majic-ansible-roles Changeset

Changeset - b70cbdc05748

Parent rev.

Child rev.

[Not reviewed]

0 1 0

Branko Majic (branko) - 15 months ago 2024-09-09 15:34:34
branko@majic.rs

MAR-218: Update the get_url invocation to use the new checksum attribute.

1 file changed with 1 insertions and 1 deletions:

docs/usage.rst

0 comments (0 inline, 0 general)

docs/usage.rst

➞

Show inline comments

           fqdn: nextcloud.example.com
           # TLS key and certificate to use for the virtual host.
           https_tls_certificate: "{{ lookup('file', '~/mysite/tls/nextcloud.example.com_https.pem') }}"
           https_tls_key: "{{ lookup('file', '~/mysite/tls/nextcloud.example.com_https.key') }}"
           # Additional packages required for deploying and running Nextcloud.
           packages:
             - php-gd
             - php-json
             - php-mysql
             - php-curl
             - php-intl
             - php-mbstring
             - php-imagick
             - php-ldap
             - php-xml
             - php-zip
             - php-gmp
             - python3-pexpect
             - php-apcu
             - php-bcmath
           # Set-up URL rewrites for well-known URIs (see https://en.wikipedia.org/wiki/Well-known_URIs).
           rewrites:
             - '^/\.well-known/carddav /remote.php/dav/ permanent'
             - '^/\.well-known/caldav /remote.php/dav/ permanent'
             - '^/remote/(.*) /remote.php last'
           # Prevent specific files from ever being served by the web server (for security reasons etc).
           deny_files_regex:
             - '^/(build|tests|config|lib|3rdparty|templates|data)/'
             - '^/(?:\.|autotest|occ|issue|indie|db_|console)'
           # Custom regex defining what files shouled be processed via PHP
           # interpreter.
           php_file_regex: \.php(?:$|/)
           # Not necessarily needed, but in case you have a policy on uid/gid
           # usage, this is useful. Take note that the uid value is also used
           # for the application group (gid == uid).
           uid: 2000
           admin_uid: 3000
         # Role that sets up a new dedicated database for our web
         # application.
         - role: database
           # This is both the database name, _and_ name of the database user
           # that will be granted full privileges on the database.
           db_name: nextcloud
           # Password for user used for accessing the database. Take note
           # that the user can only login from localhost.
           db_password: nextcloud
 . Now for my favourite part again - creating private keys and
    certificates!  Why?  Because the ``php_website`` role requires a
    private key/certificate pair to be deployed. So... Moving on:
 . Create new template for ``certtool``:
       :file:`~/mysite/tls/nextcloud.example.com_https.cfg`
       ::
          organization = "Example Inc."
          country = SE
          cn = "Example Inc. Cloud Service"
          expiration_days = 365
          dns_name = "nextcloud.example.com"
          tls_www_server
          signing_key
          encryption_key
 . Create the keys and certificates for the application::
         certtool --sec-param normal --generate-privkey --outfile ~/mysite/tls/nextcloud.example.com_https.key
         certtool --generate-certificate --load-ca-privkey ~/mysite/tls/ca.key --load-ca-certificate ~/mysite/tls/ca.pem --template ~/mysite/tls/nextcloud.example.com_https.cfg --load-privkey ~/mysite/tls/nextcloud.example.com_https.key --outfile ~/mysite/tls/nextcloud.example.com_https.pem
 . Time to get our hands a bit more dirty... Up until now we didn't
    have to write custom tasks, but that ends now.
    :file:`~/mysite/roles/nextcloud/tasks/main.yml`
    ::
       ---
       # Deployment
       # ==========
       - name: Download the application archive
         ansible.builtin.get_url:
           url: "https://download.nextcloud.com/server/releases/nextcloud-29.0.4.tar.bz2"
           dest: "/var/www/nextcloud.example.com/nextcloud-29.0.4.tar.gz"
-          sha256sum: "19c469e264b31ee80400f8396460854546569e88db4c15fc0854e192f96027eb"
+          checksum: "sha256:19c469e264b31ee80400f8396460854546569e88db4c15fc0854e192f96027eb"
         become: yes
         become_user: admin-nextcloud_example_com
       - name: Unpack the application archive
         ansible.builtin.unarchive:
           src: "/var/www/nextcloud.example.com/nextcloud-29.0.4.tar.gz"
           dest: "/var/www/nextcloud.example.com/"
           copy: no
           creates: "/var/www/nextcloud.example.com/nextcloud"
         become: yes
         become_user: admin-nextcloud_example_com
       # Majic Ansible Roles currently only support utf8 encoding.
       - name: Disable opportunistic use of utf8mb4 on fresh installs
         ansible.builtin.lineinfile:
           dest: "/var/www/nextcloud.example.com/nextcloud/lib/private/Setup/MySQL.php"
           line: "{{ '\t\t\t' }}$this->config->setValue('mysql.utf8mb4', true);"
           state: absent
       - name: Allow application user to install and update applications
         ansible.builtin.file:
           path: "/var/www/nextcloud.example.com/nextcloud/apps"
           mode: g+w
       - name: Allow CLI tool to be run by the user and group
         ansible.builtin.file:
           path: "/var/www/nextcloud.example.com/nextcloud/occ"
           mode: u+x,g+x
       - name: Create directory for storing data
         ansible.builtin.file:
           path: "/var/www/nextcloud.example.com/data"
           state: directory
           mode: 02770
           owner: "admin-nextcloud_example_com"
           group: "web-nextcloud_example_com"
       - name: Create directory for storing configuration files
         ansible.builtin.file:
           path: "/var/www/nextcloud.example.com/nextcloud/config"
           state: directory
           mode: 02750
           owner: "admin-nextcloud_example_com"
           group: "web-nextcloud_example_com"
       - name: Create an empty log file if it does not exist
         ansible.builtin.copy:
           content: ""
           dest: "/var/www/nextcloud.example.com/data/nextcloud.log"
           force: no
       - name: Set-up log file permissions
         ansible.builtin.file:
           path: "/var/www/nextcloud.example.com/data/nextcloud.log"
           owner: "admin-nextcloud_example_com"
           group: "web-nextcloud_example_com"
           mode: 0660
       - name: Symlink the default path used by the web server for finding application files
         ansible.builtin.file:
           src: "/var/www/nextcloud.example.com/nextcloud"
           dest: "/var/www/nextcloud.example.com/htdocs"
           state: link
           owner: "admin-nextcloud_example_com"
           group: "web-nextcloud_example_com"
         notify:
           - Restart PHP-FPM
       # Installation
       # ============
       - name: Get application installation status
         ansible.builtin.command: "/var/www/nextcloud.example.com/nextcloud/occ status"
         become: yes
         become_user: "admin-nextcloud_example_com"
         register: nextcloud_status
         changed_when: False
         failed_when: False
       - name: Check if application is installed
         ansible.builtin.set_fact:
           nextcloud_installed: "{{ 'Nextcloud is not installed' not in nextcloud_status.stderr }}"
       - name: Deploy installation script
         ansible.builtin.copy:
           src: "install_nextcloud.py"
           dest: "/var/www/nextcloud.example.com/install_nextcloud.py"
           owner: "admin-nextcloud_example_com"
           group: "web-nextcloud_example_com"
           mode: 0700
         when: "not nextcloud_installed"
       - name: Install application
         ansible.builtin.command: "/var/www/nextcloud.example.com/install_nextcloud.py"
         become: yes

0 comments (0 inline, 0 general)