From b3efd46af131e3529b372e2ce6b135ff7d8c89b5 Mon Sep 17 00:00:00 2001
From: Markus Katharina Brechtel <markus.katharina.brechtel@thengo.net>
Date: Sat, 13 Oct 2018 00:49:14 +0000
Subject: [PATCH] automatic updates

---
 defaults/main.yml                  |  6 +++-
 tasks/access.yml                   | 10 ++++++-
 tasks/backup.yaml                  | 19 ++++++++++++
 tasks/configure.yml                |  8 +++++-
 tasks/core.yml                     | 33 +++++++--------------
 tasks/detect-update.yaml           | 46 ++++++++++++++++++++++++++++++
 tasks/main.yml                     | 27 ++++++++++++++----
 tasks/setup_Debian.yml             | 40 +++++++++++++-------------
 tasks/upgrade.yml                  |  8 ++++++
 templates/config.php.j2            |  1 -
 templates/nextcloud-latest.json.j2 |  2 +-
 vars/main.yml                      |  9 +++++-
 12 files changed, 156 insertions(+), 53 deletions(-)
 create mode 100644 tasks/backup.yaml
 create mode 100644 tasks/detect-update.yaml

diff --git a/defaults/main.yml b/defaults/main.yml
index 05309a2..270aa4d 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -2,13 +2,15 @@ nextcloud_state: installed
 
 nextcloud_archive_directory: /opt/nextcloud
 
-nextcloud_directory: /var/www/nextcloud-{{nextcloud_version}}
+nextcloud_directory: /var/www/nextcloud
 
 nextcloud_lib_directory: /var/lib/nextcloud
 nextcloud_data_directory: "{{nextcloud_lib_directory}}/data"
+nextcloud_backup_directory: "{{nextcloud_lib_directory}}/backup"
 
 nextcloud_log_directory: /var/log/nextcloud
 
+#nextcloud_version: "{{_nextcloud_latest_version}}"
 nextcloud_version: 14.0.3
 
 nextcloud_apps:
@@ -24,3 +26,5 @@ nextcloud_database_type: mysql
 
 nextcloud_server_names:
   - "{{ inventory_hostname }}"
+
+nextcloud_force_downgrade: false
diff --git a/tasks/access.yml b/tasks/access.yml
index 4565d3d..c82f292 100644
--- a/tasks/access.yml
+++ b/tasks/access.yml
@@ -21,7 +21,7 @@
     - themes
     - updater
 
-- name: nextcloud data directory
+- name: nextcloud lib directory
   file:
     path: "{{nextcloud_lib_directory}}"
     state: directory
@@ -45,6 +45,14 @@
     owner: www-data
     group: www-data
 
+- name: nextcloud backup directory
+  file:
+    path: "{{nextcloud_backup_directory}}"
+    state: directory
+    owner: root
+    group: root
+    mode: 0700
+
 - name: nextcloud htaccess webserver access
   file:
     path: "{{nextcloud_directory}}/.htaccess"
diff --git a/tasks/backup.yaml b/tasks/backup.yaml
new file mode 100644
index 0000000..9555dde
--- /dev/null
+++ b/tasks/backup.yaml
@@ -0,0 +1,19 @@
+---
+- name: backup directory
+  file:
+    path: "{{nextcloud_backup_directory}}/{{_nextcloud_actual_version}}"
+    state: directory
+
+- name: backup old nextcloud directory
+  command: mv
+    "{{nextcloud_directory}}/"
+    "{{nextcloud_backup_directory}}/{{_nextcloud_actual_version}}/nextcloud"
+
+- name: dump mysql database
+  shell: mysqldump "{{nextcloud_database_name}}"
+    -h "{{nextcloud_database_host}}"
+    -u "{{nextcloud_database_user}}"
+    -p
+    > "{{nextcloud_backup_directory}}/{{_nextcloud_actual_version}}/database.mysql"
+  args:
+    stdin: "{{nextcloud_database_pass}}"
diff --git a/tasks/configure.yml b/tasks/configure.yml
index 39f4175..221d00d 100644
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -9,7 +9,7 @@
       register: _nextcloud_config_cmd
       changed_when: false
 
