From e98d8ba105eab6a1a8c65574923be9f00f124b0b Mon Sep 17 00:00:00 2001 From: rominique Date: Fri, 10 May 2024 22:14:42 +0200 Subject: [PATCH 01/15] correction syntaxe correction scenario WP --- creation_nouveau_site.yml | 8 ++++---- tasks/config_WP.yml | 8 ++++---- tasks/config_mariadb.yml | 13 +++++++++++-- tasks/config_nginx.yml | 2 +- tasks/config_pool_php.yml | 2 +- tasks/config_www.yml | 4 +++- tasks/download_nextcloud_source.yml | 16 ++++++++-------- tasks/verif_installation_nextcloud.yml | 2 +- templates/nginx_WP_server.j2 | 6 +++--- 9 files changed, 36 insertions(+), 25 deletions(-) diff --git a/creation_nouveau_site.yml b/creation_nouveau_site.yml index c5ca22c..145d82f 100644 --- a/creation_nouveau_site.yml +++ b/creation_nouveau_site.yml @@ -103,11 +103,11 @@ when: config_php == 'oui' or SITE == 'paheko' or SITE == 'WP' or SITE == 'nuage' - name: Inclure la configuration d'une bdd postgres - ansible.builtin.include_tasks: tasks/config_bdd_postgres.yml + ansible.builtin.include_tasks: tasks/config_postgres.yml when: config_bdd == 'postgres' or SITE == 'nuage' - name: Inclure la configuration d'une bdd mariadb - ansible.builtin.include_tasks: tasks/config_bdd_mariadb.yml + ansible.builtin.include_tasks: tasks/config_mariadb.yml when: config_bdd == 'mariadb' or SITE == 'WP' - name: Inclure la configuration nextcloud si besoin @@ -119,7 +119,7 @@ when: SITE == 'paheko' - name: Inclure la configuration WP si besoin - ansible.builtin.include_tasks: tasks/config_wp.yml + ansible.builtin.include_tasks: tasks/config_WP.yml when: SITE == 'WP' - name: Inclure le configuration du backup @@ -127,4 +127,4 @@ - name: Inclure le configuration SFTP ansible.builtin.include_tasks: tasks/config_sftp.yml - when: sftp_key =! '' and sftp_key =! 'non' + when: sftp_key != '' and sftp_key != 'non' diff --git a/tasks/config_WP.yml b/tasks/config_WP.yml index c328bc0..235cdbb 100644 --- a/tasks/config_WP.yml +++ b/tasks/config_WP.yml @@ -1,12 +1,12 @@ -- name: Create new app common folder from old version one - become_user: "site_{{ SIGLE }}_{{ SITE }}" - become: true +- name: Copie des fichiers sources WP dans le home du nouveau site ansible.builtin.copy: - src: "/home/sites/data/wordpress" + src: "/home/sites/data/wordpress/" dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/" remote_src: true # because the copy is from remote host to remote host mode: '754' # or 'u=rwx,g=rx,o=r' + owner: "php_{{ SIGLE }}_{{ SITE }}" + group: "site_{{ SIGLE }}_{{ SITE }}" - name: Créer les fichiers spécifiques wp ansible.builtin.template: diff --git a/tasks/config_mariadb.yml b/tasks/config_mariadb.yml index 3816d0c..831fc66 100644 --- a/tasks/config_mariadb.yml +++ b/tasks/config_mariadb.yml @@ -1,3 +1,12 @@ +- name: Etckeeper commit if necessary + ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ SITE }}" + ignore_errors: true + +- name: Install ansible mysql required packages + ansible.builtin.apt: + name: + - python3-pymysql + - name: Boucle d'ajout du user php dans plusieurs groupe ansible.builtin.user: name: "php_{{ SIGLE }}_{{ SITE }}" @@ -15,8 +24,8 @@ encoding: utf8mb4 # pour WP - name: Créer le user mysql - mysql_user: + community.mysql.mysql_user: name: "php_{{ SIGLE }}_{{ SITE }}" priv: "php_{{ SIGLE }}_{{ SITE }}.*:ALL" state: present - login_unix_socket: /run/mysqld/mysqld.sock \ No newline at end of file + login_unix_socket: /run/mysqld/mysqld.sock diff --git a/tasks/config_nginx.yml b/tasks/config_nginx.yml index f932ac8..0c61275 100644 --- a/tasks/config_nginx.yml +++ b/tasks/config_nginx.yml @@ -39,7 +39,7 @@ owner: "root" group: "root" mode: '640' # or u=rwx,g=r,o= - when: SITE != 'nuage' and template_site != 'http' + when: SITE != 'nuage' and template_site != 'http' and SITE != 'WP' - name: Recharger le service nginx ansible.builtin.service: diff --git a/tasks/config_pool_php.yml b/tasks/config_pool_php.yml index 970a039..cf1c432 100644 --- a/tasks/config_pool_php.yml +++ b/tasks/config_pool_php.yml @@ -76,4 +76,4 @@ - name: ATTENTION la config php n'a pas été créer ansible.builtin.debug: msg: "Il n'y a pas de templates php pour votre site, il faudra le créer manuellement" - when: SITE != 'nuage' and SITE != 'paheko' or SITE != 'WP' + when: SITE != 'nuage' and SITE != 'paheko' and SITE != 'WP' diff --git a/tasks/config_www.yml b/tasks/config_www.yml index d01c9bf..c1a4b20 100644 --- a/tasks/config_www.yml +++ b/tasks/config_www.yml @@ -25,6 +25,8 @@ owner: "{{ item.owner }}" group: "{{ item.group }}" mode: "{{ item.mode }}" + vars: + concat: "site_{{ SIGLE }}_{{ SITE }}" loop_control: label: "{{ item.path }}" loop: @@ -40,6 +42,6 @@ mode: '2751' - path: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}" state: directory - owner: 'root' + owner: "{{ ( SITE in ['www','WP'] ) | ternary ( concat , 'root' ) }}" group: "site_{{ SIGLE }}_{{ SITE }}" mode: '2750' diff --git a/tasks/download_nextcloud_source.yml b/tasks/download_nextcloud_source.yml index 77a46c6..4c79f2b 100644 --- a/tasks/download_nextcloud_source.yml +++ b/tasks/download_nextcloud_source.yml @@ -7,10 +7,10 @@ mode: '755' # or u=rwx,g=rx,o=rx checksum: "md5:{{ nextcloud_repo_url }}/nextcloud-{{ nouvelle_version }}.tar.bz2.md5" -- name: create nextcloud source dir +- name: Create nextcloud source dir become: true become_user: nextcloud - ansible.builtin.file: + ansible.builtin.file: path: "{{ nextcloud_sources_files_path }}/nextcloud-{{ nouvelle_version }}" state: directory mode: '755' # or u=rwx,g=rx,o=rx @@ -22,17 +22,17 @@ src: "{{ nextcloud_sources_files_path }}/nextcloud-{{ nouvelle_version }}.tar.bz2" dest: "{{ nextcloud_sources_files_path }}/" # mode: '755' # or u=rwx,g=rx,o=rx - remote_src: yes + remote_src: true -- name: "rename nextloud dir to nextcloud-{{ nouvelle_version }}" +- name: Rename nextloud dir to nextcloud-nouvelle_version become: true become_user: nextcloud - ansible.builtin.copy: + ansible.builtin.copy: src: "{{ nextcloud_sources_files_path }}/nextcloud/" dest: "{{ nextcloud_sources_files_path }}/nextcloud-{{ nouvelle_version }}" - remote_src: yes # because the config file is already in the nextcloud_tmp_path + remote_src: true # because the config file is already in the nextcloud_tmp_path -- name: deleted downloaded nextcloud files +- name: Deleted downloaded nextcloud files become: true become_user: nextcloud ansible.builtin.file: @@ -40,4 +40,4 @@ state: absent loop: - "{{ nextcloud_sources_files_path }}/nextcloud-{{ nouvelle_version }}.tar.bz2" - - "{{ nextcloud_sources_files_path }}/nextcloud" \ No newline at end of file + - "{{ nextcloud_sources_files_path }}/nextcloud" diff --git a/tasks/verif_installation_nextcloud.yml b/tasks/verif_installation_nextcloud.yml index bb679e4..508c5fd 100644 --- a/tasks/verif_installation_nextcloud.yml +++ b/tasks/verif_installation_nextcloud.yml @@ -25,4 +25,4 @@ dest: "{{ nextcloud_common_files_path }}/nextcloud-{{ nouvelle_version }}" remote_src: true # because the copy is from remote host to remote host mode: '754' # or 'u=rwx,g=rx,o=r' - when: not new_nextcloud_common.stat.exists \ No newline at end of file + when: not new_nextcloud_common.stat.exists diff --git a/templates/nginx_WP_server.j2 b/templates/nginx_WP_server.j2 index a501e6d..a41c72d 100644 --- a/templates/nginx_WP_server.j2 +++ b/templates/nginx_WP_server.j2 @@ -13,9 +13,9 @@ server { ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem; access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k; error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn; + root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/; + server_name {{ DOMAIN }}.{{ TLD }} {{ config_ss_domain | default(SITE) }}.{{ DOMAIN }}.{{ TLD }}; {% endif %} - server_name {{ DOMAIN }}.{{ TLD }} {{ config_ss_domain | default(SITE) }}.{{ DOMAIN }}.