Install NextCloud 11 on Fedora 25 with SaltStack

scottalanmiller

@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:

@scottalanmiller Thanks, I just appended it on to the end of /etc/salt/minion via Nano and restarted salt-minion service. No change though...?

The salt-key --list-all didn't list it?

CrimsonKidA

@scottalanmiller Afraid not. I did find where to change the salt master in the /etc/salt/minion file (line 16), so I un-commented it out and changed that to master:localhost and restarted the salt-minion service again, but no change. Also tried restarting salt-master service.

scottalanmiller

@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:

@scottalanmiller Afraid not. I did find where to change the salt master in the /etc/salt/minion file (line 16), so I un-commented it out and changed that to master:localhost and restarted the salt-minion service again, but no change. Also tried restarting salt-master service.

Make sure that there is a space after the colon.

You can go in /var/log and look in the salt minion logs to see what it is complaining about.

CrimsonKidA

@scottalanmiller Thanks, I have DNS lookup failures for 'salt' and master hostname 'salt' not found as a result.

scottalanmiller

@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:

@scottalanmiller Thanks, I have DNS lookup failures for 'salt' and master hostname 'salt' not found as a result.

Something is wrong with your minion file. That means that the minion is looking for a machine named salt rather than for localhost.

In /etc/hosts you can just name the local machine "salt" to resolve that, too.

scottalanmiller

"salt" is the default. so that's why that specific one shows up.

CrimsonKidA

@scottalanmiller Perfect, thanks. I just added '127.0.0.0 salt' to my /etc/hosts file and that got the DNS issue cleared up. But then the key was still not accepted. Got that sorted by running:
salt-key -A
from directory /etc/salt

CrimsonKidA

...just CD'd back to /srv/salt and your scripts are working now!!

CrimsonKidA

The script seemed run fine, but I still have no NextCloud installation. I thought it was just the firewall getting enabled in Fedora, but I turned it off and still nothing is there on 443 at the IP (other than Cockpit at 9090 of course).

scottalanmiller

@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:

The script seemed run fine, but I still have no NextCloud installation. I thought it was just the firewall getting enabled in Fedora, but I turned it off and still nothing is there on 443 at the IP (other than Cockpit at 9090 of course).

What was the feedback from the state.apply? Any errors should be there.

CrimsonKidA

@scottalanmiller Thanks, Scott. I ran the your final command again and it worked this time: Succeeded: 19 (changed=5)! The firewall seems to be too aggressive, so I just turned it off since this will be LAN-use only (at least for now).

scottalanmiller

@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:

@scottalanmiller Thanks, Scott. I ran the your final command again and it worked this time: Succeeded: 19 (changed=5)! The firewall seems to be too aggressive, so I just turned it off since this will be LAN-use only (at least for now).

Should be "just aggressive enough"... shutting off Cockpit and SSH.

scottalanmiller

One of the great things about a state machine system like this is that running it over and over again isn't a problem. You can run this on a live system safely.

CrimsonKidA

Thanks again, Scott! Just one last question: how do I get this to "stick" after a reboot? It seems to be reverting back to having nothing installed after I reboot the Fedora Svr VM...

scottalanmiller

@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:

Thanks again, Scott! Just one last question: how do I get this to "stick" after a reboot? It seems to be reverting back to having nothing installed after I reboot the Fedora Svr VM...

What? The packages VANISH? Or just the configuration?

CrimsonKidA

@scottalanmiller Well, it doesn't lose my NextCloud config (I changed the admin PW) but Apache2.4, Salt (master and minion) and NextCloud are just not auto starting up. I've set the salt services to auto-start up, so I'll see if that's all it needs...

scottalanmiller

@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:

@scottalanmiller Well, it doesn't lose my NextCloud config (I changed the admin PW) but Apache2.4, Salt (master and minion) and NextCloud are just not auto starting up. I've set the salt services to auto-start up, so I'll see if that's all it needs...

Ah okay, at one point I had that issue but I thought that I fixed it in the state file. They were set to start when it runs, but not to start on their own. Which is actually a legitimate way to use a system like this, but not how I intended this one. If you set it that way, then you want the state file to run on start up. That's not uncommon, to have the state file determine what to run when the system files up. But I didn't intend it here. In a pinch, though, you can just re-run it and it will take care of that for you.

CrimsonKidA

@scottalanmiller Thanks, I'll look at making a cron job for it to run at boot. I'm having to manually disable the firewall at each boot too, so that will need to be added. Salt master and minion are starting up on their own now, so that's good.

scottalanmiller

@CrimsonKidA said in Install NextCloud 11 on Fedora 25 with SaltStack:

@scottalanmiller Thanks, I'll look at making a cron job for it to run at boot. I'm having to manually disable the firewall at each boot too, so that will need to be added. Salt master and minion are starting up on their own now, so that's good.

