mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2024-11-25 14:11:03 +01:00
Compare commits
2 Commits
7eee1748cc
...
dfc0dbbffa
Author | SHA1 | Date | |
---|---|---|---|
dfc0dbbffa | |||
ebcd93f837 |
@ -1,12 +1,11 @@
|
||||
- name: "reload pull-remote-backups service"
|
||||
systemd:
|
||||
name: pull-remote-backups.service
|
||||
state: reloaded
|
||||
enabled: yes
|
||||
daemon_reload: yes
|
||||
- name: "restart pull-remote-backups timer"
|
||||
systemd:
|
||||
name: pull-remote-backups.timer
|
||||
state: restarted
|
||||
state: started
|
||||
enabled: yes
|
||||
daemon_reload: yes
|
||||
|
@ -2,3 +2,4 @@ dependencies:
|
||||
- git
|
||||
- systemd_notifier
|
||||
- backups-cleanup-timer
|
||||
- docker-volume-backup-cleanup
|
||||
|
@ -1,6 +1,6 @@
|
||||
[Unit]
|
||||
Description=pull remote backups
|
||||
OnFailure=systemd-notifier@%n.service
|
||||
OnFailure=systemd-notifier@%n.service docker-volume-backup-cleanup.service
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
|
@ -1,18 +1,21 @@
|
||||
# role docker-nextcloud
|
||||
|
||||
## precondition
|
||||
|
||||
Before executing cli commands the following variable needs to be set:
|
||||
|
||||
## modify config
|
||||
Enter container:
|
||||
```bash
|
||||
NEXTCLOUD_APPLICATION_DOCKER_CONTAINER=nextcloud-application-1
|
||||
docker-compose exec -it application /bin/sh
|
||||
```
|
||||
|
||||
Afterwards modify config:
|
||||
```bash
|
||||
apk add --no-cache nano && nano config/config.php
|
||||
```
|
||||
|
||||
## update
|
||||
|
||||
To update the nextcloud container execute the following commands on the server:
|
||||
```bash
|
||||
docker exec -it -u www-data $NEXTCLOUD_APPLICATION_DOCKER_CONTAINER /var/www/html/occ maintenance:mode --on &&
|
||||
docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mode --on &&
|
||||
export COMPOSE_HTTP_TIMEOUT=600 &&
|
||||
export DOCKER_CLIENT_TIMEOUT=600 &&
|
||||
docker-compose down
|
||||
@ -27,27 +30,27 @@ Wait for the update to finish.
|
||||
You can verify that the update is finished by checking the following logs:
|
||||
|
||||
```bash
|
||||
docker logs $NEXTCLOUD_APPLICATION_DOCKER_CONTAINER
|
||||
docker-compose logs application
|
||||
```
|
||||
|
||||
and
|
||||
|
||||
```bash
|
||||
docker exec -it $NEXTCLOUD_APPLICATION_DOCKER_CONTAINER top
|
||||
docker-compose exec -it application top
|
||||
```
|
||||
|
||||
If nextcloud stays in the maintenance mode after the update try the following:
|
||||
|
||||
```bash
|
||||
docker exec -it -u www-data $NEXTCLOUD_APPLICATION_DOCKER_CONTAINER /var/www/html/occ maintenance:mode --on
|
||||
docker exec -it -u www-data $NEXTCLOUD_APPLICATION_DOCKER_CONTAINER /var/www/html/occ upgrade
|
||||
docker exec -it -u www-data $NEXTCLOUD_APPLICATION_DOCKER_CONTAINER /var/www/html/occ maintenance:mode --off
|
||||
docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mode --on
|
||||
docker-compose exec -it -u www-data application /var/www/html/occ upgrade
|
||||
docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mode --off
|
||||
```
|
||||
|
||||
If the update process fails execute
|
||||
|
||||
```bash
|
||||
docker exec -it -u www-data $NEXTCLOUD_APPLICATION_DOCKER_CONTAINER /var/www/html/occ maintenance:repair
|
||||
docker-compose exec -it -u www-data application /var/www/html/occ maintenance:repair
|
||||
```
|
||||
|
||||
and disable the not functioning apps.
|
||||
@ -56,7 +59,7 @@ and disable the not functioning apps.