{{ TLD }}; - root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/; index index.php index.html index.htm; client_max_body_size 500M; location / { @@ -36,7 +36,7 @@ server { } location ~ \.php$ { include snippets/fastcgi-php.conf; - fastcgi_pass unix:/var/run/php/php8.1-fpm.sock; + fastcgi_pass unix:/run/php{{ php_version }}/fpm/php_{{ SIGLE }}_{{ SITE }}; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } -- 2.20.1 From d9743190e260a4dda455579bbf6e893fde310c58 Mon Sep 17 00:00:00 2001 From: rominique Date: Tue, 18 Jun 2024 01:42:50 +0200 Subject: [PATCH 02/15] remplacement de SITE par config_ss_domain --- creation_nouveau_site.yml | 10 +++++----- tasks/config_WP.yml | 13 ++++++------- tasks/config_backup.yml | 6 +++--- tasks/config_mariadb.yml | 12 ++++++------ tasks/config_nginx.yml | 8 ++++---- tasks/config_nuage.yml | 22 +++++++++++----------- tasks/config_options_www.yml | 3 ++- tasks/config_paheko.yml | 12 ++++++------ tasks/config_pool_php.yml | 22 +++++++++++----------- tasks/config_postgres.yml | 22 +++++++++++----------- tasks/config_sftp.yml | 10 +++++----- tasks/config_www.yml | 14 +++++++------- templates/nextcloud_install_config.j2 | 2 +- templates/nextcloud_sigle_config.j2 | 2 +- templates/nginx_WP_server.j2 | 18 +++++++++--------- templates/nginx_http_server.j2 | 4 ++-- templates/nginx_nuage_server.j2 | 26 +++++++++++++------------- templates/nginx_paheko_common.j2 | 4 ++-- templates/nginx_paheko_server.j2 | 16 ++++++++-------- templates/nginx_www_common.j2 | 2 +- templates/nginx_www_server.j2 | 16 ++++++++-------- templates/php_WP_conf.j2 | 10 +++++----- templates/php_gestion_conf.j2 | 10 +++++----- templates/php_paheko_conf.j2 | 10 +++++----- templates/wp-config.php.j2 | 6 +++--- 25 files changed, 140 insertions(+), 140 deletions(-) diff --git a/creation_nouveau_site.yml b/creation_nouveau_site.yml index 145d82f..b9029e0 100644 --- a/creation_nouveau_site.yml +++ b/creation_nouveau_site.yml @@ -1,7 +1,7 @@ # commande pour lancer le playbook: ansible-playbook creation_nouveau_site.yml # attention - Par défaut ce scipt se lancer vers ligatures -# pour ne jouer que la partie permettant de générer le certificat SSL pour le HTTPS lancer la commance ci-dessous: +# pour ne jouer que la partie permettant de générer le certificat SSL pour le HTTPS lancer la commance ci-dessous (attention il faut recharger nginx manuellement à la fin): # ansible-playbook creation_nouveau_site.yml --tags "https" - name: Promp pour définir les variables du nouveau ite @@ -54,12 +54,12 @@ tasks: - - name: Inclure la configuration d'un site web basique - ansible.builtin.include_tasks: tasks/config_www.yml - - name: Inclure les configurations optionnelles d'un site www ansible.builtin.include_tasks: tasks/config_options_www.yml - when: SITE != 'nuage' + tags: https + + - name: Inclure la configuration d'un site web basique + ansible.builtin.include_tasks: tasks/config_www.yml - name: Inclure la configuration nginx ansible.builtin.include_tasks: tasks/config_nginx.yml diff --git a/tasks/config_WP.yml b/tasks/config_WP.yml index 235cdbb..684d161 100644 --- a/tasks/config_WP.yml +++ b/tasks/config_WP.yml @@ -1,25 +1,24 @@ - - name: Copie des fichiers sources WP dans le home du nouveau site ansible.builtin.copy: src: "/home/sites/data/wordpress/" - dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/" + dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/" remote_src: true # because the copy is from remote host to remote host mode: '754' # or 'u=rwx,g=rx,o=r' - owner: "php_{{ SIGLE }}_{{ SITE }}" - group: "site_{{ SIGLE }}_{{ SITE }}" + owner: "php_{{ SIGLE }}_{{ config_ss_domain }}" + group: "site_{{ SIGLE }}_{{ config_ss_domain }}" - name: Créer les fichiers spécifiques wp ansible.builtin.template: src: "templates/{{ item.src }}" - dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/{{ item.dest }}" + dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/{{ item.dest }}" owner: "{{ item.owner }}" group: "{{ item.group }}" mode: "{{ item.mode }}" loop: - src: "wp-config.php.j2" dest: "wp-config.php" - owner: "php_{{ SIGLE }}_{{ SITE }}" - group: "site_{{ SIGLE }}_{{ SITE }}" + owner: "php_{{ SIGLE }}_{{ config_ss_domain }}" + group: "site_{{ SIGLE }}_{{ config_ss_domain }}" mode: '640' - name: Recharger PHP et nginx diff --git a/tasks/config_backup.yml b/tasks/config_backup.yml index da885b2..03b2970 100644 --- a/tasks/config_backup.yml +++ b/tasks/config_backup.yml @@ -8,8 +8,8 @@ backup: true register: presence_sigle loop: - - " - /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/config" - - " - /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/data" + - " - /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/config" + - " - /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/data" when: SITE == 'nuage' - name: Mise à jour de la conf de borgmatic pour le backup d'un site non nuage @@ -22,5 +22,5 @@ backup: true register: presence_sigle loop: - - " - /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}" + - " - /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}" when: SITE != 'nuage' diff --git a/tasks/config_mariadb.yml b/tasks/config_mariadb.yml index 831fc66..c2efe44 100644 --- a/tasks/config_mariadb.yml +++ b/tasks/config_mariadb.yml @@ -1,5 +1,5 @@ - name: Etckeeper commit if necessary - ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ SITE }}" + ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ config_ss_domain }}" ignore_errors: true - name: Install ansible mysql required packages @@ -9,23 +9,23 @@ - name: Boucle d'ajout du user php dans plusieurs groupe ansible.builtin.user: - name: "php_{{ SIGLE }}_{{ SITE }}" + name: "php_{{ SIGLE }}_{{ config_ss_domain }}" groups: "{{ item }}" append: true loop: - mysql - - "site_{{ SIGLE }}_{{ SITE }}" + - "site_{{ SIGLE }}_{{ config_ss_domain }}" - name: Création de la nouvelle bdd Mariadb community.mysql.mysql_db: - name: "php_{{ SIGLE }}_{{ SITE }}" + name: "php_{{ SIGLE }}_{{ config_ss_domain }}" state: present login_unix_socket: /run/mysqld/mysqld.sock encoding: utf8mb4 # pour WP - name: Créer le user mysql community.mysql.mysql_user: - name: "php_{{ SIGLE }}_{{ SITE }}" - priv: "php_{{ SIGLE }}_{{ SITE }}.*:ALL" + name: "php_{{ SIGLE }}_{{ config_ss_domain }}" + priv: "php_{{ SIGLE }}_{{ config_ss_domain }}.*:ALL" state: present login_unix_socket: /run/mysqld/mysqld.sock diff --git a/tasks/config_nginx.yml b/tasks/config_nginx.yml index 0c61275..3f74047 100644 --- a/tasks/config_nginx.yml +++ b/tasks/config_nginx.yml @@ -8,7 +8,7 @@ loop_control: label: "{{ item.path }}" loop: - - path: "/etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}" + - path: "/etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}" state: directory owner: 'root' group: 'root' @@ -18,7 +18,7 @@ owner: 'log_sites' group: 'log_sites' mode: '755' - - path: "/home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}" + - path: "/home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}" state: directory owner: 'log_sites' group: 'log_sites' @@ -27,7 +27,7 @@ - name: Création de la conf server nginx ansible.builtin.template: src: "templates/nginx_{{ template_site }}_server.j2" - dest: "/etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/server.conf" + dest: "/etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/server.conf" owner: "root" group: "root" mode: '640' # or u=rwx,g=r,o= @@ -35,7 +35,7 @@ - name: Création de la conf common nginx ansible.builtin.template: src: "templates/nginx_{{ template_site }}_common.j2" - dest: "/etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf" + dest: "/etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/common.conf" owner: "root" group: "root" mode: '640' # or u=rwx,g=r,o= diff --git a/tasks/config_nuage.yml b/tasks/config_nuage.yml index f0678ec..ffb8ab7 100644 --- a/tasks/config_nuage.yml +++ b/tasks/config_nuage.yml @@ -1,5 +1,5 @@ - name: Etckeeper commit if necessary - ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ SITE }}" + ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ config_ss_domain }}" ignore_errors: true - name: Install required packages @@ -37,14 +37,14 @@ - name: Boucle d'ajout du user php dans plusieurs groupe ansible.builtin.user: - name: "php_{{ SIGLE }}_{{ SITE }}" + name: "php_{{ SIGLE }}_{{ config_ss_domain }}" groups: "{{ item }}" append: true loop: - nextcloud - postgres-data - redis - - "site_{{ SIGLE }}_{{ SITE }}" + - "site_{{ SIGLE }}_{{ config_ss_domain }}" - name: Bloc nouvelle version nextcloud when: nouvelle_version is undefined @@ -119,11 +119,11 @@ community.postgresql.postgresql_pg_hba: dest: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf" contype: local - users: "php_{{ SIGLE }}_{{ SITE }}" - databases: "php_{{ SIGLE }}_{{ SITE }}" + users: "php_{{ SIGLE }}_{{ config_ss_domain }}" + databases: "php_{{ SIGLE }}_{{ config_ss_domain }}" method: peer keep_comments_at_rules: true - comment: "autoriser le user php_{{ SIGLE }}_{{ SITE }} à se connecter à la bdd du meme nom" + comment: "autoriser le user php_{{ SIGLE }}_{{ config_ss_domain }} à se connecter à la bdd du meme nom" - name: Boucle création des répertoires app, config et data nextcloud ansible.builtin.file: @@ -207,13 +207,13 @@ ansible.builtin.command: > ./console maintenance:install --database='pgsql' - --database-name="php_{{ SIGLE }}_{{ SITE }}" - --database-user="php_{{ SIGLE }}_{{ SITE }}" + --database-name="php_{{ SIGLE }}_{{ config_ss_domain }}" + --database-user="php_{{ SIGLE }}_{{ config_ss_domain }}" --database-host="/var/run/postgresql/" --database-pass="" --admin-user='admin' --admin-pass='ckoideja' - --data-dir="/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/data/" + --data-dir="/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/data/" args: chdir: "{{ nextcloud_webroot }}" register: install_result @@ -315,9 +315,9 @@ - name: Creation d'un fichier cron pour /etc/cron.d ansible.builtin.cron: - name: "nextcloud {{ SIGLE }}_{{ SITE }} taches d'arriere plan toutes les 5 mins" + name: "nextcloud {{ SIGLE }}_{{ config_ss_domain }} taches d'arriere plan toutes les 5 mins" minute: "*/5" - user: "php_{{ SIGLE }}_{{ SITE }}" + user: "php_{{ SIGLE }}_{{ config_ss_domain }}" job: "{{ nextcloud_webroot }}/cron" - name: Recharger plusieurs services diff --git a/tasks/config_options_www.yml b/tasks/config_options_www.yml index b55a387..93fdb51 100644 --- a/tasks/config_options_www.yml +++ b/tasks/config_options_www.yml @@ -1,4 +1,5 @@ - name: Bloc demande sous-domaine + tags: https block: - name: Demande sous-domaine @@ -12,7 +13,7 @@ config_ss_domain: "{{ config_ss_domain_promp.user_input | default(SITE) }}" - name: Bloc demande des autres options - when: SITE != 'paheko' # and SITE != 'WP' + when: SITE != 'paheko' or SITE != 'nuage' # and SITE != 'WP' block: - name: Demande php diff --git a/tasks/config_paheko.yml b/tasks/config_paheko.yml index 2c5748d..efc748b 100644 --- a/tasks/config_paheko.yml +++ b/tasks/config_paheko.yml @@ -1,5 +1,5 @@ - name: Etckeeper commit if necessary - ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ SITE }}" + ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ config_ss_domain }}" - name: Install required packages ansible.builtin.apt: @@ -95,19 +95,19 @@ - name: Copie la source paheko vers le home du site become: true -# become_user: "php_{{ SIGLE }}_{{ SITE }}" +# become_user: "php_{{ SIGLE }}_{{ config_ss_domain }}" ansible.builtin.copy: src: "/home/sites/data/paheko/{{ paheko_version }}/" - dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}" + dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}" remote_src: true # because the config file is already in the nextcloud_tmp_path mode: '2750' - name: Modification du propriétaire group et droits du dossier ansible.builtin.file: - path: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/" + path: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/" state: directory - owner: "php_{{ SIGLE }}_{{ SITE }}" - group: "site_{{ SIGLE }}_{{ SITE }}" + owner: "php_{{ SIGLE }}_{{ config_ss_domain }}" + group: "site_{{ SIGLE }}_{{ config_ss_domain }}" mode: '2750' recurse: true diff --git a/tasks/config_pool_php.yml b/tasks/config_pool_php.yml index cf1c432..23173eb 100644 --- a/tasks/config_pool_php.yml +++ b/tasks/config_pool_php.yml @@ -1,17 +1,17 @@ - name: Ajout de l'utilisateur php_SIGLE_SITE ansible.builtin.user: - name: "php_{{ SIGLE }}_{{ SITE }}" - home: "/etc/php/{{ php_version }}/fpm/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}" + name: "php_{{ SIGLE }}_{{ config_ss_domain }}" + home: "/etc/php/{{ php_version }}/fpm/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}" shell: /bin/false system: true append: true create_home: false password: '!' -# group: "php_{{ SIGLE }}_{{ SITE }}" +# group: "php_{{ SIGLE }}_{{ config_ss_domain }}" - name: Boucle d'ajout du user php dans plusieurs groupe ansible.builtin.user: - name: "php_{{ SIGLE }}_{{ SITE }}" + name: "php_{{ SIGLE }}_{{ config_ss_domain }}" groups: "{{ item }}" append: true loop: @@ -34,13 +34,13 @@ mode: '1751' - path: "/home/sites/log/php/fpm/{{ TLD }}/{{ DOMAIN }}" state: directory - owner: "php_{{ SIGLE }}_{{ SITE }}" - group: "php_{{ SIGLE }}_{{ SITE }}" + owner: "php_{{ SIGLE }}_{{ config_ss_domain }}" + group: "php_{{ SIGLE }}_{{ config_ss_domain }}" mode: '1751' - - path: "/home/sites/log/php/fpm/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}" + - path: "/home/sites/log/php/fpm/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}" state: directory - owner: "php_{{ SIGLE }}_{{ SITE }}" - group: "php_{{ SIGLE }}_{{ SITE }}" + owner: "php_{{ SIGLE }}_{{ config_ss_domain }}" + group: "php_{{ SIGLE }}_{{ config_ss_domain }}" mode: '750' - name: Boucle création ou modifications des répertoires config d'un pool php @@ -53,7 +53,7 @@ loop_control: label: "{{ item.path }}" loop: - - path: "/etc/php/{{ php_version }}/fpm/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}" + - path: "/etc/php/{{ php_version }}/fpm/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}" state: directory # If directory, all intermediate subdirectories will be created if they do not exist. owner: 'root' group: 'root' @@ -67,7 +67,7 @@ - name: Création de la conf du pool php ansible.builtin.template: src: "templates/php_{{ SITE }}_conf.j2" - dest: "/etc/php/{{ php_version }}/fpm/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/php-fpm.conf" + dest: "/etc/php/{{ php_version }}/fpm/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/php-fpm.conf" owner: "root" group: "root" mode: '640' # or u=rwx,g=r,o= diff --git a/tasks/config_postgres.yml b/tasks/config_postgres.yml index 06652ce..fe6a511 100644 --- a/tasks/config_postgres.yml +++ b/tasks/config_postgres.yml @@ -1,5 +1,5 @@ - name: Etckeeper commit if necessary - ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ SITE }}" + ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ config_ss_domain }}" ignore_errors: true - name: Install required packages @@ -36,14 +36,14 @@ - name: Boucle d'ajout du user php dans plusieurs groupe ansible.builtin.user: - name: "php_{{ SIGLE }}_{{ SITE }}" + name: "php_{{ SIGLE }}_{{ config_ss_domain }}" groups: "{{ item }}" append: true loop: - nextcloud - postgres-data - redis - - "site_{{ SIGLE }}_{{ SITE }}" + - "site_{{ SIGLE }}_{{ config_ss_domain }}" - name: Bloc nouvelle version nextcloud when: nouvelle_version is undefined @@ -118,11 +118,11 @@ community.postgresql.postgresql_pg_hba: dest: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf" contype: local - users: "php_{{ SIGLE }}_{{ SITE }}" - databases: "php_{{ SIGLE }}_{{ SITE }}" + users: "php_{{ SIGLE }}_{{ config_ss_domain }}" + databases: "php_{{ SIGLE }}_{{ config_ss_domain }}" method: peer keep_comments_at_rules: true - comment: "autoriser le user php_{{ SIGLE }}_{{ SITE }} à se connecter à la bdd du meme nom" + comment: "autoriser le user php_{{ SIGLE }}_{{ config_ss_domain }} à se connecter à la bdd du meme nom" - name: Boucle création des répertoires app, config et data nextcloud ansible.builtin.file: @@ -206,13 +206,13 @@ ansible.builtin.command: > ./console maintenance:install --database='pgsql' - --database-name="php_{{ SIGLE }}_{{ SITE }}" - --database-user="php_{{ SIGLE }}_{{ SITE }}" + --database-name="php_{{ SIGLE }}_{{ config_ss_domain }}" + --database-user="php_{{ SIGLE }}_{{ config_ss_domain }}" --database-host="/var/run/postgresql/" --database-pass="" --admin-user='admin' --admin-pass='ckoideja' - --data-dir="/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/data/" + --data-dir="/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/data/" args: chdir: "{{ nextcloud_webroot }}" register: install_result @@ -314,9 +314,9 @@ - name: Creation d'un fichier cron pour /etc/cron.d ansible.builtin.cron: - name: "nextcloud {{ SIGLE }}_{{ SITE }} taches d'arriere plan toutes les 5 mins" + name: "nextcloud {{ SIGLE }}_{{ config_ss_domain }} taches d'arriere plan toutes les 5 mins" minute: "*/5" - user: "php_{{ SIGLE }}_{{ SITE }}" + user: "php_{{ SIGLE }}_{{ config_ss_domain }}" job: "{{ nextcloud_webroot }}/cron" - name: Recharger plusieurs services diff --git a/tasks/config_sftp.yml b/tasks/config_sftp.yml index 2b8c446..ea023c0 100644 --- a/tasks/config_sftp.yml +++ b/tasks/config_sftp.yml @@ -1,6 +1,6 @@ - name: Ajout de l'utilisateur site_SIGLE_SITE dans le group sftponly et modification du home ansible.builtin.user: - name: "site_{{ SIGLE }}_{{ SITE }}" + name: "site_{{ SIGLE }}_{{ config_ss_domain }}" home: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}" shell: /bin/false groups: sftponly @@ -24,16 +24,16 @@ mode: '2751' - path: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/.ssh" state: directory - owner: "site_{{ SIGLE }}_{{ SITE }}" - group: "site_{{ SIGLE }}_{{ SITE }}" + owner: "site_{{ SIGLE }}_{{ config_ss_domain }}" + group: "site_{{ SIGLE }}_{{ config_ss_domain }}" mode: '2700' - name: Création du fichier authorized_keys ansible.builtin.template: src: "templates/authorized_keys.j2" dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/.ssh/authorized_keys" - owner: "site_{{ SIGLE }}_{{ SITE }}" - group: "site_{{ SIGLE }}_{{ SITE }}" + owner: "site_{{ SIGLE }}_{{ config_ss_domain }}" + group: "site_{{ SIGLE }}_{{ config_ss_domain }}" mode: '600' # verif le serveur openssh est bien config et sinon le faire? + reload diff --git a/tasks/config_www.yml b/tasks/config_www.yml index c1a4b20..b5ac3f4 100644 --- a/tasks/config_www.yml +++ b/tasks/config_www.yml @@ -1,7 +1,7 @@ - name: Ajout de l'utilisateur site_SIGLE_SITE ansible.builtin.user: - name: "site_{{ SIGLE }}_{{ SITE }}" - home: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}" + name: "site_{{ SIGLE }}_{{ config_ss_domain }}" + home: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}" shell: /bin/false groups: www-data system: true @@ -12,7 +12,7 @@ - name: Boucle d'ajout d'user dans le groupe site_SIGLE_SITE ansible.builtin.user: name: "{{ item }}" - groups: "site_{{ SIGLE }}_{{ SITE }}" + groups: "site_{{ SIGLE }}_{{ config_ss_domain }}" append: true loop: - 'www-data' @@ -25,8 +25,8 @@ owner: "{{ item.owner }}" group: "{{ item.group }}" mode: "{{ item.mode }}" - vars: - concat: "site_{{ SIGLE }}_{{ SITE }}" + vars: + concat: "site_{{ SIGLE }}_{{ config_ss_domain }}" loop_control: label: "{{ item.path }}" loop: @@ -40,8 +40,8 @@ owner: 'root' group: 'www-data' mode: '2751' - - path: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}" + - path: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}" state: directory owner: "{{ ( SITE in ['www','WP'] ) | ternary ( concat , 'root' ) }}" - group: "site_{{ SIGLE }}_{{ SITE }}" + group: "site_{{ SIGLE }}_{{ config_ss_domain }}" mode: '2750' diff --git a/templates/nextcloud_install_config.j2 b/templates/nextcloud_install_config.j2 index 40dcc52..06e3555 100644 --- a/templates/nextcloud_install_config.j2 +++ b/templates/nextcloud_install_config.j2 @@ -1,5 +1,5 @@ Date: Tue, 18 Jun 2024 12:16:40 +0200 Subject: [PATCH 03/15] maj default version --- update_nuage_instance.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/update_nuage_instance.yml b/update_nuage_instance.yml index 3f8fa94..c1d8fe4 100644 --- a/update_nuage_instance.yml +++ b/update_nuage_instance.yml @@ -10,7 +10,7 @@ - name: nouvelle_version prompt: 'Nouvelle version nextcloud à télécharger?(ex: 27.1.8)' private: false - default: "27.1.8" + default: "28.0.6" - name: TLD prompt: 'TLD du site à mettre à jour?(ex: org)' -- 2.20.1 From a20c3b3dc57328b956394ecf9db1f7d767886b9f Mon Sep 17 00:00:00 2001 From: rominique Date: Tue, 18 Jun 2024 14:48:32 +0200 Subject: [PATCH 04/15] =?utf8?q?backup=20de=20la=20bdd=20dans=20le=20home?= =?utf8?q?=20du=20nuage=20pour=20des=20questions=20de=20s=C3=A9cu?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit --- tasks/backup_nextcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/backup_nextcloud.yml b/tasks/backup_nextcloud.yml index dd20660..c126cb9 100644 --- a/tasks/backup_nextcloud.yml +++ b/tasks/backup_nextcloud.yml @@ -8,7 +8,7 @@ - name: Create a dump of the postgreSQL database # noqa : command-instead-of-module become: true become_user: "{{ nextcloud_php_user }}" - ansible.builtin.command: "pg_dump -f /tmp/{{ nextcloud_db_name }}.pgc -F c -O -b {{ nextcloud_db_name }}" + ansible.builtin.command: "pg_dump -f {{ nextcloud_webroot }}/{{ nextcloud_db_name }}.pgc -F c -O -b {{ nextcloud_db_name }}" args: chdir: "{{ nextcloud_webroot }}" -- 2.20.1 From 694c8edd71371ed26914f110eef4140e78a75c0d Mon Sep 17 00:00:00 2001 From: rominique Date: Tue, 18 Jun 2024 15:09:07 +0200 Subject: [PATCH 05/15] modif creation dossier common app nextcloud --- update_nuage_instance.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/update_nuage_instance.yml b/update_nuage_instance.yml index c1d8fe4..eeed883 100644 --- a/update_nuage_instance.yml +++ b/update_nuage_instance.yml @@ -69,15 +69,15 @@ ansible_become: true become_user: nextcloud - - name: Create new app common folder from old version one - become_user: nextcloud + - name: Création du dossier common de la nouvelle version en utilisant les apps de l'instance test-nuage become: true ansible.builtin.copy: - src: "{{ nextcloud_common_files_path }}/nextcloud-{{ ancienne_version }}/" - dest: "{{ nextcloud_common_files_path }}/nextcloud-{{ nouvelle_version }}" + src: "/home/site/home/sites/data/org/heureux-cyclage/test-nuage/apps/*" + dest: "{{ nextcloud_common_files_path }}/nextcloud-{{ nouvelle_version }}/" remote_src: true # because the copy is from remote host to remote host mode: '754' # or 'u=rwx,g=rx,o=r' - when: not new_nextcloud_common.stat.exists + owner: nextcloud + group: nextcloud - name: Include backup tasks ansible.builtin.include_tasks: tasks/backup_nextcloud.yml -- 2.20.1 From 823c62558c3eed16b8d0f8f75156afe22919bd37 Mon Sep 17 00:00:00 2001 From: rominique Date: Fri, 28 Jun 2024 01:52:22 +0200 Subject: [PATCH 06/15] correction: mauvaise source du lien vers le dossier common nextcloud correction backup db dans dossier data correction chemin du dossier data --- tasks/backup_nextcloud.yml | 2 +- tasks/config_nuage.yml | 2 +- update_nuage_instance.yml | 5 +++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/tasks/backup_nextcloud.yml b/tasks/backup_nextcloud.yml index c126cb9..328052c 100644 --- a/tasks/backup_nextcloud.yml +++ b/tasks/backup_nextcloud.yml @@ -8,7 +8,7 @@ - name: Create a dump of the postgreSQL database # noqa : command-instead-of-module become: true become_user: "{{ nextcloud_php_user }}" - ansible.builtin.command: "pg_dump -f {{ nextcloud_webroot }}/{{ nextcloud_db_name }}.pgc -F c -O -b {{ nextcloud_db_name }}" + ansible.builtin.command: "pg_dump -f {{ nextcloud_webroot }}/data/{{ nextcloud_db_name }}.pgc -F c -O -b {{ nextcloud_db_name }}" args: chdir: "{{ nextcloud_webroot }}" diff --git a/tasks/config_nuage.yml b/tasks/config_nuage.yml index ffb8ab7..85d8a5e 100644 --- a/tasks/config_nuage.yml +++ b/tasks/config_nuage.yml @@ -162,7 +162,7 @@ - name: Create nextcloud common app dir symbolic link ansible.builtin.file: - src: "{{ nextcloud_symbolic_common }}" + src: "{{ nextcloud_common }}" dest: "{{ nextcloud_webroot }}/common" owner: nextcloud group: nextcloud diff --git a/update_nuage_instance.yml b/update_nuage_instance.yml index eeed883..fa70f08 100644 --- a/update_nuage_instance.yml +++ b/update_nuage_instance.yml @@ -72,12 +72,13 @@ - name: Création du dossier common de la nouvelle version en utilisant les apps de l'instance test-nuage become: true ansible.builtin.copy: - src: "/home/site/home/sites/data/org/heureux-cyclage/test-nuage/apps/*" - dest: "{{ nextcloud_common_files_path }}/nextcloud-{{ nouvelle_version }}/" + src: "/home/sites/data/org/heureux-cyclage/test-nuage/apps/" + dest: "{{ nextcloud_common_files_path }}/nextcloud-{{ nouvelle_version }}" remote_src: true # because the copy is from remote host to remote host mode: '754' # or 'u=rwx,g=rx,o=r' owner: nextcloud group: nextcloud + when: not new_nextcloud_common.stat.exists - name: Include backup tasks ansible.builtin.include_tasks: tasks/backup_nextcloud.yml -- 2.20.1 From 914a79aa78657d48486e162bd0f865847fb90ae3 Mon Sep 17 00:00:00 2001 From: rominique Date: Fri, 28 Jun 2024 01:59:56 +0200 Subject: [PATCH 07/15] correction de config_postgres --- tasks/config_nuage.yml | 32 +--- tasks/config_postgres.yml | 303 +------------------------------------- 2 files changed, 6 insertions(+), 329 deletions(-) diff --git a/tasks/config_nuage.yml b/tasks/config_nuage.yml index 85d8a5e..0f03c5c 100644 --- a/tasks/config_nuage.yml +++ b/tasks/config_nuage.yml @@ -75,25 +75,6 @@ - name: Inclure la verif de l'install nextcloud ansible.builtin.include_tasks: tasks/verif_installation_nextcloud.yml -- name: PostgreSQL - nextcloud_php_user role is created - become_user: postgres - become: true - community.postgresql.postgresql_user: - name: "{{ nextcloud_php_user }}" - state: present - role_attr_flags: CREATEDB - -- name: PostgreSQL - nextcloud_db_name database is created - become_user: postgres - become: true - community.postgresql.postgresql_db: - name: "{{ nextcloud_db_name }}" - state: "{{ item }}" - owner: "{{ nextcloud_php_user }}" - loop: - - absent - - present - - name: Pour chaque base, ajouter les droits suivants à l'utilisateur php become_user: postgres become: true @@ -115,16 +96,6 @@ grant_option: true name: "GRANT ALL ON SCHEMA public TO php_{{ SIGLE }}_nuage WITH GRANT OPTION;" -- name: Autoriser l'utilisateur php à se connecter à la bdd nextcloud - community.postgresql.postgresql_pg_hba: - dest: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf" - contype: local - users: "php_{{ SIGLE }}_{{ config_ss_domain }}" - databases: "php_{{ SIGLE }}_{{ config_ss_domain }}" - method: peer - keep_comments_at_rules: true - comment: "autoriser le user php_{{ SIGLE }}_{{ config_ss_domain }} à se connecter à la bdd du meme nom" - - name: Boucle création des répertoires app, config et data nextcloud ansible.builtin.file: path: "{{ item.path }}" @@ -193,12 +164,11 @@ group: "{{ nextcloud_websrv_user }}" mode: '640' -- name: Recharger plusieurs services +- name: Recharger php ansible.builtin.service: name: "{{ item }}" state: reloaded loop: - - "postgresql" - "php{{ php_version }}-fpm" - name: Lancement du script d'installation nextcloud # noqa : command-instead-of-module diff --git a/tasks/config_postgres.yml b/tasks/config_postgres.yml index fe6a511..e7051fa 100644 --- a/tasks/config_postgres.yml +++ b/tasks/config_postgres.yml @@ -1,84 +1,8 @@ -- name: Etckeeper commit if necessary - ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ config_ss_domain }}" - ignore_errors: true - -- name: Install required packages - ansible.builtin.apt: - name: -# - php-ctype - - php-curl -# - php-dom -# - php-fileinfo - - php-gd - - php-json - - "php{{ php_version }}-xml" - - php-mbstring -# - php-openssl -# - php-posix -# - php-session -# - php-simplexml -# - php-xmlreader -# - php-xmlwriter - - php-zip -# - php-zlib -# - php-pdo_pgsql - - "php{{ php_version }}-pgsql" - - php-pgsql - - php-intl - - php-bz2 -# - php-sodium - - php-gmp -# - php-exif - - php-redis - - php-imagick - - python3-psycopg2 # module ansible psql - state: present - -- name: Boucle d'ajout du user php dans plusieurs groupe - ansible.builtin.user: - name: "php_{{ SIGLE }}_{{ config_ss_domain }}" - groups: "{{ item }}" - append: true - loop: - - nextcloud - - postgres-data - - redis - - "site_{{ SIGLE }}_{{ config_ss_domain }}" - -- name: Bloc nouvelle version nextcloud - when: nouvelle_version is undefined - block: - - name: Demande la version de nextcloud à installer - ansible.builtin.pause: - prompt: "Quelle version de nextcloud doit être utilisée" - echo: true - register: nextcloud_version_prompt - - - name: Definir nouvelle_version - ansible.builtin.set_fact: - nouvelle_version: "{{ nextcloud_version_prompt.user_input }}" - -- name: Bloc ancienne version nextcloud - when: ancienne_version is undefined - block: - - name: Demande la version de nextcloud déjà installée - ansible.builtin.pause: - prompt: "Quelle version de nextcloud déjà installée" - echo: true - register: ancienne_version_prompt - - - name: Definir ancienne_version - ansible.builtin.set_fact: - ancienne_version: "{{ ancienne_version_prompt.user_input }}" - -- name: Inclure la verif de l'install nextcloud - ansible.builtin.include_tasks: tasks/verif_installation_nextcloud.yml - - name: PostgreSQL - nextcloud_php_user role is created become_user: postgres become: true community.postgresql.postgresql_user: - name: "{{ nextcloud_php_user }}" + name: "php_{{ SIGLE }}_{{ config_ss_domain }}" state: present role_attr_flags: CREATEDB @@ -86,34 +10,13 @@ become_user: postgres become: true community.postgresql.postgresql_db: - name: "{{ nextcloud_db_name }}" + name: "php_{{ SIGLE }}_{{ config_ss_domain }}" state: "{{ item }}" - owner: "{{ nextcloud_php_user }}" + owner: "php_{{ SIGLE }}_{{ config_ss_domain }}" loop: - absent - present -- name: Pour chaque base, ajouter les droits suivants à l'utilisateur php - become_user: postgres - become: true - community.postgresql.postgresql_privs: - db: "{{ item.db }}" - privs: "{{ item.privs }}" - type: "{{ item.type |default(omit) }}" - objs: "{{ item.objs }}" - role: "{{ item.role }}" - grant_option: "{{ item.grant_option |default(omit) }}" - loop_control: - label: "{{ item.name }}" - loop: - - db: "{{ nextcloud_db_name }}" - privs: "ALL" - type: "schema" - objs: "public" - role: "{{ nextcloud_php_user }}" - grant_option: true - name: "GRANT ALL ON SCHEMA public TO php_{{ SIGLE }}_nuage WITH GRANT OPTION;" - - name: Autoriser l'utilisateur php à se connecter à la bdd nextcloud community.postgresql.postgresql_pg_hba: dest: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf" @@ -124,205 +27,9 @@ keep_comments_at_rules: true comment: "autoriser le user php_{{ SIGLE }}_{{ config_ss_domain }} à se connecter à la bdd du meme nom" -- name: Boucle création des répertoires app, config et data nextcloud - ansible.builtin.file: - path: "{{ item.path }}" - state: "{{ item.state }}" - owner: "{{ item.owner }}" - group: "{{ item.group }}" - mode: "{{ item.mode }}" - loop_control: - label: "{{ item.path }}" - loop: - - path: "{{ nextcloud_webroot }}/apps" - state: directory - owner: "{{ nextcloud_php_user }}" - group: "{{ nextcloud_websrv_user }}" - mode: '2750' - - path: "{{ nextcloud_webroot }}/config" - state: directory - owner: "{{ nextcloud_php_user }}" - group: "{{ nextcloud_websrv_user }}" - mode: '2750' - - path: "{{ nextcloud_webroot }}/data" - state: directory - owner: "{{ nextcloud_php_user }}" - group: "{{ nextcloud_websrv_user }}" - mode: '2750' - -- name: Create nextcloud root dir symbolic link - ansible.builtin.file: - src: "{{ nextcloud_symbolic_source }}" - dest: "{{ nextcloud_webroot }}/nextcloud" - owner: nextcloud - group: nextcloud - state: link - follow: false - -- name: Create nextcloud common app dir symbolic link - ansible.builtin.file: - src: "{{ nextcloud_symbolic_common }}" - dest: "{{ nextcloud_webroot }}/common" - owner: nextcloud - group: nextcloud - state: link - follow: false - -- name: Créer les fichiers spécifiques nextcloud - ansible.builtin.template: - src: "templates/{{ item.src }}" - dest: "{{ nextcloud_webroot }}/{{ item.dest }}" - owner: "{{ item.owner }}" - group: "{{ item.group }}" - mode: "{{ item.mode }}" - loop: - - src: "nextcloud_cron.j2" - dest: "cron" - owner: "{{ nextcloud_php_user }}" - group: "{{ nextcloud_websrv_user }}" - mode: '750' - - src: "nextcloud_console.j2" - dest: "console" - owner: "{{ nextcloud_websrv_user }}" - group: "{{ nextcloud_websrv_user }}" - mode: '750' - - src: "nextcloud_install_config.j2" - dest: "config/config.php" - owner: "{{ nextcloud_php_user }}" - group: "{{ nextcloud_websrv_user }}" - mode: '640' - -- name: Recharger plusieurs services - ansible.builtin.service: - name: "{{ item }}" - state: reloaded - loop: - - "postgresql" - - "php{{ php_version }}-fpm" - -- name: Lancement du script d'installation nextcloud # noqa : command-instead-of-module - become_user: "{{ nextcloud_php_user }}" - become: true - ansible.builtin.command: > - ./console maintenance:install - --database='pgsql' - --database-name="php_{{ SIGLE }}_{{ config_ss_domain }}" - --database-user="php_{{ SIGLE }}_{{ config_ss_domain }}" - --database-host="/var/run/postgresql/" - --database-pass="" - --admin-user='admin' - --admin-pass='ckoideja' - --data-dir="/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/data/" - args: - chdir: "{{ nextcloud_webroot }}" - register: install_result - ignore_errors: true - -- name: Afficher les logs du script d'install - ansible.builtin.debug: - var: install_result - when: install_result is defined - -- name: Afficher les logs du script d'install - ansible.builtin.fail: - msg: "Le script d'install a échoué: Voir les logs ci-dessus" - when: install_result.failed - -- name: Créer les fichiers spécifiques nextcloud - ansible.builtin.template: - src: "templates/{{ item.src }}" - dest: "{{ nextcloud_webroot }}/{{ item.dest }}" - owner: "{{ item.owner }}" - group: "{{ item.group }}" - mode: "{{ item.mode }}" - loop: - - src: "nextcloud_sigle_config.j2" - dest: "config/{{ SIGLE }}.config.php" - owner: "{{ nextcloud_php_user }}" - group: "{{ nextcloud_websrv_user }}" - mode: '640' - -- name: Creation d'un lien symbolique vers le configuration nextcloud commun - ansible.builtin.file: - src: "../../../../nextcloud/common.config.php" - path: "{{ nextcloud_webroot }}/config/common.config.php" - owner: nextcloud - group: nextcloud - state: link - follow: false - -- name: Pour chaque base, ajouter les droits suivants à l'utilisateur php - become_user: postgres - become: true - community.postgresql.postgresql_privs: - db: "{{ item.db }}" - privs: "{{ item.privs }}" - type: "{{ item.type | default(omit) }}" - objs: "{{ item.objs }}" - role: "{{ item.role }}" - grant_option: "{{ item.grant_option | default(omit) }}" - loop_control: - label: "{{ item.name }}" - loop: - - db: "{{ nextcloud_db_name }}" - privs: "USAGE,CREATE" - type: "schema" - objs: "public" - role: "{{ nextcloud_php_user }}" - name: "GRANT USAGE,CREATE ON SCHEMA public TO php_{{ SIGLE }}_nuage;" - # - db: "{{ nextcloud_db_name }}" - # privs: "SELECT" - # type: "table" - # objs: "pg_namespace" - # role: "{{ nextcloud_php_user }}" - # name: "GRANT SELECT ON TABLE pg_namespace TO php_{{ SIGLE }}_nuage;" - # - db: "{{ nextcloud_db_name }}" - # privs: "SELECT" - # type: "table" - # objs: "pg_collation" - # role: "{{ nextcloud_php_user }}" - # name: "GRANT SELECT ON TABLE pg_collation TO php_{{ SIGLE }}_nuage;" - # - db: "{{ nextcloud_db_name }}" - # privs: "SELECT" - # type: "table" - # objs: "pg_index" - # role: "{{ nextcloud_php_user }}" - # name: "GRANT SELECT ON TABLE pg_index TO php_{{ SIGLE }}_nuage;" - # - db: "{{ nextcloud_db_name }}" - # privs: "SELECT" - # type: "table" - # objs: "pg_attrdef" - # role: "{{ nextcloud_php_user }}" - # name: "GRANT SELECT ON TABLE pg_attrdef TO php_{{ SIGLE }}_nuage;" - # - db: "{{ nextcloud_db_name }}" - # privs: "SELECT" - # type: "table" - # objs: "pg_description" - # role: "{{ nextcloud_php_user }}" - # name: "GRANT SELECT ON TABLE pg_description TO php_{{ SIGLE }}_nuage;" - # - db: "{{ nextcloud_db_name }}" - # privs: "SELECT" - # type: "table" - # objs: "pg_settings" - # role: "{{ nextcloud_php_user }}" - # name: "GRANT SELECT ON TABLE pg_settings TO php_{{ SIGLE }}_nuage;" - # - db: "{{ nextcloud_db_name }}" - # privs: "SELECT" - # objs: "pg_database" - # role: "{{ nextcloud_php_user }}" - # name: "GRANT SELECT ON pg_database TO php_{{ SIGLE }}_nuage;" - -- name: Creation d'un fichier cron pour /etc/cron.d - ansible.builtin.cron: - name: "nextcloud {{ SIGLE }}_{{ config_ss_domain }} taches d'arriere plan toutes les 5 mins" - minute: "*/5" - user: "php_{{ SIGLE }}_{{ config_ss_domain }}" - job: "{{ nextcloud_webroot }}/cron" - -- name: Recharger plusieurs services +- name: Recharger postgresql ansible.builtin.service: name: "{{ item }}" state: reloaded loop: - - "php{{ php_version }}-fpm" - - "nginx" + - "postgresql" \ No newline at end of file -- 2.20.1 From 5d2aeccf18b1c772a027ab9c26c576ab2d788a62 Mon Sep 17 00:00:00 2001 From: rominique Date: Mon, 1 Jul 2024 19:34:04 +0200 Subject: [PATCH 08/15] ajout d'un garde fou pour la creation du dossier app common suppression de variables inutiles --- creation_nouveau_site.yml | 2 -- host_vars/ligatures.yml | 2 -- tasks/verif_installation_nextcloud.yml | 9 ++++++++- update_nuage_instance.yml | 9 ++++++++- 4 files changed, 16 insertions(+), 6 deletions(-) diff --git a/creation_nouveau_site.yml b/creation_nouveau_site.yml index b9029e0..ed292dd 100644 --- a/creation_nouveau_site.yml +++ b/creation_nouveau_site.yml @@ -10,8 +10,6 @@ vars: # config_nginx: true à l'avenir on pourrait demander à l'utilisateur de choisir si il veut configurer nginx - # nouvelle_version: 27.1.7 # nextcloud - # ancienne_version: 27.1.6 # nextcloud vars_prompt: diff --git a/host_vars/ligatures.yml b/host_vars/ligatures.yml index 77a50a5..23b2bef 100644 --- a/host_vars/ligatures.yml +++ b/host_vars/ligatures.yml @@ -4,10 +4,8 @@ nextcloud_sources_files_path: "/home/sites/data/nextcloud/sources" nextcloud_common_files_path: "/home/sites/data/nextcloud/common" nextcloud_webroot: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/nuage" nextcloud_source: "{{ nextcloud_sources_files_path }}/nextcloud-{{ nouvelle_version }}" -nextcloud_old_source: "{{ nextcloud_sources_files_path }}/nextcloud-{{ ancienne_version }}" nextcloud_symbolic_source: "../../../nextcloud/sources/nextcloud-{{ nouvelle_version }}" nextcloud_common: "{{ nextcloud_common_files_path }}/nextcloud-{{ nouvelle_version }}" -nextcloud_old_common: "{{ nextcloud_common_files_path }}/nextcloud-{{ ancienne_version }}" nextcloud_symbolic_common: "../../../nextcloud/common.config.php" php_fpm_service: php{{ php_version}}-fpm php_version: '8.2' diff --git a/tasks/verif_installation_nextcloud.yml b/tasks/verif_installation_nextcloud.yml index 508c5fd..b649e2e 100644 --- a/tasks/verif_installation_nextcloud.yml +++ b/tasks/verif_installation_nextcloud.yml @@ -17,6 +17,13 @@ ansible_become: true become_user: nextcloud +# on utilise une version uniquement si test-nuage a préalablement été mis à jour dans cette version + +- name: fail si test-nuage n'a pas été mis à jour avec cette version + ansible.builtin.fail: + msg: 'il faut déjà mettre à jour test-nuage avec cette version' + when: not new_nextcloud_common.stat.exists and test_nuage is not defined + - name: Create new app common folder from old version one become_user: nextcloud become: true @@ -25,4 +32,4 @@ dest: "{{ nextcloud_common_files_path }}/nextcloud-{{ nouvelle_version }}" remote_src: true # because the copy is from remote host to remote host mode: '754' # or 'u=rwx,g=rx,o=r' - when: not new_nextcloud_common.stat.exists + when: not new_nextcloud_common.stat.exists and test_nuage is defined diff --git a/update_nuage_instance.yml b/update_nuage_instance.yml index fa70f08..5c0aa56 100644 --- a/update_nuage_instance.yml +++ b/update_nuage_instance.yml @@ -69,6 +69,13 @@ ansible_become: true become_user: nextcloud +# on met à jour une instance uniquement si test-nuage a préalablement été mis à jour dans cette version + + - name: fail si test-nuage n'a pas été mis à jour avec cette version + ansible.builtin.fail: + msg: 'il faut déjà mettre à jour test-nuage avec cette version' + when: not new_nextcloud_common.stat.exists and test_nuage is not defined + - name: Création du dossier common de la nouvelle version en utilisant les apps de l'instance test-nuage become: true ansible.builtin.copy: @@ -78,7 +85,7 @@ mode: '754' # or 'u=rwx,g=rx,o=r' owner: nextcloud group: nextcloud - when: not new_nextcloud_common.stat.exists + when: not new_nextcloud_common.stat.exists and test_nuage is defined - name: Include backup tasks ansible.builtin.include_tasks: tasks/backup_nextcloud.yml -- 2.20.1 From 7f4a8c29bd240b0b37c9980817bf02dcfca6e003 Mon Sep 17 00:00:00 2001 From: rominique Date: Thu, 4 Jul 2024 17:09:23 +0200 Subject: [PATCH 09/15] correction dans les option par defaut des promps --- tasks/config_nuage.yml | 8 ++--- tasks/config_options_www.yml | 50 +++++++++++++------------- tasks/config_pool_php.yml | 4 +-- tasks/verif_installation_nextcloud.yml | 7 ++-- 4 files changed, 35 insertions(+), 34 deletions(-) diff --git a/tasks/config_nuage.yml b/tasks/config_nuage.yml index 0f03c5c..bf99c5b 100644 --- a/tasks/config_nuage.yml +++ b/tasks/config_nuage.yml @@ -51,26 +51,26 @@ block: - name: Demande la version de nextcloud à installer ansible.builtin.pause: - prompt: "Quelle version de nextcloud doit être utilisée" + prompt: "Quelle version de nextcloud doit être utilisée? (default: 27.1.9)" echo: true register: nextcloud_version_prompt - name: Definir nouvelle_version ansible.builtin.set_fact: - nouvelle_version: "{{ nextcloud_version_prompt.user_input }}" + nouvelle_version: "{{ ( nextcloud_version_prompt.user_input | length == 0 ) | ternary ('27.1.9', nextcloud_version_prompt.user_input) }}" - name: Bloc ancienne version nextcloud when: ancienne_version is undefined block: - name: Demande la version de nextcloud déjà installée ansible.builtin.pause: - prompt: "Quelle version de nextcloud déjà installée" + prompt: "Quelle version de nextcloud déjà installée? (default: 26.0.4)" echo: true register: ancienne_version_prompt - name: Definir ancienne_version ansible.builtin.set_fact: - ancienne_version: "{{ ancienne_version_prompt.user_input }}" + ancienne_version: "{{ ( ancienne_version_prompt.user_input | length == 0 ) | ternary ('26.0.4', ancienne_version_prompt.user_input) }}" - name: Inclure la verif de l'install nextcloud ansible.builtin.include_tasks: tasks/verif_installation_nextcloud.yml diff --git a/tasks/config_options_www.yml b/tasks/config_options_www.yml index 93fdb51..4f46142 100644 --- a/tasks/config_options_www.yml +++ b/tasks/config_options_www.yml @@ -1,47 +1,47 @@ -- name: Bloc demande sous-domaine +- name: Demande sous-domaine tags: https - block: - - - name: Demande sous-domaine - ansible.builtin.pause: - prompt: 'quel sous-domaine faut-il configurer?(ex: www/gestion)' - echo: true - register: config_ss_domain_promp - - - name: Definir config_ss_domain - ansible.builtin.set_fact: - config_ss_domain: "{{ config_ss_domain_promp.user_input | default(SITE) }}" + ansible.builtin.pause: + prompt: 'quel sous-domaine faut-il configurer?(ex: www/gestion)' + echo: true + default: '{{ SITE }}' + register: config_ss_domain_promp + when: SITE != 'nuage' - name: Bloc demande des autres options - when: SITE != 'paheko' or SITE != 'nuage' # and SITE != 'WP' + when: SITE != 'paheko' and SITE != 'nuage' and SITE != 'WP' block: - name: Demande php ansible.builtin.pause: - prompt: 'Faut-il configurer un pool PHP?(ex: oui/non)' + prompt: 'Faut-il configurer un pool PHP?(oui/non)' echo: true register: config_php_promp - - name: Definir config_php - ansible.builtin.set_fact: - config_php: "{{ config_php_promp.user_input | default('non') }}" - - name: Demande bdd ansible.builtin.pause: prompt: 'Faut-il configurer une base de données SQL?(ex: mariadb/postgres/non)' echo: true register: config_bdd_promp - - name: Definir config_bdd - ansible.builtin.set_fact: - config_bdd: "{{ config_bdd_promp.user_input | default('non') }}" - - name: Demande sftp_key ansible.builtin.pause: prompt: 'besoin de configurer un accès SFTP pour ce compte (vide ou clé public)' echo: true register: sftp_key_promp - - name: Definir sftp_key - ansible.builtin.set_fact: - sftp_key: "{{ sftp_key_promp.user_input | default('non') }}" +- name: Definir config_php + ansible.builtin.set_fact: + config_php: "{{ ( config_php_promp.user_input | default ('') | length == 0 ) | ternary ('non', config_php_promp.user_input) }}" + +- name: Definir config_ss_domain + tags: https + ansible.builtin.set_fact: + config_ss_domain: "{{ ( SITE == 'nuage' | default ('') ) | ternary (SITE, config_ss_domain_promp.user_input) }}" + +- name: Definir config_bdd + ansible.builtin.set_fact: + config_bdd: "{{ ( config_bdd_promp.user_input | default ('') | length == 0 ) | ternary ('non', config_bdd_promp.user_input) }}" + +- name: Definir sftp_key + ansible.builtin.set_fact: + sftp_key: "{{ sftp_key_promp.user_input | default('non') }}" \ No newline at end of file diff --git a/tasks/config_pool_php.yml b/tasks/config_pool_php.yml index 23173eb..19beffd 100644 --- a/tasks/config_pool_php.yml +++ b/tasks/config_pool_php.yml @@ -73,7 +73,7 @@ mode: '640' # or u=rwx,g=r,o= when: SITE == 'nuage' or SITE == 'paheko' or SITE == 'WP' -- name: ATTENTION la config php n'a pas été créer +- name: Message d'alerte si besoin ansible.builtin.debug: - msg: "Il n'y a pas de templates php pour votre site, il faudra le créer manuellement" + msg: "!!! ATTENTION !!! la config php n'a pas été créer car il n'y a pas de templates php pour votre site, il faudra le créer manuellement" when: SITE != 'nuage' and SITE != 'paheko' and SITE != 'WP' diff --git a/tasks/verif_installation_nextcloud.yml b/tasks/verif_installation_nextcloud.yml index b649e2e..d2b2569 100644 --- a/tasks/verif_installation_nextcloud.yml +++ b/tasks/verif_installation_nextcloud.yml @@ -24,12 +24,13 @@ msg: 'il faut déjà mettre à jour test-nuage avec cette version' when: not new_nextcloud_common.stat.exists and test_nuage is not defined -- name: Create new app common folder from old version one - become_user: nextcloud +- name: Création du dossier common de la nouvelle version en utilisant les apps de l'instance test-nuage become: true ansible.builtin.copy: - src: "{{ nextcloud_common_files_path }}/nextcloud-{{ ancienne_version }}/" + src: "/home/sites/data/org/heureux-cyclage/test-nuage/apps/" dest: "{{ nextcloud_common_files_path }}/nextcloud-{{ nouvelle_version }}" remote_src: true # because the copy is from remote host to remote host mode: '754' # or 'u=rwx,g=rx,o=r' + owner: nextcloud + group: nextcloud when: not new_nextcloud_common.stat.exists and test_nuage is defined -- 2.20.1 From ec65bc3ac2a9ce784c1e3774f9987f261ec94b42 Mon Sep 17 00:00:00 2001 From: rominique Date: Fri, 5 Jul 2024 15:57:05 +0200 Subject: [PATCH 10/15] ajout du tags sftp correcton tags https correction permission et owner WP --- creation_nouveau_site.yml | 15 ++++++++--- tasks/config_WP.yml | 4 +-- tasks/config_nginx.yml | 9 +++++++ tasks/config_options_www.yml | 52 +++++++++++++++++++----------------- 4 files changed, 51 insertions(+), 29 deletions(-) diff --git a/creation_nouveau_site.yml b/creation_nouveau_site.yml index ed292dd..48caac2 100644 --- a/creation_nouveau_site.yml +++ b/creation_nouveau_site.yml @@ -1,7 +1,10 @@ # commande pour lancer le playbook: ansible-playbook creation_nouveau_site.yml # attention - Par défaut ce scipt se lancer vers ligatures -# pour ne jouer que la partie permettant de générer le certificat SSL pour le HTTPS lancer la commance ci-dessous (attention il faut recharger nginx manuellement à la fin): +# pour ne jouer que la partie permettant de générer le certificat SSL pour le HTTPS lancer la commance ci-dessous: +# ansible-playbook creation_nouveau_site.yml --tags "https" + +# pour ne jouer que la partie permettant de configrer un accès SFTP lancer la commance ci-dessous: # ansible-playbook creation_nouveau_site.yml --tags "https" - name: Promp pour définir les variables du nouveau ite @@ -54,7 +57,9 @@ - name: Inclure les configurations optionnelles d'un site www ansible.builtin.include_tasks: tasks/config_options_www.yml - tags: https + tags: + - https + - sftp - name: Inclure la configuration d'un site web basique ansible.builtin.include_tasks: tasks/config_www.yml @@ -124,5 +129,9 @@ ansible.builtin.include_tasks: tasks/config_backup.yml - name: Inclure le configuration SFTP - ansible.builtin.include_tasks: tasks/config_sftp.yml + ansible.builtin.include_tasks: + file: tasks/config_sftp.yml + apply: + tags: sftp when: sftp_key != '' and sftp_key != 'non' + tags: sftp diff --git a/tasks/config_WP.yml b/tasks/config_WP.yml index 684d161..646a2a4 100644 --- a/tasks/config_WP.yml +++ b/tasks/config_WP.yml @@ -3,8 +3,8 @@ src: "/home/sites/data/wordpress/" dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ config_ss_domain }}/" remote_src: true # because the copy is from remote host to remote host - mode: '754' # or 'u=rwx,g=rx,o=r' - owner: "php_{{ SIGLE }}_{{ config_ss_domain }}" + mode: '2750' # or 'u=rwx,g=rx,o=r' + owner: "site_{{ SIGLE }}_{{ config_ss_domain }}" group: "site_{{ SIGLE }}_{{ config_ss_domain }}" - name: Créer les fichiers spécifiques wp diff --git a/tasks/config_nginx.yml b/tasks/config_nginx.yml index 3f74047..d370f46 100644 --- a/tasks/config_nginx.yml +++ b/tasks/config_nginx.yml @@ -46,3 +46,12 @@ name: nginx state: reloaded when: SITE != 'nuage' and SITE != 'paheko' and SITE != 'WP' and template_site == 'http' + +# ne jamais executer cette tâche sauf si le playbook est appelé avec le tag https - fin du playbook +- name: Recharger le service nginx + ansible.builtin.service: + name: nginx + state: reloaded + tags: + - https + - never \ No newline at end of file diff --git a/tasks/config_options_www.yml b/tasks/config_options_www.yml index 4f46142..132d063 100644 --- a/tasks/config_options_www.yml +++ b/tasks/config_options_www.yml @@ -1,47 +1,51 @@ - name: Demande sous-domaine - tags: https + tags: + - https + - sftp ansible.builtin.pause: prompt: 'quel sous-domaine faut-il configurer?