-    - name: nextcloud occ config:app:delete trusted_domains
+    - name: nextcloud occ config:system:delete trusted_domains
       command: php occ config:system:delete trusted_domains
       args:
         chdir: "{{nextcloud_directory}}"
@@ -22,6 +22,12 @@
       with_indexed_items: "{{ nextcloud_server_names }}"
       when: _nextcloud_config.system.trusted_domains != nextcloud_server_names
 
+    - name: nextcloud occ config:system:set overwrite.cli.url (fix bug in nextcloud 14)
+      command: php occ config:system:set overwrite.cli.url --value="https://{{nextcloud_server_names|first}}/"
+      args:
+        chdir: "{{nextcloud_directory}}"
+      when: nextcloud_version is version('14.0.0','ge')
+
     - name: nextcloud occ maintenance:update:htaccess
       command: php occ maintenance:update:htaccess
       args:
diff --git a/tasks/core.yml b/tasks/core.yml
index 4234191..423e2af 100644
--- a/tasks/core.yml
+++ b/tasks/core.yml
@@ -1,60 +1,49 @@
 ---
 
-- name: nextcloud platforms
-  uri:
-    url: https://apps.nextcloud.com/api/v1/platforms.json
-  register: _nextcloud_platforms
-
-- name: nextcloud version dir
+- name: nextcloud archive dir
   file:
-    path: "{{nextcloud_archive_directory}}/{{ nextcloud_version }}"
+    path: "{{nextcloud_archive_directory}}"
     state: directory
 
 - name: nextcloud core archive checksum download
   get_url:
     url: https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.tar.bz2.sha256
-    dest: "{{nextcloud_archive_directory}}/{{ nextcloud_version }}/nextcloud-{{ nextcloud_version }}.tar.bz2.sha256"
+    dest: "{{nextcloud_archive_directory}}/nextcloud-{{ nextcloud_version }}.tar.bz2.sha256"
 
 - name: nextcloud core archive checksum
-  shell: cat "{{nextcloud_archive_directory}}/{{ nextcloud_version }}/nextcloud-{{ nextcloud_version }}.tar.bz2.sha256"
+  shell: cat "{{nextcloud_archive_directory}}/nextcloud-{{ nextcloud_version }}.tar.bz2.sha256"
   register: _nextcloud_server_archive_checksum
   changed_when: false
 
 - name: nextcloud core archive download
   get_url:
     url: https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.tar.bz2
-    dest: "{{nextcloud_archive_directory}}/{{ nextcloud_version }}/nextcloud-{{ nextcloud_version }}.tar.bz2"
+    dest: "{{nextcloud_archive_directory}}/nextcloud-{{ nextcloud_version }}.tar.bz2"
     checksum: sha256:{{ _nextcloud_server_archive_checksum.stdout_lines[0].split(' ')[0] }}
 
 - name: nextcloud core archive signature download
   get_url:
     url: https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.tar.bz2.asc
-    dest: "{{nextcloud_archive_directory}}/{{ nextcloud_version }}/nextcloud-{{ nextcloud_version }}.tar.bz2.asc"
+    dest: "{{nextcloud_archive_directory}}/nextcloud-{{ nextcloud_version }}.tar.bz2.asc"
 
 - name: nextcloud core archive signature check
   command: gpg --no-default-keyring --keyring "{{nextcloud_archive_directory}}/keyring.gpg"
-    --verify "{{nextcloud_archive_directory}}/{{ nextcloud_version }}/nextcloud-{{ nextcloud_version }}.tar.bz2.asc"
-    "{{nextcloud_archive_directory}}/{{ nextcloud_version }}/nextcloud-{{ nextcloud_version }}.tar.bz2"
+    --verify "{{nextcloud_archive_directory}}/nextcloud-{{ nextcloud_version }}.tar.bz2.asc"
+    "{{nextcloud_archive_directory}}/nextcloud-{{ nextcloud_version }}.tar.bz2"
   changed_when: false
 
 - name: nextcloud core archive extract
   unarchive:
-    src: "{{nextcloud_archive_directory}}/{{ nextcloud_version }}/nextcloud-{{ nextcloud_version }}.tar.bz2"
+    src: "{{nextcloud_archive_directory}}/nextcloud-{{ nextcloud_version }}.tar.bz2"
     remote_src: yes
-    dest: "{{nextcloud_archive_directory}}/{{ nextcloud_version }}"
+    dest: "{{nextcloud_archive_directory}}/{{nextcloud_version}}"
     owner: root
     group: root
 
