Ansible roles
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

535 lines
16 KiB

---
- name: Set default install mode
set_fact: seafile_install_mode='none'
tags: seafile
# Makes sur we do not have a trailing / on the public url
- set_fact: seafile_public_url={{ seafile_public_url | regex_replace('/$','') }}
tags: seafile
- name: Check if seafile is installed
stat: path={{ seafile_root_dir }}/meta/ansible_version
register: seafile_version_file
tags: seafile
- name: Check installed version
command: cat {{ seafile_root_dir }}/meta/ansible_version
register: seafile_current_version
when: seafile_version_file.stat.exists
changed_when: False
tags: seafile
- name: Set install mode to install
set_fact: seafile_install_mode='install'
when: not seafile_version_file.stat.exists
tags: seafile
- name: Set install mode to upgrade
set_fact: seafile_install_mode='upgrade'
when:
- seafile_version_file.stat.exists
- seafile_current_version is defined
- seafile_current_version.stdout != seafile_version
tags: seafile
# Needed to have consistent behaviour with the various components
# which do not all support unix socket
- name: Set DB server to 127.0.0.1
set_fact: seafile_db_server="127.0.0.1"
when: seafile_db_server == 'localhost'
tags: seafile
- name: Install RPM dependencies
yum:
name:
- python-imaging
- MySQL-python
- python-memcached
- python-ldap
- python-urllib3
- python-virtualenv
- ffmpeg
- ffmpeg-devel
- libmemcached-devel
- mysql-devel
- zlib-devel
- gcc
- tar
- mariadb
- fuse
- java-1.8.0-openjdk # For seafile-pro
- poppler-utils # For seafile-pro
- unoconv # For seafile-pro
tags: seafile
- name: Install or update python modules in the virtualenv
pip:
state: latest
virtualenv: "{{ seafile_root_dir }}"
virtualenv_python: python2.7
name:
- pip
- virtualenv
- pillow
#- moviepy
- pylibmc
- django-pylibmc
- requests_oauthlib
- MySQL-python
notify:
- restart seafile
- restart seahub
tags: seafile
- name: Create user account
user: name={{ seafile_user }} comment="Seafile user account" system=yes shell=/sbin/nologin
tags: seafile
- name: Create base directories
file: path={{ item.dir }} state=directory owner={{ item.owner | default(seafile_user) }} group={{ item.group | default(seafile_group) }} mode={{ item.mode | default('0700') }}
with_items:
- dir: "{{ seafile_root_dir }}/tmp"
owner: root
group: root
- dir: "{{ seafile_root_dir }}/meta"
owner: root
group: root
- dir: "{{ seafile_root_dir }}/archives"
owner: root
group: root
tags: seafile
- name: Install Seafile pro license
copy: content={{ seafile_license }} dest={{ seafile_root_dir }}/seafile-license.txt
when: seafile_license is defined
tags: seafile
- name: Create archive directory
file: path={{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }} state=directory
when: seafile_install_mode == 'upgrade'
tags: seafile
- name: Stop the service during upgrade
service: name={{ item }} state=stopped
with_items:
- seafile
- seahub
when: seafile_install_mode == 'upgrade'
tags: seafile
- name: Backup the databases
mysql_db:
state: dump
name: "{{ item }}"
target: "{{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }}/{{ item }}.sql"
login_host: "{{ seafile_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
quick: True
single_transaction: True
with_items:
- "{{ seafile_db_seafile }}"
- "{{ seafile_db_ccnet }}"
- "{{ seafile_db_seahub }}"
when: seafile_install_mode == 'upgrade'
tags: seafile
- name: Archive seafile server
synchronize:
src: "{{ seafile_root_dir }}/seafile-server"
dest: "{{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }}/"
recursive: True
delete: True
delegate_to: "{{ inventory_hostname }}"
when: seafile_install_mode == 'upgrade'
tags: seafile
- name: Download seafile archive
get_url:
url: "{{ seafile_archive_url }}"
dest: "{{ seafile_root_dir }}/tmp/seafile-server_{{ seafile_version }}_x86-64.tar.gz"
