diff options
Diffstat (limited to 'roles/apps/nextcloud/instance/templates')
4 files changed, 216 insertions, 0 deletions
diff --git a/roles/apps/nextcloud/instance/templates/apache-site.conf.j2 b/roles/apps/nextcloud/instance/templates/apache-site.conf.j2 new file mode 100644 index 00000000..8df06113 --- /dev/null +++ b/roles/apps/nextcloud/instance/templates/apache-site.conf.j2 @@ -0,0 +1,20 @@ +IncludeOptional mods-available/socache_shmcb.load +IncludeOptional mods-available/ssl.load +IncludeOptional mods-available/ssl.conf + +<VirtualHost *:8080> + ServerAdmin webmaster@localhost + DocumentRoot /var/www/html + + UseCanonicalName Off + UseCanonicalPhysicalPort Off + + ServerName nextcloud-{{ nextcloud_instance }}.{{ inventory_hostname }} + SSLEngine on + SSLCertificateFile "/etc/ssl/publish/cert.pem" + SSLCertificateKeyFile "/etc/ssl/publish/key.pem" + SSLProtocol TLSv1.3 + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined +</VirtualHost> diff --git a/roles/apps/nextcloud/instance/templates/cron-.timer.j2 b/roles/apps/nextcloud/instance/templates/cron-.timer.j2 new file mode 100644 index 00000000..eead0fd0 --- /dev/null +++ b/roles/apps/nextcloud/instance/templates/cron-.timer.j2 @@ -0,0 +1,9 @@ +[Unit] +Description=Nextcloud cron.php job timer for {{ nextcloud_instance }} + +[Timer] +OnCalendar=*:{{ 5 | random(seed=nextcloud_instance) }}/5 +Unit=nextcloud-cron@{{ nextcloud_instance }}.service + +[Install] +WantedBy=timers.target diff --git a/roles/apps/nextcloud/instance/templates/pod-spec-with-mariadb.yml.j2 b/roles/apps/nextcloud/instance/templates/pod-spec-with-mariadb.yml.j2 new file mode 100644 index 00000000..c1a4f2ea --- /dev/null +++ b/roles/apps/nextcloud/instance/templates/pod-spec-with-mariadb.yml.j2 @@ -0,0 +1,110 @@ +securityContext: + allowPrivilegeEscalation: false +containers: +- name: nextcloud +{# image: "nextcloud{% if 'custom_image' in nextcloud_instances[nextcloud_instance] %}/{{ nextcloud_instance }}{% endif %}:{{ nextcloud_instances[nextcloud_instance].version }}" #} + image: "nextcloud/{{ nextcloud_instance }}:{{ nextcloud_instances[nextcloud_instance].version }}" + securityContext: + runAsUser: {{ nextcloud_app_uid }} + runAsGroup: {{ nextcloud_app_gid }} + resources: + limits: + memory: "4Gi" +{% if 'new' in nextcloud_instances[nextcloud_instance] and nextcloud_instances[nextcloud_instance].new %} + env: + - name: NEXTCLOUD_TRUSTED_DOMAINS + value: "{{ nextcloud_instances[nextcloud_instance].publish.hostnames | join(' ') }}" + - name: MYSQL_HOST + value: 127.0.0.1 + - name: MYSQL_DATABASE + value: nextcloud + - name: MYSQL_USER + value: nextcloud + - name: MYSQL_PASSWORD + value: "{{ nextcloud_instances[nextcloud_instance].database.password }}" +{% endif %} + volumeMounts: + - name: nextcloud + mountPath: /var/www/html + - name: config + mountPath: /etc/apache2/sites-available/000-default.conf + subPath: apache-site.conf + readOnly: true + - name: config + mountPath: /etc/apache2/ports.conf + subPath: ports.conf + readOnly: true + - name: tls + mountPath: /etc/ssl/publish + readOnly: true + ports: + - containerPort: 8080 + hostPort: {{ nextcloud_instances[nextcloud_instance].port }} + hostIP: 127.0.0.1 +- name: redis + image: "redis:{{ nextcloud_instances[nextcloud_instance].redis.version }}" + args: + - --bind 127.0.0.1 + securityContext: + runAsUser: {{ nextcloud_redis_uid }} + runAsGroup: {{ nextcloud_redis_gid }} + resources: + limits: + memory: "512Mi" + volumeMounts: + - name: redis + mountPath: /data +- name: database + image: "mariadb:{{ nextcloud_instances[nextcloud_instance].database.version }}" + args: + - --transaction-isolation=READ-COMMITTED + - --log-bin=binlog + - --binlog-format=ROW +{% for arg in (nextcloud_instances[nextcloud_instance].database.extra_args | default([])) %} + - {{ arg }} +{% endfor %} + securityContext: + runAsUser: {{ nextcloud_db_uid }} + runAsGroup: {{ nextcloud_db_gid }} + resources: + limits: + memory: "2Gi" + env: + - name: MARIADB_AUTO_UPGRADE + value: "true" + - name: MARIADB_DISABLE_UPGRADE_BACKUP + value: "true" +{% if 'new' in nextcloud_instances[nextcloud_instance] and nextcloud_instances[nextcloud_instance].new %} + - name: MARIADB_RANDOM_ROOT_PASSWORD + value: "true" + - name: MARIADB_DATABASE + value: nextcloud + - name: MARIADB_USER + value: nextcloud + - name: MARIADB_PASSWORD + value: "{{ nextcloud_instances[nextcloud_instance].database.password }}" +{% endif %} + volumeMounts: + - name: database + mountPath: /var/lib/mysql +volumes: +- name: config + hostPath: + path: "{{ nextcloud_instance_basepath }}/config/" + type: Directory +- name: tls + hostPath: + path: "{{ nextcloud_instance_basepath }}/tls/" + type: Directory +- name: nextcloud + hostPath: + path: "{{ nextcloud_instance_basepath }}/nextcloud" + type: Directory +- name: redis + hostPath: + path: "{{ nextcloud_instance_basepath }}/redis" + type: Directory +- name: database + hostPath: + path: "{{ nextcloud_instance_basepath }}/{{ nextcloud_instances[nextcloud_instance].database.type }}" + type: Directory diff --git a/roles/apps/nextcloud/instance/templates/upgrade.sh.j2 b/roles/apps/nextcloud/instance/templates/upgrade.sh.j2 new file mode 100644 index 00000000..62f6641e --- /dev/null +++ b/roles/apps/nextcloud/instance/templates/upgrade.sh.j2 @@ -0,0 +1,77 @@ +#!/bin/bash + +set -e + +if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ]; then + echo "Usage: $0 (preapre|finalize) <old-version> <new-version>" + exit 1 +fi + +COMMAND="$1" +OLD_VERSION="$2" +NEW_VERSION="$3" +POD_NAME="{{ nextcloud_instance }}-$(hostname)" + +maintenance_mode() { + POD_ID=$(crictl pods --name "$POD_NAME" --state ready -q) + CONTAINER_ID=$(crictl ps --pod "$POD_ID" --name nextcloud -q) + crictl exec "$CONTAINER_ID" php -f /var/www/html/occ maintenance:mode "$1" +} + +wait_for_cronjobs() { + POD_ID=$(crictl pods --name "$POD_NAME" --state ready -q) + CONTAINER_ID=$(crictl ps --pod "$POD_ID" --name nextcloud -q) + crictl exec "$CONTAINER_ID" bash -c 'echo -n "waiting for running cron script "; while [ -n "$(pgrep -a php | grep cron.php)" ]; do echo -n "."; sleep 1; done; echo ""' +} + +wait_for_upgrade_complete() { + NEW_VERSION="$1" + + set +e + echo -n "waiting for new version to be ready " + while true; do + POD_ID=$(crictl pods --name "$POD_NAME" --state ready -q) + if [ -z $POD_ID ]; then continue; fi + CONTAINER_ID=$(crictl ps --pod "$POD_ID" --name nextcloud -q) + if [ -z $CONTAINER_ID ]; then continue; fi + STATUS_OUTPUT=$(crictl exec "$CONTAINER_ID" php -f /var/www/html/occ status -n --no-warnings --output plain) + if [ $? -eq 0 ]; then + RUNNING_VERSION=$(echo "$STATUS_OUTPUT" | awk -F : '/versionstring/ { print($2) }' | tr -d ' ') + if [ "$RUNNING_VERSION" = "$NEW_VERSION" ]; then + break + fi + echo -n "." + fi + sleep 1 + done + echo "" + set -e + crictl exec "$CONTAINER_ID" bash -c 'echo -n "waiting for apache to start "; while [ -z "$(pgrep apache2)" ]; do echo -n "."; sleep 1; done; echo ""' +} + +storage_snapshot() { + OLD_VERSION="$1" + NEW_VERSION="$2" + +{% if nextcloud_instances[nextcloud_instance].storage.type == 'zfs' %} + ZFS_VOLUME=$(findmnt -no source -T "{{ nextcloud_instance_basepath }}") + echo "creating snapshot for zfs volume: $ZFS_VOLUME" + zfs snapshot "$ZFS_VOLUME@upgrade_$OLD_VERSION-to-$NEW_VERSION""_$(date '+%Y-%m-%m_%H:%M:%S')" +{% endif %} +} + +case "$COMMAND" in + prepare) + maintenance_mode --on + wait_for_cronjobs + storage_snapshot "$OLD_VERSION" "$NEW_VERSION" + ;; + finalize) + wait_for_upgrade_complete "$NEW_VERSION" + maintenance_mode --off + ;; + *) + echo "unknown command: $COMMAND, must be prepare or finalize" + exit 1 + ;; +esac |