Getting started

Database setup

It is recommended that you install a database server. You can install one on the same host as ownCloud or choose a different host:

[debops_service_mariadb_server]
hostname

In case you chose a different host, you will need to specify which of your database servers the ownCloud instance should use by specifying the database server host as owncloud__database_server.

In memory caching

ownCloud recommends to setup Redis for caching. You can install a Redis server on the same host as ownCloud or choose a different host:

[debops_service_redis]
hostname

This role will use a Redis server automatically when it is managed by debops.redis.

In case you chose a different host, you will need to specify which of your Redis servers the ownCloud instance should use by setting the Redis server host as owncloud__redis_host and setting owncloud__redis_enabled to True. Additionally, you will need to set the owncloud__redis_password. Refer to debops.redis for details.

Choosing a Webserver

Supported webservers:

This role started out using Nginx as Webserver. However, ownCloud and NextCloud don’t officially support Nginx. As of debops.owncloud v0.4.0, support for the Apache HTTP Server has been added to the role using debops.apache as role dependency.

The current default Webserver is Nginx. Because despite the fact that only Apache is officially supported, Nginx has been successfully used with this role for some time now. If you have trouble with ownCloud then this would be a good time to try to run it with Apache.

The ownCloud System Requirements don’t use PHP-FPM in their default configuration. You can set the following in your inventory to not install FPM on the ownCloud host:

php__server_api_packages:
  - 'cli'

Switching Webservers

Assuming you where using one Webserver before on a host but want to switch then follow the steps in Choosing a Webserver and additionally add the host to the debops_service_${not_chosen_webserver} group of the opposite webserver you chose for ownCloud. Now add this:

${not_chosen_webserver}__deploy_state: 'absent'

to your inventory.

Note: Replace the ${not_chosen_webserver} placeholders.

Then run the site playbook or just the playbook of the unwanted webserver followed by the debops.owncloud playbook. This will render ${not_chosen_webserver} the unwanted webserver harmless and setup the chosen webserver.

Example inventory

To setup ownCloud on a given host it should be included in the [debops_service_owncloud] Ansible inventory group:

[debops_service_owncloud]
hostname

Note that the debops_service_owncloud group uses the default webserver, refer to Choosing a Webserver.

Ansible facts

The role gathers various Ansible facts about ownCloud for internal use or use by other roles or playbooks.

One of the sources for the facts is the /var/www/owncloud/config/config.php file which has 0640 as default permissions. The remote user who gathers the facts should be able to read this file. Note that facts gathering does not happen with elevated privileges by default. One way to achieve this is by making your configuration management user member of the www-data group by including the following in your inventory:

bootstrap__admin_groups: [ 'admins', 'staff', 'adm', 'sudo', 'www-data' ]

The following Ansible facts are available:

{
    "auto_security_updates_enabled": false,
    "datadirectory": "/var/www/owncloud/data",
    "enabled": true,
    "instanceid": "xxxxxxxxxxxx",
    "maintenance": false,
    "release": "9.0",
    "theme": "debops",
    "trusted_domains": [
        "cloud.example.org"
    ],
    "updatechecker": false,
    "variant": "owncloud",
    "version": "9.0.7.1",
    "webserver": "nginx"
}

Note that the role uses Ansible facts gathered from the config.php file internally and might not work as expected when those facts can not be gathered.

The following can happen when the configuration management user has no access to the config.php file:

  • Certain occ commands are not available in maintenance mode. The role normally filters those commands out if it detects that ownCloud is in maintenance mode. Maintenance mode is assumed to be off if it can not be detected. If it is on, role execution will stop when one of those occ commands is encountered.

and only the following facts will be available in this case:

{
    "auto_security_updates_enabled": true,
    "enabled": true,
    "variant": "owncloud",
    "webserver": "nginx"
}

Example playbook

The following playbooks are used in DebOps. If you are using these role without DebOps you might need to adapt them to make them work in your setup.

