diff --git a/host_vars/owncloud.adm.crans.org.yml b/host_vars/owncloud.adm.crans.org.yml
new file mode 100644
index 0000000000000000000000000000000000000000..85395a8d129d9107effba843da8356737b2964ef
--- /dev/null
+++ b/host_vars/owncloud.adm.crans.org.yml
@@ -0,0 +1,6 @@
+---
+loc_ldap:
+ base_dn: "cn=admin,dc=crans,dc=org"
+ password: "{{ vault_ldap_master_password }}"
+ uri: "ldap://172.16.10.157"
+
diff --git a/hosts b/hosts
index ea5b0fb1531fe0d7f2ecb1555efe2c9ec1a69897..b6c5952fd25b23b32abc964ef06eeffd90b93dc7 100644
--- a/hosts
+++ b/hosts
@@ -115,6 +115,7 @@ kenobi.adm.crans.org
roundcube.adm.crans.org
horde.adm.crans.org
bigbluebutton.adm.crans.org
+owncloud.adm.crans.org
[ovh_physical]
sputnik.adm.crans.org
diff --git a/plays/owncloud.yml b/plays/owncloud.yml
index 3280165ff30afbde5ad27ec29804469008f1a6b0..1be65a36c7fc81b8b086cca56a277ebafd33b84b 100755
--- a/plays/owncloud.yml
+++ b/plays/owncloud.yml
@@ -1,7 +1,10 @@
#!/usr/bin/env ansible-playbook
---
# Deploy OwnCloud
-- hosts: owncloud-srv.adm.crans.org
+- hosts: owncloud.adm.crans.org
+ vars:
+ ldap: '{{ glob_ldap | default({}) | combine(loc_ldap | default({})) }}'
+
roles:
- owncloud
- owncloud-autofs
diff --git a/roles/owncloud-autofs/tasks/main.yml b/roles/owncloud-autofs/tasks/main.yml
index 83db9c3f5432f2e71b2c33b2774130a046565dda..e8acd1aa2c6ef5302ddec5d7e762037b5023a8a6 100644
--- a/roles/owncloud-autofs/tasks/main.yml
+++ b/roles/owncloud-autofs/tasks/main.yml
@@ -25,8 +25,8 @@
dest: "/etc/auto.master.d/{{ item.0 }}"
mode: "{{ item.1 }}"
loop:
- - ["home-owncloud.autofs", "0644"]
- - ["home-owncloud.sh", "0755"]
+ - ["home-owncloud.autofs", "0600"]
+ - ["home-owncloud.sh", "0700"]
notify: Restart autofs service
- name: Create /home-owncloud/ directory
diff --git a/roles/owncloud-autofs/templates/auto.master.d/home-owncloud.sh.j2 b/roles/owncloud-autofs/templates/auto.master.d/home-owncloud.sh.j2
index 3f764cc8e5e7cdbb71815fa745f02aae81ed5b17..80586c40ebe147817a7b569e9d96a39b283890b0 100755
--- a/roles/owncloud-autofs/templates/auto.master.d/home-owncloud.sh.j2
+++ b/roles/owncloud-autofs/templates/auto.master.d/home-owncloud.sh.j2
@@ -5,31 +5,34 @@
# ceci est un fix
USER=$(echo $1 | sed "s/_[1-9]*$//")
+
+UHOME=/home_adh/$USER
+
+USERID=$(ldapsearch -LLL -b "{{ ldap.base }}" -H {{ ldap.uri }} -D "{{ ldap.base_dn }}" -w {{ ldap.password }} "uid=$USER" uidNumber | grep uidNumber | awk '{print $2}')
+UGROUP=$(ldapsearch -LLL -b "{{ ldap.base }}" -H {{ ldap.uri }} -D "{{ ldap.base_dn }}" -w {{ ldap.password }} "uid=$USER" gidNumber | grep gidNumber | awk '{print $2}')
+
# On quitte si l'utilisateur $USER n'existe pas
-if ! /usr/bin/id -- "$USER" &>/dev/null; then
+if [ -z "$USERID" ]; then
logger -p local0.error -t autofs "user $USER n'existe pas"
exit 1
fi
-UHOME=$(eval echo ~$USER)
-UGROUP=$(/usr/bin/id -gn $USER)
-
# Rafraîchi les stats du dossier
/bin/ls ${UHOME}/OwnCloud/ &>/dev/null || /bin/ls ${UHOME} &>/dev/null
# Création du dossier OwnCloud s'il n'existe pas ou n'appartient pas a l'utilisateur
if [ ! -d "${UHOME}/OwnCloud" ] || ! (
- /usr/bin/find ${UHOME}/OwnCloud/ -maxdepth 0 -user $USER -group ${UGROUP} |
+ /usr/bin/find ${UHOME}/OwnCloud/ -maxdepth 0 -user $USERID -group ${UGROUP} |
/bin/grep -q ${UHOME}/OwnCloud/
); then
if [ ! -d "${UHOME}/OwnCloud" ]; then
mkdir ${UHOME}/OwnCloud
fi
chmod 700 ${UHOME}/OwnCloud &&
- chown $USER:${UGROUP} ${UHOME}/OwnCloud
+ chown $USERID:${UGROUP} ${UHOME}/OwnCloud
if [ ! -d "${UHOME}/OwnCloud" ] || ! (
- /usr/bin/find ${UHOME}/OwnCloud/ -maxdepth 0 -user $USER -group ${UGROUP} |
+ /usr/bin/find ${UHOME}/OwnCloud/ -maxdepth 0 -user $USERID -group ${UGROUP} |
/bin/grep -q ${UHOME}/OwnCloud/
); then
logger -p local0.error -t autofs "impossible de créer le dossier ${UHOME}/OwnCloud"
@@ -41,4 +44,4 @@ fi
chmod 750 /home-owncloud &&
chown www-data:root /home-owncloud &&
-echo "-fstype=fuse.bindfs,map=$USER/www-data:@$UGROUP/@www-data,resolve-symlinks :${UHOME}/OwnCloud"
+echo "-fstype=fuse.bindfs,map=$USERID/www-data:@$UGROUP/@www-data,resolve-symlinks :${UHOME}/OwnCloud"
diff --git a/roles/owncloud/tasks/main.yml b/roles/owncloud/tasks/main.yml
index 6baa9b20746698e1a253bd5955028affb0d155f1..72e735bb678f6326ffecd4c11b547350a9ff1d1a 100644
--- a/roles/owncloud/tasks/main.yml
+++ b/roles/owncloud/tasks/main.yml
@@ -1,4 +1,14 @@
---
+
+- name: Install gpg
+ apt:
+ update_cache: true
+ name:
+ - gpg
+ register: apt_result
+ retries: 3
+ until: apt_result is succeeded
+
# Add the key
- name: Configure the apt key
apt_key: