Add 'owncloud' role

- this role installs and configures ownCloud (http://owncloud.org/);

- ownCloud by default uses nginx, php5 and mysql roles to configure the
  environment on local host, you can disable that and configure your own
  services;

- by default ownCloud automatically finishes installation with admin
  username 'admin-$USER' and 'password' password, or random if role
  'secret' is used, you can disable that behaviour using a variable;

- you can use either MySQL (default), PostgreSQL or SQLite as the
  database backend;

playbooks/owncloud.yml

@@ -0,0 +1,9 @@
+---
+
+- name: OwnCloud support
+  hosts: ginas_owncloud
+  sudo: yes
+
+  roles:
+  - { role: owncloud }
+

playbooks/roles/owncloud/defaults/main.yml

@@ -0,0 +1,126 @@
+---
+
+# --- Basic options ---
+
+# Should ownCloud role manage it's own dependencies (nginx, php5, postgresql, mysql)?
+# If you want to setup them differently, you should change this to False
+owncloud_dependencies: True
+
+# Domain that will be configured for ownCloud instance
+owncloud_domain: '{{ ansible_fqdn }}'
+
+
+# --- ownCloud source and deployment ---
+
+# User and group that will be used for ownCloud instance
+owncloud_user: 'owncloud'
+owncloud_group: 'owncloud'
+owncloud_home: '/srv/users/{{ owncloud_user }}'
+
+# Path where ownCloud data/ directory and files are stored
+owncloud_data_path: '/srv/lib/{{ owncloud_user }}/{{ owncloud_domain }}/data'
+
+# Where ownCloud instance will be deployed (web root)
+owncloud_deploy_path: '/srv/www/{{ owncloud_user }}/sites/{{ owncloud_domain }}/public'
+
+# What source should be used to get ownCloud files (upstream, githost, github, gitlab)
+owncloud_source: 'upstream'
+
+# Default settings for ownCloud sources other than "upstream"
+# If you want to use that with github, you can create your ownCloud repository
+# as '<your username>/owncloud' with branch 'master'
+owncloud_deploy_user: 'git'
+owncloud_deploy_server: 'github.com'
+owncloud_deploy_repo: '{{ lookup("env","USER") }}/owncloud.git'
+owncloud_deploy_branch: 'master'
+
+# OAuth token for GitHub / GitLab access, used to setup SSH deploy key
+owncloud_deploy_token: False
+
+# Hash of different ownCloud sources
+owncloud_source_map:
+
+  # Official ownCloud upstream repository on GitHub (basic installation)
+  upstream:
+    url:    'https://github.com/owncloud/core.git'
+    branch: 'stable6'
+
+  # A git repository configured on a host in the Ansible cluster, for example
+  # with 'githost' role
+  # Ansible will try and setup ssh public key of the 'owncloud' user as deploy
+  # key on the server with git repository, using authorized_key module
+  githost:
+    url:    '{{ owncloud_deploy_user }}@{{ owncloud_deploy_server }}:{{ owncloud_deploy_repo }}'
+    branch: '{{ owncloud_deploy_branch }}'
+
+  # A git repository set up on GitHub, with deploy key configured through API
+  # using OAuth token
+  github:
+    url:    'git@github.com:{{ owncloud_deploy_repo }}'
+    branch: '{{ owncloud_deploy_branch }}'
+
+  # A git repository set up on a GitLab instance, with deploy key configured
+  # through API using OAuth token
+  gitlab:
+    url:    '{{ owncloud_deploy_user }}@{{ owncloud_deploy_server }}:{{ owncloud_deploy_repo }}'
+    branch: '{{ owncloud_deploy_branch }}'
+
+
+# --- ownCloud database ---
+
+# ownCloud recommends MySQL database as the default. Set to False to use SQLite
+owncloud_database: 'mysql'
+
+owncloud_database_map:
+
+  # MySQL database on localhost (random password will be generated when using 'secret' role)
+  mysql:
+    dbtype: 'mysql'
+    dbname: '{{ owncloud_user }}'
+    dbuser: '{{ owncloud_user }}'
+    dbpass: '{{ owncloud_dbpass | default("password") }}'
+    dbhost: 'localhost'
+    dbtableprefix: ''
+
+  # PostgreSQL database on localhost, connection through Unix socket, no default password
+  postgresql:
+    dbtype: 'pgsql'
+    dbname: '{{ owncloud_user }}'
+    dbuser: '{{ owncloud_user }}'
+    dbpass: ''
+    dbhost: '/var/run/postgresql'
+    dbtableprefix: ''
+
+
+# --- ownCloud admin login / password ---
+
+# Default admin username, in the form 'admin-$USER'
+# Set to False to disable automatic username and password
+owncloud_admin_username: 'admin-{{ lookup("env","USER") }}'
+
+# Default admin password, will be randomly generated if 'secret' role is enabled
+owncloud_admin_password: 'password'
+
+# Length of randomly generated admin password
+owncloud_password_length: '20'
+
+# Should Ansible automatically open ownCloud page to finish setup on it's own?
+# Disabled if admin username is set to False
+owncloud_autosetup: True
+
+
+# --- ownCloud configuration ---
+
+# Max upload size set in nginx and php5, with amount as M or G
+owncloud_upload_size: '128M'
+
+# Output buffering set in php5, with amount set in megabytes
+owncloud_php5_output_buffering: '128'
+
+# Max children processes to run in php5-fpm
+owncloud_php5_max_children: '50'
+
+# At what time cron should execute background jobs
+owncloud_cron_minute: '*/15'
+
+

