Many updates and fixes

This commit is contained in:
Renich Bon Ćirić 2024-06-18 01:48:39 +00:00
parent e64b31a675
commit e622f7c97c
14 changed files with 319 additions and 110 deletions

View file

@ -7,7 +7,8 @@ files/backups/*
# variable3s # variable3s
vars/main.*.yaml vars/main.*.yaml
!vars/main.ejemplo.yaml !vars/main.example.yaml
!vars/main.test.yaml
# misc # misc
*~ *~

View file

@ -32,7 +32,6 @@
roles: roles:
- name: redis - name: redis
# Este es el collabora
- hosts: coolwsd - hosts: coolwsd
vars_files: vars_files:
- "vars/{{ ansible_facts['os_family'] }}.yaml" - "vars/{{ ansible_facts['os_family'] }}.yaml"
@ -51,8 +50,8 @@
- hosts: turn - hosts: turn
vars_files: vars_files:
- vars/main.example.yaml
- "vars/{{ ansible_facts['os_family'] }}.yaml" - "vars/{{ ansible_facts['os_family'] }}.yaml"
- vars/main.example.yaml
roles: roles:
- name: turn - name: turn
- name: nats-server - name: nats-server

View file

@ -1,7 +1,7 @@
- hosts: localhost - hosts: localhost
vars_files: vars_files:
- vars/main.test.yaml
- "vars/{{ ansible_facts['os_family'] }}.yaml" - "vars/{{ ansible_facts['os_family'] }}.yaml"
- vars/main.test.yaml
vars: vars:
services: services:
- nginx - nginx
@ -11,38 +11,37 @@
- name: certificates - name: certificates
- hosts: all - hosts: all
serial: 1
vars_files: vars_files:
- vars/main.test.yaml
- "vars/{{ ansible_facts['os_family'] }}.yaml" - "vars/{{ ansible_facts['os_family'] }}.yaml"
- vars/main.test.yaml
roles: roles:
- name: common - name: common
- hosts: postgresql - hosts: postgresql
vars_files: vars_files:
- vars/main.test.yaml
- "vars/{{ ansible_facts['os_family'] }}.yaml" - "vars/{{ ansible_facts['os_family'] }}.yaml"
- vars/main.test.yaml
roles: roles:
- name: postgresql - name: postgresql
- hosts: redis - hosts: redis
vars_files: vars_files:
- vars/main.test.yaml
- "vars/{{ ansible_facts['os_family'] }}.yaml" - "vars/{{ ansible_facts['os_family'] }}.yaml"
- vars/main.test.yaml
roles: roles:
- name: redis - name: redis
- hosts: coolwsd - hosts: coolwsd
vars_files: vars_files:
- vars/main.test.yaml
- "vars/{{ ansible_facts['os_family'] }}.yaml" - "vars/{{ ansible_facts['os_family'] }}.yaml"
- vars/main.test.yaml
roles: roles:
- name: coolwsd - name: coolwsd
- hosts: nextcloud - hosts: nextcloud
vars_files: vars_files:
- vars/main.test.yaml
- "vars/{{ ansible_facts['os_family'] }}.yaml" - "vars/{{ ansible_facts['os_family'] }}.yaml"
- vars/main.test.yaml
roles: roles:
- name: nextcloud - name: nextcloud
- name: coolwsd-nginx - name: coolwsd-nginx
@ -50,11 +49,10 @@
- hosts: turn - hosts: turn
vars_files: vars_files:
- vars/main.test.yaml
- "vars/{{ ansible_facts['os_family'] }}.yaml" - "vars/{{ ansible_facts['os_family'] }}.yaml"
- vars/main.test.yaml
roles: roles:
- name: turn - name: turn
- name: nats-server - name: nats-server
- name: signaling-server - name: signaling-server
- name: janus - name: janus

