Chabdeltsang/Neah-Enkun
Template
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Ajout des playbooks Ansible pour l'installation et la configuration de MySQL et Nextcloud, ainsi que la mise à jour des scripts de déploiement.

Browse Source
This commit is contained in:
Kevin 2025-02-24 18:17:27 +01:00
parent fefb6589b1
commit 7b3ef74768
6 changed files with 268 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ansible/playbooks/0_front.yml
View File

@ -21,7 +21,6 @@
retries: 3
delay: 5
tasks:
- name: Cloner le dépôt Git
git:
repo: "{{ git_repo }}"
@ -34,6 +33,7 @@
retries: 3
delay: 5
tasks:
- name: Lancer le service Front
command: "docker compose up -d --build --remove-orphans {{ front_service_name }}"
args:

15
ansible/playbooks/2_portainer.yml
View File

@ -5,11 +5,26 @@
gather_facts: true
vars:
git_repo: "https://gite.slm-lab.net/Chabdeltsang/Neah-Enkun.git"
git_dest: "/opt/Neah-Enkun"
git_branch: "master"
portainer_password: "@wp@36#@%yXo2@y78&$mXeN#6E@W2r9d"
portainer_service_name: "portainer"
portainer_password_file: "portainer_password"
pre_tasks:
- name: Cloner le dépôt Git
git:
repo: "{{ git_repo }}"
dest: "{{ git_dest }}"
version: "{{ git_branch }}"
update: true
force: true
register: git_status
until: git_status is success
retries: 3
delay: 5
tasks:
- name: Vérifier si le fichier de mot de passe existe déjà
stat:

102
ansible/playbooks/3_keycloak.yml
View File

@ -5,7 +5,9 @@
gather_facts: true
vars:
git_repo: "https://gite.slm-lab.net/Chabdeltsang/Neah-Enkun.git"
git_dest: "/opt/Neah-Enkun"
git_branch: "master"
keycloak_container: "neah-keycloak"
keycloak_server: "http://localhost:8080"
keycloak_realm: "master"
@ -43,6 +45,27 @@
web_origins:
- "http://neah.local"
- "http://localhost:3000"
keycloak_nextcloud_client:
client_id: "nextcloud"
client_secret: "d27b68dbb0f2eb2012837ed5f71e91015465ab72b93d50b3409962dad7812429"
root_url: "http://cloud.neah.local/"
redirect_uris:
- "http://cloud.neah.local/*"
web_origins:
- "http://cloud.neah.local"
pre_tasks:
- name: Cloner le dépôt Git
git:
repo: "{{ git_repo }}"
dest: "{{ git_dest }}"
version: "{{ git_branch }}"
update: true
force: true
register: git_status
until: git_status is success
retries: 3
delay: 5
tasks:
- name: Lancer le service Keycloak
@ -203,6 +226,85 @@
debug:
msg: "Erreur lors de la configuration du mapper realm roles"
- name: Configurer le client Nextcloud
block:
- name: Créer le client Nextcloud
shell: >
docker exec {{ keycloak_container }} {{ keycloak_bin }} create clients -r {{ keycloak_realm }}
-s clientId={{ keycloak_nextcloud_client.client_id }}
-s secret={{ keycloak_nextcloud_client.client_secret }}
-s protocol=openid-connect
-s publicClient=false
-s authorizationServicesEnabled=true
-s serviceAccountsEnabled=true
-s standardFlowEnabled=true
-s implicitFlowEnabled=false
-s directAccessGrantsEnabled=true
-s rootUrl={{ keycloak_nextcloud_client.root_url }}
-s baseUrl={{ keycloak_nextcloud_client.root_url }}
-s 'redirectUris=["{{ keycloak_nextcloud_client.redirect_uris | join('","') }}"]'
-s 'webOrigins=["{{ keycloak_nextcloud_client.web_origins | join('","') }}"]'
register: create_nextcloud_client
until: create_nextcloud_client is success
retries: 3
delay: 5
- name: Récupérer l'ID du client Nextcloud
shell: >
docker exec {{ keycloak_container }} {{ keycloak_bin }} get clients -r {{ keycloak_realm }}
-q clientId={{ keycloak_nextcloud_client.client_id }} --format json
register: get_client_id
until: get_client_id is success
retries: 3
delay: 5
- name: Extraire l'ID du client
set_fact:
nextcloud_client_id: "{{ (get_client_id.stdout | from_json)[0].id }}"
- name: Configurer les mappers pour Nextcloud
shell: >
docker exec {{ keycloak_container }} {{ keycloak_bin }}
create clients/{{ nextcloud_client_id }}/protocol-mappers/models
-r {{ keycloak_realm }}
-s name="{{ item.name }}"
-s protocol="openid-connect"
-s protocolMapper="{{ item.mapper }}"
-s 'config."id.token.claim"=true'
-s 'config."access.token.claim"=true'
-s 'config."userinfo.token.claim"=true'
-s 'config."claim.name"="{{ item.claim }}"'
with_items:
- {
name: "username",
mapper: "oidc-usermodel-property-mapper",
claim: "preferred_username",
}
- {
name: "email",
mapper: "oidc-usermodel-property-mapper",
claim: "email",
}
- {
name: "name",
mapper: "oidc-usermodel-property-mapper",
claim: "name",
}
- {
name: "roles",
mapper: "oidc-usermodel-realm-role-mapper",
claim: "roles",
}
register: create_nextcloud_mappers
until: create_nextcloud_mappers is success
retries: 3
delay: 5
when: check_config.rc != 0
rescue:
- name: Gérer les erreurs de création du client Nextcloud
debug:
msg: "Erreur lors de la création du client Nextcloud"
- name: Supprimer l'administrateur temporaire
block:
- name: Récupérer les informations

