diff --git a/nextcloud/update_collabora_old.yml b/nextcloud/update_collabora_old.yml deleted file mode 100644 index 5fa9eac..0000000 --- a/nextcloud/update_collabora_old.yml +++ /dev/null @@ -1,165 +0,0 @@ -# nextcloud/update_collabora.yml - -- name: Update Collabora CODE on VM via Proxmox - hosts: proxmox - gather_facts: false - become: true - become_user: root - become_method: sudo - - vars: - # --- Connection to VM (provided by Semaphore env vars) --- - vm_ip: "{{ lookup('env', 'VM_IP') }}" - vm_user: "{{ lookup('env', 'VM_USER') }}" - vm_pass: "{{ lookup('env', 'VM_PASS') }}" - use_sudo: false - - # --- Debug mode (controlled via Semaphore variable) --- - DEBUG: "{{ lookup('env', 'DEBUG') | default(0) | int }}" - RETRIES: "{{ lookup('env', 'RETRIES') | default(25) | int }}" - - # --- Collabora specifics --- - collabora_debug_caps: true - collabora_caps_url: "https://collabora.martinfencl.eu/hosting/capabilities" - - # Use the FULL Nextcloud stack compose file; only target the 'collabora' service inside it - collabora_project: "nextcloud-collabora" - collabora_compose_file: "/data/compose/nextcloud-collabora.yml" - collabora_service: "collabora" - - # Docker command prefix (consistent behavior and quiet hints) - docker_prefix: "unalias docker 2>/dev/null || true; DOCKER_CLI_HINTS=0; command docker" - - # Commands to run on the target VM (quiet outputs) - collabora_commands: - - "{{ docker_prefix }} pull -q collabora/code:latest >/dev/null" - - "{{ docker_prefix }} compose -p {{ collabora_project }} -f {{ collabora_compose_file }} pull {{ collabora_service }} >/dev/null" - - "{{ docker_prefix }} compose -p {{ collabora_project }} -f {{ collabora_compose_file }} up -d --no-deps --force-recreate {{ collabora_service }} >/dev/null" - - tasks: - - name: Ensure sshpass is installed (for password-based SSH) # English comments - ansible.builtin.apt: - name: sshpass - state: present - update_cache: yes - - - name: Run Collabora update commands on VM (via SSH) - ansible.builtin.command: - argv: - - sshpass - - -p - - "{{ vm_pass }}" - - ssh - - -o - - StrictHostKeyChecking=no - - -o - - ConnectTimeout=15 - - "{{ vm_user }}@{{ vm_ip }}" - - bash - - -lc - - "{{ ('sudo ' if use_sudo else '') + item }}" - loop: "{{ collabora_commands }}" - register: collab_cmds - changed_when: false - no_log: "{{ DEBUG == 0 }}" - - - name: Show outputs for each Collabora command - ansible.builtin.debug: - msg: | - CMD: {{ item.item }} - RC: {{ item.rc }} - STDOUT: - {{ (item.stdout | default('')).strip() }} - STDERR: - {{ (item.stderr | default('')).strip() }} - loop: "{{ collab_cmds.results }}" - when: DEBUG == 1 - - - name: Fail play if any Collabora command failed - ansible.builtin.assert: - that: "item.rc == 0" - fail_msg: "Collabora update failed on VM: {{ item.item }} (rc={{ item.rc }})" - success_msg: "All Collabora update commands succeeded." - loop: "{{ collab_cmds.results }}" - - # ------------------------- - # Readiness checks (controller first, then VM fallback) - # ------------------------- - - - name: Collabora | Wait for capabilities (controller first) - ansible.builtin.uri: - url: "{{ collabora_caps_url }}" - method: GET - return_content: true - validate_certs: true - status_code: 200 - register: caps_controller - delegate_to: localhost - run_once: true - retries: "{{ RETRIES }}" - delay: 2 - until: caps_controller.status == 200 - failed_when: false - changed_when: false - - - name: Collabora | VM-side fetch (pure JSON via Python) - ansible.builtin.command: - argv: - - sshpass - - -p - - "{{ vm_pass }}" - - ssh - - -o - - StrictHostKeyChecking=no - - -o - - ConnectTimeout=15 - - "{{ vm_user }}@{{ vm_ip }}" - - bash - - -lc - - | - python3 - <<'PY' - import json, urllib.request, sys - try: - with urllib.request.urlopen("{{ collabora_caps_url }}", timeout=15) as r: - sys.stdout.write(r.read().decode()) - except Exception: - pass - PY - register: caps_vm - changed_when: false - failed_when: false - when: caps_controller.status | default(0) != 200 or caps_controller.json is not defined - no_log: "{{ DEBUG == 0 }}" - - name: Collabora | Choose JSON (controller wins, else VM) - ansible.builtin.set_fact: - collab_caps_json: >- - {{ - (caps_controller.json - if (caps_controller.status|default(0))==200 and (caps_controller.json is defined) - else ( - (caps_vm.stdout | default('') | trim | length > 0) - | ternary((caps_vm.stdout | trim | from_json), omit) - ) - ) - }} - failed_when: false - - - name: Collabora | Print concise summary - ansible.builtin.debug: - msg: >- - Collabora {{ collab_caps_json.productVersion | default('?') }} - ({{ collab_caps_json.productName | default('?') }}), - convert-to.available={{ collab_caps_json['convert-to']['available'] | default('n/a') }}, - serverId={{ collab_caps_json.serverId | default('n/a') }} - when: collab_caps_json is defined and DEBUG == 1 - - - name: Collabora | Capabilities unavailable (after retries) - ansible.builtin.debug: - msg: "Capabilities endpoint není dostupný ani po pokusech." - when: collab_caps_json is not defined and DEBUG == 1 - - # Optional full JSON (debug) - - name: Collabora | Full JSON (debug) - ansible.builtin.debug: - var: collab_caps_json - when: collabora_debug_caps and (collab_caps_json is defined) and DEBUG == 1 diff --git a/update_uptime_kuma.yml b/update_uptime_kuma.yml index f02ebcd..f5b5873 100644 --- a/update_uptime_kuma.yml +++ b/update_uptime_kuma.yml @@ -32,7 +32,7 @@ # Fixed container name used in your compose (conflicts with previous/Portainer-run container) kuma_container_name: "uptime-kuma-dev" - # Retry policy (to mirror Collabora play): 25x with 2s delay + # Retry policy kuma_retries: "{{ RETRIES }}" kuma_delay: 2 @@ -54,12 +54,11 @@ state: present update_cache: yes - - name: Run Uptime Kuma update commands on VM (via SSH) + - name: Run Uptime Kuma update commands on VM (via SSH) # use SSHPASS env, hide item label ansible.builtin.command: argv: - sshpass - - -p - - "{{ vm_pass }}" + - -e # read password from SSHPASS environment - ssh - -o - StrictHostKeyChecking=no @@ -69,10 +68,15 @@ - bash - -lc - "{{ ('sudo ' if use_sudo else '') + item }}" + environment: + SSHPASS: "{{ vm_pass }}" # supply password via environment loop: "{{ kuma_commands }}" + loop_control: + index_var: idx # capture loop index + label: "cmd-{{ idx }}" # avoid printing full command in (item=...) line register: kuma_cmds changed_when: false - no_log: "{{ DEBUG == 0 }}" # 🔒 Hide sensitive info when not debugging + no_log: "{{ DEBUG == 0 }}" # hide outputs and env when not debugging - name: Show outputs for each Uptime Kuma command ansible.builtin.debug: @@ -86,12 +90,15 @@ loop: "{{ kuma_cmds.results }}" when: DEBUG == 1 - - name: Fail play if any Uptime Kuma command failed + - name: Fail play if any Uptime Kuma command failed # also hide item label ansible.builtin.assert: that: "item.rc == 0" fail_msg: "Uptime Kuma update failed on VM: {{ item.item }} (rc={{ item.rc }})" success_msg: "All Uptime Kuma update commands succeeded." loop: "{{ kuma_cmds.results }}" + loop_control: + index_var: idx + label: "cmd-{{ idx }}" # ------------------------- # Readiness checks (controller first, then VM fallback) @@ -115,12 +122,11 @@ failed_when: false changed_when: false - - name: Kuma | VM-side fetch (HTML via Python, with retries) + - name: Kuma | VM-side fetch (HTML via Python, with retries) # use SSHPASS env here too ansible.builtin.command: argv: - sshpass - - -p - - "{{ vm_pass }}" + - -e - ssh - -o - StrictHostKeyChecking=no @@ -139,6 +145,8 @@ except Exception: pass PY + environment: + SSHPASS: "{{ vm_pass }}" register: kuma_vm changed_when: false failed_when: false @@ -146,7 +154,7 @@ retries: "{{ kuma_retries }}" delay: "{{ kuma_delay }}" until: (kuma_vm.stdout | default('') | trim | length) > 0 and ('Uptime Kuma' in (kuma_vm.stdout | default(''))) - no_log: "{{ DEBUG == 0 }}" # 🔒 Hide command and output when not debugging + no_log: "{{ DEBUG == 0 }}" # hide command and output when not debugging - name: Kuma | Choose homepage HTML (controller wins, else VM) # safe guard against empty result ansible.builtin.set_fact: @@ -172,7 +180,7 @@ Source={{ 'controller' if ((kuma_controller is defined) and (kuma_controller.status|default(0))==200 and (kuma_controller.content is defined)) else 'vm' if (kuma_vm.stdout|default('')|trim|length>0) else 'n/a' }}; length={{ (kuma_home_html | default('')) | length }}; contains('Uptime Kuma')={{ (kuma_home_html is defined) and ('Uptime Kuma' in kuma_home_html) }} - when: DEBUG == 1 # 🪵 Only print in debug mode + when: DEBUG == 1 - name: Kuma | Homepage unavailable (after retries) ansible.builtin.debug: @@ -183,4 +191,4 @@ - name: Kuma | HTML excerpt (debug) ansible.builtin.debug: msg: "{{ (kuma_home_html | default(''))[:500] }}" - when: kuma_home_html is defined and DEBUG == 1 \ No newline at end of file + when: kuma_home_html is defined and DEBUG == 1