From 9869bbc3831be0ce89dcda23837f3a522f791c13 Mon Sep 17 00:00:00 2001 From: fencl Date: Sun, 5 Oct 2025 09:08:35 +0200 Subject: [PATCH] Refactor: remove deprecated playbooks and configuration files for Nextcloud and Portainer --- host_vars/portainer.yml | 25 ----- inv_linuxes_portainer | 5 - nextcloud/check_stack_nextcloud.yml | 167 ++++++++++++---------------- nextcloud/collabora_update.yml | 30 ----- nextcloud/miniplay.yml | 83 -------------- nextcloud/nextcloud_backup.yml | 38 ------- nextcloud/nextcloud_upgrade.yml | 112 ------------------- nextcloud/redis_update.yml | 75 ------------- requirements.yml | 4 - 9 files changed, 69 insertions(+), 470 deletions(-) delete mode 100644 host_vars/portainer.yml delete mode 100644 inv_linuxes_portainer delete mode 100644 nextcloud/collabora_update.yml delete mode 100644 nextcloud/miniplay.yml delete mode 100644 nextcloud/nextcloud_backup.yml delete mode 100644 nextcloud/nextcloud_upgrade.yml delete mode 100644 nextcloud/redis_update.yml delete mode 100644 requirements.yml diff --git a/host_vars/portainer.yml b/host_vars/portainer.yml deleted file mode 100644 index 2332da2..0000000 --- a/host_vars/portainer.yml +++ /dev/null @@ -1,25 +0,0 @@ -ansible_user: howard -ansible_password: "Papadopolus0" # English: SSH password for howard@portainer -ansible_connection: ssh -ansible_port: 22 - -# English: Force password/keyboard-interactive auth and disable pubkey for the target hop. -# This avoids cases where OpenSSH sticks to pubkey and never falls back to password in CI. -ansible_ssh_common_args: >- - -o StrictHostKeyChecking=no - -o UserKnownHostsFile=/dev/null - -o PreferredAuthentications=keyboard-interactive,password - -o PubkeyAuthentication=no - -o KbdInteractiveAuthentication=yes - -J root@192.168.69.2 - -# English: Make sure Ansible passes the password to SSH (older setups still read these). -ansible_ssh_pass: "Papadopolus0" - -# English: If you need sudo later, keep become and provide sudo password. -ansible_become: true -ansible_become_method: sudo -ansible_become_password: "Papadopolus0" - -# English: Pipelining reduces SSH roundtrips and avoids TTY prompts in some sudo configs. -ansible_ssh_pipelining: true \ No newline at end of file diff --git a/inv_linuxes_portainer b/inv_linuxes_portainer deleted file mode 100644 index e303826..0000000 --- a/inv_linuxes_portainer +++ /dev/null @@ -1,5 +0,0 @@ -[linux_servers] -proxmox ansible_host=192.168.69.2 - -[nextcloud_host] -portainer ansible_host=192.168.69.253 ansible_user=howard ansible_password=Papadopolus0 ansible_connection=ssh ansible_port=22 ansible_ssh_common_args='-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o PreferredAuthentications=keyboard-interactive,password -o PubkeyAuthentication=no -o NumberOfPasswordPrompts=1 -J root@192.168.69.2' \ No newline at end of file diff --git a/nextcloud/check_stack_nextcloud.yml b/nextcloud/check_stack_nextcloud.yml index e758409..6b29b43 100644 --- a/nextcloud/check_stack_nextcloud.yml +++ b/nextcloud/check_stack_nextcloud.yml @@ -1,112 +1,83 @@ ---- -- name: Nextcloud maintenance (cron, app updates, repair, status, health check) - hosts: nextcloud_host +# """ +# Run the command and check the response. +# +# :parameter command: The command to be executed. +# :parameter add_command: Whether to include the command in the database values. +# :parameter add_response: Whether to include the response in the database values. +# :parameter measurement: The measurement index for the command. +# :parameter measure_retries: The number of retries for measurement in case of failure. +# :parameter check_port: Whether to check the port before sending the command. +# :parameter response_equals: The expected response string to compare against. +# :parameter response_length: The expected length or format of the response. +# :parameter send_skipped: Whether to mark the test as skipped without execution. +# :parameter no_response: Whether to expect no response from the command. +# :parameter