From f5799242f98c51db6d04464c403839d9821198ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iv=C3=A1n=20Chavero?= Date: Mon, 15 May 2023 14:37:49 -0600 Subject: [PATCH 01/12] =?UTF-8?q?Actualizaci=C3=B3n=20para=20soportar=20Ce?= =?UTF-8?q?ntOS=209=20Stream?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Actualización para soportar CentOS 9 Stream - Corrección de configuración de dirección IP para posgresql - Corrección para usar usuario y contraseña en Redis 6 --- .../ansible/roles/nextcloud/tasks/main.yml | 6 +- .../ansible/roles/postgresql/tasks/main.yml | 2 +- .../roles/pre/tasks/redhat_pre_tasks.yaml | 68 +++++++++++++------ nextcloud/ansible/roles/redis/tasks/main.yml | 2 +- nextcloud/ansible/vars/main.ejemplo.yaml | 1 + 5 files changed, 55 insertions(+), 24 deletions(-) diff --git a/nextcloud/ansible/roles/nextcloud/tasks/main.yml b/nextcloud/ansible/roles/nextcloud/tasks/main.yml index bcea24a..04eaf8e 100644 --- a/nextcloud/ansible/roles/nextcloud/tasks/main.yml +++ b/nextcloud/ansible/roles/nextcloud/tasks/main.yml @@ -35,6 +35,8 @@ - php-zip - python3-pyOpenSSL - sudo + - tar + - bzip2 - name: Create nextcloud nginx configuration directory ansible.builtin.file: @@ -57,7 +59,7 @@ get_url: url: https://repos.libreoffice.gob.mx/nextcloud/nextcloud-{{nextcloud_version}}.tar.bz2 dest: /usr/src/nextcloud-{{nextcloud_version}}.tar.bz2 - checksum: "{{ nextcloud_checksum }}" + checksum: "sha256:https://repos.libreoffice.gob.mx/nextcloud/nextcloud-{{nextcloud_version}}.tar.bz2.sha256" when: nextcloud_is_unpacked.stat.exists != true and ansible_local['nextcloud']['is_installed'] != true @@ -251,7 +253,7 @@ /usr/bin/php {{ nextcloud_occ }} config:system:set redis host --value={{ redis_host }} /usr/bin/php {{ nextcloud_occ }} config:system:set redis port --value=6379 /usr/bin/php {{ nextcloud_occ }} config:system:set redis dbindex --value=0 - #/usr/bin/php {{ nextcloud_occ }} config:system:set redis password user --value={{ redis_user }} + /usr/bin/php {{ nextcloud_occ }} config:system:set redis password user --value={{ redis_user }} #/usr/bin/php {{ nextcloud_occ }} config:system:set redis password password --value={{ redis_password }} /usr/bin/php {{ nextcloud_occ }} config:system:set redis password --value={{ redis_password }} become: true diff --git a/nextcloud/ansible/roles/postgresql/tasks/main.yml b/nextcloud/ansible/roles/postgresql/tasks/main.yml index da28f17..668b48f 100644 --- a/nextcloud/ansible/roles/postgresql/tasks/main.yml +++ b/nextcloud/ansible/roles/postgresql/tasks/main.yml @@ -31,7 +31,7 @@ blockinfile: dest: "{{ postgresql_conf }}" block: | - listen_addresses = '{{ ansible_default_ipv4.address }}' + listen_addresses = '{{ db_host }}' tags: - database - database_access diff --git a/nextcloud/ansible/roles/pre/tasks/redhat_pre_tasks.yaml b/nextcloud/ansible/roles/pre/tasks/redhat_pre_tasks.yaml index 58a0fe9..8230dfc 100644 --- a/nextcloud/ansible/roles/pre/tasks/redhat_pre_tasks.yaml +++ b/nextcloud/ansible/roles/pre/tasks/redhat_pre_tasks.yaml @@ -1,38 +1,66 @@ - - name: "Install Remi repo GPG key" - rpm_key: - state: present - key: https://rpms.remirepo.net/RPM-GPG-KEY-remi2018 - #key: https://rpms.remirepo.net/RPM-GPG-KEY-remi - when: ansible_facts['distribution'] == 'CentOS' + - name: Enable The CRB Repository + ansible.builtin.command: /usr/bin/dnf config-manager --set-enabled crb + +#- name: "Install Remi repo GPG key" +# rpm_key: +# state: present +# key: https://rpms.remirepo.net/RPM-GPG-KEY-remi2018 +# #key: https://rpms.remirepo.net/RPM-GPG-KEY-remi +# when: +# - ansible_os_family == 'RedHat' +# - ansible_distribution_major_version|int < 9 +# - ansible_distribution != 'Fedora' - name: Install EPEL