue: - name: Deactivate maintenance mode manually # noqa : command-instead-of-module - become_user: "{{ nextcloud_websrv_user }}" + become_user: "{{ nextcloud_php_user }}" become: true ansible.builtin.command: ./console maintenance:mode --off args: diff --git a/templates/nginx_gestion_common.j2 b/templates/nginx_gestion_common.j2 deleted file mode 100644 index 03bb00c..0000000 --- a/templates/nginx_gestion_common.j2 +++ /dev/null @@ -1,16 +0,0 @@ -server_name {{ SITE }}.{{ DOMAIN }}.{{ TLD }}; -root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/www; - -location / { - try_files $uri $uri/ /_route.php?$query_string; - index index.php /_route.php; -} - -location ~ \.php { - try_files $uri $uri/ /_route.php?$query_string; - include /etc/nginx/conf.d/fastcgi.conf; - fastcgi_index index.php ; - fastcgi_param REDIRECT_STATUS 200; - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass unix:/run/php{{ php_version}}/fpm/php_{{ SIGLE }}_{{ SITE }}; -} \ No newline at end of file diff --git a/templates/nginx_gestion_server.j2 b/templates/nginx_gestion_server.j2 deleted file mode 100644 index a6b44a0..0000000 --- a/templates/nginx_gestion_server.j2 +++ /dev/null @@ -1,17 +0,0 @@ -server { - listen 80; - include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf; - access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k; - error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn; -{% if ssl_ready is defined and ssl_ready %} - return 301 https://{{ SITE }}.{{ DOMAIN }}.{{ TLD }}$request_uri; - } -server { - listen 443; - include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf; - ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem; - access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k; - error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn; -{% endif %} -} \ No newline at end of file diff --git a/templates/nginx_http_server.j2 b/templates/nginx_http_server.j2 index 4d2277f..e7aa0e0 100644 --- a/templates/nginx_http_server.j2 +++ b/templates/nginx_http_server.j2 @@ -1,7 +1,7 @@ server { listen 80; server_name - {{ SITE }}.{{ DOMAIN }}.{{ TLD }}; + {{ config_ss_domain | default(SITE) }}.{{ DOMAIN }}.{{ TLD }}; disable_symlinks if_not_owner; access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k; error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn; diff --git a/templates/nginx_nuage_server.j2 b/templates/nginx_nuage_server.j2 index 5c84236..e22bfc8 100644 --- a/templates/nginx_nuage_server.j2 +++ b/templates/nginx_nuage_server.j2 @@ -166,7 +166,7 @@ server { fastcgi_param front_controller_active true; # Enable pretty urls fastcgi_param NEXTCLOUD_CONFIG_DIR /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/config; - fastcgi_pass unix:/run/php{{ php_version}}/fpm/php_{{ SIGLE }}_{{ SITE }}; + fastcgi_pass unix:/run/php{{ php_version }}/fpm/php_{{ SIGLE }}_{{ SITE }}; #fastcgi_intercept_errors on; fastcgi_request_buffering off; diff --git a/templates/nginx_paheko_common.j2 b/templates/nginx_paheko_common.j2 index 03bb00c..a30fd26 100644 --- a/templates/nginx_paheko_common.j2 +++ b/templates/nginx_paheko_common.j2 @@ -1,4 +1,4 @@ -server_name {{ SITE }}.{{ DOMAIN }}.{{ TLD }}; +server_name {{ config_ss_domain }}.{{ DOMAIN }}.{{ TLD }}; root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/www; location / { diff --git a/templates/nginx_paheko_server.j2 b/templates/nginx_paheko_server.j2 index a6b44a0..e522e3e 100644 --- a/templates/nginx_paheko_server.j2 +++ b/templates/nginx_paheko_server.j2 @@ -4,7 +4,7 @@ server { access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k; error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn; {% if ssl_ready is defined and ssl_ready %} - return 301 https://{{ SITE }}.{{ DOMAIN }}.{{ TLD }}$request_uri; + return 301 https://{{ config_ss_domain }}.{{ DOMAIN }}.