View file

@ -1,12 +1,29 @@
[redis] # If your FQDNs are resolvable, then you don't need the ansible_host= part. If they're not, you need to change the IPs and add all
<your server fqdn> # these entries to the /etc/hosts file of the deployment server (a.k.a. where the ansible-playbooks reside).
#
[postgresql] # For example:
<your server fqdn> #
# /etc/hosts:
# # Loopback entries; do not change.
# For historical reasons, localhost precedes localhost.localdomain:
# 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
# ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
#
# # my nextcloud
# 192.168.0.10 nx0.example.com nx0
# 192.168.0.11 db0.example.com db0
# 192.168.0.12 rds0.example.com rds0
# 192.168.0.13 cl0.example.com cl0
[nextcloud] [nextcloud]
<your server fqdn> nx0.example.com ansible_host=192.168.0.10
[postgresql]
db0.example.com ansible_host=192.168.0.11
[redis]
rds0.example.com ansible_host=192.168.0.12
[coolwsd] [coolwsd]
<your server fqdn> cl0.example.com ansible_host=192.168.0.13

View file

@ -1,25 +1,42 @@
[redis] # If your FQDNs are resolvable, then you don't need the ansible_host= part. If they're not, you need to change the IPs and add all
<your server fqdn> # these entries to the /etc/hosts file of the deployment server (a.k.a. where the ansible-playbooks reside).
#
[postgresql] # For example:
<your server fqdn> #
# /etc/hosts:
# # Loopback entries; do not change.
# For historical reasons, localhost precedes localhost.localdomain:
# 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
# ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
#
# # my nextcloud
# 192.168.0.10 nx0.example.com nx0
# 192.168.0.11 db0.example.com db0
# 192.168.0.12 rds0.example.com rds0
# 192.168.0.13 cl0.example.com cl0
# 192.168.0.14 turn0.example.com turn0
[nextcloud] [nextcloud]
<your server fqdn> nx0.example.com ansible_host=192.168.0.10
[postgresql]
db0.example.com ansible_host=192.168.0.11
[redis]
rds0.example.com ansible_host=192.168.0.12
[coolwsd] [coolwsd]
<your server fqdn> cl0.example.com ansible_host=192.168.0.13
# Nextcloud Talk
# Uncomment this if you're going to use HA with Nextcloud Talk
[turn] [turn]
<turn server fqdn> turn0.example.com ansible_host=192.168.0.14
[nats] [nats]
<nats server fqdn> ansible_host=<nats server IP> turn0.example.com ansible_host=192.168.0.14
[signaling] [signaling]
<signaling spreed server fqdn> ansible_host=<signaling server IP> turn0.example.com ansible_host=192.168.0.14
[janus] [janus]
<janus server fqdn> ansible_host=<janus server IP> turn0.example.com ansible_host=192.168.0.14

View file

@ -1,24 +1,23 @@
[nextcloud] [nextcloud]
nx0-test.libreoffice.gob.mx ansible_host=10.201.15.250 nx0.test.virt.g02.org ansible_host=192.168.0.41
[postgresql] [postgresql]
db0-test.libreoffice.gob.mx ansible_host=10.201.15.220 db0.test.virt.g02.org ansible_host=192.168.0.40
[redis] [redis]
rds0-test.libreoffice.gob.mx ansible_host=10.201.15.24 rds0.test.virt.g02.org ansible_host=192.168.0.39
[coolwsd] [coolwsd]
clwsd0-test.libreoffice.gob.mx ansible_host=10.201.15.132 cl0.test.virt.g02.org ansible_host=192.168.0.42
[turn] [turn]
turn1.softwarelibre.mx turn0.test.virt.g02.org ansible_host=192.168.0.43
[nats] [nats]
nats1.softwarelibre.mx ansible_host=10.201.15.199 turn0.test.virt.g02.org ansible_host=192.168.0.43
[signaling] [signaling]
signaling1.softwarelibre.mx ansible_host=10.201.15.199 turn0.test.virt.g02.org ansible_host=192.168.0.43
[janus] [janus]
janus1.softwarelibre.mx ansible_host=10.201.15.199 turn0.test.virt.g02.org ansible_host=192.168.0.43