|
||||
```bash
|
||||
cd {{path_docker_compose_files}}nextcloud &&
|
||||
docker-compose down &&
|
||||
docker exec -i nextcloud_database_1 mysql -u nextcloud -pPASSWORT nextcloud < "/Backups/$(sha256sum /etc/machine-id | head -c 64)/docker-volume-backup/latest/nextcloud_database/sql/backup.sql" &&
|
||||
docker-compose exec -i database mysql -u nextcloud -pPASSWORT nextcloud < "/Backups/$(sha256sum /etc/machine-id | head -c 64)/docker-volume-backup/latest/nextcloud_database/sql/backup.sql" &&
|
||||
cd {{path_administrator_scripts}}docker-volume-backup &&
|
||||
bash ./docker-volume-recover.sh "nextcloud_data" "$(sha256sum /etc/machine-id | head -c 64)"
|
||||
```
|
||||
@ -65,12 +68,12 @@ bash ./docker-volume-recover.sh "nextcloud_data" "$(sha256sum /etc/machine-id |
|
||||
### database access
|
||||
To access the database execute
|
||||
```bash
|
||||
docker exec -it nextcloud_database_1 mysql -u nextcloud -D nextcloud -p
|
||||
docker-compose exec -it database mysql -u nextcloud -D nextcloud -p
|
||||
```
|
||||
|
||||
### recreate database with new volume:
|
||||
```bash
|
||||
docker run --detach --name nextcloud_database_1 --env MYSQL_USER="nextcloud" --env MYSQL_PASSWORD=PASSWORD --env MYSQL_ROOT_PASSWORD=PASSWORD --env MYSQL_DATABASE="nextcloud" -v nextcloud_database:/var/lib/mysql
|
||||
docker-compose run --detach --name database --env MYSQL_USER="nextcloud" --env MYSQL_PASSWORD=PASSWORD --env MYSQL_ROOT_PASSWORD=PASSWORD --env MYSQL_DATABASE="nextcloud" -v nextcloud_database:/var/lib/mysql
|
||||
```
|
||||
|
||||
The process can be checked with:
|
||||
@ -84,7 +87,7 @@ show processlist;
|
||||
To use occ run:
|
||||
|
||||
```bash
|
||||
docker exec -it -u www-data $NEXTCLOUD_APPLICATION_DOCKER_CONTAINER /var/www/html/occ
|
||||
docker-compose exec -it -u www-data application /var/www/html/occ
|
||||
```
|
||||
|
||||
## app relevant tables
|
||||
@ -94,14 +97,14 @@ To use occ run:
|
||||
### initialize duplicates
|
||||
|
||||
```bash
|
||||
sudo docker exec -it -u www-data $NEXTCLOUD_APPLICATION_DOCKER_CONTAINER /var/www/html/occ duplicates:find-all --output
|
||||
docker-compose exec -it -u www-data application /var/www/html/occ duplicates:find-all --output
|
||||
```
|
||||
|
||||
### unlock files
|
||||
```bash
|
||||
docker exec -it -u www-data $NEXTCLOUD_APPLICATION_DOCKER_CONTAINER /var/www/html/occ maintenance:mode --on
|
||||
docker exec -it nextcloud_database_1 mysql -u nextcloud -pPASSWORD1234132 -D nextcloud -e "delete from oc_file_locks where 1"
|
||||
docker exec -it -u www-data $NEXTCLOUD_APPLICATION_DOCKER_CONTAINER /var/www/html/occ maintenance:mode --off
|
||||
docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mode --on
|
||||
docker-compose exec -it nextcloud_database_1 mysql -u nextcloud -pPASSWORD1234132 -D nextcloud -e "delete from oc_file_locks where 1"
|
||||
docker-compose exec -it -u www-data application /var/www/html/occ maintenance:mode --off
|
||||
```
|
||||
|
||||
## architecture
|
||||
@ -112,7 +115,7 @@ Until NC24 MariaDB version has to be used.
|
||||
### 504 Gateway Timeout
|
||||
|
||||
```bash
|
||||
docker logs nextcloud_web_1 --tail 1000 | grep 504
|
||||
docker-compose logs web --tail 1000 | grep 504
|
||||
```
|
||||
|
||||
#### See
|
||||
|
@ -7,6 +7,9 @@ server
|
||||
# Remove X-Powered-By, which is an information leak
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
|
||||
# Set X-Robots-Tag to noindex, nofollow on all responses
|
||||
add_header X-Robots-Tag "noindex, nofollow";
|
||||
|
||||
# set max upload size
|
||||
client_max_body_size 10G;
|
||||
client_body_buffer_size 400M;
|
||||
|
@ -61,17 +61,17 @@ http {
|
||||
#pagespeed off;
|
||||
|
||||
# HTTP response headers borrowed from Nextcloud `.htaccess`
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "none" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "noindex, nofollow" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
# Remove X-Powered-By, which is an information leak
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
|
||||
|
||||
# Path to the root of your installation
|
||||
root /var/www/html;
|
||||
|
||||
|
3
roles/docker-volume-backup-cleanup/README.md
Normal file
3
roles/docker-volume-backup-cleanup/README.md
Normal file
@ -0,0 +1,3 @@
|
||||
# Docker Volume Backup Cleanup
|
||||
This script cleans up failed docker backups.
