automatic updates

6 years ago · b3efd46af1
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -2,13 +2,15 @@ nextcloud_state: installed
 nextcloud_archive_directory: /opt/nextcloud
 nextcloud_directory: /var/www/nextcloud-{{nextcloud_version}}
 nextcloud_directory: /var/www/nextcloud
 nextcloud_lib_directory: /var/lib/nextcloud
 nextcloud_data_directory: "{{nextcloud_lib_directory}}/data"
 nextcloud_backup_directory: "{{nextcloud_lib_directory}}/backup"
 nextcloud_log_directory: /var/log/nextcloud
 #nextcloud_version: "{{_nextcloud_latest_version}}"
 nextcloud_version: 14.0.3
 nextcloud_apps:
@@ -24,3 +26,5 @@ nextcloud_database_type: mysql
 nextcloud_server_names:
  - "{{ inventory_hostname }}"
 nextcloud_force_downgrade: false
--- a/tasks/access.yml
+++ b/tasks/access.yml
@@ -21,7 +21,7 @@
    - themes
    - updater
 - name: nextcloud data directory
 - name: nextcloud lib directory
  file:
    path: "{{nextcloud_lib_directory}}"
    state: directory
@@ -45,6 +45,14 @@
    owner: www-data
    group: www-data
 - name: nextcloud backup directory
  file:
    path: "{{nextcloud_backup_directory}}"
    state: directory
    owner: root
    group: root
    mode: 0700
 - name: nextcloud htaccess webserver access
  file:
    path: "{{nextcloud_directory}}/.htaccess"
--- a/tasks/backup.yaml
+++ b/tasks/backup.yaml
@@ -0,0 +1,19 @@
 ---
 - name: backup directory
  file:
    path: "{{nextcloud_backup_directory}}/{{_nextcloud_actual_version}}"
    state: directory
 - name: backup old nextcloud directory
  command: mv
    "{{nextcloud_directory}}/"
    "{{nextcloud_backup_directory}}/{{_nextcloud_actual_version}}/nextcloud"
 - name: dump mysql database
  shell: mysqldump "{{nextcloud_database_name}}"
    -h "{{nextcloud_database_host}}"
    -u "{{nextcloud_database_user}}"
    -p
    > "{{nextcloud_backup_directory}}/{{_nextcloud_actual_version}}/database.mysql"
  args:
    stdin: "{{nextcloud_database_pass}}"
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -9,7 +9,7 @@
      register: _nextcloud_config_cmd
      changed_when: false
    - name: nextcloud occ config:app:delete trusted_domains
    - name: nextcloud occ config:system:delete trusted_domains
      command: php occ config:system:delete trusted_domains
      args:
        chdir: "{{nextcloud_directory}}"
@@ -22,6 +22,12 @@
      with_indexed_items: "{{ nextcloud_server_names }}"
      when: _nextcloud_config.system.trusted_domains != nextcloud_server_names
    - name: nextcloud occ config:system:set overwrite.cli.url (fix bug in nextcloud 14)
      command: php occ config:system:set overwrite.cli.url --value="https://{{nextcloud_server_names|first}}/"
      args:
        chdir: "{{nextcloud_directory}}"
      when: nextcloud_version is version('14.0.0','ge')
    - name: nextcloud occ maintenance:update:htaccess
      command: php occ maintenance:update:htaccess
      args:
--- a/tasks/core.yml
+++ b/tasks/core.yml
@@ -1,60 +1,49 @@
 ---
 - name: nextcloud platforms
  uri:
    url: https://apps.nextcloud.com/api/v1/platforms.json
  register: _nextcloud_platforms
 - name: nextcloud version dir
 - name: nextcloud archive dir
  file:
    path: "{{nextcloud_archive_directory}}/{{ nextcloud_version }}"
    path: "{{nextcloud_archive_directory}}"
    state: directory
 - name: nextcloud core archive checksum download
  get_url:
    url: https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.tar.bz2.sha256
    dest: "{{nextcloud_archive_directory}}/{{ nextcloud_version }}/nextcloud-{{ nextcloud_version }}.tar.bz2.sha256"
    dest: "{{nextcloud_archive_directory}}/nextcloud-{{ nextcloud_version }}.tar.bz2.sha256"
 - name: nextcloud core archive checksum
  shell: cat "{{nextcloud_archive_directory}}/{{ nextcloud_version }}/nextcloud-{{ nextcloud_version }}.tar.bz2.sha256"
  shell: cat "{{nextcloud_archive_directory}}/nextcloud-{{ nextcloud_version }}.tar.bz2.sha256"
  register: _nextcloud_server_archive_checksum
  changed_when: false
