Install NextCloud 11 on Fedora 25 with SaltStack
-
Thanks again, Scott! Just one last question: how do I get this to "stick" after a reboot? It seems to be reverting back to having nothing installed after I reboot the Fedora Svr VM...
-
@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:
Thanks again, Scott! Just one last question: how do I get this to "stick" after a reboot? It seems to be reverting back to having nothing installed after I reboot the Fedora Svr VM...
What? The packages VANISH? Or just the configuration?
-
@scottalanmiller Well, it doesn't lose my NextCloud config (I changed the admin PW) but Apache2.4, Salt (master and minion) and NextCloud are just not auto starting up. I've set the salt services to auto-start up, so I'll see if that's all it needs...
-
@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:
@scottalanmiller Well, it doesn't lose my NextCloud config (I changed the admin PW) but Apache2.4, Salt (master and minion) and NextCloud are just not auto starting up. I've set the salt services to auto-start up, so I'll see if that's all it needs...
Ah okay, at one point I had that issue but I thought that I fixed it in the state file. They were set to start when it runs, but not to start on their own. Which is actually a legitimate way to use a system like this, but not how I intended this one. If you set it that way, then you want the state file to run on start up. That's not uncommon, to have the state file determine what to run when the system files up. But I didn't intend it here. In a pinch, though, you can just re-run it and it will take care of that for you.
-
@scottalanmiller Thanks, I'll look at making a cron job for it to run at boot. I'm having to manually disable the firewall at each boot too, so that will need to be added. Salt master and minion are starting up on their own now, so that's good.
-
@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:
@scottalanmiller Thanks, I'll look at making a cron job for it to run at boot. I'm having to manually disable the firewall at each boot too, so that will need to be added. Salt master and minion are starting up on their own now, so that's good.
Let's fix the issue. That will be better than that anyway.
-
Let's try this...
install_network_packages: pkg.installed: - pkgs: - wget - unzip - firewalld - net-tools - php - mariadb - mariadb-server - mod_ssl - php-pecl-apcu - httpd - php-xml - php-gd - php-pecl-zip - php-mbstring - redis - php-pecl-redis - php-process - php-pdo - certbot - php-mysqlnd - policycoreutils - policycoreutils-python - policycoreutils-python-utils - dnf-automatic - python2-certbot-apache archive: - extracted - name: /var/www/html/ - source: https://download.nextcloud.com/server/releases/nextcloud-11.0.2.zip - source_hash: md5=720cb50f98a94f2888f2d07d5d4e91b4 - archive_format: zip - if_missing: /var/www/html/nextcloud /swapfile: cmd.run: - name: | [ -f /swapfile ] || dd if=/dev/zero of=/swapfile bs=1M count={{ grains["mem_total"] * 2 }} chmod 0600 /swapfile mkswap /swapfile swapon -a - unless: - file /swapfile 2>&1 | grep -q "Linux/i386 swap" mount.swap: - persist: true configure_swappiness: file.append: - name: /etc/sysctl.conf - text: vm.swappiness = 10 /var/www/html/: file.directory: - user: apache - group: apache - recurse: - user - group /etc/httpd/conf.d/ssl.conf: file.managed: - source: - salt://ssl.conf - user: root - group: root - mode: 644 /data: file.directory: - user: apache - group: apache /var/run/redis: file.directory: - user: redis - group: redis /etc/redis.conf: file.managed: - source: - salt://redis.conf - user: root - group: root - mode: 644 httpd: pkg.installed: [] service.running: - enable: True - require: - pkg: httpd mariadb: pkg.installed: [] service.running: - enable: True - require: - pkg: mariadb redis: pkg.installed: [] service.running: - enable: True - require: - pkg: redis FedoraServer: firewalld.present: - name: FedoraServer - block_icmp: - echo-reply - echo-request - default: False - masquerade: True - ports: - 443/tcp - 22/tcp - 9090/tcp permissive: selinux.mode install-foo: cmd.run: - name: | cd /var/www/html/nextcloud setenforce 0 sudo -u apache php occ maintenance:install --database="mysql" --database-name "nextcloud" --database-user "root" --database-pass "" --admin-user "admin" --admin-pass "superdupercrazysecretepasswordthatnooneknows" --data-dir "/data" sed -i "/0 => 'localhost',/a \ \ \ \ 1 => '*'," config/config.php sed -i "/'installed' => true,/a \ \ 'memcache.local' => '\\\OC\\\Memcache\\\APCu',\n\ \ 'filelocking.enabled' => true,\n\ \ 'memcache.locking' => '\\\OC\\\Memcache\\\Redis',\n\ \ 'redis' => array(\n\ \ \ \ \ \ \ 'host' => '/var/run/redis/redis.sock',\n\ \ \ \ \ \ \ 'port' => 0,\n\ \ \ \ \ \ \ 'timeout' => 0.0,\n\ \ \ \ \ \ \ \ )," config/config.php semanage fcontext -a -t httpd_sys_rw_content_t '/data' restorecon '/data' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/config(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/apps(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/assets(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.htaccess' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.user.ini' restorecon -Rv '/var/www/html/nextcloud/' > /dev/null systemctl restart httpd touch install_complete - cwd: /var/www/html/nextcloud - shell: /bin/bash - timeout: 300 - creates: /var/www/html/nextcloud/install_completeTry this. Hopefully it fixes both your firewall and service issues.
-
@scottalanmiller Thanks so much, Scott! Working perfectly now!
Personally, I want a PING response, plus port 22 and 80 open, so I'm going to tweak IPtables, but it is coming back up after rebooting the VM. -
@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:
@scottalanmiller Thanks so much, Scott! Working perfectly now!
Personally, I want a PING response, plus port 22 and 80 open, so I'm going to tweak IPtables, but it is coming back up after rebooting the VM.Ping response I understand. Why port 80 though?
-
@scottalanmiller said in Install NextCloud 11 on Fedora 25 with SaltStack:
onse I understand. Why port 80 though?
Not sure if it will get used outside our LAN yet. If so, I will close 80 and purchase an SSL cert.
-
Modifying your IPTables will get rolled back the next time you apply state. This section handles the firewall...
FedoraServer: firewalld.present: - name: FedoraServer - block_icmp: - echo-reply - echo-request - default: False - masquerade: True - ports: - 443/tcp - 22/tcp - 9090/tcpJust add
- 80/tcpTo the end to open port 80. And remove "the block_icmp" section completely to fix ICMP Pings.
-
@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:
@scottalanmiller said in Install NextCloud 11 on Fedora 25 with SaltStack:
onse I understand. Why port 80 though?
Not sure if it will get used outside our LAN yet. If so, I will close 80 and purchase an SSL cert.
Don't purchase a cert, just use LetsEncrypt for free. It's all set up for that, including the tools already built in from the state.
-
Oh very cool! I did not know that
-
...in that case I may just use 443, yeah.
-
WIth mine, I add the certs once they are acquired to my state files and have them ensured by SaltStack so that if I need (or want) to migrate to a different server I can do so and it moves my full system, including the certs, with it. Still have to backup and restore the file data, of course.
-
@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:
...in that case I may just use 443, yeah.
You CAN run any commands via Salt, too. You can avoid logging in. Except your SaltMaster is on the same host, so that doesn't work
-
Would I need to add something to the salt script to enable the "LDAP user and group backend" v1.1.2 app for NextCloud? I want SSO for our AD users, but NextCloud says "This app cannot be installed because the following dependencies are not fulfilled:
The library ldap is not available." -
This should be the package that is missing: php-ldap.x86_64
-
So you can just add it to the package list...
install_network_packages: pkg.installed: - pkgs: - wget - unzip - firewalld - net-tools - php-ldapAdd it into the list as above. Anywhere in the list is fine. Then run your state again. This way it is added in, but if you need to rebuild your master file is ready to make everything for you.
-
I added the php-ldap package to the main directions.