Ansible playbook that uses the debops.owncloud role together with debops.nginx:

---

- name: Install and manage ownCloud instances with Nginx as webserver
  hosts: [ 'debops_service_owncloud', 'debops_service_owncloud_nginx' ]
  become: True

  environment: '{{ inventory__environment | d({})
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'

  roles:

    - role: debops.php/env
      tags: [ 'role::php', 'role::php:env','role::apt_preferences', 'role::logrotate' ]

    - role: debops.owncloud/env
      tags: [ 'role::owncloud', 'role::owncloud:env', 'role::nginx' ]

    - role: debops.apt_preferences
      tags: [ 'role::apt_preferences' ]
      apt_preferences__dependent_list:
        - '{{ nginx__apt_preferences__dependent_list }}'
        - '{{ owncloud__apt_preferences__dependent_list }}'
        - '{{ php__apt_preferences__dependent_list }}'

    - role: debops.ferm
      tags: [ 'role::ferm' ]
      ferm__dependent_rules:
        - '{{ nginx__ferm__dependent_rules }}'

    - role: debops.mariadb
      tags: [ 'role::mariadb' ]
      mariadb__dependent_users:
        - database: '{{ owncloud__database_map[owncloud__database].dbname }}'
          user: '{{ owncloud__database_map[owncloud__database].dbuser }}'
          password: '{{ owncloud__database_map[owncloud__database].dbpass }}'
      when: (owncloud__database == 'mariadb')

    - role: debops.postgresql
      postgresql__dependent_roles:
        - name: '{{ owncloud__database_name }}' # Separate role is needed when owncloud__database_name != owncloud__database_user
        - name: '{{ owncloud__database_user }}' # Password is not passed directly - it will be read for the file
      postgresql__dependent_groups:
        - roles: [ '{{ owncloud__database_user }}' ]
          groups: [ '{{ owncloud__database_name }}' ]
          database: '{{ owncloud__database_name }}'
          enabled: '{{ owncloud__database_name != owncloud__database_user }}'
      postgresql__dependent_databases:
        - name: '{{ owncloud__database_name }}'
          owner: '{{ owncloud__database_user }}'
      when: (owncloud__database == 'postgresql')
      tags: [ 'role::postgresql' ]

    - role: debops.unattended_upgrades
      tags: [ 'role::unattended_upgrades' ]
      unattended_upgrades__dependent_origins: '{{ owncloud__unattended_upgrades__dependent_origins }}'

    - role: debops.php
      tags: [ 'role::php' ]
      php__dependent_packages:
        - '{{ owncloud__php__dependent_packages }}'
      php__dependent_configuration:
        - '{{ owncloud__php__dependent_configuration }}'
      php__dependent_pools:
        - '{{ owncloud__php__dependent_pools }}'

    - role: debops.logrotate
      tags: [ 'role::logrotate' ]
      logrotate__dependent_config:
        - '{{ php__logrotate__dependent_config }}'

    - role: debops.nginx
      tags: [ 'role::nginx' ]
      nginx__dependent_servers:
        - '{{ owncloud__nginx__dependent_servers }}'
      nginx__dependent_upstreams:
        - '{{ owncloud__nginx__dependent_upstreams }}'

    - role: debops.owncloud
      tags: [ 'role::owncloud' ]

Ansible playbook that uses the debops.owncloud role together with debops.apache:

---

- name: Install and manage ownCloud instances with Apache as webserver
  hosts: [ 'debops_service_owncloud_apache' ]
  become: True

  environment: '{{ inventory__environment | d({})
                   | combine(inventory__group_environment | d({}))
                   | combine(inventory__host_environment  | d({})) }}'

  roles:

    - role: debops.apache/env
      tags: [ 'role::apache', 'role::apache:env' ]

    - role: debops.php/env
      tags: [ 'role::php', 'role::php:env','role::apt_preferences', 'role::logrotate' ]

