ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Install NextCloud 11 on Fedora 25 with SaltStack

    Scheduled Pinned Locked Moved IT Discussion
    nextcloudnextcloud 11fedoralinuxfedora 25redismariadbsaltsaltstackdevopsscott alan millersam salt administration
    201 Posts 14 Posters 46.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by

      Let's try this...

      install_network_packages:
        pkg.installed:
          - pkgs:
            - wget
            - unzip
            - firewalld
            - net-tools
            - php 
            - mariadb 
            - mariadb-server 
            - mod_ssl
            - php-pecl-apcu
            - httpd 
            - php-xml 
            - php-gd 
            - php-pecl-zip
            - php-mbstring
            - redis
            - php-pecl-redis
            - php-process
            - php-pdo
            - certbot
            - php-mysqlnd
            - policycoreutils
            - policycoreutils-python
            - policycoreutils-python-utils
            - dnf-automatic
            - python2-certbot-apache
        archive:
          - extracted
          - name: /var/www/html/
          - source: https://download.nextcloud.com/server/releases/nextcloud-11.0.2.zip
          - source_hash: md5=720cb50f98a94f2888f2d07d5d4e91b4
          - archive_format: zip
          - if_missing: /var/www/html/nextcloud 
      
      /swapfile:
        cmd.run:
          - name: |
              [ -f /swapfile ] || dd if=/dev/zero of=/swapfile bs=1M count={{ grains["mem_total"] * 2 }}
              chmod 0600 /swapfile
              mkswap /swapfile
              swapon -a
          - unless:
            - file /swapfile 2>&1 | grep -q "Linux/i386 swap"
        mount.swap:
          - persist: true
      
      configure_swappiness:
        file.append:
          - name: /etc/sysctl.conf
          - text: vm.swappiness = 10
      
      /var/www/html/:
        file.directory:
          - user: apache
          - group: apache
          - recurse:
            - user
            - group
      
      /etc/httpd/conf.d/ssl.conf:
        file.managed:
          - source: 
            - salt://ssl.conf
          - user: root
          - group: root
          - mode: 644
      
      /data:
        file.directory:
          - user: apache
          - group: apache
      
      /var/run/redis:
        file.directory:
          - user: redis
          - group: redis
      
      /etc/redis.conf:
        file.managed:
          - source:
            - salt://redis.conf
          - user: root
          - group: root
          - mode: 644
      
      httpd:
        pkg.installed: []
        service.running:
          - enable: True
          - require:
            - pkg: httpd
      
      mariadb:
        pkg.installed: []
        service.running:
          - enable: True
          - require:
            - pkg: mariadb
      
      redis:
        pkg.installed: []
        service.running:
          - enable: True
          - require:
            - pkg: redis
      
      FedoraServer:
        firewalld.present:
          - name: FedoraServer
          - block_icmp:
            - echo-reply
            - echo-request
          - default: False
          - masquerade: True
          - ports:
            - 443/tcp
            - 22/tcp
            - 9090/tcp
      
      permissive:
        selinux.mode
      
      install-foo:
        cmd.run:
          - name: |
              cd /var/www/html/nextcloud
              setenforce 0
              sudo -u apache php occ maintenance:install --database="mysql" --database-name "nextcloud" --database-user "root" --database-pass "" --admin-user "admin" --admin-pass "superdupercrazysecretepasswordthatnooneknows" --data-dir "/data"
              sed -i "/0 => 'localhost',/a \ \ \ \ 1 => '*'," config/config.php
              sed -i "/'installed' => true,/a \ \ 'memcache.local' => '\\\OC\\\Memcache\\\APCu',\n\ \ 'filelocking.enabled' => true,\n\ \ 'memcache.locking' => '\\\OC\\\Memcache\\\Redis',\n\ \ 'redis' => array(\n\ \ \ \ \ \ \ 'host' => '/var/run/redis/redis.sock',\n\ \ \ \ \ \ \ 'port' => 0,\n\ \ \ \ \ \ \ 'timeout' => 0.0,\n\ \ \ \ \ \ \ \ )," config/config.php
              semanage fcontext -a -t httpd_sys_rw_content_t '/data'
              restorecon '/data'
              semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/config(/.*)?'
              semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/apps(/.*)?'
              semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/assets(/.*)?'
              semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.htaccess'
              semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.user.ini'
              restorecon -Rv '/var/www/html/nextcloud/' > /dev/null
              systemctl restart httpd
              touch install_complete
          - cwd: /var/www/html/nextcloud
          - shell: /bin/bash
          - timeout: 300
          - creates: /var/www/html/nextcloud/install_complete
      

      Try this. Hopefully it fixes both your firewall and service issues.

      C travisdh1T 2 Replies Last reply Reply Quote 3
      • C
        CrimsonKidA @scottalanmiller
        last edited by

        @scottalanmiller Thanks so much, Scott! Working perfectly now! 😄 Personally, I want a PING response, plus port 22 and 80 open, so I'm going to tweak IPtables, but it is coming back up after rebooting the VM.

        scottalanmillerS 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @CrimsonKidA
          last edited by

          @CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:

          @scottalanmiller Thanks so much, Scott! Working perfectly now! 😄 Personally, I want a PING response, plus port 22 and 80 open, so I'm going to tweak IPtables, but it is coming back up after rebooting the VM.

          Ping response I understand. Why port 80 though?

          C 1 Reply Last reply Reply Quote 0
          • C
            CrimsonKidA @scottalanmiller
            last edited by

            @scottalanmiller said in Install NextCloud 11 on Fedora 25 with SaltStack:

            onse I understand. Why port 80 though?

            Not sure if it will get used outside our LAN yet. If so, I will close 80 and purchase an SSL cert.

            scottalanmillerS 1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller
              last edited by

              Modifying your IPTables will get rolled back the next time you apply state. This section handles the firewall...

