diff options
-rw-r--r-- | dan/ele-media.yml | 4 | ||||
-rw-r--r-- | dan/host_vars/ele-media.yml | 21 | ||||
-rw-r--r-- | inventory/host_vars/ele-media.yml | 33 | ||||
-rw-r--r-- | roles/elevate/media/defaults/main.yml | 16 | ||||
-rw-r--r-- | roles/elevate/media/filter_plugins/nextcloud.py | 38 | ||||
-rw-r--r-- | roles/elevate/media/tasks/nextcloud-config.yml | 52 | ||||
-rw-r--r-- | roles/elevate/media/tasks/nextcloud-lvm.yml | 42 | ||||
-rw-r--r-- | roles/elevate/media/tasks/nextcloud.yml | 141 | ||||
-rw-r--r-- | roles/elevate/media/templates/nextcloud.service.j2 | 16 |
9 files changed, 294 insertions, 69 deletions
diff --git a/dan/ele-media.yml b/dan/ele-media.yml index 0232ec3a..c0746e27 100644 --- a/dan/ele-media.yml +++ b/dan/ele-media.yml @@ -6,7 +6,7 @@ - role: sshd - role: zsh - role: admin-user - - role: docker - - role: acmetool/base +# - role: acmetool/base - role: mysql + - role: docker - role: elevate/media diff --git a/dan/host_vars/ele-media.yml b/dan/host_vars/ele-media.yml index 1fa4fc1f..dbdafead 100644 --- a/dan/host_vars/ele-media.yml +++ b/dan/host_vars/ele-media.yml @@ -1,9 +1,14 @@ $ANSIBLE_VAULT;1.2;AES256;dan -30663237323334376561303332396535346330303539656235633362316637313866623130663466 -3936313461393937626366353437303836316462363936390a613065613535366361306365636337 -30666263316566343766663465376339323332313031346331333035343861613431666539393062 -3366386366326466320a363364623762353634383064643036653466383639336434613135346330 -34326163366133343236313134643363366563303138363565306337303937633431633236333934 -35383337386138303464633434366164313765303466353330643036663434366466333135323865 -62613539313631363031336337393566646566386134343033633337646366663634343063353161 -35383766623965613462 +31316230393666623739333361346439316430613266613632363530646235363462363231303139 +3566383530636261663664623230313735366165636266610a383435386233396665346339373736 +66343431386433386565663939323739633437353538353362663062366434616237346366353833 +6462366637303038310a323236363064313765353835623730346632336461623432353639316332 +63613736646430313131393362643839663136333038323432656530326239393234326561396663 +30643538383933623464363733303566343637363566666331366132313861393439323164636436 +65316235613532373533633730643638396364306563353663306539626437373461663738656664 +36383734346461333130393165656130626631336134343837633036333533343266333564653134 +36356438333236396637326362663139656332376332636331303438633261643439316432303461 +63343965333664336264366363343065303865373431303862366234336631326463363165373134 +35643963663163646330623733633230653239383765306238393035636562386631623539336362 +34303532366264343866343835636430383334613035396464323130623161383833313562356230 +3535 diff --git a/inventory/host_vars/ele-media.yml b/inventory/host_vars/ele-media.yml index 4b509097..0adac6a7 100644 --- a/inventory/host_vars/ele-media.yml +++ b/inventory/host_vars/ele-media.yml @@ -12,6 +12,13 @@ install: disks: primary: /dev/disk/by-id/ata-Samsung_SSD_840_Series_S14GNEACC92243K + +admin_user_host: +- "{{ equinox_user }}" + +ssh_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}" + + mysql_root_password: "{{ vault_ele_media.mysql_root_password }}" docker_lvm: @@ -19,3 +26,29 @@ docker_lvm: lv: docker size: 20G fs: ext4 + + +nextcloud_hostnames: + - media.elevate.at + - elevate-media.spreadspace.org + +nextcloud_db: + db: nextcloud + user: nextcloud + password: "{{ vault_ele_media.nextcloud_db.password }}" + +nextcloud_admin: + username: admin + password: "{{ vault_ele_media.nextcloud_admin.password }}" + +nextcloud_lvm: + system: + vg: "{{ host_name }}" + lv: nextcloud + size: 20G + fs: ext4 + data: + vg: "{{ host_name }}" + lv: ncdata + size: 150G + fs: ext4 diff --git a/roles/elevate/media/defaults/main.yml b/roles/elevate/media/defaults/main.yml index a2c9c807..344d0aba 100644 --- a/roles/elevate/media/defaults/main.yml +++ b/roles/elevate/media/defaults/main.yml @@ -1,4 +1,16 @@ --- +nextcloud_version: 15 + nextcloud_hostnames: - - media.elevate.at - - elevate-media.spreadspace.org + - wolke.example.com + +nextcloud_db: + db: nextcloud + user: nextcloud + password: changeme + +nextcloud_admin: + user: admin + password: changeme + +nextcloud_lvm: {} diff --git a/roles/elevate/media/filter_plugins/nextcloud.py b/roles/elevate/media/filter_plugins/nextcloud.py new file mode 100644 index 00000000..a1bcd63b --- /dev/null +++ b/roles/elevate/media/filter_plugins/nextcloud.py @@ -0,0 +1,38 @@ +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +from ansible import errors + + +def mountpoint_exists(data, mountpoint): + try: + for entry in data: + if entry['mount_point'] == mountpoint: + return True + + return False + except Exception as e: + raise errors.AnsibleFilterError("mountpoint_exists(): %s" % str(e)) + + +def get_id_of_mountpoint(data, mountpoint): + try: + for entry in data: + if entry['mount_point'] == mountpoint: + return entry['mount_id'] + + raise KeyError + except Exception as e: + raise errors.AnsibleFilterError("get_id_of_mountpoint(): %s" % str(e)) + + +class FilterModule(object): + + ''' extract values from nextcloud ''' + filter_map = { + 'nextcloud_mountpoint_exists': mountpoint_exists, + 'nextcloud_get_id_of_mountpoint': get_id_of_mountpoint, + } + + def filters(self): + return self.filter_map diff --git a/roles/elevate/media/tasks/nextcloud-config.yml b/roles/elevate/media/tasks/nextcloud-config.yml new file mode 100644 index 00000000..1ce80860 --- /dev/null +++ b/roles/elevate/media/tasks/nextcloud-config.yml @@ -0,0 +1,52 @@ +--- + # TODO: fix idempotence +- name: set up permission for external storage + command: docker exec -u root nextcloud.service bash -c "chown root:www-data /srv/external && chmod 02775 /srv/external" + changed_when: false + + + ## TODO: this is idempotent but flagging change would be nice +- name: set up permission for external storage + command: docker exec -u www-data nextcloud.service /var/www/html/occ app:enable files_external + changed_when: false + + +- name: check if elevate group exists in nextcloud (1/2) + command: docker exec -u www-data nextcloud.service /var/www/html/occ group:list -n --output=json + register: nextcloud_group_list + changed_when: false + +- name: check if elevate group exists in nextcloud (2/2) + set_fact: + nextcloud_group_list: "{{ nextcloud_group_list.stdout | from_json }}" + +- name: create group elevate group in nextcloud + command: docker exec -u www-data nextcloud.service /var/www/html/occ group:add -n elevate + when: '"elevate" not in nextcloud_group_list' + + +- name: check if external storage is configured in nextcloud (1/2) + command: docker exec -u www-data nextcloud.service /var/www/html/occ files_external:list -n --output=json + register: nextcloud_files_external_list + changed_when: false + +- name: check if external storage is configured in nextcloud (2/2) + set_fact: + nextcloud_files_external_list: "{{ nextcloud_files_external_list.stdout | from_json }}" + +- debug: + var: nextcloud_files_external_list + +- name: configure external storage in nextcloud + command: docker exec -u www-data nextcloud.service /var/www/html/occ files_external:create -n --output=json --config="datadir=/srv/external" Fileserver local null::null + when: not (nextcloud_files_external_list | nextcloud_mountpoint_exists('/Fileserver')) + + ## TODO: this is idempotent but flagging change would be nice +- name: set up permission for external storage + command: docker exec -u www-data nextcloud.service /var/www/html/occ files_external:applicable -n --output=json 1 --add-group=elevate + changed_when: false + + +### add this until tests have been done +## 'overwriteprotocol' => 'http', -> /srv/nextcloud/config/nextcloud/config.php +# diff --git a/roles/elevate/media/tasks/nextcloud-lvm.yml b/roles/elevate/media/tasks/nextcloud-lvm.yml new file mode 100644 index 00000000..d24326d3 --- /dev/null +++ b/roles/elevate/media/tasks/nextcloud-lvm.yml @@ -0,0 +1,42 @@ +--- +- name: prepare nextcloud system disk as LVM + when: nextcloud_lvm.system is defined + block: + - name: create logical volume + lvol: + vg: "{{ nextcloud_lvm.system.vg }}" + lv: "{{ nextcloud_lvm.system.lv }}" + size: "{{ nextcloud_lvm.system.size }}" + + - name: create filesystem + filesystem: + fstype: "{{ nextcloud_lvm.system.fs }}" + dev: "/dev/mapper/{{ nextcloud_lvm.system.vg | replace('-', '--') }}-{{ nextcloud_lvm.system.lv | replace('-', '--') }}" + + - name: mount filesytem + mount: + src: "/dev/mapper/{{ nextcloud_lvm.system.vg | replace('-', '--') }}-{{ nextcloud_lvm.system.lv | replace('-', '--') }}" + path: /srv/nextcloud + fstype: "{{ nextcloud_lvm.system.fs }}" + state: mounted + +- name: prepare nextcloud data disk as LVM + when: nextcloud_lvm.data is defined + block: + - name: create logical volume + lvol: + vg: "{{ nextcloud_lvm.data.vg }}" + lv: "{{ nextcloud_lvm.data.lv }}" + size: "{{ nextcloud_lvm.data.size }}" + + - name: create filesystem + filesystem: + fstype: "{{ nextcloud_lvm.data.fs }}" + dev: "/dev/mapper/{{ nextcloud_lvm.data.vg | replace('-', '--') }}-{{ nextcloud_lvm.data.lv | replace('-', '--') }}" + + - name: mount filesytem + mount: + src: "/dev/mapper/{{ nextcloud_lvm.data.vg | replace('-', '--') }}-{{ nextcloud_lvm.data.lv | replace('-', '--') }}" + path: /srv/ncdata + fstype: "{{ nextcloud_lvm.data.fs }}" + state: mounted diff --git a/roles/elevate/media/tasks/nextcloud.yml b/roles/elevate/media/tasks/nextcloud.yml index 6a3faf73..d827a28a 100644 --- a/roles/elevate/media/tasks/nextcloud.yml +++ b/roles/elevate/media/tasks/nextcloud.yml @@ -1,4 +1,7 @@ --- +- name: preare nextcloud disks + import_tasks: nextcloud-lvm.yml + - name: create nextcloud config directory file: path: /srv/nextcloud/config/ @@ -9,61 +12,85 @@ src: nextcloud-fpm.conf.j2 dest: /srv/nextcloud/config/nextcloud-fpm.conf -##### TODO: implement the following steps -### install -# -# docker run --rm --network host --name nextcloud \ -# -e NEXTCLOUD_UPDATE=1 -e NEXTCLOUD_TRUSTED_DOMAINS="media.elevate.at elevate-media.spreadspace.org 89.106.211.61" \ -# -e MYSQL_DATABASE="nextcloud" -e MYSQL_HOST="127.0.0.1:3306" -e MYSQL_USER="nextcloud" -e MYSQL_PASSWORD="testtest" \ -# -e NEXTCLOUD_ADMIN_USER="admin" -e NEXTCLOUD_ADMIN_PASSWORD="test" \ -# -v /srv/nextcloud/config/nextcloud-fpm.conf:/usr/local/etc/php-fpm.d/zzzzz.conf \ -# -v /srv/nextcloud/config/nextcloud:/var/www/html/config \ -# -v /srv/data/nextcloud:/var/www/html/data \ -# -v /srv/data/share:/srv/external \ -# -v /srv/nextcloud/www:/var/www/html nextcloud:15-fpm /bin/true -# -# -## for now we only support http (not needed when nginx and network config is fixed) -## -## 'overwriteprotocol' => 'http', -> /srv/nextcloud/config/nextcloud/config.php -## -# -### run -# -# docker run --rm -d --network host --name nextcloud \ -# -v /srv/nextcloud/config/nextcloud-fpm.conf:/usr/local/etc/php-fpm.d/zzzzz.conf \ -# -v /srv/nextcloud/config/nextcloud:/var/www/html/config \ -# -v /srv/data/nextcloud:/var/www/html/data \ -# -v /srv/data/share:/srv/external \ -# -v /srv/nextcloud/www:/var/www/html nextcloud:15-fpm -# -# -### post -install -# -# docker exec -u root -it nextcloud bash -c "chown root:www-data /srv/external && chmod 02775 /srv/external" -# -## this is idempotent -# docker exec -u www-data -it nextcloud /var/www/html/occ app:enable files_external -# -## docker exec -u www-data -it nextcloud /var/www/html/occ group:list -n --output=json -# docker exec -u www-data -it nextcloud /var/www/html/occ group:add -n Elevate -# -## docker exec -u www-data -it nextcloud /var/www/html/occ files_external:list --output=json -# docker exec -u www-data -it nextcloud /var/www/html/occ files_external:create -n --output=json --config="datadir=/srv/external" Fileserver local null::null -# -## this is idempotent -# docker exec -u www-data -it nextcloud /var/www/html/occ files_external:applicable -n --output=json 1 --add-group=Elevate -# -# -# -##### not need to implement this... -# -### purge -# -# docker stop nextcloud -# rm -rf /srv/nextcloud/config/nextcloud -# rm -rf /srv/data/nextcloud -# rm -rf /srv/nextcloud/www -# echo "drop database nextcloud;" | mysql --defaults-extra-file=/etc/mysql/debian.cnf -# +- name: create nextcloud database + mysql_db: + login_user: root + login_password: "{{ mysql_root_password }}" + db: "{{ nextcloud_db.db }}" + encoding: utf8mb4 + collation: utf8mb4_general_ci + state: present + +- name: create nextcloud database user + mysql_user: + login_user: root + login_password: "{{ mysql_root_password }}" + name: "{{ nextcloud_db.user }}" + password: "{{ nextcloud_db.password }}" + priv: "{{ nextcloud_db.db }}.*:SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,INDEX,ALTER,CREATE TEMPORARY TABLES" + state: present + + +- name: check if nextcloud is already configured + stat: + path: /srv/nextcloud/config/nextcloud/config.php + register: nextcloud_config_file + +- name: running nextcloud installer + when: not nextcloud_config_file.stat.exists + docker_container: + name: nextcloud + image: nextcloud:{{ nextcloud_version }}-fpm + command: /bin/true + network_mode: host + detach: no + auto_remove: yes + volumes: + - /srv/nextcloud/www:/var/www/html + - /srv/nextcloud/config/nextcloud-fpm.conf:/usr/local/etc/php-fpm.d/zzzzz.conf + - /srv/nextcloud/config/nextcloud:/var/www/html/config + - /srv/ncdata/nextcloud:/var/www/html/data + - /srv/ncdata/share:/srv/external + env: + NEXTCLOUD_UPDATE: '1' + NEXTCLOUD_TRUSTED_DOMAINS: "{{ nextcloud_hostnames | join(' ') }} 89.106.211.61" ## TODO remove ip when tests are done + MYSQL_DATABASE: "{{ nextcloud_db.db }}" + MYSQL_HOST: "127.0.0.1:3306" + MYSQL_USER: "{{ nextcloud_db.user }}" + MYSQL_PASSWORD: "{{ nextcloud_db.password }}" + NEXTCLOUD_ADMIN_USER: "{{ nextcloud_admin.username }}" + NEXTCLOUD_ADMIN_PASSWORD: "{{ nextcloud_admin.password }}" + + +- name: install nextcloud service unit + template: + src: nextcloud.service.j2 + dest: /etc/systemd/system/nextcloud.service + register: nextcloud_service + +- name: make sure nextcloud is started and enabled + systemd: + name: nextcloud.service + state: "{% if nextcloud_service.changed %}restarted{% else %}started{% endif %}" + enabled: yes + daemon_reload: yes + +- name: basic nextcloud config + import_tasks: nextcloud-config.yml + +- name: install nextcloud cron systemd units + with_items: + - service + - timer + template: + src: "nextcloud-cron.{{ item }}.j2" + dest: "/etc/systemd/system/nextcloud-cron.{{ item }}" + +- name: make sure nextcloud cron is started and enabled + systemd: + name: nextcloud-cron.timer + state: started + enabled: yes + daemon_reload: yes + diff --git a/roles/elevate/media/templates/nextcloud.service.j2 b/roles/elevate/media/templates/nextcloud.service.j2 new file mode 100644 index 00000000..4eacf476 --- /dev/null +++ b/roles/elevate/media/templates/nextcloud.service.j2 @@ -0,0 +1,16 @@ +[Unit] +Description=Nextcloud +After=docker.service +Requires=docker.service + +[Service] +ExecStart=/usr/bin/systemd-docker --cgroups name=systemd run --rm --network host --name %n -v /srv/nextcloud/config/nextcloud-fpm.conf:/usr/local/etc/php-fpm.d/zzzzz.conf -v /srv/nextcloud/config/nextcloud:/var/www/html/config -v /srv/ncdata/nextcloud:/var/www/html/data -v /srv/ncdata/share:/srv/external -v /srv/nextcloud/www:/var/www/html nextcloud:{{ nextcloud_version }}-fpm +Restart=always +RestartSec=10 +Type=notify +NotifyAccess=all +TimeoutStartSec=30 +TimeoutStopSec=5 + +[Install] +WantedBy=multi-user.target |