(ex: www/gestion)' echo: true - default: '{{ SITE }}' register: config_ss_domain_promp when: SITE != 'nuage' -- name: Bloc demande des autres options +- name: Demande php + ansible.builtin.pause: + prompt: 'Faut-il configurer un pool PHP?(oui/non)' + echo: true + register: config_php_promp when: SITE != 'paheko' and SITE != 'nuage' and SITE != 'WP' - block: - - name: Demande php - ansible.builtin.pause: - prompt: 'Faut-il configurer un pool PHP?(oui/non)' - echo: true - register: config_php_promp +- name: Demande bdd + ansible.builtin.pause: + prompt: 'Faut-il configurer une base de données SQL?(ex: mariadb/postgres/non)' + echo: true + register: config_bdd_promp + when: SITE != 'paheko' and SITE != 'nuage' and SITE != 'WP' - - name: Demande bdd - ansible.builtin.pause: - prompt: 'Faut-il configurer une base de données SQL?(ex: mariadb/postgres/non)' - echo: true - register: config_bdd_promp +- name: Demande sftp_key + ansible.builtin.pause: + prompt: 'besoin de configurer un accès SFTP pour ce compte (vide ou clé public)' + echo: true + register: sftp_key_promp + when: SITE != 'paheko' and SITE != 'nuage' + tags: sftp - - name: Demande sftp_key - ansible.builtin.pause: - prompt: 'besoin de configurer un accès SFTP pour ce compte (vide ou clé public)' - echo: true - register: sftp_key_promp +- name: Definir config_ss_domain + tags: + - https + - sftp + ansible.builtin.set_fact: + config_ss_domain: "{{ ( SITE == 'nuage' | default ('') ) | ternary (SITE, config_ss_domain_promp.user_input) }}" - name: Definir config_php ansible.builtin.set_fact: config_php: "{{ ( config_php_promp.user_input | default ('') | length == 0 ) | ternary ('non', config_php_promp.user_input) }}" -- name: Definir config_ss_domain - tags: https - ansible.builtin.set_fact: - config_ss_domain: "{{ ( SITE == 'nuage' | default ('') ) | ternary (SITE, config_ss_domain_promp.user_input) }}" - - name: Definir config_bdd ansible.builtin.set_fact: config_bdd: "{{ ( config_bdd_promp.user_input | default ('') | length == 0 ) | ternary ('non', config_bdd_promp.user_input) }}" - name: Definir sftp_key + tags: sftp ansible.builtin.set_fact: sftp_key: "{{ sftp_key_promp.user_input | default('non') }}" \ No newline at end of file -- 2.20.1 From ea212cb9b9cc433dc30b860ffc1705a775b0fd9a Mon Sep 17 00:00:00 2001 From: rominique Date: Fri, 12 Jul 2024 15:00:36 +0200 Subject: [PATCH 11/15] correction version nc par defaut --- tasks/config_nuage.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/config_nuage.yml b/tasks/config_nuage.yml index bf99c5b..46ba017 100644 --- a/tasks/config_nuage.yml +++ b/tasks/config_nuage.yml @@ -64,13 +64,13 @@ block: - name: Demande la version de nextcloud déjà installée ansible.builtin.pause: - prompt: "Quelle version de nextcloud déjà installée? (default: 26.0.4)" + prompt: "Quelle version de nextcloud déjà installée? (default: 26.0.4.2)" echo: true register: ancienne_version_prompt - name: Definir ancienne_version ansible.builtin.set_fact: - ancienne_version: "{{ ( ancienne_version_prompt.user_input | length == 0 ) | ternary ('26.0.4', ancienne_version_prompt.user_input) }}" + ancienne_version: "{{ ( ancienne_version_prompt.user_input | length == 0 ) | ternary ('26.0.4.2', ancienne_version_prompt.user_input) }}" - name: Inclure la verif de l'install nextcloud ansible.builtin.include_tasks: tasks/verif_installation_nextcloud.yml -- 2.20.1 From 04d04b93c6f52bdd611f6da715c8ec8070b2c297 Mon Sep 17 00:00:00 2001 From: rominique Date: Mon, 15 Jul 2024 18:16:13 +0200 Subject: [PATCH 12/15] repartissement des background job cron nuage --- tasks/config_nuage.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tasks/config_nuage.yml b/tasks/config_nuage.yml index 46ba017..ce1cb6e 100644 --- a/tasks/config_nuage.yml +++ b/tasks/config_nuage.yml @@ -283,10 +283,11 @@ # role: "{{ nextcloud_php_user }}" # name: "GRANT SELECT ON pg_database TO php_{{ SIGLE }}_nuage;" +# on rend aléatoire la minutes de l'heure à laquelle les tâches d'arriere plan nextcloud tournent entre les différentes instance pour répartir la charge - name: Creation d'un fichier cron pour /etc/cron.d ansible.builtin.cron: name: "nextcloud {{ SIGLE }}_{{ config_ss_domain }} taches d'arriere plan toutes les 5 mins" - minute: "*/5" + minute: "{{ 5 | random }}-59/5" user: "php_{{ SIGLE }}_{{ config_ss_domain }}" job: "{{ nextcloud_webroot }}/cron" -- 2.20.1 From 1da6016ad8c19ec94fa7d14f087cd219ff5fa32d Mon Sep 17 00:00:00 2001 From: rominique Date: Fri, 19 Jul 2024 00:54:42 +0200 Subject: [PATCH 13/15] ajout de la conf unix socket pour user mariadb --- tasks/config_mariadb.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/config_mariadb.yml b/tasks/config_mariadb.yml index c2efe44..6f1ed97 100644 --- a/tasks/config_mariadb.yml +++ b/tasks/config_mariadb.yml @@ -27,5 +27,6 @@ community.mysql.mysql_user: name: "php_{{ SIGLE }}_{{ config_ss_domain }}" priv: "php_{{ SIGLE }}_{{ config_ss_domain }}.*:ALL" + plugin: unix_socket state: present login_unix_socket: /run/mysqld/mysqld.sock -- 2.20.1 From f05b2ae3135b143e59f9d28be04c9eb057b3e178 Mon Sep 17 00:00:00 2001 From: rominique Date: Thu, 29 Aug 2024 11:57:17 +0200 Subject: [PATCH 14/15] ajout certif domain.tld --- creation_nouveau_site.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/creation_nouveau_site.yml b/creation_nouveau_site.yml index 48caac2..dc0d713 100644 --- a/creation_nouveau_site.yml +++ b/creation_nouveau_site.yml @@ -85,6 +85,15 @@ register: certbot_log ignore_errors: true changed_when: false + when: config_ss_domain != 'www' + + - name: Générer un certififat avec certbot # noqa : command-instead-of-module + become: true + ansible.builtin.command: 'certbot certonly -n --nginx -d {{ DOMAIN }}.{{ TLD }} -d {{ config_ss_domain | default(SITE) }}.{{ DOMAIN }}.{{ TLD }}' + register: certbot_log + ignore_errors: true + changed_when: false + when: config_ss_domain == 'www' - name: Afficher les logs certbot ansible.builtin.debug: -- 2.20.1 From 60e4618a20820a676160681786aa1f40e10124d2 Mon Sep 17 00:00:00 2001 From: rominique Date: Thu, 29 Aug 2024 11:58:44 +0200 Subject: [PATCH 15/15] =?utf8?q?mise=20=C3=A0=20jour=20nom=20de=20t=C3=A2c?= =?utf8?q?he?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit --- creation_nouveau_site.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/creation_nouveau_site.yml b/creation_nouveau_site.yml index dc0d713..526cc6c 100644 --- a/creation_nouveau_site.yml +++ b/creation_nouveau_site.yml @@ -79,7 +79,7 @@ vars: template_site: 'http' - - name: Générer un certififat avec certbot # noqa : command-instead-of-module + - name: Générer le certififat du sous-domaine avec certbot # noqa : command-instead-of-module become: true ansible.builtin.command: 'certbot certonly -n --nginx -d {{ config_ss_domain | default(SITE) }}.{{ DOMAIN }}.{{ TLD }}' register: certbot_log @@ -87,7 +87,7 @@ changed_when: false when: config_ss_domain != 'www' - - name: Générer un certififat avec certbot # noqa : command-instead-of-module + - name: Générer le certififat du domaine et du sous-domaine avec certbot quand le sous domaine est www # noqa : command-instead-of-module become: true ansible.builtin.command: 'certbot certonly -n --nginx -d {{ DOMAIN }}.{{ TLD }} -d {{ config_ss_domain | default(SITE) }}.{{ DOMAIN }}.{{ TLD }}' register: certbot_log -- 2.20.1