Let's fix the issue. That will be better than that anyway.

scottalanmiller

Let's try this...

install_network_packages:
  pkg.installed:
    - pkgs:
      - wget
      - unzip
      - firewalld
      - net-tools
      - php 
      - mariadb 
      - mariadb-server 
      - mod_ssl
      - php-pecl-apcu
      - httpd 
      - php-xml 
      - php-gd 
      - php-pecl-zip
      - php-mbstring
      - redis
      - php-pecl-redis
      - php-process
      - php-pdo
      - certbot
      - php-mysqlnd
      - policycoreutils
      - policycoreutils-python
      - policycoreutils-python-utils
      - dnf-automatic
      - python2-certbot-apache
  archive:
    - extracted
    - name: /var/www/html/
    - source: https://download.nextcloud.com/server/releases/nextcloud-11.0.2.zip
    - source_hash: md5=720cb50f98a94f2888f2d07d5d4e91b4
    - archive_format: zip
    - if_missing: /var/www/html/nextcloud 

/swapfile:
  cmd.run:
    - name: |
        [ -f /swapfile ] || dd if=/dev/zero of=/swapfile bs=1M count={{ grains["mem_total"] * 2 }}
        chmod 0600 /swapfile
        mkswap /swapfile
        swapon -a
    - unless:
      - file /swapfile 2>&1 | grep -q "Linux/i386 swap"
  mount.swap:
    - persist: true

configure_swappiness:
  file.append:
    - name: /etc/sysctl.conf
    - text: vm.swappiness = 10

/var/www/html/:
  file.directory:
    - user: apache
    - group: apache
    - recurse:
      - user
      - group

/etc/httpd/conf.d/ssl.conf:
  file.managed:
    - source: 
      - salt://ssl.conf
    - user: root
    - group: root
    - mode: 644

/data:
  file.directory:
    - user: apache
    - group: apache

/var/run/redis:
  file.directory:
    - user: redis
    - group: redis

/etc/redis.conf:
  file.managed:
    - source:
      - salt://redis.conf
    - user: root
    - group: root
    - mode: 644

httpd:
  pkg.installed: []
  service.running:
    - enable: True
    - require:
      - pkg: httpd

mariadb:
  pkg.installed: []
  service.running:
    - enable: True
    - require:
      - pkg: mariadb

redis:
  pkg.installed: []
  service.running:
    - enable: True
    - require:
      - pkg: redis

FedoraServer:
  firewalld.present:
    - name: FedoraServer
    - block_icmp:
      - echo-reply
      - echo-request
    - default: False
    - masquerade: True
    - ports:
      - 443/tcp
      - 22/tcp
      - 9090/tcp

permissive:
  selinux.mode

install-foo:
  cmd.run:
    - name: |
        cd /var/www/html/nextcloud
        setenforce 0
        sudo -u apache php occ maintenance:install --database="mysql" --database-name "nextcloud" --database-user "root" --database-pass "" --admin-user "admin" --admin-pass "superdupercrazysecretepasswordthatnooneknows" --data-dir "/data"
        sed -i "/0 => 'localhost',/a \ \ \ \ 1 => '*'," config/config.php
        sed -i "/'installed' => true,/a \ \ 'memcache.local' => '\\\OC\\\Memcache\\\APCu',\n\ \ 'filelocking.enabled' => true,\n\ \ 'memcache.locking' => '\\\OC\\\Memcache\\\Redis',\n\ \ 'redis' => array(\n\ \ \ \ \ \ \ 'host' => '/var/run/redis/redis.sock',\n\ \ \ \ \ \ \ 'port' => 0,\n\ \ \ \ \ \ \ 'timeout' => 0.0,\n\ \ \ \ \ \ \ \ )," config/config.php
        semanage fcontext -a -t httpd_sys_rw_content_t '/data'
        restorecon '/data'
        semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/config(/.*)?'
        semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/apps(/.*)?'
        semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/assets(/.*)?'
        semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.htaccess'
        semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.user.ini'
        restorecon -Rv '/var/www/html/nextcloud/' > /dev/null
        systemctl restart httpd
        touch install_complete
    - cwd: /var/www/html/nextcloud
    - shell: /bin/bash
    - timeout: 300
    - creates: /var/www/html/nextcloud/install_complete

Try this. Hopefully it fixes both your firewall and service issues.