Install NextCloud 11 on Fedora 25 with SaltStack
-
@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:
@scottalanmiller Thanks, I'll look at making a cron job for it to run at boot. I'm having to manually disable the firewall at each boot too, so that will need to be added. Salt master and minion are starting up on their own now, so that's good.
Let's fix the issue. That will be better than that anyway.
-
Let's try this...
install_network_packages: pkg.installed: - pkgs: - wget - unzip - firewalld - net-tools - php - mariadb - mariadb-server - mod_ssl - php-pecl-apcu - httpd - php-xml - php-gd - php-pecl-zip - php-mbstring - redis - php-pecl-redis - php-process - php-pdo - certbot - php-mysqlnd - policycoreutils - policycoreutils-python - policycoreutils-python-utils - dnf-automatic - python2-certbot-apache archive: - extracted - name: /var/www/html/ - source: https://download.nextcloud.com/server/releases/nextcloud-11.0.2.zip - source_hash: md5=720cb50f98a94f2888f2d07d5d4e91b4 - archive_format: zip - if_missing: /var/www/html/nextcloud /swapfile: cmd.run: - name: | [ -f /swapfile ] || dd if=/dev/zero of=/swapfile bs=1M count={{ grains["mem_total"] * 2 }} chmod 0600 /swapfile mkswap /swapfile swapon -a - unless: - file /swapfile 2>&1 | grep -q "Linux/i386 swap" mount.swap: - persist: true configure_swappiness: file.append: - name: /etc/sysctl.conf - text: vm.swappiness = 10 /var/www/html/: file.directory: - user: apache - group: apache - recurse: - user - group /etc/httpd/conf.d/ssl.conf: file.managed: - source: - salt://ssl.conf - user: root - group: root - mode: 644 /data: file.directory: - user: apache - group: apache /var/run/redis: file.directory: - user: redis - group: redis /etc/redis.conf: file.managed: - source: - salt://redis.conf - user: root - group: root - mode: 644 httpd: pkg.installed: [] service.running: - enable: True - require: - pkg: httpd mariadb: pkg.installed: [] service.running: - enable: True - require: - pkg: mariadb redis: pkg.installed: [] service.running: - enable: True - require: - pkg: redis FedoraServer: firewalld.present: - name: FedoraServer - block_icmp: - echo-reply - echo-request - default: False - masquerade: True - ports: - 443/tcp - 22/tcp - 9090/tcp permissive: selinux.mode install-foo: cmd.run: - name: | cd /var/www/html/nextcloud setenforce 0 sudo -u apache php occ maintenance:install --database="mysql" --database-name "nextcloud" --database-user "root" --database-pass "" --admin-user "admin" --admin-pass "superdupercrazysecretepasswordthatnooneknows" --data-dir "/data" sed -i "/0 => 'localhost',/a \ \ \ \ 1 => '*'," config/config.php sed -i "/'installed' => true,/a \ \ 'memcache.local' => '\\\OC\\\Memcache\\\APCu',\n\ \ 'filelocking.enabled' => true,\n\ \ 'memcache.locking' => '\\\OC\\\Memcache\\\Redis',\n\ \ 'redis' => array(\n\ \ \ \ \ \ \ 'host' => '/var/run/redis/redis.sock',\n\ \ \ \ \ \ \ 'port' => 0,\n\ \ \ \ \ \ \ 'timeout' => 0.0,\n\ \ \ \ \ \ \ \ )," config/config.php semanage fcontext -a -t httpd_sys_rw_content_t '/data' restorecon '/data' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/config(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/apps(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/assets(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.htaccess' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.user.ini' restorecon -Rv '/var/www/html/nextcloud/' > /dev/null systemctl restart httpd touch install_complete - cwd: /var/www/html/nextcloud - shell: /bin/bash - timeout: 300 - creates: /var/www/html/nextcloud/install_completeTry this. Hopefully it fixes both your firewall and service issues.
-
@scottalanmiller Thanks so much, Scott! Working perfectly now!
Personally, I want a PING response, plus port 22 and 80 open, so I'm going to tweak IPtables, but it is coming back up after rebooting the VM. -
@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:
@scottalanmiller Thanks so much, Scott! Working perfectly now!