View file

@ -24,3 +24,17 @@
include_tasks: redhat_tasks.yaml include_tasks: redhat_tasks.yaml
when: ansible_facts['os_family'] == 'RedHat' when: ansible_facts['os_family'] == 'RedHat'
- name: "Set hostname"
ansible.builtin.hostname:
name: "{{ inventory_hostname }}"
use: systemd
- name: "Build hosts file"
lineinfile:
dest: /etc/hosts
regexp: '.*{{ item }}$'
line: "{{ hostvars[item]['ansible_default_ipv4']['address'] }} {{ hostvars[item]['ansible_fqdn'] }} {{ hostvars[item]['ansible_hostname'] }}"
state: present
when: hostvars[item].ansible_default_ipv4.address is defined
loop: "{{ groups['all'] }}"

View file

@ -33,3 +33,13 @@
tags: tags:
- nextcloud_collabora - nextcloud_collabora
- name: Open up required firewall ports
block:
- name: Open ports for CODE service
ansible.posix.firewalld:
port: 9980/tcp
permanent: yes
immediate: true
state: enabled
when: code_firewalld_enabled | bool

View file

@ -3,6 +3,7 @@
package: package:
state: latest state: latest
name: name:
- bzip2
- nginx - nginx
- php-cli - php-cli
- php-curl - php-curl
@ -18,6 +19,8 @@
- php-json - php-json
- php-ldap - php-ldap
- php-mbstring - php-mbstring
- php-memcache
- php-opcache
- php-openssl - php-openssl
- php-pcre - php-pcre
- php-pdo - php-pdo
@ -36,7 +39,6 @@
- python3-pyOpenSSL - python3-pyOpenSSL
- sudo - sudo
- tar - tar
- bzip2
- name: Create nextcloud nginx configuration directory - name: Create nextcloud nginx configuration directory
ansible.builtin.file: ansible.builtin.file:
@ -137,6 +139,24 @@
enabled: yes enabled: yes
state: restarted state: restarted
- name: Open up required firewall ports
block:
- name: Open ports for HTTP service
ansible.posix.firewalld:
service: http
permanent: yes
immediate: true
state: enabled
- name: Open ports for HTTPS service
ansible.posix.firewalld:
service: https
permanent: yes
immediate: true
state: enabled
when: nextcloud_firewalld_enabled | bool
- name: Remove config_is_read_only setting from config.php - name: Remove config_is_read_only setting from config.php
lineinfile: lineinfile:
path: "{{ nextcloud_path }}/config/config.php" path: "{{ nextcloud_path }}/config/config.php"

View file

@ -75,3 +75,13 @@
tags: tags:
- database - database
- name: Open up required firewall ports
block:
- name: Open ports for PostgreSQL service
ansible.posix.firewalld:
service: postgresql
permanent: yes
immediate: true
state: enabled
when: postgresql_firewalld_enabled | bool

View file

@ -1,54 +1,31 @@
--- ---
# tasks file for pre # tasks file for pre
- name: Update the /etc/hosts file with node host name - name: Create fact directory
tags: etchostsupdate file:
become: yes path: /etc/ansible/facts.d/
become_user: root state: directory
lineinfile:
path: "/etc/hosts"
regexp: ".*\t{{ ansible_hostname }}"
#TODO: crear una variable que tenga la IP del balanceador
line: "{{ nextcloud_host_ip }}\t{{ nextcloud_fqdn }} {{ nextcloud_hostname }}"
state: present
backup: yes
register: etchostsupdate
# - name: Update the /etc/hosts file with node domain name - name: Create nextcloud custom facts
# tags: etchostsupdate_domain copy:
# become: yes src: nextcloud.fact
# become_user: root dest: /etc/ansible/facts.d/nextcloud.fact
# lineinfile: mode: 0775
# path: "/etc/hosts" force: yes
# line: "{{ nextcloud_host }}\t{{ nextcloud_fqdn }}" tags:
# state: present - check_facts
# backup: yes
- name: Create fact directory - name: Check if nextcloud is unpacked
file: stat:
path: /etc/ansible/facts.d/ path: /var/www/html/config/config.sample.php
state: directory register: nextcloud_is_unpacked
- name: Create nextcloud custom facts - name: Reload facts
copy: setup:
src: nextcloud.fact tags:
dest: /etc/ansible/facts.d/nextcloud.fact - check_facts
mode: 0775
force: yes
tags:
- check_facts
- name: Check if nextcloud is unpacked - name: Pre tasks for Red Hat distros
stat: include_tasks: redhat_pre_tasks.yaml
path: /var/www/html/config/config.sample.php when:
register: nextcloud_is_unpacked ansible_facts['os_family'] == "RedHat"
- name: Reload facts
setup:
tags:
- check_facts
- name: Pre tasks for Red Hat distros
include_tasks: redhat_pre_tasks.yaml
when:
ansible_facts['os_family'] == "RedHat"