checksum: "sha1:{{ seafile_archive_sha1 }}"
when:
- seafile_install_mode != 'none'
- seafile_license is not defined
tags: seafile
- name: Copy Seafile pro archive
copy: src=seafile-pro-server_{{ seafile_version }}_x86-64.tar.gz dest={{ seafile_root_dir }}/tmp/
when:
- seafile_install_mode != 'none'
- seafile_license is defined
tags: seafile
- name: Extract seafile archive
unarchive:
src: "{{ seafile_root_dir }}/tmp/seafile-{{ seafile_license is defined | ternary('pro-','') }}server_{{ seafile_version }}_x86-64.tar.gz"
dest: "{{ seafile_root_dir }}/tmp"
remote_src: yes
when: seafile_install_mode != 'none'
tags: seafile
- name: Create directories
file: path={{ item.dir }} state=directory owner={{ item.owner | default(seafile_user) }} group={{ item.group | default(seafile_group) }} mode={{ item.mode | default('0770') }}
with_items:
- dir: "{{ seafile_root_dir }}"
mode: 755
- dir: "{{ seafile_root_dir }}/fuse"
- dir: "{{ seafile_root_dir }}/seafile-server"
mode: 755
- dir: "{{ seafile_root_dir }}/conf"
- dir: "{{ seafile_root_dir }}/ccnet"
- dir: "{{ seafile_root_dir }}/logs"
- dir: "{{ seafile_root_dir }}/pids"
- dir: "{{ seafile_data_dir }}"
- dir: "{{ seafile_data_dir }}/thumbnails"
- dir: "{{ seafile_data_dir }}/seahub"
mode: 755
- dir: "{{ seafile_data_dir }}/seahub/custom"
mode: 755
- dir: "{{ seafile_data_dir }}/seahub/cache"
mode: 755
- dir: "{{ seafile_data_dir }}/seahub/avatars"
mode: 755
- dir: "{{ seafile_data_dir }}/pro"
- dir: "{{ seafile_data_dir }}/db_dumps"
owner: root
group: root
ignore_errors: True # So we can run when the fuse mount point is active
tags: seafile
- name: Move seafile to the correct location
synchronize:
src: "{{ seafile_root_dir }}/tmp/seafile-{{ seafile_license is defined | ternary('pro-','') }}server-{{ seafile_version }}/"
dest: "{{ seafile_root_dir }}/seafile-server/"
recursive: True
delete: True
delegate_to: "{{ inventory_hostname }}"
when: seafile_install_mode != 'none'
tags: seafile
- name: Check if avatar is a dir or a link
stat: path={{ seafile_root_dir }}/seafile-server/seahub/media/avatars
register: seafile_avatar
tags: seafile
- name: Remove default avatar directory
file: path={{ seafile_root_dir }}/seafile-server/seahub/media/avatars state=absent
when: seafile_avatar.stat.isdir is defined and seafile_avatar.stat.isdir
tags: seafile
- name: Create seahub symlinks
file: src={{ seafile_data_dir }}/seahub/{{ item.src }} dest={{ seafile_root_dir }}/seafile-server/seahub/media/{{ item.dest }} state=link force=True
with_items:
- src: custom
dest: custom
- src: cache
dest: CACHE
- src: avatars
dest: avatars
tags: seafile
- name: Create pro-data link
file: src={{ seafile_data_dir }}/pro dest={{ seafile_root_dir }}/pro-data state=link force=True
when: seafile_license is defined
tags: seafile
- name: Set permissions on seahub runtime directory
file: path={{ seafile_root_dir }}/seafile-server/runtime state=directory owner={{ seafile_user }} mode=700
tags: seafile
- name: Create library-template
file: path={{ seafile_data_dir }}/library-template state=directory
when: seafile_install_mode == 'install'
tags: seafile
# Needed since CentOS 7.5 so ldaps can be used
- name: Remove bundled libs
file: path={{ seafile_root_dir }}/seafile-server/seafile/lib/{{ item }} state=absent
with_items:
- libnssutil3.so
notify: restart seafile
tags: seafile
- name: Copy documentation
copy: src={{ seafile_root_dir }}/tmp/seafile-server-{{ seafile_version }}/seafile/docs/seafile-tutorial.doc dest={{ seafile_data_dir }}/library-template remote_src=yes
when: seafile_install_mode == 'install'
tags: seafile
- name: Generate a secret for seahub
shell: python2.7 {{ seafile_root_dir }}/seafile-server/seahub/tools/secret_key_generator.py > {{ seafile_root_dir }}/meta/ansible_hub_secret
args:
creates: "{{ seafile_root_dir }}/meta/ansible_hub_secret"