              FedoraServer:
                firewalld.present:
                  - name: FedoraServer
                  - block_icmp:
                    - echo-reply
                    - echo-request
                  - default: False
                  - masquerade: True
                  - ports:
                    - 443/tcp
                    - 22/tcp
                    - 9090/tcp
              

              Just add

              - 80/tcp
              

              To the end to open port 80. And remove "the block_icmp" section completely to fix ICMP Pings.

              1 Reply Last reply Reply Quote 1
              • scottalanmillerS
                scottalanmiller @CrimsonKidA
                last edited by

                @CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:

                @scottalanmiller said in Install NextCloud 11 on Fedora 25 with SaltStack:

                onse I understand. Why port 80 though?

                Not sure if it will get used outside our LAN yet. If so, I will close 80 and purchase an SSL cert.

                Don't purchase a cert, just use LetsEncrypt for free. It's all set up for that, including the tools already built in from the state.

                C 1 Reply Last reply Reply Quote 1
                • C
                  CrimsonKidA @scottalanmiller
                  last edited by

                  Oh very cool! I did not know that 🙂

                  C 1 Reply Last reply Reply Quote 0
                  • C
                    CrimsonKidA @CrimsonKidA
                    last edited by

                    ...in that case I may just use 443, yeah.

                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller
                      last edited by

                      WIth mine, I add the certs once they are acquired to my state files and have them ensured by SaltStack so that if I need (or want) to migrate to a different server I can do so and it moves my full system, including the certs, with it. Still have to backup and restore the file data, of course.

                      1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller @CrimsonKidA
                        last edited by

                        @CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:

                        ...in that case I may just use 443, yeah.

                        You CAN run any commands via Salt, too. You can avoid logging in. Except your SaltMaster is on the same host, so that doesn't work 😉

                        1 Reply Last reply Reply Quote 1
                        • C
                          CrimsonKidA
                          last edited by

                          Would I need to add something to the salt script to enable the "LDAP user and group backend" v1.1.2 app for NextCloud? I want SSO for our AD users, but NextCloud says "This app cannot be installed because the following dependencies are not fulfilled:
                          The library ldap is not available."

                          1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller
                            last edited by

                            This should be the package that is missing: php-ldap.x86_64

                            1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller
                              last edited by

                              So you can just add it to the package list...

                              install_network_packages:
                                pkg.installed:
                                  - pkgs:
                                    - wget
                                    - unzip
                                    - firewalld
                                    - net-tools
                                    - php-ldap
                              

                              Add it into the list as above. Anywhere in the list is fine. Then run your state again. This way it is added in, but if you need to rebuild your master file is ready to make everything for you.

                              1 Reply Last reply Reply Quote 1
                              • scottalanmillerS
                                scottalanmiller
                                last edited by

                                I added the php-ldap package to the main directions.

                                1 Reply Last reply Reply Quote 1
                                • FATeknollogeeF
                                  FATeknollogee
                                  last edited by

                                  Can someone break this down in plain English for those of us that aren't that smart?

                                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @FATeknollogee
                                    last edited by

                                    @FATeknollogee said in Install NextCloud 11 on Fedora 25 with SaltStack:

                                    Can someone break this down in plain English for those of us that aren't that smart?

                                    Which part?

                                    FATeknollogeeF 1 Reply Last reply Reply Quote 0
                                    • FATeknollogeeF
                                      FATeknollogee @scottalanmiller
                                      last edited by

                                      @scottalanmiller said in Install NextCloud 11 on Fedora 25 with SaltStack:

                                      @FATeknollogee said in Install NextCloud 11 on Fedora 25 with SaltStack:

                                      Can someone break this down in plain English for those of us that aren't that smart?

                                      Which part?

                                      After the o/s is installed, how do get here? "To use nextcloud.sls you will need to copy all three files to your /srv/salt/ directory as it will pull the two configuration files from there to put them on the server.

                                      /srv/salt/nextcloud.sls"

                                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @FATeknollogee
                                        last edited by

                                        @FATeknollogee said in Install NextCloud 11 on Fedora 25 with SaltStack:

                                        @scottalanmiller said in Install NextCloud 11 on Fedora 25 with SaltStack:

                                        @FATeknollogee said in Install NextCloud 11 on Fedora 25 with SaltStack:

                                        Can someone break this down in plain English for those of us that aren't that smart?

                                        Which part?

                                        After the o/s is installed, how do get here? "To use nextcloud.sls you will need to copy all three files to your /srv/salt/ directory as it will pull the two configuration files from there to put them on the server.

                                        /srv/salt/nextcloud.sls"

                                        This is a SaltStack state file (hence "with SaltStack" in the title.) So you would need to install SaltStack to do this. If you use the SaltStack tag here on the community, there are guides to installing a Salt Master and a Salt Minion (the minion is the server on which you would install NextCloud, for example.) I'm turning out guides regularly which basically completely manage your servers, so this can be worthwhile as building servers becomes pretty much zero work this way.

                                        FATeknollogeeF 1 Reply Last reply Reply Quote 1
                                        • FATeknollogeeF
                                          FATeknollogee
                                          last edited by

                                          The Master/Minion part is simple, that I figured out.

                                          Getting to the NextCloud install is where I got lost.

                                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller @FATeknollogee
                                            last edited by

                                            @FATeknollogee said in Install NextCloud 11 on Fedora 25 with SaltStack:

                                            The Master/Minion part is simple, that I figured out.

                                            Getting to the NextCloud install is where I got lost.

                                            You put the NextCloud state file onto your Salt master and state.apply it to the minion in question. The minion will build itself automatically.

                                            1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 10
                                            • 11
                                            • 2 / 11
                                            • First post
                                              Last post