View file

@ -33,3 +33,13 @@
tags: tags:
- check_redis - check_redis
- name: Open up required firewall ports
block:
- name: Open ports for Redis service
ansible.posix.firewalld:
service: redis
permanent: yes
immediate: true
state: enabled
when: redis_firewalld_enabled | bool

View file

@ -0,0 +1,133 @@
---
# NextCloud
# The nexctloud_checksum changes with every release to get this string go to:
# https://download.nextcloud.com/server/releases/ and download the *.sha256 file
# for the proper version
## version
nextcloud_version: 29.0.2
nextcloud_checksum: "sha256:2d49d297dc340092021057823e8e78a312bc00f56de7d8677ac790590918ab17"
nextcloud_url: https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.tar.bz2
php_version: 8.3
## credentials
nextcloud_admin_user: admin
nextcloud_admin_password: UnaContraseñaBienDifícil.
## domain
nextcloud_fqdn: nx0.example.com
nextcloud_host_ip: "{{ hostvars['cs9-nc-nx0.test.virt.g02.org']['ansible_default_ipv4']['address'] }}"
nextcloud_hostname: nx0
## db
db_host: db0.example.com
nextcloud_db: nextcloud
nextcloud_db_user: nextcloud
nextcloud_db_user_password: Unacontraseñabien.
postgresql_firewalld_enabled: true
## LDAP
ldap_enabled: false
ldap_agent_password: cIBI4mLESN1nSrAPr7pX3350NPXkD3vExjr27X1ju
ldap_server_host: id0.example.com
ldapBase: "cn=users,cn=accounts,dc=softwarelibre,dc=mx"
ldapBaseGroups: "cn=users,cn=accounts,dc=softwarelibre,dc=mx"
ldapBaseUsers: "cn=users,cn=accounts,dc=softwarelibre,dc=mx"
ldapAgentName: "cn=Directory Manager"
ldapAgentPassword: "{{ ldap_agent_password }}"
ldapHost: "{{ ldap_server_host }}"
hasMemberOfFilterSupport: 1
ldapEmailAttribute: mail
ldapLoginFilter: "(&(&(|(objectclass=posixAccount)))(|(uid=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))))"
ldapPort: 389
ldapUserFilter: "(&(|(objectclass=posixAccount)))"
ldapUserFilterObjectclass: posixAccount
ldapConfigurationActive: 1
## occ
nextcloud_occ: "{{ nextcloud_path }}/occ"
## S3
nextcloud_s3_enabled: true
nextcloud_s3_hostname: fqdn_or_ip # change me
nextcloud_s3_key: usuario # change me
nextcloud_s3_secret: password_muy_difícil # change me
nextcloud_s3_bucket: contenedor # change me
## security
## Set this to true for production
nextcloud_config_is_read_only: true
nextcloud_firewalld_enabled: true
# Redis
redis_host: rds0.example.com
redis_user: nextcloud
redis_password: ParángariCutirimiNoMeAcuerdoCuaro
redis_url: "https://{{ redis_host }}"
redis_path: /etc/redis
redis_firewalld_enabled: true
# SSL
key_size: 4096
key_type: RSA # Others include DSA, ECC, Ed25519, Ed448, X25519, X448
country_name: MX
organization_name: Mi Organización bien chida, LTD
generate_self_signed_cert: true
# Colabora Online (coolwsd)
coolwsd_host: cl0.example.com
code_enable_ssl: false
code_enable_ssl_termination: true
code_ssl_key: ""
code_ssl_cert: ""
code_ssl_ca: ""
code_firewalld_enabled: true
## The only way to make notify_push work without a signed cert is to use plain http
notify_push_nextcloud_url: http://localhost
# reverse proxy
reverse_proxy_ip: "{{ hostvars['cs9-nc-nx0.test.virt.g02.org']['ansible_default_ipv4']['address'] }}"
# turn
turn_fqdn: turn0.example.com
turn_firewalld_enabled: false
turn_letsencrypt_certificate_enabled: true
turn_static_auth_secret: OtroSecretoBienSuperDifícilDeAdivinar
# nats
nats_fqdn: turn0.example.com
nats_firewalld_enabled: false
nats_letsencrypt_certificate_enabled: false
# signaling
signaling_fqdn: turn0.example.com
signaling_debug: false
signaling_firewalld_enabled: false
signaling_letsencrypt_certificate_enabled: true
signaling_connections_per_host: 16
signaling_backend_name: nextcloud
signaling_checksum: sha256:fb505651bab4f91f6c60d2308541e1bf695f4177aa4f92e01bc1c8982bd3db76
# janus
janus_firewalld_enabled: false
janus_letsencrypt_certificate_enabled: false
janus_stun_server_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
janus_turn_server_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
# nextcloud spreed (talk)
nextcloud_talk_turn_server: "{{ turn_fqdn }}"
nextcloud_talk_signaling_server: "https://{{ turn_fqdn }}:8443"
nextcloud_talk_signaling_server_secret: ElMegaSecretoDeSignalingQueNadieSabe.
nextcloud_talk_stun_server: "{{ turn_fqdn }}"

