From 056c026178bef099986885ac3bb09a1f98472cdc Mon Sep 17 00:00:00 2001 From: Markus Katharina Brechtel Date: Fri, 12 Oct 2018 18:18:50 +0000 Subject: [PATCH] upgrade to nextcloud 14 --- defaults/main.yml | 24 ++-- tasks/access.yml | 29 +++- tasks/apache2.yml | 9 +- tasks/apps.yml | 16 ++- tasks/configure.yml | 1 + tasks/gpg.yaml | 17 +++ tasks/install.yml | 6 +- tasks/main.yml | 7 +- tasks/mysql.yml | 2 +- tasks/occ.yaml | 6 + tasks/reset.yml | 5 + tasks/server.yml | 42 ++++-- templates/apache-vhost.conf.j2 | 2 +- templates/apache2-ports.conf.j2 | 3 + templates/config.php.j2 | 224 +---------------------------- templates/nextcloud-latest.json.j2 | 8 ++ templates/occ.fish.j2 | 5 + vars/main.yml | 2 + 18 files changed, 146 insertions(+), 262 deletions(-) create mode 100644 tasks/gpg.yaml create mode 100644 tasks/occ.yaml create mode 100644 templates/apache2-ports.conf.j2 create mode 100644 templates/nextcloud-latest.json.j2 create mode 100644 templates/occ.fish.j2 diff --git a/defaults/main.yml b/defaults/main.yml index 10c6517..64cb766 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,29 +1,23 @@ nextcloud_state: installed +nextcloud_archive_directory: /opt/nextcloud + nextcloud_directory: /var/www/nextcloud nextcloud_data_directory: "{{nextcloud_directory}}/data" -nextcloud_server_version: 12.0.4 -nextcloud_server_checksum: sha256:654161a74ceaf9a60c7731d7d6702e6710a972633a97955d16f01abeb09d09b6 +nextcloud_version: 14.0.2 nextcloud_apps: - - name: contacts - version: 2.0.1 - checksum: sha256:ce17a7dde519698abb86be987d803913222c6691bf297a1082001344031fd2d9 - - name: calendar - version: 1.5.6 - checksum: sha256:afe77c960e0a67a41452b1183495ce327beea1b35f04eaf48c71706af9e81358 - - name: tasks - version: 0.9.5 - checksum: sha256:a76ab499668510d0364262f787520e8f030974facbbe5f0b9ec8ea11915579c9 - - name: news - version: 11.0.5 - url: https://github.com/nextcloud/news/releases/download/11.0.5/news.tar.gz - checksum: sha256:664acc326821d8e15be4f26d4e69033bf01286f255f6e1224c0048d1842e5617 + - contacts + - calendar + - tasks nextcloud_default_language: en nextcloud_force_language: false nextcloud_defaultapp: files nextcloud_database_type: mysql + +nextcloud_server_names: + - "{{ inventory_hostname }}" diff --git a/tasks/access.yml b/tasks/access.yml index d0a1449..a3723f8 100644 --- a/tasks/access.yml +++ b/tasks/access.yml @@ -1,6 +1,14 @@ --- -- name: nextcloud directory access +- name: nextcloud directory + file: + path: /var/www/nextcloud + state: directory + owner: root + group: www-data + mode: 0750 + +- name: nextcloud subdirectories file: path: /var/www/nextcloud/{{item}} state: directory @@ -8,15 +16,18 @@ group: www-data recurse: yes with_items: - - data - config + - apps + - themes + - updater -- name: nextcloud htaccess file access +- name: nextcloud data directory file: - path: /var/www/nextcloud/.htaccess - state: file + path: "{{nextcloud_data_directory}}" + state: directory owner: www-data group: www-data + recurse: yes - name: nextcloud log directory file: @@ -24,3 +35,11 @@ state: directory owner: www-data group: www-data + +- name: nextcloud htaccess webserver access + file: + path: /var/www/nextcloud/.htaccess + state: file + owner: www-data + group: www-data + state: touch diff --git a/tasks/apache2.yml b/tasks/apache2.yml index 532a847..f42e25f 100644 --- a/tasks/apache2.yml +++ b/tasks/apache2.yml @@ -1,12 +1,13 @@ --- -- name: apache2 rewrite module +- name: apache2 modules apache2_module: name: "{{ item }}" state: present with_items: - ssl - rewrite + - env notify: restart apache2 - name: apache2 nextcloud vhost @@ -21,3 +22,9 @@ dest: /etc/apache2/sites-enabled/nextcloud.conf state: link notify: restart apache2 + +- name: apache2 ports + template: + src: apache2-ports.conf.j2 + dest: /etc/apache2/ports.conf + notify: restart apache2 diff --git a/tasks/apps.yml