Install NextCloud 11 on Fedora 25 with SaltStack
-
@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:
The script seemed run fine, but I still have no NextCloud installation.
I thought it was just the firewall getting enabled in Fedora, but I turned it off and still nothing is there on 443 at the IP (other than Cockpit at 9090 of course).What was the feedback from the state.apply? Any errors should be there.
-
@scottalanmiller Thanks, Scott. I ran the your final command again and it worked this time: Succeeded: 19 (changed=5)! The firewall seems to be too aggressive, so I just turned it off since this will be LAN-use only (at least for now).
-
@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:
@scottalanmiller Thanks, Scott. I ran the your final command again and it worked this time: Succeeded: 19 (changed=5)! The firewall seems to be too aggressive, so I just turned it off since this will be LAN-use only (at least for now).
Should be "just aggressive enough"... shutting off Cockpit and SSH.
-
One of the great things about a state machine system like this is that running it over and over again isn't a problem. You can run this on a live system safely.
-
Thanks again, Scott! Just one last question: how do I get this to "stick" after a reboot? It seems to be reverting back to having nothing installed after I reboot the Fedora Svr VM...
-
@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:
Thanks again, Scott! Just one last question: how do I get this to "stick" after a reboot? It seems to be reverting back to having nothing installed after I reboot the Fedora Svr VM...
What? The packages VANISH? Or just the configuration?
-
@scottalanmiller Well, it doesn't lose my NextCloud config (I changed the admin PW) but Apache2.4, Salt (master and minion) and NextCloud are just not auto starting up. I've set the salt services to auto-start up, so I'll see if that's all it needs...
-
@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:
@scottalanmiller Well, it doesn't lose my NextCloud config (I changed the admin PW) but Apache2.4, Salt (master and minion) and NextCloud are just not auto starting up. I've set the salt services to auto-start up, so I'll see if that's all it needs...
Ah okay, at one point I had that issue but I thought that I fixed it in the state file. They were set to start when it runs, but not to start on their own. Which is actually a legitimate way to use a system like this, but not how I intended this one. If you set it that way, then you want the state file to run on start up. That's not uncommon, to have the state file determine what to run when the system files up. But I didn't intend it here. In a pinch, though, you can just re-run it and it will take care of that for you.
-
@scottalanmiller Thanks, I'll look at making a cron job for it to run at boot. I'm having to manually disable the firewall at each boot too, so that will need to be added. Salt master and minion are starting up on their own now, so that's good.
-
@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:
@scottalanmiller Thanks, I'll look at making a cron job for it to run at boot. I'm having to manually disable the firewall at each boot too, so that will need to be added. Salt master and minion are starting up on their own now, so that's good.
Let's fix the issue. That will be better than that anyway.
-
Let's try this...
install_network_packages: pkg.installed: - pkgs: - wget - unzip - firewalld - net-tools - php - mariadb - mariadb-server - mod_ssl - php-pecl-apcu - httpd - php-xml - php-gd - php-pecl-zip - php-mbstring - redis - php-pecl-redis - php-process - php-pdo - certbot - php-mysqlnd - policycoreutils - policycoreutils-python - policycoreutils-python-utils - dnf-automatic - python2-certbot-apache archive: - extracted - name: /var/www/html/ - source: https://download.nextcloud.com/server/releases/nextcloud-11.0.2.zip - source_hash: md5=720cb50f98a94f2888f2d07d5d4e91b4 - archive_format: zip - if_missing: /var/www/html/nextcloud /swapfile: cmd.run: - name: | [ -f /swapfile ] || dd if=/dev/zero of=/swapfile bs=1M count={{ grains["mem_total"] * 2 }} chmod 0600 /swapfile mkswap /swapfile swapon -a - unless: - file /swapfile 2>&1 | grep -q "Linux/i386 swap" mount.swap: - persist: true configure_swappiness: file.append: - name: /etc/sysctl.conf - text: vm.swappiness = 10 /var/www/html/: file.directory: - user: apache - group: apache - recurse: - user - group /etc/httpd/conf.d/ssl.conf: file.managed: - source: - salt://ssl.conf - user: root - group: root - mode: 644 /data: file.directory: - user: apache - group: apache /var/run/redis: file.directory: - user: redis - group: redis /etc/redis.conf: file.managed: - source: - salt://redis.conf - user: root - group: root - mode: 644 httpd: pkg.installed: [] service.running: - enable: True - require: - pkg: httpd mariadb: pkg.installed: [] service.running: - enable: True - require: - pkg: mariadb redis: pkg.installed: [] service.running: - enable: True - require: - pkg: redis FedoraServer: firewalld.present: - name: FedoraServer - block_icmp: - echo-reply - echo-request - default: False - masquerade: True - ports: - 443/tcp - 22/tcp - 9090/tcp permissive: selinux.mode install-foo: cmd.run: - name: | cd /var/www/html/nextcloud setenforce 0 sudo -u apache php occ maintenance:install --database="mysql" --database-name "nextcloud" --database-user "root" --database-pass "" --admin-user "admin" --admin-pass "superdupercrazysecretepasswordthatnooneknows" --data-dir "/data" sed -i "/0 => 'localhost',/a \ \ \ \ 1 => '*'," config/config.php sed -i "/'installed' => true,/a \ \ 'memcache.local' => '\\\OC\\\Memcache\\\APCu',\n\ \ 'filelocking.enabled' => true,\n\ \ 'memcache.locking' => '\\\OC\\\Memcache\\\Redis',\n\ \ 'redis' => array(\n\ \ \ \ \ \ \ 'host' => '/var/run/redis/redis.sock',\n\ \ \ \ \ \ \ 'port' => 0,\n\ \ \ \ \ \ \ 'timeout' => 0.0,\n\ \ \ \ \ \ \ \ )," config/config.php semanage fcontext -a -t httpd_sys_rw_content_t '/data' restorecon '/data' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/config(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/apps(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/assets(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.htaccess' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.user.ini' restorecon -Rv '/var/www/html/nextcloud/' > /dev/null systemctl restart httpd touch install_complete - cwd: /var/www/html/nextcloud - shell: /bin/bash - timeout: 300 - creates: /var/www/html/nextcloud/install_completeTry this. Hopefully it fixes both your firewall and service issues.
-
@scottalanmiller Thanks so much, Scott! Working perfectly now!
Personally, I want a PING response, plus port 22 and 80 open, so I'm going to tweak IPtables, but it is coming back up after rebooting the VM. -
@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:
@scottalanmiller Thanks so much, Scott! Working perfectly now!
Personally, I want a PING response, plus port 22 and 80 open, so I'm going to tweak IPtables, but it is coming back up after rebooting the VM.Ping response I understand. Why port 80 though?
-
@scottalanmiller said in Install NextCloud 11 on Fedora 25 with SaltStack:
onse I understand. Why port 80 though?
Not sure if it will get used outside our LAN yet. If so, I will close 80 and purchase an SSL cert.
-
Modifying your IPTables will get rolled back the next time you apply state. This section handles the firewall...
FedoraServer: firewalld.present: - name: FedoraServer - block_icmp: - echo-reply - echo-request - default: False - masquerade: True - ports: - 443/tcp - 22/tcp - 9090/tcpJust add
- 80/tcpTo the end to open port 80. And remove "the block_icmp" section completely to fix ICMP Pings.
-
@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:
@scottalanmiller said in Install NextCloud 11 on Fedora 25 with SaltStack:
onse I understand. Why port 80 though?
Not sure if it will get used outside our LAN yet. If so, I will close 80 and purchase an SSL cert.
Don't purchase a cert, just use LetsEncrypt for free. It's all set up for that, including the tools already built in from the state.
-
Oh very cool! I did not know that
-
...in that case I may just use 443, yeah.
-
WIth mine, I add the certs once they are acquired to my state files and have them ensured by SaltStack so that if I need (or want) to migrate to a different server I can do so and it moves my full system, including the certs, with it. Still have to backup and restore the file data, of course.
-
@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:
...in that case I may just use 443, yeah.
You CAN run any commands via Salt, too. You can avoid logging in. Except your SaltMaster is on the same host, so that doesn't work
