Remote deployment of ownCloud with Ansible

This article is going to explain how to setup ownCloud with Ansible on a centos7 remote host with ssl certificate.



A. Prerequisites:

  1. Mac or Linux PC as Workstation. WSL on Windows 10 could work as well
  2. Server running Linux on it (centos7, centos8, ubuntu, suse)
  3. git, python3.x on the workstation
  4. ssh access to the server
  5. An administrative user on the server (root or password less sudo)
  6. wildcard or domain certificate

B. Deployment

  1. To start, pull the playground repo from owncloud-ansible

git clone https: //github .com /owncloud-ansible/playground

  1. after cloning from the repository, open the folder β€˜playground’ with the editor of your choice.

code playground

  1. Next, you have to edit the files in the inventory folder that fits to your server e.g. centos7

β”œβ”€β”€ inventories/
β”‚   β”œβ”€β”€ centos7/
β”‚   β”‚     β”œβ”€β”€ hosts
β”‚   β”‚     └── group_vars/
β”‚   β”‚     β”‚     β”œβ”€β”€ database.yml
β”‚   β”‚     β”‚     β”œβ”€β”€ redis.yml
β”‚   β”‚     β”‚     └── owncloud.yml
β”‚   β”‚     └── host_vars/
β”‚   β”œβ”€β”€ centos8/
β”‚   β”œβ”€β”€ ubuntu-minimal/
β”‚   └── suse/
β”œβ”€β”€ playbooks/
β”‚   β”œβ”€β”€ setup.yml
β”‚   β”œβ”€β”€ redis.yml
β”‚   β”œβ”€β”€ database.yml
β”‚   └── owncloud.yml
└── roles/
    └── requirements.yml

Since you will setup an centos7 server, you can either delete or ignore the inventory folders, you don’t need.

  1. Now execute the following command in the root of your playground folder. The command will download the roles, declared in /roles/requirements.yml to a local folder (usually ~/.ansible/roles/).

ansible-galaxy install -r roles/requirements.yml --force

  1. For this standard setup, you have to make changes in the folder group_vars and in the file hosts.
db1 ansible_host=<server.ip>
redis1 ansible_host=<server.ip>
owncloud1 ansible_host=<server.ip>

The changes from above declare three hosts in three groups. In the group [databases] you declare the host β€˜db1’ in [redis] β€˜redis1’ and in [owncloud] β€˜owncloud1’. When you run the playbook, ansible first applies the group vars, and then the host vars. In order to understand, what that means we have a look on β€˜database.yml’ in 'group_vars/β€˜

mariadb_root_password: root
mariadb_port: "3306"
mariadb_bind_address: ""
  - name: owncloud
    collation: utf8mb4_bin
    encoding: utf8mb4
  - name: owncloud
    host: localhost
    password: owncloud
    priv: "owncloud.*:ALL"
  - centos-release-scl

Here you can see, the config for MariaDB. The Ansible role, that will install MariaDB, expects a couple of variables to be set. Since this file is located in the β€˜group_vars’ folder, it will be applied to all hosts in the group [databases].

  1. In the next step, owncloud is configured
owncloud_version: "10.6.0"
owncloud_fqdn: your.domain.tld
owncloud_admin_username: admin
owncloud_admin_password: owncloud
owncloud_db_name: owncloud
owncloud_db_user: owncloud
owncloud_db_password: owncloud
- servername: "{{ owncloud_fqdn }}"
  documentroot: "{{ owncloud_deploy_path }}"

Since the group owncloud, includes the roles, php, apache and owncloud, you can overwrite any of the defaults defined for the roles in .ansible/roles/{owncloud,php,apache}/defaults/main.yml .

A good reference is the documentation owncloud role.

  1. If apache shall terminate ssl, you have to provide certificates either wildcard or for the domain. Make sure they are either copied to /root/cert.pem and /root/privkey.pem or fix the location to match your certificates path on the servers storage. As a last step, set the following vhost declaration in owncloud.yml

  - servername: "{{ owncloud_fqdn }}"
    documentroot: "{{ owncloud_deploy_path }}"
  - servername: "{{ owncloud_fqdn }}"
    documentroot: "{{ owncloud_deploy_path }}"
    certificate_file: "/etc/pki/tls/certs/full-chain.pem"
    certificate_file_source: "/root/cert.pem"
    certificate_key_file: "/etc/pki/tls/private/privkey.pem"
    certificate_key_source: "/root/privkey.pem"
      - max-age=15552000
      - includeSubDomains
    header_xfo_policy: deny
    header_xcto_enabled: True
      - directive: frame-ancestors
          - https://your.domain.tld
      - mode=block
  1. As a last step run
ansible-playbook -i inventories/centos7/hosts playbooks/setup.yml

The playbook run for this deployment needs 15 to 30 minutes and should create perfect preconfigured owncloud Installation.

1 Like