package: name: - epel-release state: latest - when: ansible_facts['distribution'] == 'CentOS' + when: + - ansible_os_family == 'RedHat' + - ansible_distribution != 'Fedora' - - name: Install REMI repository + - name: Remi::Install REMI repository dnf: name: - - https://rpms.remirepo.net/enterprise/remi-release-8.rpm + - "https://rpms.remirepo.net/enterprise/remi-release-{{ansible_distribution_major_version}}.rpm" state: latest - disable_gpg_check: yes - when: ansible_facts['distribution'] == 'CentOS' + when: + - ansible_os_family == 'RedHat' + - ansible_distribution != 'Fedora' # TODO: ya está en módulos de centos 8, modificar esto para usarlo - - name: Enable the PHP remi repository - dnf: - name: '@php:remi-7.4' - state: present - # EPEL 8 does not support modules properly so we have to use Remi's repo for - # php-pecl-redis to be available - # https://docs.nextcloud.com/server/latest/admin_manual/installation/example_centos.html - when: ansible_facts['distribution'] == 'CentOS' + #- name: Enable the PHP remi repository + # dnf: + # name: '@php:remi-7.4' + # state: present + # # EPEL 8 does not support modules properly so we have to use Remi's repo for + # # php-pecl-redis to be available + # # https://docs.nextcloud.com/server/latest/admin_manual/installation/example_centos.html + # when: + # - ansible_os_family == 'RedHat' + # - ansible_distribution_major_version|int < 9 + # - ansible_distribution != 'Fedora' + + - name: Remi::Reset PHP module + ansible.builtin.command: /usr/bin/dnf -y module reset php + + - name: Remi::Install PHP {{ php_version }} module + ansible.builtin.command: /usr/bin/dnf -y module install php:remi-{{ php_version }} + when: + - ansible_os_family == 'RedHat' + - ansible_distribution_major_version|int >= 9 + - ansible_distribution != 'Fedora' + + - name: Remi::Update old versions + ansible.builtin.command: /usr/bin/dnf -y update - name: Enable the Redis 6 module dnf: name: '@redis:6' state: present - when: ansible_facts['distribution'] == 'CentOS' + when: + - ansible_os_family == 'RedHat' + - ansible_distribution_major_version|int < 9 + - ansible_distribution != 'Fedora' diff --git a/nextcloud/ansible/roles/redis/tasks/main.yml b/nextcloud/ansible/roles/redis/tasks/main.yml index f707cd2..9b8ef99 100644 --- a/nextcloud/ansible/roles/redis/tasks/main.yml +++ b/nextcloud/ansible/roles/redis/tasks/main.yml @@ -10,7 +10,7 @@ src: certificates/redis_key.pem dest: "{{ redis_key }}" owner: root - group: nginx + group: redis mode: '0640' - name: Copy the redis Certificate to /etc/pki/tls/certs/ diff --git a/nextcloud/ansible/vars/main.ejemplo.yaml b/nextcloud/ansible/vars/main.ejemplo.yaml index b66d172..c05c9e2 100644 --- a/nextcloud/ansible/vars/main.ejemplo.yaml +++ b/nextcloud/ansible/vars/main.ejemplo.yaml @@ -4,6 +4,7 @@ ## version nextcloud_version: 24.0.6 nextcloud_checksum: "sha256:b26dff9980a47e7e722805fdbbf87e07f59a3817b03ecc32698e028e9baf0301" +php_version: 8.1 ## credentials nextcloud_admin_user: el_admin From 9e17431a76abb274c6ad8d5705bfd74be290fb78 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iv=C3=A1n=20Chavero?= Date: Mon, 10 Jul 2023 21:08:41 -0600 Subject: [PATCH 02/12] =?UTF-8?q?Actualizaci=C3=B3n=20de=20variables?