|
||||
It uses https://github.com/kevinveenbirkenbach/docker-volume-backup-cleanup as base.
|
5
roles/docker-volume-backup-cleanup/handlers/main.yml
Normal file
5
roles/docker-volume-backup-cleanup/handlers/main.yml
Normal file
@ -0,0 +1,5 @@
|
||||
- name: "reload docker-volume-backup-cleanup.service daemon"
|
||||
systemd:
|
||||
name: docker-volume-backup-cleanup.service
|
||||
enabled: yes
|
||||
daemon_reload: yes
|
3
roles/docker-volume-backup-cleanup/meta/main.yml
Normal file
3
roles/docker-volume-backup-cleanup/meta/main.yml
Normal file
@ -0,0 +1,3 @@
|
||||
dependencies:
|
||||
- git
|
||||
- systemd_notifier
|
18
roles/docker-volume-backup-cleanup/tasks/main.yml
Normal file
18
roles/docker-volume-backup-cleanup/tasks/main.yml
Normal file
@ -0,0 +1,18 @@
|
||||
- name: pull docker-volume-backup-cleanup.git
|
||||
git:
|
||||
repo: "https://github.com/kevinveenbirkenbach/docker-volume-backup-cleanup.git"
|
||||
dest: "{{docker_volume_backup_cleanup_folder}}"
|
||||
update: yes
|
||||
register: git_result
|
||||
ignore_errors: true
|
||||
|
||||
- name: Warn if repo is not reachable
|
||||
debug:
|
||||
msg: "Warning: Repository is not reachable."
|
||||
when: git_result.failed
|
||||
|
||||
- name: configure docker-volume-backup-cleanup.service
|
||||
template:
|
||||
src: docker-volume-backup-cleanup.service.j2
|
||||
dest: /etc/systemd/system/docker-volume-backup-cleanup.service
|
||||
notify: reload docker-volume-backup-cleanup.service daemon
|
@ -0,0 +1,7 @@
|
||||
[Unit]
|
||||
Description=Cleans up failed docker volume backups
|
||||
OnFailure=systemd-notifier@%n.service
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/bin/sh -c '/usr/bin/yes | /usr/bin/bash {{docker_volume_backup_cleanup_folder}}cleanup.sh {{docker_volume_backup_cleanup_machine_id}} {{docker_volume_backup_cleanup_trigger_directory}}'
|
1
roles/docker-volume-backup-cleanup/vars/main.yml
Normal file
1
roles/docker-volume-backup-cleanup/vars/main.yml
Normal file
@ -0,0 +1 @@
|
||||
docker_volume_backup_cleanup_folder: "{{path_administrator_scripts}}docker-volume-backup-cleanup/"
|
@ -1,12 +1,12 @@
|
||||
- name: "reload docker-volume-backup.service"
|
||||
systemd:
|
||||
name: docker-volume-backup.service
|
||||
state: reloaded
|
||||
enabled: yes
|
||||
daemon_reload: yes
|
||||
|
||||
- name: "restart docker-volume-backup.timer"
|
||||
systemd:
|
||||
name: docker-volume-backup.timer
|
||||
state: restarted
|
||||
state: started
|
||||
enabled: yes
|
||||
daemon_reload: yes
|
||||
|
@ -2,3 +2,4 @@ dependencies:
|
||||
- git
|
||||
- backups-provider
|
||||
- systemd_notifier
|
||||
- docker-volume-backup-cleanup
|
@ -1,6 +1,6 @@
|
||||
[Unit]
|
||||
Description=docker volume backup
|
||||
OnFailure=systemd-notifier@%n.service
|
||||
OnFailure=systemd-notifier@%n.service docker-volume-backup-cleanup.service
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
|
Loading…
Reference in New Issue
Block a user