nextcloud: Eigener PHP-FPM-Master pro Nextcloud-Instanz

2022-07-26 16:44:42 +02:00 · 2022-07-26 16:44:42 +02:00 · a996e6ebeb
commit a996e6ebeb
parent 230c3f538f
19 changed files with 231 additions and 105 deletions
--- a/tasks/apache.yml
+++ b/tasks/apache.yml
@ -1,14 +1,14 @@
 ---
- name: "apache: {{ instance.domain }}: Seite einrichten"
+- name: "apache: {{ instance.name }}: Seite einrichten"
  lineinfile:
    path: /etc/apache2/conf-available/nextcloud_sites.conf
    insertafter: "^Ansbile"
-    line: "Use NCSite {{ instance.domain }} {{ instance.user }}"
+    line: "Use NCSite {{ instance.name }} {{ instance.user }}"
  notify: reload apache

 - name: "apache: {{ instance.alias }}: Alias einrichten"
  template:
    src: apache_alias.j2
-    dest: "/etc/apache2/conf-available/{{ instance.domain }}.alias.conf"
+    dest: "/etc/apache2/conf-available/{{ instance.name }}.alias.conf"
  notify: reload apache
  when: instance.alias is defined
--- a/tasks/common.yml
+++ b/tasks/common.yml
@ -1,12 +1,14 @@
 ---
 - name: "common | Apache-Module laden"
  apache2_module:
-    state: present
-    name: "{{ item }}"
-  with_items:
-    - macro
-    - proxy_fcgi
-    - setenvif
+    name: "{{ item.name }}"
+    state: "{{ item.state|default('present') }}"
+  loop:
+    - { name: macro }
+    - { name: mpm_prefork, state: absent }
+    - { name: mpm_event }
+    - { name: proxy_fcgi }
+    - { name: setenvif }
  notify: restart apache

 - name: "common | Apache-Vorlage für Seitenkonfiguration kopieren"
@ -21,6 +23,11 @@
    state: link
  notify: reload apache

+- name: common | Erstelle PHP-FPM-Log-Verzeichnis
+  file:
+    path: "{{ php_fpm_log_dir }}"
+    state: directory
+
 - name: "common | Kopiere PHP-CLI-Konfiguration"
  copy:
    src: ../roles/nextcloud/files/30-sao-nextcloud.ini
@ -32,6 +39,33 @@
    dest: "/etc/php/{{ php_version.stdout }}/cli/conf.d/30-sao-nextcloud.ini"
    state: link

+- name: "common | Kopiere Template für systemd socket"
+  copy:
+    src: "../roles/nextcloud/files/systemd/php-fpm@.socket"
+    dest: /etc/systemd/system/php-fpm@.socket
+  notify:
+    - stop php-fpm-socket
+    - stop php-fpm-service
+    - start php-fpm-socket
+
+- name: "common | Kopiere Template für systemd service"
+  template:
+    src: ../roles/nextcloud/templates/systemd/php-fpm@.service.j2
+    dest: /etc/systemd/system/php-fpm@.service
+  notify:
+    - stop php-fpm-socket
+    - stop php-fpm-service
+    - start php-fpm-socket
+
+- name: "common | Aktiviere systemd Socket und Service"
+  systemd:
+    name: "{{ item }}"
+    enabled: true
+    daemon_reload: true
+  loop:
+    - php-fpm@.socket
+    - php-fpm@.service
+
 - name: "common | Kopiere Update-Skript"
  template:
    src: ../roles/nextcloud/templates/nextcloud-updater.j2
--- a/tasks/database.yml
+++ b/tasks/database.yml
@ -1,5 +1,5 @@
 ---
- name: "database: {{ instance.domain }}: Datenbank einrichten"
+- name: "database | {{ instance.name }} | Datenbank einrichten"
  mysql_db:
    name: "{{ instance.database }}"
    state: present
@ -8,7 +8,7 @@
    config_file: /etc/mysql/debian.cnf
  delegate_to: "{{ database_host }}"

- name: "database: {{ instance.domain }}: Benutzer einrichten"
+- name: "database | {{ instance.name }} | Benutzer einrichten"
  mysql_user:
    name: "{{ instance.database }}"
    host: "{{ inventory_hostname }}"
--- a/tasks/gateway.yml
+++ b/tasks/gateway.yml
@ -1,13 +1,13 @@
 ---
- name: "gateway: {{ instance.domain }}: Domain zur Zertifikatsliste hinzufügen"
+- name: "gateway: {{ instance.name }}: Domain zur Zertifikatsliste hinzufügen"
  lineinfile:
    path: /etc/dehydrated/domains.txt
    insertafter: "^# nextcloud"
-    line: "{{ instance.domain }}"
+    line: "{{ instance.name }}"
  register: dehydrated
  delegate_to: "{{ gateway_host }}"