b/tasks/apps.yml index f217fd0..7a11790 100644 --- a/tasks/apps.yml +++ b/tasks/apps.yml @@ -1,15 +1,23 @@ --- +- name: get nextcloud apps list + uri: + url: https://apps.nextcloud.com/api/v1/platform/{{ nextcloud_version }}/apps.json + register: _nextcloud_apps_list + +- debug: + msg: + _nextcloud_apps: "{{ _nextcloud_apps }}" + - name: nextcloud apps download get_url: - url: "{{ item.url | default('https://github.com/nextcloud/'+item.name+'/releases/download/v'+item.version+'/'+item.name+'.tar.gz') }}" - dest: /var/www/nextcloud-app-{{item.name}}-{{ item.version }}.tar.gz - checksum: "{{ item.checksum }}" + url: "{{ _nextcloud_apps[item].url }}" + dest: "{{nextcloud_archive_directory}}/nextcloud-{{item}}-{{ _nextcloud_apps[item].version }}.tar.gz" with_items: "{{ nextcloud_apps }}" - name: nextcloud apps extract unarchive: - src: /var/www/nextcloud-app-{{item.name}}-{{ item.version }}.tar.gz + src: "{{nextcloud_archive_directory}}/nextcloud-{{item}}-{{ _nextcloud_apps[item].version }}.tar.gz" dest: /var/www/nextcloud/apps/ remote_src: yes owner: root diff --git a/tasks/configure.yml b/tasks/configure.yml index 5fbbe0a..0927914 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -7,6 +7,7 @@ args: chdir: /var/www/nextcloud register: _nextcloud_config_cmd + changed_when: false - name: nextcloud occ config:app:delete trusted_domains command: php occ config:system:delete trusted_domains diff --git a/tasks/gpg.yaml b/tasks/gpg.yaml new file mode 100644 index 0000000..4f9674e --- /dev/null +++ b/tasks/gpg.yaml @@ -0,0 +1,17 @@ +--- + +- name: archive directory + file: + path: "{{nextcloud_archive_directory}}" + state: directory + +- name: gpg key + get_url: + url: https://nextcloud.com/nextcloud.asc + dest: "{{nextcloud_archive_directory}}/archive-key.asc" + checksum: sha256:ae5d6087ae037a673b9901c946a156b180744253375e2e18e1005e6310d95d55 + +- name: gpg keyring + command: gpg --no-default-keyring --keyring "{{nextcloud_archive_directory}}/keyring.gpg" --import "{{nextcloud_archive_directory}}/archive-key.asc" + register: _nextcloud_gpg_keyring + changed_when: '"imported" in (_nextcloud_gpg_keyring.stderr_lines | last)' diff --git a/tasks/install.yml b/tasks/install.yml index 17bd025..fe1c3f1 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -16,13 +16,13 @@ - name: install nextcloud command: php occ maintenance:install - --admin-user "{{ nextcloud_admin_username }}" - --admin-pass "{{ nextcloud_admin_password }}" + --admin-user "{{ nextcloud_admin_user }}" + --admin-pass "{{ nextcloud_admin_pass }}" --database "{{ nextcloud_database_type }}" --database-host "{{ nextcloud_database_host }}" --database-name "{{ nextcloud_database_name }}" --database-user "{{ nextcloud_database_user }}" - --database-pass "{{ nextcloud_database_password }}" + --database-pass "{{ nextcloud_database_pass }}" args: chdir: /var/www/nextcloud become: true diff --git a/tasks/main.yml b/tasks/main.yml index 3c96ef3..230469b 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -2,13 +2,14 @@ - include_tasks: setup_{{ansible_os_family}}.yml +- import_tasks: gpg.yaml + - import_tasks: php-opcache.yml - import_tasks: reset.yml when: nextcloud_state == "reinstalled" - import_tasks: server.yml - - import_tasks: access.yml - import_tasks: mysql.yml @@ -21,7 +22,7 @@ - import_tasks: configure.yml -- import_tasks: apps.yml +#- import_tasks: apps.yml - import_tasks: upgrade.yml @@ -30,3 +31,5 @@ - import_tasks: apache2.yml - import_tasks: cron.yml + +- import_tasks: occ.yaml diff --git a/tasks/mysql.yml b/tasks/mysql.yml index 111c57d..a1de6bf 100644 --- a/tasks/mysql.yml +++ b/tasks/mysql.yml @@ -4,7 +4,7 @@ mysql_user: name: "{{ nextcloud_database_user }}" host: "{{ ssh_ip }}" - password: "{{ nextcloud_database_password }}" + password: "{{ nextcloud_database_pass }}" priv: "{{nextcloud_database_name}}.