This article is going to explain how to setup ownCloud with Ansible on a centos7 remote host with ssl certificate.
Steps
A. Prerequisites:
- Mac or Linux PC as Workstation. WSL on Windows 10 could work as well
- Server running Linux on it (centos7, centos8, ubuntu, suse)
- git, python3.x on the workstation
- ssh access to the server
- An administrative user on the server (root or password less sudo)
- wildcard or domain certificate
B. Deployment
- To start, pull the playground repo from owncloud-ansible
git clone https:
//github
.com
/owncloud-ansible/playground
- after cloning from the repository, open the folder βplaygroundβ with the editor of your choice.
code playground
- Next, you have to edit the files in the inventory folder that fits to your server e.g. centos7
playground/
βββ inventories/
β βββ centos7/
β β βββ hosts
β β βββ group_vars/
β β β βββ database.yml
β β β βββ redis.yml
β β β βββ owncloud.yml
β β βββ host_vars/
β βββ centos8/
β βββ ubuntu-minimal/
β βββ suse/
βββ playbooks/
β βββ setup.yml
β βββ redis.yml
β βββ database.yml
β βββ owncloud.yml
βββ roles/
βββ requirements.yml
Since you will setup an centos7 server, you can either delete or ignore the inventory folders, you donβt need.
- Now execute the following command in the root of your playground folder. The command will download the roles, declared in /roles/requirements.yml to a local folder (usually ~/.ansible/roles/).
ansible-galaxy install -r roles/requirements.yml --force
- For this standard setup, you have to make changes in the folder group_vars and in the file hosts.
[database]
db1 ansible_host=<server.ip>
[redis]
redis1 ansible_host=<server.ip>
[owncloud]
owncloud1 ansible_host=<server.ip>
The changes from above declare three hosts in three groups. In the group [databases] you declare the host βdb1β in [redis] βredis1β and in [owncloud] βowncloud1β. When you run the playbook, ansible first applies the group vars, and then the host vars. In order to understand, what that means we have a look on βdatabase.ymlβ in 'group_vars/β
---
mariadb_root_password: root
mariadb_port: "3306"
mariadb_bind_address: "127.0.0.0"
mariadb_databases:
- name: owncloud
collation: utf8mb4_bin
encoding: utf8mb4
mariadb_users:
- name: owncloud
host: localhost
password: owncloud
priv: "owncloud.*:ALL"
mariadb_packages_extra:
- centos-release-scl
...
Here you can see, the config for MariaDB. The Ansible role, that will install MariaDB, expects a couple of variables to be set. Since this file is located in the βgroup_varsβ folder, it will be applied to all hosts in the group [databases].
- In the next step, owncloud is configured
---
owncloud_version: "10.6.0"
owncloud_fqdn: your.domain.tld
owncloud_admin_username: admin
owncloud_admin_password: owncloud
owncloud_db_name: owncloud
owncloud_db_user: owncloud
owncloud_db_password: owncloud
apache_vhosts:
- servername: "{{ owncloud_fqdn }}"
documentroot: "{{ owncloud_deploy_path }}"
...
Since the group owncloud, includes the roles, php, apache and owncloud, you can overwrite any of the defaults defined for the roles in .ansible/roles/{owncloud,php,apache}/defaults/main.yml
.
A good reference is the documentation owncloud role.
- If apache shall terminate ssl, you have to provide certificates either wildcard or for the domain. Make sure they are either copied to /root/cert.pem and /root/privkey.pem or fix the location to match your certificates path on the servers storage. As a last step, set the following vhost declaration in owncloud.yml
apache_vhosts:
- servername: "{{ owncloud_fqdn }}"
documentroot: "{{ owncloud_deploy_path }}"
apache_vhosts_ssl:
- servername: "{{ owncloud_fqdn }}"
documentroot: "{{ owncloud_deploy_path }}"
certificate_file: "/etc/pki/tls/certs/full-chain.pem"
certificate_file_source: "/root/cert.pem"
certificate_key_file: "/etc/pki/tls/private/privkey.pem"
certificate_key_source: "/root/privkey.pem"
header_ocsp_trusted_certificate:
header_hsts_options:
- max-age=15552000
- includeSubDomains
header_xfo_policy: deny
header_xcto_enabled: True
header_csp_options:
- directive: frame-ancestors
parameters:
- https://your.domain.tld
header_xxxsp_parameters:
- mode=block
...
- As a last step run
ansible-playbook -i inventories/centos7/hosts playbooks/setup.yml
The playbook run for this deployment needs 15 to 30 minutes and should create perfect preconfigured owncloud Installation.