playbooks/roles/owncloud/meta/main.yml

@@ -0,0 +1,29 @@
+---
+
+dependencies:
+
+  - role: mysql
+    when: owncloud_dependencies is defined and owncloud_dependencies and
+          owncloud_database is defined and owncloud_database == 'mysql'
+    tags: owncloud
+
+  - role: postgresql
+    when: owncloud_dependencies is defined and owncloud_dependencies and
+          owncloud_database is defined and owncloud_database == 'postgresql'
+    tags: owncloud
+
+  - role: php5
+    php5_pools:
+      - '{{ owncloud_php5_pool }}'
+    when: owncloud_dependencies is defined and owncloud_dependencies
+    tags: owncloud
+
+  - role: nginx
+    nginx_servers:
+      - '{{ owncloud_nginx_server }}'
+    nginx_upstreams:
+      - '{{ owncloud_nginx_upstream_php5 }}'
+    when: owncloud_dependencies is defined and owncloud_dependencies
+    tags: owncloud
+
+

playbooks/roles/owncloud/tasks/configure_mysql.yml

@@ -0,0 +1,29 @@
+---
+
+- name: Install required packages for MySQL support
+  apt: pkg={{ item }} state=latest install_recommends=no
+  with_items: [ 'php5-mysql' ]
+  tags: [ 'owncloud', 'mysql' ]
+
+- name: Get default MySQL password
+  set_fact:
+    owncloud_database_password: '{{ owncloud_database_map[owncloud_database].dbpass }}'
+  tags: [ 'owncloud', 'mysql' ]
+
+- name: Lookup MySQL password if secrets/ directory is defined
+  set_fact:
+    owncloud_database_password: "{{ lookup('password', secret + '/credentials/' + ansible_fqdn + '/owncloud/mysql/' + owncloud_database_map[owncloud_database].dbuser + '/password length=' + mysql_password_length) }}"
+  when: secret is defined
+  tags: [ 'owncloud', 'mysql' ]
+
+- name: Create ownCloud MySQL user
+  mysql_user: name={{ owncloud_database_map[owncloud_database].dbuser }}
+              password={{ owncloud_database_password }} state=present
+              host='localhost' priv='{{ owncloud_database_map[owncloud_database].dbname }}.*:ALL'
+  tags: [ 'owncloud', 'mysql' ]
+
+- name: Create ownCloud database
+  mysql_db: name={{ owncloud_database_map[owncloud_database].dbname }} state=present
+  tags: [ 'owncloud', 'mysql' ]
+
+