*:ALL" delegate_to: "{{ nextcloud_database_host }}" diff --git a/tasks/occ.yaml b/tasks/occ.yaml new file mode 100644 index 0000000..e7144ea --- /dev/null +++ b/tasks/occ.yaml @@ -0,0 +1,6 @@ +--- + +- name: occ fish + template: + src: occ.fish.j2 + dest: /etc/fish/conf.d/occ.fish diff --git a/tasks/reset.yml b/tasks/reset.yml index 23ea615..d053e56 100644 --- a/tasks/reset.yml +++ b/tasks/reset.yml @@ -11,3 +11,8 @@ state: absent delegate_to: "{{ nextcloud_database_host }}" when: nextcloud_database_type == "mysql" + +- name: delete nextcloud log + file: + path: /var/log/nextcloud/nextcloud.log + state: absent diff --git a/tasks/server.yml b/tasks/server.yml index 6433ec9..4176c75 100644 --- a/tasks/server.yml +++ b/tasks/server.yml @@ -1,15 +1,41 @@ --- -- name: nextcloud server download +- name: nextcloud platforms + uri: + url: https://apps.nextcloud.com/api/v1/platforms.json + register: _nextcloud_platforms + +- name: nextcloud archive checksum download get_url: - url: https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_server_version }}.tar.bz2 - dest: /var/www/nextcloud-{{ nextcloud_server_version }}.tar.bz2 - checksum: "{{ nextcloud_server_checksum }}" + url: https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.tar.bz2.sha256 + dest: "{{nextcloud_archive_directory}}/nextcloud-{{ nextcloud_version }}.tar.bz2.sha256" + +- name: nextcloud server archive checksum + shell: cat "{{nextcloud_archive_directory}}/nextcloud-{{ nextcloud_version }}.tar.bz2.sha256" + register: _nextcloud_server_archive_checksum + changed_when: false -- name: nextcloud server extract +- name: nextcloud archive download + get_url: + url: https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.tar.bz2 + dest: "{{nextcloud_archive_directory}}/nextcloud-{{ nextcloud_version }}.tar.bz2" + checksum: sha256:{{ _nextcloud_server_archive_checksum.stdout_lines[0].split(' ')[0] }} + +- name: nextcloud archive signature download + get_url: + url: https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.tar.bz2.asc + dest: "{{nextcloud_archive_directory}}/nextcloud-{{ nextcloud_version }}.tar.bz2.asc" + +- name: nextcloud archive signature check + command: gpg --no-default-keyring --keyring "{{nextcloud_archive_directory}}/keyring.gpg" + --verify "{{nextcloud_archive_directory}}/nextcloud-{{ nextcloud_version }}.tar.bz2.asc" + "{{nextcloud_archive_directory}}/nextcloud-{{ nextcloud_version }}.tar.bz2" + changed_when: false + +- name: nextcloud extract unarchive: - src: /var/www/nextcloud-{{ nextcloud_server_version }}.tar.bz2 - dest: /var/www/ + src: "{{nextcloud_archive_directory}}/nextcloud-{{ nextcloud_version }}.tar.bz2" remote_src: yes + dest: /var/www/ owner: root - group: root + group: www-data diff --git a/templates/apache-vhost.conf.j2 b/templates/apache-vhost.conf.j2 index 429ea47..ec56fdc 100644 --- a/templates/apache-vhost.conf.j2 +++ b/templates/apache-vhost.conf.j2 @@ -1,6 +1,6 @@ {{ ansible_managed | comment }} - + ServerName {{nextcloud_server_names|first}} {% for name in nextcloud_server_names | difference([nextcloud_server_names|first]) %} diff --git a/templates/apache2-ports.conf.j2 b/templates/apache2-ports.conf.j2 new file mode 100644 index 0000000..a8ddac2 --- /dev/null +++ b/templates/apache2-ports.conf.j2 @@ -0,0 +1,3 @@ +Listen 80 +Listen 443 +Listen 8843 diff --git a/templates/config.php.j2 b/templates/config.php.j2 index 041b78b..0a05534 100644 --- a/templates/config.php.j2 +++ b/templates/config.php.j2 @@ -1,248 +1,28 @@ '{{nextcloud_data_directory}}', - -/** - * Indicates whether the Nextcloud instance was installed successfully; ``true`` - * indicates a successful installation, and ``false`` indicates an unsuccessful - * installation. - * - * Defaults to ``false`` - */ 'installed' => false, - -/** - * During setup, if requirements are met (see below), this setting