- name: "gateway: {{ instance.domain }}: Alias zur Zertifikatsliste hinzufügen"
+- name: "gateway: {{ instance.name }}: Alias zur Zertifikatsliste hinzufügen"
  lineinfile:
    path: /etc/dehydrated/domains.txt
    insertafter: "^# nextcloud"
@ -17,24 +17,24 @@
  delegate_to: "{{ gateway_host }}"
  loop: "{{ instance.alias }}"

- name: "gateway: {{ instance.domain }}: Zertifikat erstellen"
+- name: "gateway: {{ instance.name }}: Zertifikat erstellen"
  command: dehydrated --cron -g
  delegate_to: "{{ gateway_host }}"
  when: dehydrated.changed

- name: "gateway: {{ instance.domain }}: Proxy einrichten"
+- name: "gateway: {{ instance.name }}: Proxy einrichten"
  template:
    src: nginx_site.j2
-    dest: "/etc/nginx/sites-available/{{ instance.domain }}"
+    dest: "/etc/nginx/sites-available/{{ instance.name }}"
    owner: root
    group: root
    mode: 0644
  delegate_to: "{{ gateway_host }}"

- name: "gateway: {{ instance.domain }}: Seite aktivieren"
+- name: "gateway: {{ instance.name }}: Seite aktivieren"
  file:
-    src: "/etc/nginx/sites-available/{{ instance.domain }}"
-    dest: "/etc/nginx/sites-enabled/{{ instance.domain }}"
+    src: "/etc/nginx/sites-available/{{ instance.name }}"
+    dest: "/etc/nginx/sites-enabled/{{ instance.name }}"
    state: link
  notify: reload nginx
  delegate_to: "{{ gateway_host }}"
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -8,6 +8,9 @@
 - import_tasks: database.yml
  tags: database

+- import_tasks: user.yml
+  tags: user
+
 - import_tasks: php.yml
  tags: php

@ -23,4 +26,4 @@
  tags: configuration

 - import_tasks: fixes.yml
-  tags: fixes
+  tags: fixes
--- a/tasks/nextcloud.yml
+++ b/tasks/nextcloud.yml
@ -1,11 +1,11 @@
 ---
- name: "nextcloud: {{ instance.domain }}: Verzeichnis prüfen"
+- name: "nextcloud: {{ instance.name }}: Verzeichnis prüfen"
  file:
    path: "{{ nextcloud_install_path }}"
    mode: 0755
    state: directory

- name: "nextcloud: {{ instance.domain }}: herunterladen und entpacken"
+- name: "nextcloud: {{ instance.name }}: herunterladen und entpacken"
  unarchive:
    src: "{{ nextcloud_dl_url }}/{{ nextcloud_version }}.tar.bz2"
    remote_src: true
@ -16,7 +16,7 @@
    group: "{{ user }}"
    mode: 0755

- name: "nextcloud: {{ instance.domain }}: Installation"
+- name: "nextcloud: {{ instance.name }}: Installation"
  command: >
    php "{{ nextcloud_install_path }}"/occ maintenance:install --database "mysql"
    --database-name "{{ instance.database }}" --database-user "{{ instance.database }}"
--- a/tasks/nextcloud_configuration.yml
+++ b/tasks/nextcloud_configuration.yml
@ -1,5 +1,5 @@
 ---
- name: "configuration: {{ instance.domain }}: trusted domains einrichten"
+- name: "configuration: {{ instance.name }}: trusted domains einrichten"
  command: 'php {{ nextcloud_install_path }}/occ config:system:set trusted_domains {{ item.0 }} --value "{{ item.1 }}"'
  become: true
  become_user: "{{ instance.user }}"
@ -7,15 +7,15 @@
  with_indexed_items:
    - '{{ nextcloud_trusted_domains  }}'

- name: "configuration: {{ instance.domain }}: cron einrichten"
+- name: "configuration: {{ instance.name }}: cron einrichten"
  cron:
-    name: "nextcloud {{ instance.domain }}"
+    name: "nextcloud {{ instance.name }}"
    minute: "*/5"
    user: "{{ instance.user }}"
    job: "php -f {{ nextcloud_install_path}}/cron.php"
    cron_file: "nextcloud"

- name: "configuration: {{ instance.domain }}: allgemeie Konfiguration"
+- name: "configuration: {{ instance.name }}: allgemeie Konfiguration"
  command: "{{ item }}"
  become: true
  become_user: "{{ instance.user }}"
@ -24,14 +24,14 @@
    - 'php {{ nextcloud_install_path }}/occ config:system:set memcache.local --value "\\OC\\Memcache\\APCu"'
    - 'php {{ nextcloud_install_path }}/occ config:system:set memcache.distributed --value "\OC\Memcache\Redis"'
    - "php {{ nextcloud_install_path }}/occ background:cron"
-    - 'php {{ nextcloud_install_path }}/occ config:system:set overwrite.cli.url --value https://{{ instance.domain }}'
+    - 'php {{ nextcloud_install_path }}/occ config:system:set overwrite.cli.url --value https://{{ instance.name }}'
    - 'php {{ nextcloud_install_path }}/occ config:system:set htaccess.RewriteBase --value /'
    - 'php {{ nextcloud_install_path }}/occ maintenance:update:htaccess'
    - 'php {{ nextcloud_install_path }}/occ config:system:set default_language --value "de"'
    - 'php {{ nextcloud_install_path }}/occ config:system:set default_phone_region --value "DE"'
    - 'php {{ nextcloud_install_path }}/occ config:system:set loglevel --value "1"'