playbooks/roles/owncloud/tasks/configure_owncloud.yml

@@ -0,0 +1,59 @@
+---
+
+- name: Setup cron service
+  cron: name='ownCloud Background Jobs' minute={{ owncloud_cron_minute }} user={{ owncloud_user }}
+        job='/usr/bin/php -f {{ owncloud_deploy_path }}/cron.php' cron_file='owncloud'
+  tags: owncloud
+
+- name: Setup logrotate for owncloud
+  template: src=etc/logrotate.d/owncloud.j2 dest=/etc/logrotate.d/owncloud owner=root group=root mode=0644
+  tags: owncloud
+
+- name: Lookup admin password if secrets/ directory is defined
+  set_fact:
+    owncloud_admin_password: "{{ lookup('password', secret + '/credentials/' + ansible_fqdn + '/owncloud/admin/' + owncloud_admin_username + '/password length=' + owncloud_password_length) }}"
+  when: secret is defined and owncloud_admin_username is defined and owncloud_admin_username
+  tags: owncloud
+
+- name: Check if ownCloud is configured
+  stat: path={{ owncloud_deploy_path }}/config/config.php
+  register: owncloud_config_file
+  tags: owncloud
+
+- name: Install ownCloud autoconfig file
+  template: src=srv/www/sites/config/autoconfig.php.j2 dest={{ owncloud_deploy_path }}/config/autoconfig.php
+            owner={{ owncloud_user }} group={{ owncloud_group }} mode=0660
+  when: owncloud_config_file is defined and owncloud_config_file.stat.exists == False
+  tags: owncloud
+
+- name: Install ownCloud default config file
+  template: src=srv/www/sites/config/config.default.php.j2 dest={{ owncloud_deploy_path }}/config/config.php
+            owner={{ owncloud_user }} group={{ owncloud_group }} mode=0640
+  when: owncloud_config_file is defined and owncloud_config_file.stat.exists == False
+  tags: owncloud
+
+- name: Use cron for background jobs (lib/private/...)
+  lineinfile: dest={{ owncloud_deploy_path }}/lib/private/backgroundjob.php state=present regexp="return OC_Appconfig::getValue" line="                return OC_Appconfig::getValue( 'core', 'backgroundjobs_mode', 'cron' );"
+  when: owncloud_config_file is defined and owncloud_config_file.stat.exists == False
+  tags: owncloud
+
+- name: Use cron for background jobs (settings/admin.php)
+  lineinfile: dest={{ owncloud_deploy_path }}/settings/admin.php state=present regexp="'backgroundjobs_mode', OC_Appconfig::getValue" line="$tmpl->assign('backgroundjobs_mode', OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'cron'));"
+  when: owncloud_config_file is defined and owncloud_config_file.stat.exists == False
+  tags: owncloud
+
+- name: Flush handlers if automatic setup is requested
+  meta: flush_handlers
+  when: owncloud_config_file is defined and owncloud_config_file.stat.exists == False and
+        owncloud_admin_username is defined and owncloud_admin_username and
+        owncloud_autosetup is defined and owncloud_autosetup
+  tags: owncloud
+
+- name: Automatically finish setup if allowed
+  uri: url=https://{{ owncloud_domain }}/index.php
+  when: owncloud_config_file is defined and owncloud_config_file.stat.exists == False and
+        owncloud_admin_username is defined and owncloud_admin_username and
+        owncloud_autosetup is defined and owncloud_autosetup
+  tags: owncloud
+
+

playbooks/roles/owncloud/tasks/configure_postgresql.yml

@@ -0,0 +1,23 @@
+---
+
+- name: Install required packages for PostgreSQL support
+  apt: pkg={{ item }} state=latest install_recommends=no
+  with_items: [ 'php5-pgsql' ]
+  tags: [ 'owncloud', 'postgresql' ]
+
+- name: Get default PostgreSQL password
+  set_fact:
+    owncloud_database_password: '{{ owncloud_database_map[owncloud_database].dbpass }}'
+  tags: [ 'owncloud', 'postgresql' ]
+
+- name: Create ownCloud PostgreSQL role
+  postgresql_user: name={{ owncloud_database_map[owncloud_database].dbuser }} state=present
+  sudo_user: 'postgres'
+  tags: [ 'owncloud', 'postgresql' ]
+
+- name: Create ownCloud database
+  postgresql_db: name={{ owncloud_database_map[owncloud_database].dbname }} state=present owner={{ owncloud_database_map[owncloud_database].dbuser }}
+  sudo_user: 'postgres'
+  tags: [ 'owncloud', 'postgresql' ]
+
+