expect_patch_id_decimal: The expected patch ID in decimal format for validation. +# :parameter response_equals_match: The expected response string to match against. +# :return: RunResultType +# """ + +- name: Run Nextcloud maintenance on VM via Proxmox + hosts: proxmox gather_facts: false become: true become_user: root become_method: sudo vars: - nextcloud_container: nextcloud + vm_ip: "{{ lookup('env', 'VM_IP') }}" + vm_user: "{{ lookup('env', 'VM_USER') }}" + vm_pass: "{{ lookup('env', 'VM_PASS') }}" + + # Flip to true if Docker needs sudo on the VM + use_sudo: false + + vm_commands: + - "docker exec -u www-data nextcloud php -f /var/www/html/cron.php" + - "docker exec -u www-data nextcloud php occ app:update --all" + - "docker exec -u www-data nextcloud php occ maintenance:repair --include-expensive" + - "docker exec -u www-data nextcloud php occ status" + # - "bash /data/compose/nextcloud/stack-health.sh" tasks: - - name: Ensure docker CLI is available - ansible.builtin.command: - argv: ["/usr/bin/env", "bash", "-lc", "command -v docker"] - register: docker_check - changed_when: false - failed_when: docker_check.rc != 0 - # English: Hard fail if docker is not present. + - name: Ensure sshpass is installed (for password-based SSH) # English comments + ansible.builtin.apt: + name: sshpass + state: present + update_cache: yes - - name: Verify Nextcloud container is running + - name: Run Nextcloud commands on VM (via SSH, argv, no line breaks) ansible.builtin.command: argv: - - docker - - ps - - --format - - "{{ '{{' }}.Names{{ '}}' }}" + - sshpass + - -p + - "{{ vm_pass }}" + - ssh + - -o + - StrictHostKeyChecking=no + - -o + - ConnectTimeout=15 + - "{{ vm_user }}@{{ vm_ip }}" + - bash + - -lc + - "{{ ('sudo ' if use_sudo else '') + item }}" + loop: "{{ vm_commands }}" + register: vm_cmds changed_when: false - register: docker_ps - # English: We must escape Go template braces so Ansible doesn't render them. - - name: Fail if '{{ nextcloud_container }}' is not running - ansible.builtin.fail: - msg: "Container '{{ nextcloud_container }}' is not running on target host." - when: nextcloud_container not in docker_ps.stdout_lines - # English: Avoid obscure 'docker exec' errors later. + - name: Show outputs for each command + ansible.builtin.debug: + msg: | + CMD: {{ item.item }} + RC: {{ item.rc }} + STDOUT: + {{ (item.stdout | default('')).strip() }} + STDERR: + {{ (item.stderr | default('')).strip() }} + loop: "{{ vm_cmds.results }}" - - name: Run Nextcloud maintenance pipeline - block: - - name: 1) Run cron.php - ansible.builtin.command: - argv: - - docker - - exec - - -u - - www-data - - "{{ nextcloud_container }}" - - php - - -f - - /var/www/html/cron.php - register: cron_run - - - name: 2) Update all apps - ansible.builtin.command: - argv: - - docker - - exec - - -u - - www-data - - "{{ nextcloud_container }}" - - php - - occ - - app:update - - --all - register: apps_update - - - name: 3) Run maintenance:repair (include expensive) - ansible.builtin.command: - argv: - - docker - - exec - - -u - - www-data - - "{{ nextcloud_container }}" - - php - - occ - - maintenance:repair - - --include-expensive - register: repair_run - - - name: 4) Show occ status - ansible.builtin.command: - argv: - - docker - - exec - - -u - - www-data - - "{{ nextcloud_container }}" - - php - - occ - - status - register: occ_status - changed_when: false - - - name: 5) Run stack health script - ansible.builtin.command: - argv: ["/data/compose/nextcloud/stack-health.sh"] - register: health - # English: If your script returns non-zero, the play will fail (desired in CI). - - always: - - name: Print outputs from maintenance steps - ansible.builtin.debug: - msg: - - "cron.php stdout: {{ cron_run.stdout | default('') }}" - - "cron.php stderr: {{ cron_run.stderr | default('') }}" - - "app:update stdout: {{ apps_update.stdout | default('') }}" - - "app:update stderr: {{ apps_update.stderr | default('') }}" - - "repair stdout: {{ repair_run.stdout | default('') }}" - - "repair stderr: {{ repair_run.stderr | default('') }}" - - "occ status:\n{{ occ_status.stdout | default('') }}" - - "health stdout:\n{{ health.stdout | default('') }}" \ No newline at end of file + - name: Fail play if any command failed + ansible.builtin.assert: + that: "item.rc == 0" + fail_msg: "Command failed on VM: {{ item.item }} (rc={{ item.rc }})" + success_msg: "All commands succeeded." + loop: "{{ vm_cmds.results }}" \ No newline at end of file diff --git a/nextcloud/collabora_update.yml b/nextcloud/collabora_update.yml deleted file mode 100644 index 5603377..0000000 --- a/nextcloud/collabora_update.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -- name: Update Collabora (pull + recreate in same compose project) - hosts: proxmox - become: true - - vars: - collabora_compose_path: /data/compose/nextcloud/collabora-only.yml - collabora_project_name: nextcloud-collabora # based on your labels - - tasks: - - name: Pull collabora/code:latest image - community.docker.docker_image: - name: collabora/code - tag: latest - source: pull - - # Compose file contains only service "collabora", so this acts on that service only - - name: Compose pull (ensure freshest image) - community.docker.docker_compose_v2: - project_name: "{{ collabora_project_name }}" - files: ["{{ collabora_compose_path }}"] - pull: always - state: present - - - name: Recreate collabora with new image - community.docker.docker_compose_v2: - project_name: "{{ collabora_project_name }}" - files: ["{{ collabora_compose_path }}"] - recreate: always - state: present \ No newline at end of file diff --git a/nextcloud/miniplay.yml b/nextcloud/miniplay.yml deleted file mode 100644 index 3cb7632..0000000 --- a/nextcloud/miniplay.yml +++ /dev/null @@ -1,83 +0,0 @@ -# """ -# Run the command and check the response. -# -# :parameter command: The command to be executed. -# :parameter add_command: Whether to include the command in the database values. -# :parameter add_response: Whether to include the response in the database values. -# :parameter measurement: The measurement index for the command. -# :parameter measure_retries: The number of retries for measurement in case of failure. -# :parameter check_port: Whether to check the port before sending the command. -# :parameter response_equals: The expected response string to compare against. -# :parameter response_length: The expected length or format of the response. -# :parameter send_skipped: Whether to mark the test as skipped without execution. -# :parameter no_response: Whether to expect no response from the command. -# :parameter expect_patch_id_decimal: The expected patch ID in decimal format for validation. -# :parameter response_equals_match: The expected response string to match against. -# :return: RunResultType -# """ - -- name: Run Nextcloud maintenance on VM via Proxmox - hosts: proxmox - gather_facts: false - become: true - become_user: root - become_method: sudo - - vars: - vm_ip: "192.168.69.253" - vm_user: "howard" - vm_pass: "Papadopolus0" - - # Flip to true if Docker needs sudo on the VM - use_sudo: false - - vm_commands: - - "docker exec -u www-data nextcloud php -f /var/www/html/cron.php" - - "docker exec -u www-data nextcloud php occ app:update --all" - - "docker exec -u www-data nextcloud php occ maintenance:repair --include-expensive" - - "docker exec -u www-data nextcloud php occ status" - - "bash /data/compose/nextcloud/stack-health.sh" - - tasks: - - name: Ensure sshpass is installed (for password-based SSH) # English comments - ansible.builtin.apt: - name: sshpass - state: present - update_cache: yes - - - name: Run Nextcloud commands on VM (via SSH, argv, no line breaks) - ansible.builtin.command: - argv: - - sshpass - - -p - - "{{ vm_pass }}" - - ssh - - -o - - StrictHostKeyChecking=no - - -o - - ConnectTimeout=15 - - "{{ vm_user }}@{{ vm_ip }}" - - bash - - -lc - - "{{ ('sudo ' if use_sudo else '') + item }}" - loop: "{{ vm_commands }}" - register: vm_cmds - changed_when: false - - - name: Show outputs for each command - ansible.builtin.debug: - msg: | - CMD: {{ item.item }} - RC: {{ item.rc }} - STDOUT: - {{ (item.stdout | default('')).strip() }} - STDERR: - {{ (item.stderr | default('')).strip() }} - loop: "{{ vm_cmds.results }}" - - - name: Fail play if any command failed - ansible.builtin.assert: - that: "item.rc == 0" - fail_msg: "Command failed on VM: {{ item.item }} (rc={{ item.rc }})" - success_msg: "All commands succeeded." - loop: "{{ vm_cmds.results }}" \ No newline at end of file diff --git a/nextcloud/nextcloud_backup.yml b/nextcloud/nextcloud_backup.yml deleted file mode 100644 index 54e373c..0000000 --- a/nextcloud/nextcloud_backup.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -- name: Nextcloud backup (config, custom_apps, DB) - hosts: proxmox - become: true - - vars: - nc_root: /data/compose/nextcloud - backup_dir: "{{ nc_root }}/backup-{{ ansible_date_time.date }}" - db_container: nextcloud-db - - tasks: - - name: Ensure backup directory exists - ansible.builtin.file: - path: "{{ backup_dir }}" - state: directory - mode: '0755' - - # Use archive module to create tar.gz directly on the remote host - - name: Archive config directory - ansible.builtin.archive: - path: "{{ nc_root }}/config" - dest: "{{ backup_dir }}/config.tgz" - format: gz - - - name: Archive custom_apps directory - ansible.builtin.archive: - path: "{{ nc_root }}/custom_apps" - dest: "{{ backup_dir }}/custom_apps.tgz" - format: gz - - # Dump DB directly to a file on the host (avoid shuttling dump through Ansible) - - name: Dump MariaDB from container to file - ansible.builtin.shell: | - set -euo pipefail - docker exec {{ db_container }} sh -c 'command -v mariadb-dump >/dev/null && mariadb-dump -u"$$MYSQL_USER" -p"$$MYSQL_PASSWORD" "$$MYSQL_DATABASE" || mysqldump -u"$$MYSQL_USER" -p"$$MYSQL_PASSWORD" "$$MYSQL_DATABASE"' \ - > "{{ backup_dir }}/db.sql" - args: - executable: /bin/bash \ No newline at end of file diff --git a/nextcloud/nextcloud_upgrade.yml b/nextcloud/nextcloud_upgrade.yml deleted file mode 100644 index a7ef00a..0000000 --- a/nextcloud/nextcloud_upgrade.yml +++ /dev/null @@ -1,112 +0,0 @@ ---- -- name: Upgrade Nextcloud to 31-apache (pull + recreate + occ) - hosts: proxmox - become: true - - vars: - nc_container: nextcloud - nc_image_tag: "31-apache" # change to 32-apache when you step to next major - # Ports/volumes/env exactly as you use: - nc_root: /data/compose/nextcloud - nc_http_port: "8080:80" - - tasks: - - name: Gather nextcloud container info - community.docker.docker_container_info: - name: "{{ nc_container }}" - register: nc_info - - - name: Derive compose project & network from existing container - ansible.builtin.set_fact: - nc_project: "{{ nc_info.container.Config.Labels['com.docker.compose.project'] | default('nextcloud') }}" - nc_networks: "{{ (nc_info.container.NetworkSettings.Networks | default({})).keys() | list }}" - nc_net_primary: "{{ (nc_info.container.NetworkSettings.Networks | default({})).keys() | list | first }}" - when: nc_info.exists - - - name: Enable maintenance mode - community.docker.docker_container_exec: - container: "{{ nc_container }}" - user: "www-data" - command: php occ maintenance:mode --on - - - name: Render one-off compose for nextcloud (single-service) - ansible.builtin.copy: - dest: /tmp/nc.yml - mode: '0644' - content: | - name: {{ nc_project }} - services: - nextcloud: - image: nextcloud:{{ nc_image_tag }} - container_name: {{ nc_container }} - restart: unless-stopped - networks: [cloud] - ports: ["{{ nc_http_port }}"] - volumes: - - {{ nc_root }}/config:/var/www/html/config - - {{ nc_root }}/data:/var/www/html/data - - {{ nc_root }}/custom_apps:/var/www/html/custom_apps - environment: - TZ: Europe/Prague - MYSQL_DATABASE: nextcloud - MYSQL_USER: nextcloud - MYSQL_PASSWORD: dbpassword - MYSQL_HOST: nextclouddb - REDIS_HOST: redis - NEXTCLOUD_ADMIN_USER: root - NEXTCLOUD_ADMIN_PASSWORD: '1234SilneHeslo.