diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2020-10-10 20:56:49 +0200 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2020-10-10 20:56:49 +0200 |
| commit | 3359f912f005168e0d624b42540c231c5c538c2d (patch) | |
| tree | 8e71ffa72cda20d4140198cd4a8108fc09b8ede1 /roles/apps/nextcloud | |
| parent | no more flush-handlers for apt-repos (diff) | |
nextcloud: add app user to custom images
Diffstat (limited to 'roles/apps/nextcloud')
| -rw-r--r-- | roles/apps/nextcloud/tasks/custom-image.yml | 7 | ||||
| -rw-r--r-- | roles/apps/nextcloud/tasks/main.yml | 5 | ||||
| -rwxr-xr-x | roles/apps/nextcloud/templates/nextcloud-upgrade.j2 | 9 | ||||
| -rw-r--r-- | roles/apps/nextcloud/templates/pod-spec-with-mariadb.yml.j2 | 3 |
4 files changed, 22 insertions, 2 deletions
diff --git a/roles/apps/nextcloud/tasks/custom-image.yml b/roles/apps/nextcloud/tasks/custom-image.yml index 6702d70b..5aac75e0 100644 --- a/roles/apps/nextcloud/tasks/custom-image.yml +++ b/roles/apps/nextcloud/tasks/custom-image.yml @@ -8,7 +8,14 @@ copy: content: | FROM {{ item.value.custom_image.from | default('nextcloud:' + item.value.version) }} + + RUN set -x \ + && addgroup --gid {{ nextcloud_app_gid }} nc-app \ + && adduser --uid {{ nextcloud_app_uid }} --gid {{ nextcloud_app_gid }} --system --no-create-home --home /var/www/html --disabled-login --disabled-password nc-app + {% if 'custom_image' in item.value %} + {{ item.value.custom_image.dockerfile }} + {% endif %} dest: "{{ nextcloud_base_path }}/{{ item.key }}/build/Dockerfile" register: nextcloud_custom_image_docker diff --git a/roles/apps/nextcloud/tasks/main.yml b/roles/apps/nextcloud/tasks/main.yml index c2dcf8d9..d09773ab 100644 --- a/roles/apps/nextcloud/tasks/main.yml +++ b/roles/apps/nextcloud/tasks/main.yml @@ -99,7 +99,7 @@ loop: "{{ nextcloud_instances | dict2items }}" loop_control: label: "{{ item.key }}" - when: "'custom_image' in item.value" + # when: "'custom_image' in item.value" include_tasks: custom-image.yml - name: install pod manifest @@ -118,6 +118,9 @@ - path: "{{ nextcloud_base_path }}/{{ item.key }}/config/ports.conf" properties: - checksum + - path: "{{ nextcloud_base_path }}/{{ item.key }}/build/Dockerfile" + properties: + - checksum include_role: name: kubernetes/standalone/pod diff --git a/roles/apps/nextcloud/templates/nextcloud-upgrade.j2 b/roles/apps/nextcloud/templates/nextcloud-upgrade.j2 index 27bc6222..13178f0f 100755 --- a/roles/apps/nextcloud/templates/nextcloud-upgrade.j2 +++ b/roles/apps/nextcloud/templates/nextcloud-upgrade.j2 @@ -38,6 +38,15 @@ else crictl pull "docker.io/library/nextcloud:$VERSION" echo "" fi +{% if nextcloud_zfs is defined %} + +echo "*** creating ZFS snapshot" +echo "" + +IMAGE_NAME_ESCAPED=${IMAGE_NAME/\//\\/} +CURRENT_VERSION=$(cat "$K8S_MANIFEST_FILE" | awk '/image: "'"$IMAGE_NAME_ESCAPED"':.*"/ { print($2) }' | tr -d '"' | cut -d ':' -f 2) +zfs snapshot "{{ nextcloud_zfs.pool }}/{{ nextcloud_zfs.name }}/$INST_NAME@upgrade_$CURRENT_VERSION-to-$VERSION""_$(date '+%Y-%m-%m_%H:%M:%S')" +{% endif %} echo "*** Patching manifest file" echo "" diff --git a/roles/apps/nextcloud/templates/pod-spec-with-mariadb.yml.j2 b/roles/apps/nextcloud/templates/pod-spec-with-mariadb.yml.j2 index b587cad3..6100a2ab 100644 --- a/roles/apps/nextcloud/templates/pod-spec-with-mariadb.yml.j2 +++ b/roles/apps/nextcloud/templates/pod-spec-with-mariadb.yml.j2 @@ -2,7 +2,8 @@ securityContext: allowPrivilegeEscalation: false containers: - name: nextcloud - image: "nextcloud{% if 'custom_image' in item.value %}/{{ item.key }}{% endif %}:{{ item.value.version }}" +{# image: "nextcloud{% if 'custom_image' in item.value %}/{{ item.key }}{% endif %}:{{ item.value.version }}" #} + image: "nextcloud/{{ item.key }}:{{ item.value.version }}" securityContext: runAsUser: {{ nextcloud_app_uid }} runAsGroup: {{ nextcloud_app_gid }} |