playbooks/roles/owncloud/tasks/deploy_owncloud.yml

@@ -0,0 +1,29 @@
+---
+
+- name: Clone ownCloud source from deploy server
+  git: repo={{ owncloud_source_map[owncloud_source].url }} dest={{ owncloud_home }}/{{ owncloud_deploy_repo }}
+       bare=yes version={{ owncloud_source_map[owncloud_source].branch }} update=yes
+  sudo_user: '{{ owncloud_user }}'
+  register: owncloud_repo_updated
+  tags: owncloud
+
+- name: Checkout ownCloud to deployment path
+  shell: GIT_WORK_TREE={{ owncloud_deploy_path }} git checkout --force {{ owncloud_source_map[owncloud_source].branch }}
+         chdir={{ owncloud_home }}/{{ owncloud_deploy_repo }}
+  sudo_user: '{{ owncloud_user }}'
+  when: owncloud_repo_updated is defined and owncloud_repo_updated.changed
+  tags: owncloud
+
+- name: Point git work tree to separate .git directory
+  lineinfile: "dest={{ owncloud_deploy_path }}/.git create=yes state=present regexp='^gitdir:' line='gitdir: {{ owncloud_home }}/{{ owncloud_deploy_repo }}'"
+  sudo_user: '{{ owncloud_user }}'
+  when: owncloud_repo_updated is defined and owncloud_repo_updated.changed
+  tags: owncloud
+
+- name: Checkout ownCloud submodules to deployment path
+  shell: GIT_WORK_TREE={{ owncloud_deploy_path }} git submodule update --init --recursive --force chdir={{ owncloud_deploy_path }}
+  sudo_user: '{{ owncloud_user }}'
+  when: owncloud_repo_updated is defined and owncloud_repo_updated.changed
+  tags: owncloud
+
+

playbooks/roles/owncloud/tasks/main.yml

@@ -0,0 +1,15 @@
+---
+
+- include: setup_environment.yml
+- include: setup_deploy_key.yml
+- include: deploy_owncloud.yml
+
+- include: configure_mysql.yml
+  when: owncloud_database is defined and owncloud_database == 'mysql'
+
+- include: configure_postgresql.yml
+  when: owncloud_database is defined and owncloud_database == 'postgresql'
+
+- include: configure_owncloud.yml
+
+

playbooks/roles/owncloud/tasks/setup_deploy_key.yml

@@ -0,0 +1,54 @@
+---
+
+- name: Slurp deploy key
+  slurp: src={{ owncloud_home }}/.ssh/id_rsa.pub
+  register: owncloud_deploy_key
+  when: owncloud_deploy_key is undefined
+  tags: owncloud
+
+- name: Create hash variable with deploy key
+  set_fact:
+    owncloud_deploy_data:
+      title: '{{ owncloud_user }}@{{ ansible_hostname }} deployed by Ansible'
+      key: '{{ owncloud_deploy_key.content | b64decode | trim }}'
+  when: owncloud_deploy_key is defined
+  tags: owncloud
+
+- name: Setup deploy key on ownCloud source server (githost)
+  authorized_key: user={{ owncloud_deploy_user }} key='{{ owncloud_deploy_data.key }}'
+                  key_options='no-X11-forwarding,no-agent-forwarding,no-port-forwarding' state=present
+  delegate_to: '{{ owncloud_deploy_server }}'
+  when: owncloud_deploy_key is defined and
+        owncloud_source is defined and
+        owncloud_source == 'githost'
+  tags: owncloud
+
+- name: Setup deploy key on ownCloud source server (github)
+  command: "curl --silent --header 'Authorization: token {{ owncloud_deploy_token }}' --data '{{ owncloud_deploy_data | to_nice_json }}' https://api.github.com/repos/{{ owncloud_deploy_repo | replace('.git','') }}/keys"
+  changed_when: False
+  when: owncloud_deploy_key is defined and
+        owncloud_source is defined and
+        owncloud_source == 'github'
+  tags: owncloud
+
+- name: Find id of ownCloud source project (gitlab)
+  uri: >
+        url=https://{{ owncloud_deploy_server }}/api/v3/projects/{{ owncloud_deploy_repo | replace('.git','') | replace('/','%2F') }}
+        HEADER_PRIVATE-TOKEN={{ owncloud_deploy_token }}
+  register: owncloud_gitlab
+  when: owncloud_deploy_key is defined and
+        owncloud_source is defined and
+        owncloud_source == 'gitlab'
+  tags: owncloud
+
+- name: Setup deploy key on ownCloud source server (gitlab)
+  uri: >
+        url=https://{{ owncloud_deploy_server }}/api/v3/projects/{{ owncloud_gitlab.json.id }}/keys
+        HEADER_PRIVATE-TOKEN={{ owncloud_deploy_token }} HEADER_Content-Type="application/json"
+        status_code=201 method=POST body='{{ owncloud_deploy_data | to_nice_json }}'
+  when: owncloud_deploy_key is defined and
+        owncloud_source is defined and
+        owncloud_source == 'gitlab'
+  tags: owncloud
+
+