    - role: debops.owncloud/env
      tags: [ 'role::owncloud', 'role::owncloud:env' ]

    - role: debops.apt_preferences
      tags: [ 'role::apt_preferences' ]
      apt_preferences__dependent_list:
        - '{{ owncloud__apt_preferences__dependent_list }}'
        - '{{ php__apt_preferences__dependent_list }}'

    - role: debops.ferm
      tags: [ 'role::ferm' ]
      ferm__dependent_rules:
        - '{{ apache__ferm__dependent_rules }}'

    - role: debops.mariadb
      tags: [ 'role::mariadb' ]
      mariadb__dependent_users:
        - database: '{{ owncloud__database_map[owncloud__database].dbname }}'
          user: '{{ owncloud__database_map[owncloud__database].dbuser }}'
          password: '{{ owncloud__database_map[owncloud__database].dbpass }}'
      when: (owncloud__database == 'mariadb')

    - role: debops.postgresql
      postgresql__dependent_roles:
        - name: '{{ owncloud__database_name }}' # Separate role is needed when owncloud__database_name != owncloud__database_user
        - name: '{{ owncloud__database_user }}' # Password is not passed directly - it will be read for the file
      postgresql__dependent_groups:
        - roles: [ '{{ owncloud__database_user }}' ]
          groups: [ '{{ owncloud__database_name }}' ]
          database: '{{ owncloud__database_name }}'
          enabled: '{{ owncloud__database_name != owncloud__database_user }}'
      postgresql__dependent_databases:
        - name: '{{ owncloud__database_name }}'
          owner: '{{ owncloud__database_user }}'
      when: (owncloud__database == 'postgresql')
      tags: [ 'role::postgresql' ]

    - role: debops.unattended_upgrades
      tags: [ 'role::unattended_upgrades' ]
      unattended_upgrades__dependent_origins: '{{ owncloud__unattended_upgrades__dependent_origins }}'

    - role: debops.php
      tags: [ 'role::php' ]
      php__dependent_packages:
        - '{{ owncloud__php__dependent_packages }}'
      php__dependent_configuration:
        - '{{ owncloud__php__dependent_configuration }}'
      php__dependent_pools:
        - '{{ owncloud__php__dependent_pools }}'

    - role: debops.logrotate
      tags: [ 'role::logrotate' ]
      logrotate__dependent_config:
        - '{{ php__logrotate__dependent_config }}'

    - role: debops.apache
      tags: [ 'role::apache' ]
      apache__dependent_snippets: '{{ owncloud__apache__dependent_snippets }}'
      apache__dependent_vhosts:
        - '{{ owncloud__apache__dependent_vhosts }}'

    - role: debops.owncloud
      tags: [ 'role::owncloud' ]

These playbooks are shipped with DebOps and are also contained in this role under docs/playbooks/.

Ansible tags

You can use Ansible --tags or --skip-tags parameters to limit what tasks are performed during Ansible run. This can be used after a host was first configured to speed up playbook execution, when you are sure that most of the configuration is already in the desired state.

Available role tags:

role::owncloud
Main role tag, should be used in the playbook to execute all of the role tasks as well as role dependencies.
role::owncloud:pkg
Tasks related to system package management like installing, upgrading or removing packages.
role::owncloud:config
Run tasks related to ownCloud configuration and setup.
role::owncloud:mail
Run tasks related to the deployment of the mail configuration.
role::owncloud:occ
Run tasks related to the occ command.
role::owncloud:occ_config
Run tasks related to occ config: commands generated from owncloud__apps_config variables.
role::owncloud:auto_upgrade
Run tasks related preparing ownCloud auto upgrade.
role::owncloud:ldap
Run tasks related to the LDAP configuration.
role::owncloud:theme
Run tasks related to the configuring the ownCloud theme.
role::owncloud:copy
Run tasks related to copying and deletion of files in user profiles.