 - name: nextcloud core archive download
  get_url:
    url: https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.tar.bz2
    dest: "{{nextcloud_archive_directory}}/{{ nextcloud_version }}/nextcloud-{{ nextcloud_version }}.tar.bz2"
    dest: "{{nextcloud_archive_directory}}/nextcloud-{{ nextcloud_version }}.tar.bz2"
    checksum: sha256:{{ _nextcloud_server_archive_checksum.stdout_lines[0].split(' ')[0] }}
 - name: nextcloud core archive signature download
  get_url:
    url: https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.tar.bz2.asc
    dest: "{{nextcloud_archive_directory}}/{{ nextcloud_version }}/nextcloud-{{ nextcloud_version }}.tar.bz2.asc"
    dest: "{{nextcloud_archive_directory}}/nextcloud-{{ nextcloud_version }}.tar.bz2.asc"
 - name: nextcloud core archive signature check
  command: gpg --no-default-keyring --keyring "{{nextcloud_archive_directory}}/keyring.gpg"
    --verify "{{nextcloud_archive_directory}}/{{ nextcloud_version }}/nextcloud-{{ nextcloud_version }}.tar.bz2.asc"
    "{{nextcloud_archive_directory}}/{{ nextcloud_version }}/nextcloud-{{ nextcloud_version }}.tar.bz2"
    --verify "{{nextcloud_archive_directory}}/nextcloud-{{ nextcloud_version }}.tar.bz2.asc"
    "{{nextcloud_archive_directory}}/nextcloud-{{ nextcloud_version }}.tar.bz2"
  changed_when: false
 - name: nextcloud core archive extract
  unarchive:
    src: "{{nextcloud_archive_directory}}/{{ nextcloud_version }}/nextcloud-{{ nextcloud_version }}.tar.bz2"
    src: "{{nextcloud_archive_directory}}/nextcloud-{{ nextcloud_version }}.tar.bz2"
    remote_src: yes
    dest: "{{nextcloud_archive_directory}}/{{ nextcloud_version }}"
    dest: "{{nextcloud_archive_directory}}/{{nextcloud_version}}"
    owner: root
    group: root
 - name: nextcloud core archive sync
  synchronize:
    src: "{{nextcloud_archive_directory}}/{{ nextcloud_version }}/nextcloud/"
    src: "{{nextcloud_archive_directory}}/{{nextcloud_version}}/nextcloud/"
    dest: "{{nextcloud_directory}}"
    archive: no
    recursive: yes
  delegate_to: '{{ inventory_hostname }}'
 - name: link to current nextcloud directory
  file:
    src: "{{nextcloud_directory}}"
    dest: /var/www/nextcloud
    state: link
--- a/tasks/detect-update.yaml
+++ b/tasks/detect-update.yaml
@@ -0,0 +1,46 @@
 ---
 - name: get latest nextcloud version
  uri:
    url: https://apps.nextcloud.com/api/v1/platforms.json
  register: _nextcloud_platforms
 - name: check if nextcloud is installed
  stat:
    path: "{{nextcloud_directory}}/version.php"
  register: _nextcloud_version_file_stat
 - name: get actual nextcloud version
  command: php -r 'include("{{nextcloud_directory}}/version.php");print($OC_VersionString);'
  become: true
  become_user: www-data
  become_method: sudo
  changed_when: false
  when: _nextcloud_version_file_stat.stat.isreg is defined
  register: _nextcloud_get_actual_version_command
 - name: ensure that upgrade is happening
  assert:
    that: _nextcloud_actual_version is version(nextcloud_version, operator='<=', strict=True) or nextcloud_force_downgrade
    msg: refusing to downgrade from {{_nextcloud_actual_version}} to {{nextcloud_version}}
  when:
    - nextcloud_state == 'updated'
    - _nextcloud_do_update
 - name: nextcloud update version information
  debug:
    msg:
      nextcloud_actual_version: "{{_nextcloud_actual_version}}"
      nextcloud_target_version: "{{nextcloud_version}}"
      nextcloud_latest_version: "{{_nextcloud_latest_version}}"
  when:
    - nextcloud_state == 'updated'
    - _nextcloud_do_update
 - name: stop apache2
  service:
    name: apache2
    state: stopped
  when:
    - nextcloud_state == 'updated'
    - _nextcloud_do_update
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,7 +1,19 @@
 ---
 - name: assert valid role state
  assert:
    that: nextcloud_state in _nextcloud_valid_states
    msg: "'_nextcloud_valid_states' must be one of: {{_nextcloud_valid_states | join(', ') }}"
 - include_tasks: setup_{{ansible_os_family}}.yml