when: seafile_seahub_secret is not defined
tags: seafile
- name: Read seahub secret
command: cat {{ seafile_root_dir }}/meta/ansible_hub_secret
register: seafile_seahub_rand_secret
when: seafile_seahub_secret is not defined
changed_when: False
tags: seafile
- name: Set seahub secret key
set_fact: seafile_seahub_secret={{ seafile_seahub_rand_secret.stdout }}
when: seafile_seahub_secret is not defined
tags: seafile
- name: Generate a ID for seahub
shell: date | sha1sum | awk '{ print $1 }' > {{ seafile_root_dir }}/meta/ansible_ccnet_id
args:
creates: "{{ seafile_root_dir }}/meta/ansible_ccnet_id"
when: seafile_ccnet_id is not defined
tags: seafile
- name: Read seahub ID
command: cat {{ seafile_root_dir }}/meta/ansible_ccnet_id
register: seafile_seahub_rand_id
when: seafile_ccnet_id is not defined
changed_when: False
tags: seafile
- name: Set seahub ID
set_fact: seafile_ccnet_id={{ seafile_seahub_rand_id.stdout }}
when: seafile_ccnet_id is not defined
tags: seafile
- name: Generate a random pass for the database
shell: openssl rand -base64 45 > {{ seafile_root_dir }}/meta/ansible_dbpass
args:
creates: "{{ seafile_root_dir }}/meta/ansible_dbpass"
when: seafile_db_pass is not defined
tags: seafile
- name: Read database password
command: cat {{ seafile_root_dir }}/meta/ansible_dbpass
register: seafile_rand_pass
when: seafile_db_pass is not defined
changed_when: False
tags: seafile
- name: Set database pass
set_fact: seafile_db_pass={{ seafile_rand_pass.stdout }}
when: seafile_db_pass is not defined
tags: seafile
- name: Create the databases
mysql_db:
name: "{{ item }}"
login_host: "{{ seafile_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
state: present
with_items:
- "{{ seafile_db_seafile }}"
- "{{ seafile_db_ccnet }}"
- "{{ seafile_db_seahub }}"
tags: seafile
- name: Create database user
mysql_user:
name: "{{ seafile_db_user }}"
password: "{{ seafile_db_pass }}"
priv: "{{ seafile_db_seafile }}.*:ALL/{{ seafile_db_ccnet }}.*:ALL/{{ seafile_db_seahub }}.*:ALL"
host: "{{ item }}"
login_host: "{{ seafile_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
state: present
with_items: "{{ (seafile_db_server == '127.0.0.1') | ternary(['127.0.0.1','localhost'],ansible_all_ipv4_addresses) }}"
tags: seafile
- name: Load seahub schema
mysql_db:
state: import
target: "{{ seafile_root_dir }}/seafile-server/seahub/sql/mysql.sql"
name: "{{ seafile_db_seahub }}"
login_host: "{{ seafile_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
when: seafile_install_mode == 'install'
tags: seafile
- name: Generate an RSA private key
command: openssl genrsa -out {{ seafile_root_dir }}/ccnet/mykey.peer 2048
args:
creates: "{{ seafile_root_dir }}/ccnet/mykey.peer"
tags: seafile
- name: Deploy seafile configuration
template: src={{ item }}.j2 dest={{ seafile_root_dir }}/conf/{{ item }} group={{ seafile_group }} mode=640
with_items:
- ccnet.conf
- seafdav.conf
- seafile.conf
- seahub_settings.py
- gunicorn.conf
notify:
- restart seafile
- restart seahub
tags: seafile
- name: Deploy seafile pro configuration
template: src={{ item }}.j2 dest={{ seafile_root_dir }}/conf/{{ item }} group={{ seafile_group }} mode=640
with_items:
- seafevents.conf
when: seafile_license is defined
notify:
- restart seafile
- restart seahub
tags: seafile
- name: Deploy ccnet ini file
copy:
content: |
{{ seafile_data_dir }}
dest: "{{ seafile_root_dir }}/ccnet/seafile.ini"
notify:
- restart seafile
- restart seahub
tags: seafile
- name: Deploy initial admin info
template: src=admin.txt.j2 dest={{ seafile_root_dir }}/conf/admin.txt group={{ seafile_group }} mode=640
when: seafile_install_mode == 'install'
tags: seafile
- name: Set seafile ports
set_fact:
seafile_ports: "[ {{ seafile_seafile_port }}, {{ seafile_seahub_port }} ]"
tags: seafile
- name: Add webdav port