Personally, I want a PING response, plus port 22 and 80 open, so I'm going to tweak IPtables, but it is coming back up after rebooting the VM.Ping response I understand. Why port 80 though?
-
@scottalanmiller said in Install NextCloud 11 on Fedora 25 with SaltStack:
onse I understand. Why port 80 though?
Not sure if it will get used outside our LAN yet. If so, I will close 80 and purchase an SSL cert.
-
Modifying your IPTables will get rolled back the next time you apply state. This section handles the firewall...
FedoraServer: firewalld.present: - name: FedoraServer - block_icmp: - echo-reply - echo-request - default: False - masquerade: True - ports: - 443/tcp - 22/tcp - 9090/tcpJust add
- 80/tcpTo the end to open port 80. And remove "the block_icmp" section completely to fix ICMP Pings.
-
@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:
@scottalanmiller said in Install NextCloud 11 on Fedora 25 with SaltStack:
onse I understand. Why port 80 though?
Not sure if it will get used outside our LAN yet. If so, I will close 80 and purchase an SSL cert.
Don't purchase a cert, just use LetsEncrypt for free. It's all set up for that, including the tools already built in from the state.
-
Oh very cool! I did not know that
-
...in that case I may just use 443, yeah.
-
WIth mine, I add the certs once they are acquired to my state files and have them ensured by SaltStack so that if I need (or want) to migrate to a different server I can do so and it moves my full system, including the certs, with it. Still have to backup and restore the file data, of course.
-
@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:
...in that case I may just use 443, yeah.
You CAN run any commands via Salt, too. You can avoid logging in. Except your SaltMaster is on the same host, so that doesn't work
-
Would I need to add something to the salt script to enable the "LDAP user and group backend" v1.1.2 app for NextCloud? I want SSO for our AD users, but NextCloud says "This app cannot be installed because the following dependencies are not fulfilled:
The library ldap is not available." -
This should be the package that is missing: php-ldap.x86_64
-
So you can just add it to the package list...
install_network_packages: pkg.installed: - pkgs: - wget - unzip - firewalld - net-tools - php-ldapAdd it into the list as above. Anywhere in the list is fine. Then run your state again. This way it is added in, but if you need to rebuild your master file is ready to make everything for you.
-
I added the php-ldap package to the main directions.
-
Can someone break this down in plain English for those of us that aren't that smart?
-
@FATeknollogee said in Install NextCloud 11 on Fedora 25 with SaltStack:
Can someone break this down in plain English for those of us that aren't that smart?
Which part?
-
@scottalanmiller said in Install NextCloud 11 on Fedora 25 with SaltStack:
@FATeknollogee said in Install NextCloud 11 on Fedora 25 with SaltStack:
Can someone break this down in plain English for those of us that aren't that smart?
Which part?
After the o/s is installed, how do get here? "To use nextcloud.sls you will need to copy all three files to your /srv/salt/ directory as it will pull the two configuration files from there to put them on the server.
/srv/salt/nextcloud.sls"
-
@FATeknollogee said in Install NextCloud 11 on Fedora 25 with SaltStack:
@scottalanmiller said in Install NextCloud 11 on Fedora 25 with SaltStack:
@FATeknollogee said in Install NextCloud 11 on Fedora 25 with SaltStack:
Can someone break this down in plain English for those of us that aren't that smart?
Which part?
After the o/s is installed, how do get here? "To use nextcloud.sls you will need to copy all three files to your /srv/salt/ directory as it will pull the two configuration files from there to put them on the server.
/srv/salt/nextcloud.sls"
This is a SaltStack state file (hence "with SaltStack" in the title.) So you would need to install SaltStack to do this. If you use the SaltStack tag here on the community, there are guides to installing a Salt Master and a Salt Minion (the minion is the server on which you would install NextCloud, for example.) I'm turning out guides regularly which basically completely manage your servers, so this can be worthwhile as building servers becomes pretty much zero work this way.
-
The Master/Minion part is simple, that I figured out.
Getting to the NextCloud install is where I got lost.