- name: "configuration: {{ instance.domain }}: Mailversand einrichten"
+- name: "configuration: {{ instance.name }}: Mailversand einrichten"
  blockinfile:
    path: "{{ nextcloud_config_file }}"
    insertbefore: '^\);'
@ -45,7 +45,7 @@
        'mail_smtphost' => '{{ nextcloud_smtp_host }}',
        'mail_smtpport' => '{{ nextcloud_smtp_port}}',

- name: "configuration: {{ instance.domain }}: Filelocking"
+- name: "configuration: {{ instance.name }}: Filelocking"
  blockinfile:
    path: "{{ nextcloud_config_file }}"
    insertbefore: '^\);'
@ -60,7 +60,7 @@
             'timeout' => 1.5,
        ),

- name: "configuration: {{ instance.domain }}: trusted proxies einrichten"
+- name: "configuration: {{ instance.name }}: trusted proxies einrichten"
  command: 'php {{ nextcloud_install_path }}/occ config:system:set trusted_proxies {{ item.0 }} --value "{{ item.1 }}"'
  become: true
  become_user: "{{ instance.user }}"
--- a/tasks/php.yml
+++ b/tasks/php.yml
@ -1,18 +1,32 @@
 ---
- name: "php: {{ instance.domain }}: FPM-Nutzer anlegen"
-  user:
-    name: "{{ instance.user }}"
-    create_home: no
-    password: "!"
-    groups: redis
-    shell: /bin/false
-    state: present
-
- name: "php: {{ instance.domain }}: FPM-Pool einrichten"
+- name: "php | {{ instance.name }} | FPM-Pool kopieren"
  template:
    src: php_fpm_pool.j2
-    dest: "/etc/php/{{ php_version.stdout }}/fpm/pool.d/{{ instance.user }}.conf"
+    dest: "/etc/php/{{ php_version.stdout }}/fpm/pool.d/{{ instance.user }}.cfg"
    owner: root
    group: root
    mode: 0644
-  notify: restart phpfpm
+  notify:
+    - stop php-fpm-socket
+    - stop php-fpm-service
+    - start php-fpm-socket
+
+- name: "php | {{ instance.name }} | Erstelle Log-Datei"
+  file:
+    path: "{{ php_fpm_log_dir }}/{{ instance.user }}.log"
+    state: touch
+    owner: "{{ instance.user }}"
+    group: "{{ instance.user }}"
+
+- name: "php | {{ instance.name }} | Aktiviere systemd Socket"
+  systemd:
+    name: "php-fpm@{{ instance.user }}.socket"
+    enabled: true
+    state: started
+    daemon_reload: true
+
+- name: "php | {{ instance.name }} | Aktiviere systemd Service"
+  systemd:
+    name: "php-fpm@{{ instance.user }}.service"
+    enabled: true
+    daemon-reload: true
--- a/tasks/redis.yml
+++ b/tasks/redis.yml
@ -13,7 +13,7 @@

 - name: "redis: Ermittle Anzahl der NC-Instanzen"
  set_fact:
-    instances_number: "{{ instances | length }}"
+    instances_number: "{{ nextcloud_instances | length }}"

 - name: "redis: Konfiguriere Anzahl der Datenbanken"
  lineinfile:
--- a/tasks/user.yml
+++ b/tasks/user.yml
@ -0,0 +1,15 @@
+---
+- name: "user | {{ instance.name }} | Nextcloud-System-Nutzer anlegen"
+  user:
+    name: "{{ instance.user }}"
+    create_home: false
+    password_lock: true
+    groups: redis
+    shell: /bin/false
+    state: present
+
+- name: "user | {{ instance.name }} | Füge www-data zur Nextcloud-Nutzer-Gruppe hinzu"
+  user:
+    name: www-data
+    groups: "{{ instance.user }}"
+    append: true
--- a/tasks/version.yml
+++ b/tasks/version.yml
@ -1,12 +1,12 @@
 ---
- name: "version: {{ instance.domain }}: Prüfe NC-Installation"
+- name: "version: {{ instance.name }}: Prüfe NC-Installation"
  stat:
    path: "{{ nextcloud_install_path }}/version.php"
  register: nc_is_installed
  check_mode: false
  changed_when: false

- name: "version: {{ instance.domain }}: Prüfe NC-Version"
+- name: "version: {{ instance.name }}: Prüfe NC-Version"
  shell:
    cmd: php ./occ -V | awk '{print $NF}'
    chdir: "{{ nextcloud_install_path }}"