64
ansible/playbooks/4_mysql.yml Normal file
View File

@ -0,0 +1,64 @@
---
- name: Installer et configurer MySQL
hosts: servers
become: true
gather_facts: true
vars:
git_repo: "https://gite.slm-lab.net/Chabdeltsang/Neah-Enkun.git"
git_dest: "/opt/Neah-Enkun"
git_branch: "master"
mysql_container: "neah-mysql"
mysql_root_password: "36fe52ed4402730b8ef12d1bbd259862f710e14f147386caaaee74720d5d3cbb"
mysql_database: "nextcloud"
mysql_user: "enkun"
pre_tasks:
- name: Cloner le dépôt Git
git:
repo: "{{ git_repo }}"
dest: "{{ git_dest }}"
version: "{{ git_branch }}"
update: true
force: true
register: git_status
until: git_status is success
retries: 3
delay: 5
tasks:
- name: Lancer le service MySQL
command: "docker compose up -d --build --remove-orphans mysql"
args:
chdir: "{{ git_dest }}"
register: mysql_launch
until: mysql_launch is success
retries: 3
delay: 5
- name: Créer la base de données Nextcloud
shell: >
docker exec {{ mysql_container }} mysql -u root -p{{ mysql_root_password }}
-e "CREATE DATABASE IF NOT EXISTS {{ mysql_database }} CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;"
register: create_db
until: create_db is success
retries: 3
delay: 5
- name: Créer l'utilisateur MySQL
shell: >
docker exec {{ mysql_container }} mysql -u root -p{{ mysql_root_password }}
-e "CREATE USER IF NOT EXISTS '{{ mysql_user }}'@'%' IDENTIFIED BY '{{ mysql_root_password }}';"
register: create_user
until: create_user is success
retries: 3
delay: 5
- name: Ajouter les droits à l'utilisateur sur la base de données
shell: >
docker exec {{ mysql_container }} mysql -u root -p{{ mysql_root_password }}
-e "GRANT ALL PRIVILEGES ON {{ mysql_database }}.* TO '{{ mysql_user }}'@'%'; FLUSH PRIVILEGES;"
register: grant_privileges
until: grant_privileges is success
retries: 3
delay: 5

84
ansible/playbooks/5_nextcloud.yml Normal file
View File

@ -0,0 +1,84 @@
---
- name: Installer et configurer Keycloak
hosts: servers
become: true
gather_facts: true
vars:
git_repo: "https://gite.slm-lab.net/Chabdeltsang/Neah-Enkun.git"
git_dest: "/opt/Neah-Enkun"
git_branch: "master"
nextcloud_container: "neah-nextcloud"
trusted_domains:
- "cloud.neah.local"
- "localhost"
keycloak_client_id: "nextcloud"
keycloak_client_secret: "d27b68dbb0f2eb2012837ed5f71e91015465ab72b93d50b3409962dad7812429"
keycloak_url: "http://connect.neah.local/auth"
keycloak_realm: "master"
pre_tasks:
- name: Cloner le dépôt Git
git:
repo: "{{ git_repo }}"
dest: "{{ git_dest }}"
version: "{{ git_branch }}"
update: true
force: true
register: git_status
until: git_status is success
retries: 3
delay: 5
tasks:
- name: Lancer le service Nextcloud
command: "docker compose up -d --build --remove-orphans nextcloud"
args:
chdir: "{{ git_dest }}"
register: nextcloud_launch
until: nextcloud_launch is success
retries: 3
delay: 5
- name: Configurer les domaines de confiance
shell: >
docker exec -u 33 {{ nextcloud_container }} php occ config:system:set trusted_domains {{ item.0 }} --value={{ item.1 }}
with_indexed_items: "{{ trusted_domains }}"
register: trusted_domains_config
until: trusted_domains_config is success
retries: 3
delay: 5
- name: Installer l'application SSO & SAML
shell: >
docker exec -u 33 {{ nextcloud_container }} php occ app:install user_oidc
register: install_sso
until: install_sso is success
retries: 3
delay: 5
- name: Activer l'application SSO
shell: >
docker exec -u 33 {{ nextcloud_container }} php occ app:enable user_oidc
register: enable_sso
until: enable_sso is success
retries: 3
delay: 5
- name: Configurer le provider Keycloak
shell: >
docker exec -u 33 {{ nextcloud_container }} php occ user_oidc:provider keycloak
-c {{ keycloak_client_id }}
-s {{ keycloak_client_secret }}
-d {{ keycloak_url }}/realms/{{ keycloak_realm }}/.well-known/openid-configuration
--mapping-uid preferred_username
--mapping-display-name name
--mapping-email email
--mapping-groups groups
--mapping-quota quota
--unique-uid preferred_username
--group-provisioning true
register: config_keycloak
until: config_keycloak is success
retries: 3
delay: 5

2
ansible/run_playbooks.sh
View File

@ -13,6 +13,8 @@ PLAYBOOKS=(
"playbooks/1_docker.yml"
"playbooks/2_portainer.yml"
"playbooks/3_keycloak.yml"
"playbooks/4_mysql.yml"
"playbooks/5_nextcloud.yml"
"playbooks/0_front.yml"
)