is set to true - * and MySQL can handle 4 byte characters instead of 3 byte characters. - * - * If you want to convert an existing 3-byte setup into a 4-byte setup please - * set the parameters in MySQL as mentioned below and run the migration command: - * ./occ db:convert-mysql-charset - * The config setting will be set automatically after a successful run. - * - * Consult the documentation for more details. - * - * MySQL requires a special setup for longer indexes (> 767 bytes) which are - * needed: - * - * [mysqld] - * innodb_large_prefix=ON - * innodb_file_format=Barracuda - * innodb_file_per_table=ON - * - * Tables will be created with - * * character set: utf8mb4 - * * collation: utf8mb4_bin - * * row_format: compressed - * - * See: - * https://dev.mysql.com/doc/refman/5.7/en/charset-unicode-utf8mb4.html - * https://dev.mysql.com/doc/refman/5.7/en/innodb-parameters.html#sysvar_innodb_large_prefix - * https://mariadb.com/kb/en/mariadb/xtradbinnodb-server-system-variables/#innodb_large_prefix - * http://www.tocker.ca/2013/10/31/benchmarking-innodb-page-compression-performance.html - * http://mechanics.flite.com/blog/2014/07/29/using-innodb-large-prefix-to-avoid-error-1071/ - */ 'mysql.utf8mb4' => true, - -/** - * User Experience - * - * These optional parameters control some aspects of the user interface. Default - * values, where present, are shown. - */ - -/** - * This sets the default language on your Nextcloud server, using ISO_639-1 - * language codes such as ``en`` for English, ``de`` for German, and ``fr`` for - * French. It overrides automatic language detection on public pages like login - * or shared items. User's language preferences configured under "personal -> - * language" override this setting after they have logged in. - * - * Defaults to ``en`` - */ -'default_language' => '{{nextcloud_default_language}}', - -/** - * With this setting a language can be forced for all users. If a language is - * forced, the users are also unable to change their language in the personal - * settings. If users shall be unable to change their language, but users have - * different languages, this value can be set to ``true`` instead of a language - * code. - * - * Defaults to ``false`` - */ -{% if nextcloud_force_language %} -'force_language' => '{{nextcloud_force_language}}', -{% endif %} - -/** - * Set the default app to open on login. Use the app names as they appear in the - * URL after clicking them in the Apps menu, such as documents, calendar, and - * gallery. You can use a comma-separated list of app names, so if the first - * app is not enabled for a user then Nextcloud will try the second one, and so - * on. If no enabled apps are found it defaults to the Files app. - * - * Defaults to ``files`` - */ -'defaultapp' => '{{nextcloud_defaultapp}}', - -/** - * To have clean URLs without `/index.php` this parameter needs to be configured. - * - * This parameter will be written as "RewriteBase" on update and installation of - * Nextcloud to your `.htaccess` file. While this value is often simply the URL - * path of the Nextcloud installation it cannot be set automatically properly in - * every scenario and needs thus some manual configuration. - * - * In a standard Apache setup this usually equals the folder that Nextcloud is - * accessible at. So if Nextcloud is accessible via "https://mycloud.org/nextcloud" - * the correct value would most likely be "/nextcloud". If Nextcloud is running - * under "https://mycloud.org/" then it would be "/". - * - * Note that the above rule is not valid in every case, as there are some rare setup - * cases where this may not apply. However, to avoid any update problems this - * configuration value is explicitly opt-in. - * - * After setting this value run `occ maintenance:update:htaccess`. Now, when the - * following conditions are