 - name: nextcloud core archive sync
   synchronize:
-    src: "{{nextcloud_archive_directory}}/{{ nextcloud_version }}/nextcloud/"
+    src: "{{nextcloud_archive_directory}}/{{nextcloud_version}}/nextcloud/"
     dest: "{{nextcloud_directory}}"
     archive: no
     recursive: yes
   delegate_to: '{{ inventory_hostname }}'
-
-- name: link to current nextcloud directory
-  file:
-    src: "{{nextcloud_directory}}"
-    dest: /var/www/nextcloud
-    state: link
diff --git a/tasks/detect-update.yaml b/tasks/detect-update.yaml
new file mode 100644
index 0000000..8ec2201
--- /dev/null
+++ b/tasks/detect-update.yaml
@@ -0,0 +1,46 @@
+---
+
+- name: get latest nextcloud version
+  uri:
+    url: https://apps.nextcloud.com/api/v1/platforms.json
+  register: _nextcloud_platforms
+
+- name: check if nextcloud is installed
+  stat:
+    path: "{{nextcloud_directory}}/version.php"
+  register: _nextcloud_version_file_stat
+
+- name: get actual nextcloud version
+  command: php -r 'include("{{nextcloud_directory}}/version.php");print($OC_VersionString);'
+  become: true
+  become_user: www-data
+  become_method: sudo
+  changed_when: false
+  when: _nextcloud_version_file_stat.stat.isreg is defined
+  register: _nextcloud_get_actual_version_command
+
+- name: ensure that upgrade is happening
+  assert:
+    that: _nextcloud_actual_version is version(nextcloud_version, operator='<=', strict=True) or nextcloud_force_downgrade
+    msg: refusing to downgrade from {{_nextcloud_actual_version}} to {{nextcloud_version}}
+  when:
+    - nextcloud_state == 'updated'
+    - _nextcloud_do_update
+
+- name: nextcloud update version information
+  debug:
+    msg:
+      nextcloud_actual_version: "{{_nextcloud_actual_version}}"
+      nextcloud_target_version: "{{nextcloud_version}}"
+      nextcloud_latest_version: "{{_nextcloud_latest_version}}"
+  when:
+    - nextcloud_state == 'updated'
+    - _nextcloud_do_update
+
+- name: stop apache2
+  service:
+    name: apache2
+    state: stopped
+  when:
+    - nextcloud_state == 'updated'
+    - _nextcloud_do_update
diff --git a/tasks/main.yml b/tasks/main.yml
index 329be94..91c59c6 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,7 +1,19 @@
 ---
 
+- name: assert valid role state
+  assert:
+    that: nextcloud_state in _nextcloud_valid_states
+    msg: "'_nextcloud_valid_states' must be one of: {{_nextcloud_valid_states | join(', ') }}"
+
 - include_tasks: setup_{{ansible_os_family}}.yml
 
+- import_tasks: detect-update.yaml
+
+- import_tasks: backup.yaml
+  when:
+    - nextcloud_state == 'updated'
+    - _nextcloud_do_update
+
 - import_tasks: gpg.yaml
 
 - import_tasks: php-opcache.yml
@@ -9,24 +21,29 @@
 - import_tasks: reset.yml
   when: nextcloud_state == "reinstalled"
 
-- import_tasks: core.yml
-- import_tasks: access.yml
-
 - import_tasks: mysql.yml
   when: nextcloud_database_type == "mysql"
 
+- import_tasks: core.yml
+- import_tasks: access.yml
+
 - import_tasks: install.yml
   when:
     nextcloud_state == "installed" or
     nextcloud_state == "reinstalled"
 
+- import_tasks: upgrade.yml
+  when:
+    - nextcloud_state == 'updated'
+    - _nextcloud_do_update
+
 - import_tasks: configure.yml
 
-- import_tasks: apps.yml
+- include_tasks: apps.yml
+  when: nextcloud_version is version('13.0.0','ge')
 
 #- import_tasks: check.yaml
 
-- import_tasks: upgrade.yml
 
 - import_tasks: certificate.yml
 
diff --git a/tasks/setup_Debian.yml b/tasks/setup_Debian.yml
index 2a3d1be..53c7cfd 100644
--- a/tasks/setup_Debian.yml
+++ b/tasks/setup_Debian.yml
@@ -2,27 +2,27 @@
 
 - name: install apt packages
   apt:
-    pkg: "{{item}}"
+    pkg:
+      - apache2
+      - libapache2-mod-php
+      - php-xml
+      - php-gd
+      - php-json
+      - php-mbstring
+      - php-zip
+      - php-mysql
+      - php-curl
+      - php-intl
+      - php-mcrypt
+      - php-imagick
+      - ca-certificates
+      - sudo
+      - php-apcu
+      - memcached
+      - php-memcached
+      - libreoffice
+      - mysql-client
     state: present
-  with_items:
-    - apache2
-    - libapache2-mod-php
-    - php-xml
-    - php-gd
-    - php-json
-    - php-mbstring
-    - php-zip
-    - php-mysql
-    - php-curl
-    - php-intl
-    - php-mcrypt
-    - php-imagick
-    - ca-certificates
-    - sudo
-    - php-apcu
-    - memcached
-    - php-memcached
-    - libreoffice
   notify: restart apache2
 
 - name: remove default page
diff --git a/tasks/upgrade.yml b/tasks/upgrade.yml
index cf1e475..ea17f57 100644
--- a/tasks/upgrade.yml
+++ b/tasks/upgrade.yml
@@ -1,5 +1,13 @@
 ---
 
+- name: copy old config file
+  copy:
+    src: "{{nextcloud_backup_directory}}/{{_nextcloud_actual_version}}/nextcloud/config/config.php"
+    remote_src: true
+    dest: "{{nextcloud_directory}}/config/config.php"
+    owner: www-data
+    group: www-data
+
 - name: upgrade nextcloud
   command: php occ upgrade
   args:
diff --git a/templates/config.php.j2 b/templates/config.php.j2
index 09ea390..666e933 100644
--- a/templates/config.php.j2
+++ b/templates/config.php.j2
@@ -4,7 +4,6 @@ $CONFIG = array(
 'installed' => false,
 'mysql.utf8mb4' => true,
 'htaccess.RewriteBase' => '/',
-'overwrite.cli.url'  => 'https://{{nextcloud_server_names|first}}/',
 'appcodechecker' => true,
 'updatechecker' => true,
 'log_type' => 'file',
diff --git a/templates/nextcloud-latest.json.j2 b/templates/nextcloud-latest.json.j2
index 8e4e1cc..df9478c 100644
--- a/templates/nextcloud-latest.json.j2
+++ b/templates/nextcloud-latest.json.j2
@@ -1,7 +1,7 @@
 {% set r = namespace() %}
 {% set r.latest = "0.0.0" %}
 {% for release in _nextcloud_platforms.json %}
-{% if release.version is version(r.latest , operator='gt') and not release.isSupported and release.hasRelease %}
+{% if release.version is version(r.latest , operator='gt') and release.isSupported and release.hasRelease %}
 {% set r.latest = release.version %}
 {% endif %}
 {% endfor %}
diff --git a/vars/main.yml b/vars/main.yml
index 0727488..c5b00ec 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1,6 +1,13 @@
 _nextcloud_config: "{{ _nextcloud_config_cmd.stdout | from_json }}"
-_nextcloud_latest: "{{ lookup('template','nextcloud-latest.json.j2') |from_json }}"
+_nextcloud_latest_version: "{{ lookup('template','nextcloud-latest.json.j2') |from_json }}"
+_nextcloud_actual_version: "{{ _nextcloud_get_actual_version_command.stdout }}"
 _nextcloud_apps: "{{ lookup('template','nextcloud-apps.json.j2') }}"
 _nextcloud_apps_enabled: "{{ _nextcloud_occ_app_list.stdout | from_yaml | json_query('Enabled|[]|map(&keys(@), @)|[]') }}"
 _nextcloud_apps_disabled: "{{ _nextcloud_occ_app_list.stdout | from_yaml | json_query('Disabled|[]') }}"
 _nextcloud_apps_present: "{{ _nextcloud_apps_enabled | union(_nextcloud_apps_disabled) }}"
+
+_nextcloud_do_update: "{{ _nextcloud_version_file_stat.stat.isreg is defined and _nextcloud_actual_version != nextcloud_version }}"
+_nextcloud_valid_states:
+  - reinstalled
+  - installed
+  - updated