View file

@ -5,25 +5,26 @@
# https://download.nextcloud.com/server/releases/ and download the *.sha256 file # https://download.nextcloud.com/server/releases/ and download the *.sha256 file
# for the proper version # for the proper version
## version ## version
nextcloud_version: 28.0.3 nextcloud_version: 29.0.2
nextcloud_checksum: "sha256:9ed413c0de16f5b033ceeffcca99c0d61fc698dbeb8db851ac9adf9eef951906" nextcloud_checksum: "sha256:2d49d297dc340092021057823e8e78a312bc00f56de7d8677ac790590918ab17"
nextcloud_url: https://download.nextcloud.com/server/releases/nextcloud-28.0.3.tar.bz2 nextcloud_url: https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.tar.bz2
php_version: 8.2 php_version: 8.3
## credentials ## credentials
nextcloud_admin_user: el_admin nextcloud_admin_user: admin
nextcloud_admin_password: Una contraseña bien difícil. nextcloud_admin_password: UnaContraseñaBienDifícil.
## domain ## domain
nextcloud_fqdn: nextcloud.midominio.tld nextcloud_fqdn: cs9-nc-nx0.test.virt.g02.org
nextcloud_host_ip: 10.0.5.33 nextcloud_host_ip: "{{ hostvars['cs9-nc-nx0.test.virt.g02.org']['ansible_default_ipv4']['address'] }}"
nextcloud_hostname: nextcloud nextcloud_hostname: cs9-nc-nx0
## db ## db
db_host: 10.0.5.43 db_host: cs9-nc-db0.test.virt.g02.org
nextcloud_db: nextcloud nextcloud_db: nextcloud
nextcloud_db_user: nextcloud nextcloud_db_user: nextcloud
nextcloud_db_user_password: Una contraseña bien, pero bien difícil. nextcloud_db_user_password: Unacontraseñabien.
postgresql_firewalld_enabled: true
## LDAP ## LDAP
ldap_enabled: false ldap_enabled: false
@ -48,7 +49,7 @@ ldapConfigurationActive: 1
nextcloud_occ: "{{ nextcloud_path }}/occ" nextcloud_occ: "{{ nextcloud_path }}/occ"
## S3 ## S3
nextcloud_s3_enabled: true nextcloud_s3_enabled: false
nextcloud_s3_hostname: dirección_ip_o_hostname # cámbiame nextcloud_s3_hostname: dirección_ip_o_hostname # cámbiame
nextcloud_s3_key: usuario # cámbiame nextcloud_s3_key: usuario # cámbiame
nextcloud_s3_secret: password_muy_difícil # cámbiame nextcloud_s3_secret: password_muy_difícil # cámbiame
@ -57,14 +58,16 @@ nextcloud_s3_bucket: contenedor # cámbiame
## security ## security
## Set this to true for production ## Set this to true for production
nextcloud_config_is_read_only: true nextcloud_config_is_read_only: true
nextcloud_firewalld_enabled: true
# Redis # Redis
redis_host: 10.0.5.53 redis_host: cs9-nc-rds0.test.virt.g02.org