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- nextcloud/ansible/roles/nextcloud/tasks/main.yml | 4 ++-- nextcloud/ansible/roles/turn/tasks/main.yml | 1 + nextcloud/ansible/vars/main.ejemplo.yaml | 7 ++++--- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/nextcloud/ansible/roles/nextcloud/tasks/main.yml b/nextcloud/ansible/roles/nextcloud/tasks/main.yml index 04eaf8e..980233f 100644 --- a/nextcloud/ansible/roles/nextcloud/tasks/main.yml +++ b/nextcloud/ansible/roles/nextcloud/tasks/main.yml @@ -57,9 +57,9 @@ - name: Download Nextcloud get_url: - url: https://repos.libreoffice.gob.mx/nextcloud/nextcloud-{{nextcloud_version}}.tar.bz2 + url: {{nextcloud_url}} dest: /usr/src/nextcloud-{{nextcloud_version}}.tar.bz2 - checksum: "sha256:https://repos.libreoffice.gob.mx/nextcloud/nextcloud-{{nextcloud_version}}.tar.bz2.sha256" + checksum: {{nextcloud_checksum}} when: nextcloud_is_unpacked.stat.exists != true and ansible_local['nextcloud']['is_installed'] != true diff --git a/nextcloud/ansible/roles/turn/tasks/main.yml b/nextcloud/ansible/roles/turn/tasks/main.yml index 9e6338b..3cccd1a 100644 --- a/nextcloud/ansible/roles/turn/tasks/main.yml +++ b/nextcloud/ansible/roles/turn/tasks/main.yml @@ -88,6 +88,7 @@ preconfigured-renewal = True # Info + # TODO: parametrizar este correo email = ca@softwarelibre.mx insertbefore: BOF diff --git a/nextcloud/ansible/vars/main.ejemplo.yaml b/nextcloud/ansible/vars/main.ejemplo.yaml index c05c9e2..3ed6c24 100644 --- a/nextcloud/ansible/vars/main.ejemplo.yaml +++ b/nextcloud/ansible/vars/main.ejemplo.yaml @@ -2,9 +2,10 @@ # NextCloud ## version -nextcloud_version: 24.0.6 -nextcloud_checksum: "sha256:b26dff9980a47e7e722805fdbbf87e07f59a3817b03ecc32698e028e9baf0301" -php_version: 8.1 +nextcloud_version: 26.0.0 +nextcloud_url: https://repos.libreoffice.gob.mx/nextcloud/nextcloud-{{nextcloud_version}}.tar.bz2 +nextcloud_checksum: "sha256:f163150363aee9366ecb5cd5259bf6756ed4f073cea78b5fa515cada7a0d0c3d" +php_version: 8.2 ## credentials nextcloud_admin_user: el_admin From 74f231d488773ef8f227234ae42a9b87ce1d2e43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iv=C3=A1n=20Chavero?= Date: Tue, 11 Jul 2023 00:29:18 -0600 Subject: [PATCH 03/12] =?UTF-8?q?Resolv=C3=AD=20problema=20=20de=20formato?= =?UTF-8?q?=20de=20variables?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- nextcloud/ansible/roles/nextcloud/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nextcloud/ansible/roles/nextcloud/tasks/main.yml b/nextcloud/ansible/roles/nextcloud/tasks/main.yml index 980233f..663f499 100644 --- a/nextcloud/ansible/roles/nextcloud/tasks/main.yml +++ b/nextcloud/ansible/roles/nextcloud/tasks/main.yml @@ -57,15 +57,15 @@ - name: Download Nextcloud get_url: - url: {{nextcloud_url}} - dest: /usr/src/nextcloud-{{nextcloud_version}}.tar.bz2 - checksum: {{nextcloud_checksum}} + url: {{ nextcloud_url }} + dest: /usr/src/nextcloud-{{ nextcloud_version }}.tar.bz2 + checksum: {{ nextcloud_checksum }} when: nextcloud_is_unpacked.stat.exists != true and ansible_local['nextcloud']['is_installed'] != true - name: Unpack Nextcloud ansible.builtin.unarchive: - src: "/usr/src/nextcloud-{{nextcloud_version}}.tar.bz2" + src: "/usr/src/nextcloud-{{ nextcloud_version }}.tar.bz2" dest: "{{ nextcloud_path }}" remote_src: yes owner: "{{ web_user }}" From 98a27b588233ae246351611918080c4cd6accdf6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iv=C3=A1n=20Chavero?= Date: Tue, 11 Jul 2023 00:31:22 -0600 Subject: [PATCH 04/12] =?UTF-8?q?Resolv=C3=AD=20problema=20=20de=20formato?= =?UTF-8?q?=20de=20variables?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- nextcloud/ansible/roles/nextcloud/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nextcloud/ansible/roles/nextcloud/tasks/main.yml b/nextcloud/ansible/roles/nextcloud/tasks/main.yml index 663f499..3edea5f 100644 --- a/nextcloud/ansible/roles/nextcloud/tasks/main.yml +++ b/nextcloud/ansible/roles/nextcloud/tasks/main.yml @@ -57,9 +57,9 @@ - name: Download Nextcloud get_url: - url: {{ nextcloud_url }} + url: "{{ nextcloud_url }}" dest: /usr/src/nextcloud-{{ nextcloud_version }}.tar.bz2 - checksum: {{ nextcloud_checksum }} + checksum: "{{ nextcloud_checksum }}" when: nextcloud_is_unpacked.stat.exists != true and ansible_local['nextcloud']['is_installed'] != true From 7e57e27cd2fdf4b3be778c452ccce3546d81f207 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iv=C3=A1n=20Chavero?