{{ TLD }}$request_uri; } server { listen 443; diff --git a/templates/nginx_www_common.j2 b/templates/nginx_www_common.j2 index 829056c..1168977 100644 --- a/templates/nginx_www_common.j2 +++ b/templates/nginx_www_common.j2 @@ -1,6 +1,7 @@ server_name {{ DOMAIN }}.{{ TLD }} - www.{{ DOMAIN }}.{{ TLD }}; + {{ config_ss_domain }}.{{ DOMAIN }}.{{ TLD }}; +rewrite ^/(.*) http://{{ config_ss_domain }}.{{ DOMAIN }}.{{ TLD }}/$1 permanent; root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/; index index.html; diff --git a/templates/nginx_www_server.j2 b/templates/nginx_www_server.j2 index 68b7502..1000490 100644 --- a/templates/nginx_www_server.j2 +++ b/templates/nginx_www_server.j2 @@ -4,7 +4,7 @@ server { access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k; error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn; {% if ssl_ready is defined and ssl_ready %} - return 301 https://{{ DOMAIN }}.{{ TLD }}$request_uri; + return 301 https://{{ config_ss_domain }}.{{ DOMAIN }}.{{ TLD }}$request_uri; } server { listen 443 ssl; diff --git a/update_nuage_instance.yml b/update_nuage_instance.yml index d74ffed..8760914 100644 --- a/update_nuage_instance.yml +++ b/update_nuage_instance.yml @@ -1,27 +1,31 @@ --- # commande pour lancer le playbook: ansible-playbook update_nuage_instance.yml # ATTENTION pour l'instance "test-nuage" il faut lancer la commande ci-dessous pour lancer le playbook: -# ansible-playbook update_nuage_instance.yml --extra-vars "nextcloud_websrv_user=php_lhc_test_nuage nextcloud_webroot=/home/sites/data/org/heureux-cyclage/test-nuage" +# ansible-playbook update_nuage_instance.yml --extra-vars "test_nuage=true" - name: Promp pour définir les variables hosts: ligatures vars_prompt: - name: nouvelle_version - prompt: 'Nouvelle version nextcloud à télécharger?(ex: 27.1.0)' + prompt: 'Nouvelle version nextcloud à télécharger?(ex: 27.1.8)' private: false + default: "27.1.8" - name: TLD prompt: 'TLD du site à mettre à jour?(ex: org)' private: false + default: "org" - name: DOMAIN prompt: 'Domaine du site à mettre à jour?(ex: heureux-cyclage)' private: false + default: "heureux-cyclage" - name: SIGLE prompt: 'Sigle du site à mettre à jour?(ex: lhc)' private: false + default: "lhc" pre_tasks: @@ -37,8 +41,15 @@ path: "{{ nextcloud_common }}" register: new_nextcloud_common + - name: specific test-nuage tasks + ansible.builtin.set_fact: + nextcloud_webroot: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/test-nuage" + nextcloud_websrv_user: site_lhc_test-nuage + nextcloud_php_user: php_lhc_test_nuage + when: test_nuage is defined + - name: Obtenir l'ancienne version # noqa : command-instead-of-module - become_user: "{{ nextcloud_websrv_user }}" + become_user: "{{ nextcloud_php_user }}" become: true ansible.builtin.command: '{{ nextcloud_webroot }}/console status --output=json' register: result @@ -68,9 +79,31 @@ mode: '754' # or 'u=rwx,g=rx,o=r' when: not new_nextcloud_common.stat.exists - - name: Include update tasks - ansible.builtin.include_tasks: tasks/update_nextcloud.yml + - name: Include backup tasks + ansible.builtin.include_tasks: tasks/backup_nextcloud.yml + + - name: block upgrade + block: + + - name: Include update tasks + ansible.builtin.include_tasks: tasks/update_nextcloud.yml + + - name: Display upgrade result + ansible.builtin.debug: + msg: "Le nuage de {{ DOMAIN }} a été mis à jour avec la nouvelle version {{ nouvelle_version }}" + + always: + + - name: Ask if restore is necessary + ansible.builtin.pause: + prompt: 'Voulez-vous restaurer la version precedente?(oui/non)' + echo: true + register: restore_promp + + - name: Definir config_ss_domain + ansible.builtin.set_fact: + restore: "{{ restore_promp.user_input | default(non) }}" - - name: Display upgrade result - ansible.builtin.debug: - msg: "Le nuage de {{ DOMAIN }} a été mis à jour avec la nouvelle version {{ nouvelle_version }}" + - name: Include update tasks + ansible.builtin.include_tasks: tasks/restore_nextcloud.yml + when: restore == 'oui' \ No newline at end of file