redis_user: nextcloud redis_user: nextcloud
redis_password: ParángariCutirimiNoMeAcuerdoCuaro redis_password: ParángariCutirimiNoMeAcuerdoCuaro
redis_url: "https://{{ redis_host }}" redis_url: "https://{{ redis_host }}"
redis_path: /etc/redis redis_path: /etc/redis
redis_firewalld_enabled: true
# SSL # SSL
@ -76,39 +79,40 @@ generate_self_signed_cert: true
# Colabora Online (coolwsd) # Colabora Online (coolwsd)
coolwsd_host: 10.0.5.64 coolwsd_host: cs9-nc-cl0.test.virt.g02.org
code_enable_ssl: false code_enable_ssl: false
code_enable_ssl_termination: true code_enable_ssl_termination: true
code_ssl_key: "" code_ssl_key: ""
code_ssl_cert: "" code_ssl_cert: ""
code_ssl_ca: "" code_ssl_ca: ""
code_firewalld_enabled: true
## The only way to make notify_push work without a signed cert is to use plain http ## The only way to make notify_push work without a signed cert is to use plain http
notify_push_nextcloud_url: http://localhost notify_push_nextcloud_url: http://localhost
# reverse proxy # reverse proxy
reverse_proxy_ip: 10.0.5.1 reverse_proxy_ip: "{{ hostvars['cs9-nc-nx0.test.virt.g02.org']['ansible_default_ipv4']['address'] }}"
# turn # turn
turn_fqdn: turn0.midominio.tld turn_fqdn: f40-nc-turn0.test.virt.g02.org
turn_firewalld_enabled: false turn_firewalld_enabled: false
turn_letsencrypt_certificate_enabled: true turn_letsencrypt_certificate_enabled: false
turn_static_auth_secret: OtroSecretoBienSuperDifícilDeAdivinar turn_static_auth_secret: OtroSecretoBienSuperDifícilDeAdivinar
# nats # nats
nats_fqdn: turn0.midominio.tld nats_fqdn: f40-nc-turn0.test.virt.g02.org
nats_firewalld_enabled: false nats_firewalld_enabled: false
nats_letsencrypt_certificate_enabled: false nats_letsencrypt_certificate_enabled: false
# signaling # signaling
signaling_fqdn: turn0.midominio.tld signaling_fqdn: f40-nc-turn0.test.virt.g02.org
signaling_debug: false signaling_debug: false
signaling_firewalld_enabled: false signaling_firewalld_enabled: false
signaling_letsencrypt_certificate_enabled: true signaling_letsencrypt_certificate_enabled: false
signaling_connections_per_host: 16 signaling_connections_per_host: 16
signaling_backend_name: nextcloud signaling_backend_name: nextcloud
signaling_checksum: sha256:fb505651bab4f91f6c60d2308541e1bf695f4177aa4f92e01bc1c8982bd3db76 signaling_checksum: sha256:fb505651bab4f91f6c60d2308541e1bf695f4177aa4f92e01bc1c8982bd3db76