met Nextcloud URLs won't contain `index.php`: - * - * - `mod_rewrite` is installed - * - `mod_env` is installed - * - * Defaults to ``''`` (empty string) - */ 'htaccess.RewriteBase' => '/', - -/** - * Checks an app before install whether it uses private APIs instead of the - * proper public APIs. If this is set to true it will only allow to install or - * enable apps that pass this check. - * - * Defaults to ``false`` - */ +'overwrite.cli.url' => 'https://{{nextcloud_server_names|first}}/', 'appcodechecker' => true, - -/** - * Check if Nextcloud is up-to-date and shows a notification if a new version is - * available. - * - * Defaults to ``true`` - */ 'updatechecker' => true, - - -/** - * Logging - */ - -/** - * By default the Nextcloud logs are sent to the ``nextcloud.log`` file in the - * default Nextcloud data directory. - * If syslogging is desired, set this parameter to ``syslog``. - * Setting this parameter to ``errorlog`` will use the PHP error_log function - * for logging. - * - * Defaults to ``file`` - */ 'log_type' => 'file', - -/** - * Log file path for the Nextcloud logging type. - * - * Defaults to ``[datadirectory]/nextcloud.log`` - */ 'logfile' => '/var/log/nextcloud/nextcloud.log', - -/** - * Loglevel to start logging at. Valid values are: 0 = Debug, 1 = Info, 2 = - * Warning, 3 = Error, and 4 = Fatal. The default value is Warning. - * - * Defaults to ``2`` - */ 'loglevel' => 2, - - -/** - * The timezone for logfiles. You may change this; see - * http://php.net/manual/en/timezones.php - * - * Defaults to ``UTC`` - */ 'logtimezone' => 'UTC', - - -/** - * Apps - * - * Options for the Apps folder, Apps store, and App code checker. - */ - -/** - * When enabled, admins may install apps from the Nextcloud app store. - * - * Defaults to ``true`` - */ 'appstoreenabled' => false, - -/** - * Use the ``apps_paths`` parameter to set the location of the Apps directory, - * which should be scanned for available apps, and where user-specific apps - * should be installed from the Apps store. The ``path`` defines the absolute - * file system path to the app folder. The key ``url`` defines the HTTP Web path - * to that folder, starting from the Nextcloud webroot. The key ``writable`` - * indicates if a Web server can write files to that folder. - */ 'apps_paths' => array( array( - 'path'=> '/var/www/nextcloud/apps', + 'path'=> '{{nextcloud_directory}}/apps', 'url' => '/apps', 'writable' => false, ), ), - - -/** - * Disable the web based updater - */ 'upgrade.disable-web' => true, - - -/** - * Enable memcache - */ 'memcache.local' => '\OC\Memcache\APCu', 'memcache.distributed' => '\OC\Memcache\Memcached', 'memcached_servers' => array( array('localhost', 11211), ), - - ); diff --git a/templates/nextcloud-latest.json.j2 b/templates/nextcloud-latest.json.j2 new file mode 100644 index 0000000..8e4e1cc --- /dev/null +++ b/templates/nextcloud-latest.json.j2 @@ -0,0 +1,8 @@ +{% set r = namespace() %} +{% set r.latest = "0.0.0" %} +{% for release in _nextcloud_platforms.json %} +{% if release.version is version(r.latest , operator='gt') and not release.isSupported and release.hasRelease %} +{% set r.latest = release.version %} +{% endif %} +{% endfor %} +{{r.latest|to_json}} diff --git a/templates/occ.fish.j2 b/templates/occ.fish.j2 new file mode 100644 index 0000000..0ba0204 --- /dev/null +++ b/templates/occ.fish.j2 @@ -0,0 +1,5 @@ +{{ansible_managed|comment}} + +function occ + sudo -u www-data php {{nextcloud_directory}}/occ $argv +end diff --git a/vars/main.yml b/vars/main.yml index ac70304..46b21bd 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1 +1,3 @@ _nextcloud_config: "{{ _nextcloud_config_cmd.stdout | from_json }}" +_nextcloud_latest: "{{ lookup('template','nextcloud-latest.json.j2') |from_json }}" +_nextcloud_apps: "{{ lookup('template','nextcloud-apps.json.j2') }}"