 - import_tasks: detect-update.yaml
 - import_tasks: backup.yaml
  when:
    - nextcloud_state == 'updated'
    - _nextcloud_do_update
 - import_tasks: gpg.yaml
 - import_tasks: php-opcache.yml
@@ -9,24 +21,29 @@
 - import_tasks: reset.yml
  when: nextcloud_state == "reinstalled"
 - import_tasks: core.yml
 - import_tasks: access.yml
 - import_tasks: mysql.yml
  when: nextcloud_database_type == "mysql"
 - import_tasks: core.yml
 - import_tasks: access.yml
 - import_tasks: install.yml
  when:
    nextcloud_state == "installed" or
    nextcloud_state == "reinstalled"
 - import_tasks: upgrade.yml
  when:
    - nextcloud_state == 'updated'
    - _nextcloud_do_update
 - import_tasks: configure.yml
 - import_tasks: apps.yml
 - include_tasks: apps.yml
  when: nextcloud_version is version('13.0.0','ge')
 #- import_tasks: check.yaml
 - import_tasks: upgrade.yml
 - import_tasks: certificate.yml
--- a/tasks/setup_Debian.yml
+++ b/tasks/setup_Debian.yml
@@ -2,27 +2,27 @@
 - name: install apt packages
  apt:
    pkg: "{{item}}"
    pkg:
      - apache2
      - libapache2-mod-php
      - php-xml
      - php-gd
      - php-json
      - php-mbstring
      - php-zip
      - php-mysql
      - php-curl
      - php-intl
      - php-mcrypt
      - php-imagick
      - ca-certificates
      - sudo
      - php-apcu
      - memcached
      - php-memcached
      - libreoffice
      - mysql-client
    state: present
  with_items:
    - apache2
    - libapache2-mod-php
    - php-xml
    - php-gd
    - php-json
    - php-mbstring
    - php-zip
    - php-mysql
    - php-curl
    - php-intl
    - php-mcrypt
    - php-imagick
    - ca-certificates
    - sudo
    - php-apcu
    - memcached
    - php-memcached
    - libreoffice
  notify: restart apache2
 - name: remove default page
--- a/tasks/upgrade.yml
+++ b/tasks/upgrade.yml
@@ -1,5 +1,13 @@
 ---
 - name: copy old config file
  copy:
    src: "{{nextcloud_backup_directory}}/{{_nextcloud_actual_version}}/nextcloud/config/config.php"
    remote_src: true
    dest: "{{nextcloud_directory}}/config/config.php"
    owner: www-data
    group: www-data
 - name: upgrade nextcloud
  command: php occ upgrade
  args:
--- a/templates/config.php.j2
+++ b/templates/config.php.j2
@@ -4,7 +4,6 @@ $CONFIG = array(
 'installed' => false,
 'mysql.utf8mb4' => true,
 'htaccess.RewriteBase' => '/',
 'overwrite.cli.url'  => 'https://{{nextcloud_server_names|first}}/',
 'appcodechecker' => true,
 'updatechecker' => true,
 'log_type' => 'file',
--- a/templates/nextcloud-latest.json.j2
+++ b/templates/nextcloud-latest.json.j2
@@ -1,7 +1,7 @@
 {% set r = namespace() %}
 {% set r.latest = "0.0.0" %}
 {% for release in _nextcloud_platforms.json %}
 {% if release.version is version(r.latest , operator='gt') and not release.isSupported and release.hasRelease %}
 {% if release.version is version(r.latest , operator='gt') and release.isSupported and release.hasRelease %}
 {% set r.latest = release.version %}
 {% endif %}
 {% endfor %}
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1,6 +1,13 @@
 _nextcloud_config: "{{ _nextcloud_config_cmd.stdout | from_json }}"
 _nextcloud_latest: "{{ lookup('template','nextcloud-latest.json.j2') |from_json }}"
 _nextcloud_latest_version: "{{ lookup('template','nextcloud-latest.json.j2') |from_json }}"
 _nextcloud_actual_version: "{{ _nextcloud_get_actual_version_command.stdout }}"
 _nextcloud_apps: "{{ lookup('template','nextcloud-apps.json.j2') }}"
 _nextcloud_apps_enabled: "{{ _nextcloud_occ_app_list.stdout | from_yaml | json_query('Enabled|[]|map(&keys(@), @)|[]') }}"
 _nextcloud_apps_disabled: "{{ _nextcloud_occ_app_list.stdout | from_yaml | json_query('Disabled|[]') }}"
 _nextcloud_apps_present: "{{ _nextcloud_apps_enabled | union(_nextcloud_apps_disabled) }}"
 _nextcloud_do_update: "{{ _nextcloud_version_file_stat.stat.isreg is defined and _nextcloud_actual_version != nextcloud_version }}"
 _nextcloud_valid_states:
  - reinstalled
  - installed
  - updated