= Date: Tue, 11 Jul 2023 01:12:06 -0600 Subject: [PATCH 05/12] =?UTF-8?q?Agregu=C3=A9=20instalaci=C3=B3n=20de=20ll?= =?UTF-8?q?ave=20GPG=20de=20Remi?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- nextcloud/ansible/roles/pre/tasks/redhat_pre_tasks.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/nextcloud/ansible/roles/pre/tasks/redhat_pre_tasks.yaml b/nextcloud/ansible/roles/pre/tasks/redhat_pre_tasks.yaml index 8230dfc..e444ff8 100644 --- a/nextcloud/ansible/roles/pre/tasks/redhat_pre_tasks.yaml +++ b/nextcloud/ansible/roles/pre/tasks/redhat_pre_tasks.yaml @@ -20,6 +20,12 @@ - ansible_os_family == 'RedHat' - ansible_distribution != 'Fedora' + + - name: Import Remi GPG key + ansible.builtin.rpm_key: + state: present + key: "https://rpms.remirepo.net/enterprise/{{ansible_distribution_major_version}}/RPM-GPG-KEY-remi" + - name: Remi::Install REMI repository dnf: name: From 43eef7ea0f76570ce0bf4df9e5d5b3bf9a3f1c01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iv=C3=A1n=20Chavero?= Date: Tue, 11 Jul 2023 17:33:39 -0600 Subject: [PATCH 06/12] =?UTF-8?q?Resolv=C3=AD=20problema=20de=20redis=5Fpa?= =?UTF-8?q?th=20en=20archivos=20de=20variables?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- nextcloud/ansible/vars/RedHat.yaml | 2 +- nextcloud/ansible/vars/main.ejemplo.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/nextcloud/ansible/vars/RedHat.yaml b/nextcloud/ansible/vars/RedHat.yaml index c9b48b8..2b72115 100644 --- a/nextcloud/ansible/vars/RedHat.yaml +++ b/nextcloud/ansible/vars/RedHat.yaml @@ -6,7 +6,7 @@ nginx_path: /etc/nginx/conf.d php_ini_path: /etc php_pool_path: /etc/php-fpm.d postgresql_path: /var/lib/pgsql/data -redis_path: /etc +redis_path: /etc/redis ssl_path: /etc/pki/tls # NextCloud diff --git a/nextcloud/ansible/vars/main.ejemplo.yaml b/nextcloud/ansible/vars/main.ejemplo.yaml index 3ed6c24..c888d27 100644 --- a/nextcloud/ansible/vars/main.ejemplo.yaml +++ b/nextcloud/ansible/vars/main.ejemplo.yaml @@ -42,6 +42,7 @@ redis_host: 10.0.5.53 redis_user: nextcloud redis_password: ParángariCutirimiNoMeAcuerdoCuaro redis_url: "https://{{ redis_host }}" +redis_path: /etc/redis # SSL From c88e5c4371586c1512328adfa28ff641ff6937de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iv=C3=A1n=20Chavero?= Date: Tue, 11 Jul 2023 17:36:42 -0600 Subject: [PATCH 07/12] =?UTF-8?q?Resolv=C3=AD=20omisi=C3=B3n=20de=20redis?= =?UTF-8?q?=5Fhost=20en=20template=20de=20configuraci=C3=B3n=20de=20redis?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../roles/redis/templates/redis.conf.j2 | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/nextcloud/ansible/roles/redis/templates/redis.conf.j2 b/nextcloud/ansible/roles/redis/templates/redis.conf.j2 index 582e81c..f9bb6d1 100644 --- a/nextcloud/ansible/roles/redis/templates/redis.conf.j2 +++ b/nextcloud/ansible/roles/redis/templates/redis.conf.j2 @@ -65,7 +65,7 @@ # IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES # JUST COMMENT OUT THE FOLLOWING LINE. # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -bind {{ ansible_default_ipv4.address }} +bind {{ redis_host }} # Protected mode is a layer of security protection, in order to avoid that # Redis instances left open on the internet are accessed and exploited. @@ -769,8 +769,8 @@ user {{ redis_user }} on +@all -DEBUG ~* >{{ redis_password }} # ACL LOG # # The ACL Log tracks failed commands and authentication events associated -# with ACLs. The ACL Log is useful to troubleshoot failed