-.' - networks: - cloud: - external: true - name: {{ nc_net_primary }} - - - name: Pull the new Nextcloud image - community.docker.docker_compose_v2: - project_name: "{{ nc_project }}" - files: ["/tmp/nc.yml"] - pull: always - state: present - - - name: Recreate Nextcloud with the new image - community.docker.docker_compose_v2: - project_name: "{{ nc_project }}" - files: ["/tmp/nc.yml"] - recreate: always - state: present - - - name: Run occ upgrade - community.docker.docker_container_exec: - container: "{{ nc_container }}" - user: "www-data" - command: php occ upgrade - - - name: Recommended DB maintenance (safe to run) - community.docker.docker_container_exec: - container: "{{ nc_container }}" - user: "www-data" - command: php occ db:add-missing-indices - ignore_errors: true - - - name: Convert filecache bigint (safe) - community.docker.docker_container_exec: - container: "{{ nc_container }}" - user: "www-data" - command: php occ db:convert-filecache-bigint --no-interaction - ignore_errors: true - - - name: Disable maintenance mode - community.docker.docker_container_exec: - container: "{{ nc_container }}" - user: "www-data" - command: php occ maintenance:mode --off - - - name: Show status - community.docker.docker_container_exec: - container: "{{ nc_container }}" - user: "www-data" - command: php occ status - register: nc_status - - - name: Print status - ansible.builtin.debug: - msg: "{{ nc_status.stdout | default('no output') }}" \ No newline at end of file diff --git a/nextcloud/redis_update.yml b/nextcloud/redis_update.yml deleted file mode 100644 index 99cd802..0000000 --- a/nextcloud/redis_update.yml +++ /dev/null @@ -1,75 +0,0 @@ ---- -- name: Update Redis (pull + recreate, same stack) - hosts: proxmox - become: true - - vars: - nc_container: nextcloud - redis_container: redis - redis_image: "redis:7-alpine" - nc_root: /data/compose/nextcloud - - tasks: - - name: Gather nextcloud container info (to learn project + network) - community.docker.docker_container_info: - name: "{{ nc_container }}" - register: nc_info - - - name: Derive compose project & network - ansible.builtin.set_fact: - nc_project: "{{ nc_info.container.Config.Labels['com.docker.compose.project'] | default('nextcloud') }}" - nc_net_primary: "{{ (nc_info.container.NetworkSettings.Networks | default({})).keys() | list | first }}" - when: nc_info.exists - - - name: Enable maintenance mode (optional safety) - community.docker.docker_container_exec: - container: "{{ nc_container }}" - user: "www-data" - command: php occ maintenance:mode --on - ignore_errors: true - - - name: Render one-off compose for Redis - ansible.builtin.copy: - dest: /tmp/redis.yml - mode: '0644' - content: | - name: {{ nc_project }} - services: - redis: - image: {{ redis_image }} - container_name: {{ redis_container }} - restart: unless-stopped - networks: [cloud] - volumes: - - {{ nc_root }}/redis:/data - networks: - cloud: - external: true - name: {{ nc_net_primary }} - - - name: Pull redis image - community.docker.docker_compose_v2: - project_name: "{{ nc_project }}" - files: ["/tmp/redis.yml"] - pull: always - state: present - - - name: Recreate redis - community.docker.docker_compose_v2: - project_name: "{{ nc_project }}" - files: ["/tmp/redis.yml"] - recreate: always - state: present - - - name: Disable maintenance mode (if we turned it on) - community.docker.docker_container_exec: - container: "{{ nc_container }}" - user: "www-data" - command: php occ maintenance:mode --off - ignore_errors: true - - - name: Fire one cron tick (cleanup pending jobs) - community.docker.docker_container_exec: - container: "{{ nc_container }}" - user: "www-data" - command: php -f /var/www/html/cron.php \ No newline at end of file diff --git a/requirements.yml b/requirements.yml deleted file mode 100644 index d8b970d..0000000 --- a/requirements.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -collections: - - name: community.docker - - name: ansible.posix \ No newline at end of file