From 3359f912f005168e0d624b42540c231c5c538c2d Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 10 Oct 2020 20:56:49 +0200 Subject: nextcloud: add app user to custom images --- inventory/host_vars/sk-tomnext-nc.yml | 2 +- roles/apps/nextcloud/tasks/custom-image.yml | 7 +++++++ roles/apps/nextcloud/tasks/main.yml | 5 ++++- roles/apps/nextcloud/templates/nextcloud-upgrade.j2 | 9 +++++++++ roles/apps/nextcloud/templates/pod-spec-with-mariadb.yml.j2 | 3 ++- 5 files changed, 23 insertions(+), 3 deletions(-) diff --git a/inventory/host_vars/sk-tomnext-nc.yml b/inventory/host_vars/sk-tomnext-nc.yml index 3b3d503f..3e63fb9d 100644 --- a/inventory/host_vars/sk-tomnext-nc.yml +++ b/inventory/host_vars/sk-tomnext-nc.yml @@ -100,7 +100,7 @@ nextcloud_zfs: nextcloud_instances: team.tomwaitz.eu: # new: true - version: 19.0.3 + version: 19.0.4 port: 8100 hostnames: - team.tomwaitz.eu diff --git a/roles/apps/nextcloud/tasks/custom-image.yml b/roles/apps/nextcloud/tasks/custom-image.yml index 6702d70b..5aac75e0 100644 --- a/roles/apps/nextcloud/tasks/custom-image.yml +++ b/roles/apps/nextcloud/tasks/custom-image.yml @@ -8,7 +8,14 @@ copy: content: | FROM {{ item.value.custom_image.from | default('nextcloud:' + item.value.version) }} + + RUN set -x \ + && addgroup --gid {{ nextcloud_app_gid }} nc-app \ + && adduser --uid {{ nextcloud_app_uid }} --gid {{ nextcloud_app_gid }} --system --no-create-home --home /var/www/html --disabled-login --disabled-password nc-app + {% if 'custom_image' in item.value %} + {{ item.value.custom_image.dockerfile }} + {% endif %} dest: "{{ nextcloud_base_path }}/{{ item.key }}/build/Dockerfile" register: nextcloud_custom_image_docker diff --git a/roles/apps/nextcloud/tasks/main.yml b/roles/apps/nextcloud/tasks/main.yml index c2dcf8d9..d09773ab 100644 --- a/roles/apps/nextcloud/tasks/main.yml +++ b/roles/apps/nextcloud/tasks/main.yml @@ -99,7 +99,7 @@ loop: "{{ nextcloud_instances | dict2items }}" loop_control: label: "{{ item.key }}" - when: "'custom_image' in item.value" + # when: "'custom_image' in item.value" include_tasks: custom-image.yml - name: install pod manifest @@ -118,6 +118,9 @@ - path: "{{ nextcloud_base_path }}/{{ item.key }}/config/ports.conf" properties: - checksum + - path: "{{ nextcloud_base_path }}/{{ item.key }}/build/Dockerfile" + properties: + - checksum include_role: name: kubernetes/standalone/pod diff --git a/roles/apps/nextcloud/templates/nextcloud-upgrade.j2 b/roles/apps/nextcloud/templates/nextcloud-upgrade.j2 index 27bc6222..13178f0f 100755 --- a/roles/apps/nextcloud/templates/nextcloud-upgrade.j2 +++ b/roles/apps/nextcloud/templates/nextcloud-upgrade.j2 @@ -38,6 +38,15 @@ else crictl pull "docker.io/library/nextcloud:$VERSION" echo "" fi +{% if nextcloud_zfs is defined %} + +echo "*** creating ZFS snapshot" +echo "" + +IMAGE_NAME_ESCAPED=${IMAGE_NAME/\//\\/} +CURRENT_VERSION=$(cat "$K8S_MANIFEST_FILE" | awk '/image: "'"$IMAGE_NAME_ESCAPED"':.*"/ { print($2) }' | tr -d '"' | cut -d ':' -f 2) +zfs snapshot "{{ nextcloud_zfs.pool }}/{{ nextcloud_zfs.name }}/$INST_NAME@upgrade_$CURRENT_VERSION-to-$VERSION""_$(date '+%Y-%m-%m_%H:%M:%S')" +{% endif %} echo "*** Patching manifest file" echo "" diff --git a/roles/apps/nextcloud/templates/pod-spec-with-mariadb.yml.j2 b/roles/apps/nextcloud/templates/pod-spec-with-mariadb.yml.j2 index b587cad3..6100a2ab 100644 --- a/roles/apps/nextcloud/templates/pod-spec-with-mariadb.yml.j2 +++ b/roles/apps/nextcloud/templates/pod-spec-with-mariadb.yml.j2 @@ -2,7 +2,8 @@ securityContext: allowPrivilegeEscalation: false containers: - name: nextcloud - image: "nextcloud{% if 'custom_image' in item.value %}/{{ item.key }}{% endif %}:{{ item.value.version }}" +{# image: "nextcloud{% if 'custom_image' in item.value %}/{{ item.key }}{% endif %}:{{ item.value.version }}" #} + image: "nextcloud/{{ item.key }}:{{ item.value.version }}" securityContext: runAsUser: {{ nextcloud_app_uid }} runAsGroup: {{ nextcloud_app_gid }} -- cgit v1.2.3