commands blocked -# by ACLs. The ACL Log is stored in memory. You can reclaim memory with +# with ACLs. The ACL Log is useful to troubleshoot failed commands blocked +# by ACLs. The ACL Log is stored in memory. You can reclaim memory with # ACL LOG RESET. Define the maximum entry length of the ACL Log below. acllog-max-len 128 @@ -1333,18 +1333,18 @@ lua-time-limit 5000 # cluster-replica-no-failover no # This option, when set to yes, allows nodes to serve read traffic while the -# the cluster is in a down state, as long as it believes it owns the slots. +# the cluster is in a down state, as long as it believes it owns the slots. # -# This is useful for two cases. The first case is for when an application +# This is useful for two cases. The first case is for when an application # doesn't require consistency of data during node failures or network partitions. # One example of this is a cache, where as long as the node has the data it -# should be able to serve it. +# should be able to serve it. # -# The second use case is for configurations that don't meet the recommended -# three shards but want to enable cluster mode and scale later. A +# The second use case is for configurations that don't meet the recommended +# three shards but want to enable cluster mode and scale later. A # master outage in a 1 or 2 shard configuration causes a read/write outage to the # entire cluster without this option set, with it set there is only a write outage. -# Without a quorum of masters, slot ownership will not change automatically. +# Without a quorum of masters, slot ownership will not change automatically. # # cluster-allow-reads-when-down no From 148a8d858ef040e099085beb08bdd46e117711d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iv=C3=A1n=20Chavero?= Date: Tue, 11 Jul 2023 22:48:28 -0600 Subject: [PATCH 08/12] Add documentation and example playbooks --- .../ansible/deploy-example-no-talk-ha.yaml | 63 +++++++++++++++++++ nextcloud/ansible/deploy-example-talk-ha.yaml | 61 ++++++++++++++++++ .../inventory-example-single-no-talk-ha | 12 ++++ nextcloud/ansible/inventory-example-talk-ha | 25 ++++++++ 4 files changed, 161 insertions(+) create mode 100644 nextcloud/ansible/deploy-example-no-talk-ha.yaml create mode 100644 nextcloud/ansible/deploy-example-talk-ha.yaml create mode 100644 nextcloud/ansible/inventory-example-single-no-talk-ha create mode 100644 nextcloud/ansible/inventory-example-talk-ha diff --git a/nextcloud/ansible/deploy-example-no-talk-ha.yaml b/nextcloud/ansible/deploy-example-no-talk-ha.yaml new file mode 100644 index 0000000..78d347b --- /dev/null +++ b/nextcloud/ansible/deploy-example-no-talk-ha.yaml @@ -0,0 +1,63 @@ +- hosts: localhost + vars_files: + - "vars/{{ ansible_facts['os_family'] }}.yaml" + - vars/main.example.yaml + vars: + services: + - nginx + - postgresql + - redis + roles: + - name: certificates + +- hosts: all + serial: 1 + vars_files: + - "vars/{{ ansible_facts['os_family'] }}.yaml" + - vars/main.example.yaml + roles: + - name: common + +- hosts: postgresql + vars_files: + - "vars/{{ ansible_facts['os_family'] }}.yaml" + - vars/main.example.yaml + roles: + - name: postgresql + +- hosts: redis + vars_files: + - "vars/{{ ansible_facts['os_family'] }}.yaml" + - vars/main.example.yaml + roles: + - name: redis + +# Este es el collabora +- hosts: coolwsd + vars_files: + - "vars/{{ ansible_facts['os_family'] }}.yaml" + - vars/main.example.yaml + roles: + - name: coolwsd + +- hosts: nextcloud + vars_files: + - "vars/{{ ansible_facts['os_family'] }}.yaml" + - vars/main.example.yaml + roles: + - name: nextcloud + - name: coolwsd-nginx + +# Enable this for Talk HA +# - name: nextcloud-spreed + +#- hosts: turn +# vars_files: +# - vars/main.example.yaml +# - "vars/{{ ansible_facts['os_family'] }}.yaml" +# roles: +# - name: turn +# - name: nats-server +# - name: signaling-server +# - name: janus + diff --git a/nextcloud/ansible/deploy-example-talk-ha.yaml b/nextcloud/ansible/deploy-example-talk-ha.yaml new file mode 100644 index 0000000..afe4324 --- /dev/null +++ b/nextcloud/ansible/deploy-example-talk-ha.yaml @@ -0,0 +1,61 @@ +- hosts: localhost + vars_files: + - "vars/{{ ansible_facts['os_family'] }}.yaml" + - vars/main.example.yaml + vars: + services: + - nginx + - postgresql + - redis + roles: + - name: certificates + +- hosts: all + serial: 1 + vars_files: + - "vars/{{ ansible_facts['os_family'] }}.yaml" + - vars/main.example.yaml + roles: + - name: common + +- hosts: postgresql + vars_files: + - "vars/{{ ansible_facts['os_family'] }}.yaml" + - vars/main.example.yaml + roles: + - name: postgresql + +- hosts: redis + vars_files: + - "vars/{{ ansible_facts['os_family'] }}.yaml" + - vars/main.example.yaml + roles: + - name: redis + +# Este es el collabora +- hosts: coolwsd + vars_files: + - "vars/{{ ansible_facts['os_family'] }}.yaml" + - vars/main.example.yaml + roles: + - name: coolwsd + +- hosts: nextcloud + vars_files: + - "vars/{{ ansible_facts['os_family'] }}.yaml" + - vars/main.example.yaml + roles: + - name: nextcloud + - name: coolwsd-nginx + - name: nextcloud-spreed + +- hosts: turn + vars_files: + - vars/main.example.yaml + - "vars/{{ ansible_facts['os_family'] }}.yaml" + roles: + - name: turn + - name: nats-server + - name: signaling-server + - name: janus + diff --git a/nextcloud/ansible/inventory-example-single-no-talk-ha b/nextcloud/ansible/inventory-example-single-no-talk-ha new file mode 100644 index 0000000..d159d76 --- /dev/null +++ b/nextcloud/ansible/inventory-example-single-no-talk-ha @@ -0,0 +1,12 @@ +[redis] + + +[postgresql] + + +[nextcloud] + + +[coolwsd] + + diff --git a/nextcloud/ansible/inventory-example-talk-ha b/nextcloud/ansible/inventory-example-talk-ha new file mode 100644 index 0000000..a368b62 --- /dev/null +++ b/nextcloud/ansible/inventory-example-talk-ha @@ -0,0 +1,25 @@ +[redis] + + +[postgresql] + + +[nextcloud] + + +[coolwsd] + + + +# Uncomment this if you're going to use HA with Nextcloud Talk +[turn] + + +[nats] + ansible_host= + +[signaling] + ansible_host= + +[janus] + ansible_host= From e4eb070c4a6f09df035393ce2ebf30778f3253b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iv=C3=A1n=20Chavero?= Date: Tue, 11 Jul 2023 22:49:10 -0600 Subject: [PATCH 09/12] =?UTF-8?q?Agregu=C3=A9=20documentaci=C3=B3n=20de=20?= =?UTF-8?q?playbooks=20de=20ejemplo?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- nextcloud/ansible/README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/nextcloud/ansible/README.md b/nextcloud/ansible/README.md index 9db84a0..6715767 100644 --- a/nextcloud/ansible/README.md +++ b/nextcloud/ansible/README.md @@ -9,3 +9,17 @@ If you're using `ansible-core`, you need to install the requirements first. ```bash ansible-galaxy install -r requirements.yaml ``` + + +## Usage + +We have four types of installation: + +| Playbook | Inventory | +| ----------- | ----------- | +| deploy-example-talk-ha.yaml | inventory-example-talk-ha | +| deploy-example-talk-ha.yaml | inventory-example-single-no-talk-ha | +| deploy-example-no-talk-ha.yaml | inventory-example-talk-ha | +| deploy-example-no-talk-ha.yaml | inventory-example-single-no-talk-ha | + + From c8850d0d46a9e7a5d1bda3192c9501a06f7e90e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iv=C3=A1n=20Chavero?= Date: Tue, 11 Jul 2023 22:52:19 -0600 Subject: [PATCH 10/12] =?UTF-8?q?Agregu=C3=A9=20variables=20para=20habilit?= =?UTF-8?q?ar=20y=20configurar=20ldap?