From 7b3ef7476831168c4aa83b5907b4267991445605 Mon Sep 17 00:00:00 2001 From: Kevin Date: Mon, 24 Feb 2025 18:17:27 +0100 Subject: [PATCH] =?UTF-8?q?Ajout=20des=20playbooks=20Ansible=20pour=20l'in?= =?UTF-8?q?stallation=20et=20la=20configuration=20de=20MySQL=20et=20Nextcl?= =?UTF-8?q?oud,=20ainsi=20que=20la=20mise=20=C3=A0=20jour=20des=20scripts?= =?UTF-8?q?=20de=20d=C3=A9ploiement.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ansible/playbooks/0_front.yml | 2 +- ansible/playbooks/2_portainer.yml | 15 +++++ ansible/playbooks/3_keycloak.yml | 102 ++++++++++++++++++++++++++++++ ansible/playbooks/4_mysql.yml | 64 +++++++++++++++++++ ansible/playbooks/5_nextcloud.yml | 84 ++++++++++++++++++++++++ ansible/run_playbooks.sh | 2 + 6 files changed, 268 insertions(+), 1 deletion(-) create mode 100644 ansible/playbooks/4_mysql.yml create mode 100644 ansible/playbooks/5_nextcloud.yml diff --git a/ansible/playbooks/0_front.yml b/ansible/playbooks/0_front.yml index 8261ee4..36ede02 100644 --- a/ansible/playbooks/0_front.yml +++ b/ansible/playbooks/0_front.yml @@ -21,7 +21,6 @@ retries: 3 delay: 5 - tasks: - name: Cloner le dépôt Git git: repo: "{{ git_repo }}" @@ -34,6 +33,7 @@ retries: 3 delay: 5 + tasks: - name: Lancer le service Front command: "docker compose up -d --build --remove-orphans {{ front_service_name }}" args: diff --git a/ansible/playbooks/2_portainer.yml b/ansible/playbooks/2_portainer.yml index 4c2f698..737a40e 100644 --- a/ansible/playbooks/2_portainer.yml +++ b/ansible/playbooks/2_portainer.yml @@ -5,11 +5,26 @@ gather_facts: true vars: + git_repo: "https://gite.slm-lab.net/Chabdeltsang/Neah-Enkun.git" git_dest: "/opt/Neah-Enkun" + git_branch: "master" portainer_password: "@wp@36#@%yXo2@y78&$mXeN#6E@W2r9d" portainer_service_name: "portainer" portainer_password_file: "portainer_password" + pre_tasks: + - name: Cloner le dépôt Git + git: + repo: "{{ git_repo }}" + dest: "{{ git_dest }}" + version: "{{ git_branch }}" + update: true + force: true + register: git_status + until: git_status is success + retries: 3 + delay: 5 + tasks: - name: Vérifier si le fichier de mot de passe existe déjà stat: diff --git a/ansible/playbooks/3_keycloak.yml b/ansible/playbooks/3_keycloak.yml index 5d3eecc..0d25099 100644 --- a/ansible/playbooks/3_keycloak.yml +++ b/ansible/playbooks/3_keycloak.yml @@ -5,7 +5,9 @@ gather_facts: true vars: + git_repo: "https://gite.slm-lab.net/Chabdeltsang/Neah-Enkun.git" git_dest: "/opt/Neah-Enkun" + git_branch: "master" keycloak_container: "neah-keycloak" keycloak_server: "http://localhost:8080" keycloak_realm: "master" @@ -43,6 +45,27 @@ web_origins: - "http://neah.local" - "http://localhost:3000" + keycloak_nextcloud_client: + client_id: "nextcloud" + client_secret: "d27b68dbb0f2eb2012837ed5f71e91015465ab72b93d50b3409962dad7812429" + root_url: "http://cloud.neah.local/" + redirect_uris: + - "http://cloud.neah.local/*" + web_origins: + - "http://cloud.neah.local" + + pre_tasks: + - name: Cloner le dépôt Git + git: + repo: "{{ git_repo }}" + dest: "{{ git_dest }}" + version: "{{ git_branch }}" + update: true + force: true + register: git_status + until: git_status is success + retries: 3 + delay: 5 tasks: - name: Lancer le service Keycloak @@ -203,6 +226,85 @@ debug: msg: "Erreur lors de la configuration du mapper realm roles" + - name: Configurer le client Nextcloud + block: + - name: Créer le client Nextcloud + shell: > + docker exec {{ keycloak_container }} {{ keycloak_bin }} create clients -r {{ keycloak_realm }} + -s clientId={{ keycloak_nextcloud_client.client_id }} + -s secret={{ keycloak_nextcloud_client.client_secret }} + -s protocol=openid-connect + -s publicClient=false + -s authorizationServicesEnabled=true + -s serviceAccountsEnabled=true + -s standardFlowEnabled=true + -s implicitFlowEnabled=false + -s directAccessGrantsEnabled=true + -s rootUrl={{ keycloak_nextcloud_client.root_url }} + -s baseUrl={{ keycloak_nextcloud_client.root_url }} + -s 'redirectUris=["{{ keycloak_nextcloud_client.redirect_uris | join('","') }}"]' + -s 'webOrigins=["{{ keycloak_nextcloud_client.web_origins | join('","') }}"]' + register: create_nextcloud_client + until: create_nextcloud_client is success + retries: 3 + delay: 5 + + - name: Récupérer l'ID du client Nextcloud + shell: > + docker exec {{ keycloak_container }} {{ keycloak_bin }} get clients -r {{ keycloak_realm }} + -q clientId={{ keycloak_nextcloud_client.client_id }} --format json + register: get_client_id + until: get_client_id is success + retries: 3 + delay: 5 + + - name: Extraire l'ID du client + set_fact: + nextcloud_client_id: "{{ (get_client_id.stdout | from_json)[0].id }}" + + - name: Configurer les mappers pour Nextcloud + shell: > + docker exec {{ keycloak_container }} {{ keycloak_bin }} + create clients/{{ nextcloud_client_id }}/protocol-mappers/models + -r {{ keycloak_realm }} + -s name="{{ item.name }}" + -s protocol="openid-connect" + -s protocolMapper="{{ item.mapper }}" + -s 'config."id.token.claim"=true' + -s 'config."access.token.claim"=true' + -s 'config."userinfo.token.claim"=true' + -s 'config."claim.name"="{{ item.claim }}"' + with_items: + - { + name: "username", + mapper: "oidc-usermodel-property-mapper", + claim: "preferred_username", + } + - { + name: "email", + mapper: "oidc-usermodel-property-mapper", + claim: "email", + } + - { + name: "name", + mapper: "oidc-usermodel-property-mapper", + claim: "name", + } + - { + name: "roles", + mapper: "oidc-usermodel-realm-role-mapper", + claim: "roles", + } + register: create_nextcloud_mappers + until: create_nextcloud_mappers is success + retries: 3 + delay: 5 + when: check_config.rc != 0 + rescue: + - name: Gérer les erreurs de création du client Nextcloud + debug: + msg: "Erreur lors de la création du client Nextcloud" + - name: Supprimer l'administrateur temporaire block: - name: Récupérer les informations diff --git a/ansible/playbooks/4_mysql.yml b/ansible/playbooks/4_mysql.yml new file mode 100644 index 0000000..a7b0cee --- /dev/null +++ b/ansible/playbooks/4_mysql.yml @@ -0,0 +1,64 @@ +--- +- name: Installer et configurer MySQL + hosts: servers + become: true + gather_facts: true + + vars: + git_repo: "https://gite.slm-lab.net/Chabdeltsang/Neah-Enkun.git" + git_dest: "/opt/Neah-Enkun" + git_branch: "master" + mysql_container: "neah-mysql" + mysql_root_password: "36fe52ed4402730b8ef12d1bbd259862f710e14f147386caaaee74720d5d3cbb" + mysql_database: "nextcloud" + mysql_user: "enkun" + + pre_tasks: + - name: Cloner le dépôt Git + git: + repo: "{{ git_repo }}" + dest: "{{ git_dest }}" + version: "{{ git_branch }}" + update: true + force: true + register: git_status + until: git_status is success + retries: 3 + delay: 5 + + tasks: + - name: Lancer le service MySQL + command: "docker compose up -d --build --remove-orphans mysql" + args: + chdir: "{{ git_dest }}" + register: mysql_launch + until: mysql_launch is success + retries: 3 + delay: 5 + + - name: Créer la base de données Nextcloud + shell: > + docker exec {{ mysql_container }} mysql -u root -p{{ mysql_root_password }} + -e "CREATE DATABASE IF NOT EXISTS {{ mysql_database }} CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;" + register: create_db + until: create_db is success + retries: 3 + delay: 5 + + - name: Créer l'utilisateur MySQL + shell: > + docker exec {{ mysql_container }} mysql -u root -p{{ mysql_root_password }} + -e "CREATE USER IF NOT EXISTS '{{ mysql_user }}'@'%' IDENTIFIED BY '{{ mysql_root_password }}';" + register: create_user + until: create_user is success + retries: 3 + delay: 5 + + - name: Ajouter les droits à l'utilisateur sur la base de données + shell: > + docker exec {{ mysql_container }} mysql -u root -p{{ mysql_root_password }} + -e "GRANT ALL PRIVILEGES ON {{ mysql_database }}.* TO '{{ mysql_user }}'@'%'; FLUSH PRIVILEGES;" + register: grant_privileges + until: grant_privileges is success + retries: 3 + delay: 5 diff --git a/ansible/playbooks/5_nextcloud.yml b/ansible/playbooks/5_nextcloud.yml new file mode 100644 index 0000000..cbea59d --- /dev/null +++ b/ansible/playbooks/5_nextcloud.yml @@ -0,0 +1,84 @@ +--- +- name: Installer et configurer Keycloak + hosts: servers + become: true + gather_facts: true + + vars: + git_repo: "https://gite.slm-lab.net/Chabdeltsang/Neah-Enkun.git" + git_dest: "/opt/Neah-Enkun" + git_branch: "master" + nextcloud_container: "neah-nextcloud" + trusted_domains: + - "cloud.neah.local" + - "localhost" + keycloak_client_id: "nextcloud" + keycloak_client_secret: "d27b68dbb0f2eb2012837ed5f71e91015465ab72b93d50b3409962dad7812429" + keycloak_url: "http://connect.neah.local/auth" + keycloak_realm: "master" + + pre_tasks: + - name: Cloner le dépôt Git + git: + repo: "{{ git_repo }}" + dest: "{{ git_dest }}" + version: "{{ git_branch }}" + update: true + force: true + register: git_status + until: git_status is success + retries: 3 + delay: 5 + + tasks: + - name: Lancer le service Nextcloud + command: "docker compose up -d --build --remove-orphans nextcloud" + args: + chdir: "{{ git_dest }}" + register: nextcloud_launch + until: nextcloud_launch is success + retries: 3 + delay: 5 + + - name: Configurer les domaines de confiance + shell: > + docker exec -u 33 {{ nextcloud_container }} php occ config:system:set trusted_domains {{ item.0 }} --value={{ item.1 }} + with_indexed_items: "{{ trusted_domains }}" + register: trusted_domains_config + until: trusted_domains_config is success + retries: 3 + delay: 5 + + - name: Installer l'application SSO & SAML + shell: > + docker exec -u 33 {{ nextcloud_container }} php occ app:install user_oidc + register: install_sso + until: install_sso is success + retries: 3 + delay: 5 + + - name: Activer l'application SSO + shell: > + docker exec -u 33 {{ nextcloud_container }} php occ app:enable user_oidc + register: enable_sso + until: enable_sso is success + retries: 3 + delay: 5 + + - name: Configurer le provider Keycloak + shell: > + docker exec -u 33 {{ nextcloud_container }} php occ user_oidc:provider keycloak + -c {{ keycloak_client_id }} + -s {{ keycloak_client_secret }} + -d {{ keycloak_url }}/realms/{{ keycloak_realm }}/.well-known/openid-configuration + --mapping-uid preferred_username + --mapping-display-name name + --mapping-email email + --mapping-groups groups + --mapping-quota quota + --unique-uid preferred_username + --group-provisioning true + register: config_keycloak + until: config_keycloak is success + retries: 3 + delay: 5 diff --git a/ansible/run_playbooks.sh b/ansible/run_playbooks.sh index 5b6c6e5..9e84da8 100755 --- a/ansible/run_playbooks.sh +++ b/ansible/run_playbooks.sh @@ -13,6 +13,8 @@ PLAYBOOKS=( "playbooks/1_docker.yml" "playbooks/2_portainer.yml" "playbooks/3_keycloak.yml" + "playbooks/4_mysql.yml" + "playbooks/5_nextcloud.yml" "playbooks/0_front.yml" )