set_fact:
seafile_ports: "{{ seafile_ports }} + [ {{ seafile_webdav_port }} ]"
when: seafile_webdav == True
tags: seafile
- name: Handle seafile ports
iptables_raw:
name: seafile_ports
state: "{{ (seafile_src_ip | length > 0) | ternary('present','absent') }}"
rules: "-A INPUT -m state --state NEW -p tcp -m multiport --dports {{ seafile_ports | join(',') }} -s {{ seafile_src_ip | join(',') }} -j ACCEPT"
when: iptables_manage | default(True)
tags: seafile
- name: Compress previous version
command: tar cJf {{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }}.txz ./
environment:
XZ_OPT: -T0
args:
chdir: "{{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }}"
warn: False
when: seafile_install_mode == 'upgrade'
tags: seafile
- name: Remove archive directory
file: path={{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }} state=absent
when: seafile_install_mode == 'upgrade'
tags: seafile
- name: Remove tmp files
file: path={{ item }} state=absent
with_items:
- "{{ seafile_root_dir }}/tmp/seafile-server_{{ seafile_version }}_x86-64.tar.gz"
- "{{ seafile_root_dir }}/tmp/seafile-server-{{ seafile_version }}"
- "{{ seafile_root_dir }}/tmp/seafile-pro-server_{{ seafile_version }}_x86-64.tar.gz"
- "{{ seafile_root_dir }}/tmp/seafile-pro-server-{{ seafile_version }}"
- "/etc/cron.d/seafil_gc"
tags: seafile
- name: Write version
copy: content={{ seafile_version }} dest={{ seafile_root_dir }}/meta/ansible_version
when: seafile_install_mode != 'none'
tags: seafile
- name: Deploy systemd services
template: src={{ item }}.service.j2 dest=/etc/systemd/system/{{ item }}.service
with_items:
- seafile
- seahub
notify:
- restart seafile
- restart seahub
register: seafile_systemd_unit
tags: seafile
- name: Reload systemd
command: systemctl daemon-reload
when: seafile_systemd_unit.changed
tags: seafile
- name: Start and enable the services
service: name={{ item }} state=started enabled=yes
with_items:
- seafile
- seahub
when: seafile_install_mode != 'upgrade' # We need to run upgrade script manually
tags: seafile
- name: Deploy script to run garbage collector
template: src=gc.sh.j2 dest={{ seafile_root_dir }}/seafile-server/gc.sh mode=0755
tags: seafile
- name: Add a cron job for garbage collector
cron:
name: seafile_gc
special_time: weekly
user: root
job: '{{ seafile_root_dir }}/seafile-server/gc.sh'
cron_file: seafile_gc
state: present
tags: seafile
- name: Deploy a clamdscan wrapper script
copy:
content: |
#!/bin/bash -e
/bin/clamdscan -c /etc/clamd.conf $@
dest: "{{ seafile_root_dir }}/seafile-server/clamdscan.sh"
mode: 0755
tags: seafile
- name: Install backup script
template: src={{ item.script }}.j2 dest=/etc/backup/{{ item.type }}.d/{{ item.script }} mode=700
with_items:
- script: seafile_dump_db.sh
type: pre
- script: seafile_mount_fuse.sh
type: pre
- script: seafile_rm_dumps.sh
type: post
- script: seafile_umount_fuse.sh
type: post
tags: seafile
- name: Check if there are custom office templates
local_action: stat path=config/{{ inventory_hostname }}/seafile/office-template/empty.{{ item }}
register: seafile_custom_office_template
vars:
ansible_become: False
loop:
- docx
- pptx
- xlsx
tags: seafile
- name: Override office templates
copy: src={{ item.stat.exists | ternary('config/' + inventory_hostname + '/seafile/office-template/empty.','office-template/empty.' ) }}{{ item.item }} dest={{ seafile_root_dir }}/seafile-server/seahub/media/office-template/
loop: "{{ seafile_custom_office_template.results }}"
tags: seafile
- name: Deploy permission script
template: src=perms.sh.j2 dest={{ seafile_root_dir }}/perms.sh mode=755
register: seafile_perms
tags: seafile
- name: Set optimal permissions
command: "{{ seafile_root_dir }}/perms.sh"
changed_when: False
when: seafile_perms.changed or seafile_install_mode == 'upgrade'
tags: seafile
- include: filebeat.yml