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../ansible/roles/nextcloud/tasks/main.yml | 27 ++++++++++--------- nextcloud/ansible/vars/main.ejemplo.yaml | 19 +++++++++++++ 2 files changed, 33 insertions(+), 13 deletions(-) diff --git a/nextcloud/ansible/roles/nextcloud/tasks/main.yml b/nextcloud/ansible/roles/nextcloud/tasks/main.yml index 3edea5f..ee2552b 100644 --- a/nextcloud/ansible/roles/nextcloud/tasks/main.yml +++ b/nextcloud/ansible/roles/nextcloud/tasks/main.yml @@ -302,23 +302,24 @@ - name: Configure LDAP ansible.builtin.shell: cmd: | - /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapBase cn=users,cn=accounts,dc=libreoffice,dc=gob,dc=mx - /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapBaseGroups cn=users,cn=accounts,dc=libreoffice,dc=gob,dc=mx - /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapBaseUsers cn=users,cn=accounts,dc=libreoffice,dc=gob,dc=mx - /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapAgentName "cn=Directory Manager" - /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapAgentPassword {{ ldap_agent_password }} - /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapHost {{ ldap_server_host }} - /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 hasMemberOfFilterSupport 1 - /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapEmailAttribute mail - /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapLoginFilter "(&(&(|(objectclass=posixAccount)))(|(uid=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))))" - /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapPort 389 - /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapUserFilter "(&(|(objectclass=posixAccount)))" - /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapUserFilterObjectclass posixAccount - /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapConfigurationActive 1 + /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapBase "{{ ldapBase }}" + /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapBaseGroups "{{ ldapBaseGroups }}" + /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapBaseUsers "{{ ldapBaseUsers }}" + /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapAgentName "{{ ldapAgentName }}" + /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapAgentPassword "{{ ldap_agent_password }}" + /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapHost "{{ ldap_server_host }}" + /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 hasMemberOfFilterSupport "{{ hasMemberOfFilterSupport }}" + /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapEmailAttribute "{{ ldapEmailAttribute }}" + /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapLoginFilter "{{ ldapLoginFilter }}" + /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapPort "{{ ldapPort }}" + /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapUserFilter "{{ ldapUserFilter }}" + /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapUserFilterObjectclass "{{ ldapUserFilterObjectclass }}" + /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapConfigurationActive "{{ ldapConfigurationActive }}" become: true become_user: "{{ web_user }}" tags: - ldap + when: ldap_enabled - name: Set httpd_can_network_relay to allow nginx to proxy connections seboolean: diff --git a/nextcloud/ansible/vars/main.ejemplo.yaml b/nextcloud/ansible/vars/main.ejemplo.yaml index c888d27..a899405 100644 --- a/nextcloud/ansible/vars/main.ejemplo.yaml +++ b/nextcloud/ansible/vars/main.ejemplo.yaml @@ -22,6 +22,25 @@ nextcloud_db: nextcloud nextcloud_db_user: nextcloud nextcloud_db_user_password: Una contraseña bien, pero bien difícil. +## LDAP +ldap_enabled: false +ldap_agent_password: cIBI4mLESN1nSrAPr7pX3350NPXkD3vExjr27X1ju +ldap_server_host: "10.254.1.1" +ldapBase: cn=users,cn=accounts,dc=softwarelibre,dc=mx +ldapBaseGroups: cn=users,cn=accounts,dc=softwarelibre,dc=mx +ldapBaseUsers: cn=users,cn=accounts,dc=softwarelibre,dc=mx +ldapAgentName: "cn=Directory Manager" +ldapAgentPassword: {{ ldap_agent_password }} +ldapHost: {{ ldap_server_host }} +hasMemberOfFilterSupport: 1 +ldapEmailAttribute: mail +ldapLoginFilter: "(&(&(|(objectclass=posixAccount)))(|(uid=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))))" +ldapPort: 389 +ldapUserFilter: "(&(|(objectclass=posixAccount)))" +ldapUserFilterObjectclass: posixAccount +ldapConfigurationActive: 1 + + ## occ nextcloud_occ: "{{ nextcloud_path }}/occ" From f203d7599c2e2507ccfa2864b37cd5489f83619d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iv=C3=A1n=20Chavero?= Date: Tue, 11 Jul 2023 22:57:12 -0600 Subject: [PATCH 11/12] Se removieron comillas de variable ldap --- nextcloud/ansible/vars/main.ejemplo.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nextcloud/ansible/vars/main.ejemplo.yaml b/nextcloud/ansible/vars/main.ejemplo.yaml index a899405..1b5e696 100644 --- a/nextcloud/ansible/vars/main.ejemplo.yaml +++ b/nextcloud/ansible/vars/main.ejemplo.yaml @@ -29,7 +29,7 @@ ldap_server_host: "10.254.1.1" ldapBase: cn=users,cn=accounts,dc=softwarelibre,dc=mx ldapBaseGroups: cn=users,cn=accounts,dc=softwarelibre,dc=mx ldapBaseUsers: cn=users,cn=accounts,dc=softwarelibre,dc=mx -ldapAgentName: "cn=Directory Manager" +ldapAgentName: cn=Directory Manager ldapAgentPassword: {{ ldap_agent_password }} ldapHost: {{ ldap_server_host }} hasMemberOfFilterSupport: 1 From 4b9dd5bff566a60dd2ecbe21cdc6cdfce19157f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iv=C3=A1n=20Chavero?= Date: Tue, 11 Jul 2023 23:06:20 -0600 Subject: [PATCH 12/12] =?UTF-8?q?Actualic=C3=A9=20variables=20de=20LDAP?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- nextcloud/ansible/roles/nextcloud/tasks/main.yml | 1 - nextcloud/ansible/vars/main.ejemplo.yaml | 12 ++++++------ 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/nextcloud/ansible/roles/nextcloud/tasks/main.yml b/nextcloud/ansible/roles/nextcloud/tasks/main.yml index ee2552b..c98085c 100644 --- a/nextcloud/ansible/roles/nextcloud/tasks/main.yml +++ b/nextcloud/ansible/roles/nextcloud/tasks/main.yml @@ -298,7 +298,6 @@ become_user: "{{ web_user }}" when: not ansible_local['nextcloud']['is_ldap_configured'] - # TODO: quitar "hard-codeos" - name: Configure LDAP ansible.builtin.shell: cmd: | diff --git a/nextcloud/ansible/vars/main.ejemplo.yaml b/nextcloud/ansible/vars/main.ejemplo.yaml index 1b5e696..717876a 100644 --- a/nextcloud/ansible/vars/main.ejemplo.yaml +++ b/nextcloud/ansible/vars/main.ejemplo.yaml @@ -26,12 +26,12 @@ nextcloud_db_user_password: Una contraseña bien, pero bien difícil. ldap_enabled: false ldap_agent_password: cIBI4mLESN1nSrAPr7pX3350NPXkD3vExjr27X1ju ldap_server_host: "10.254.1.1" -ldapBase: cn=users,cn=accounts,dc=softwarelibre,dc=mx -ldapBaseGroups: cn=users,cn=accounts,dc=softwarelibre,dc=mx -ldapBaseUsers: cn=users,cn=accounts,dc=softwarelibre,dc=mx -ldapAgentName: cn=Directory Manager -ldapAgentPassword: {{ ldap_agent_password }} -ldapHost: {{ ldap_server_host }} +ldapBase: "cn=users,cn=accounts,dc=softwarelibre,dc=mx" +ldapBaseGroups: "cn=users,cn=accounts,dc=softwarelibre,dc=mx" +ldapBaseUsers: "cn=users,cn=accounts,dc=softwarelibre,dc=mx" +ldapAgentName: "cn=Directory Manager" +ldapAgentPassword: "{{ ldap_agent_password }}" +ldapHost: "{{ ldap_server_host }}" hasMemberOfFilterSupport: 1 ldapEmailAttribute: mail ldapLoginFilter: "(&(&(|(objectclass=posixAccount)))(|(uid=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))))"