diff --git a/roles/seafile/defaults/main.yml b/roles/seafile/defaults/main.yml index e5e9b95..940f2d4 100644 --- a/roles/seafile/defaults/main.yml +++ b/roles/seafile/defaults/main.yml @@ -11,11 +11,11 @@ # MaxUsers = "9" # Mode = "subscription" # etc... -seafile_version: "{{ seafile_license is defined | ternary('8.0.14','8.0.7') }}" +seafile_version: "{{ seafile_license is defined | ternary('8.0.14','9.0.1') }}" # Archive URL and sha1 are only used for the community version seafile_archive_url: https://s3.eu-central-1.amazonaws.com/download.seadrive.org/seafile-server_{{ seafile_version }}_x86-64.tar.gz -seafile_archive_sha1: 8f8915072750544d3f783bac62fb67d1082567d3 +seafile_archive_sha1: 6f55aa1d465e94a7ada1dff7e1923e020ddb5a6c seafile_root_dir: /opt/seafile seafile_data_dir: "{{ seafile_root_dir }}/data" @@ -44,9 +44,6 @@ seafile_seafile_port: 8082 # Seahub port seafile_seahub_port: 8000 -# Should seahub run as a FastCGI server -seafile_seahub_fastcgi: False - # If you want webdav to be enabled seafile_webdav: True seafile_webdav_port: 8080 diff --git a/roles/seafile/tasks/archive_pre.yml b/roles/seafile/tasks/archive_pre.yml index 2bb4fef..e108215 100644 --- a/roles/seafile/tasks/archive_pre.yml +++ b/roles/seafile/tasks/archive_pre.yml @@ -4,11 +4,13 @@ file: path={{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }} state=directory tags: seafile -- name: Stop the service during upgrade - service: name={{ item }} state=stopped - with_items: - - seafile - - seahub +- name: Stop services during upgrade + systemd: name={{ item }} state=stopped + loop: + - seafile.service + - seahub.service + - seafile-clean-db.timer + - seafile-gc.timer tags: seafile - name: Backup the databases @@ -33,6 +35,7 @@ dest: "{{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }}/" recursive: True delete: True + compress: False delegate_to: "{{ inventory_hostname }}" tags: seafile diff --git a/roles/seafile/tasks/cleanup.yml b/roles/seafile/tasks/cleanup.yml index 669d075..3c4555f 100644 --- a/roles/seafile/tasks/cleanup.yml +++ b/roles/seafile/tasks/cleanup.yml @@ -2,12 +2,11 @@ - name: Remove tmp and obsolete files file: path={{ item }} state=absent - with_items: + loop: - "{{ seafile_root_dir }}/tmp/seafile-server_{{ seafile_version }}_x86-64.tar.gz" - "{{ seafile_root_dir }}/tmp/seafile-server-{{ seafile_version }}" - "{{ seafile_root_dir }}/tmp/seafile-pro-server_{{ seafile_version }}_x86-64_CentOS.tar.gz" - "{{ seafile_root_dir }}/tmp/seafile-pro-server-{{ seafile_version }}" - - /etc/cron.d/seafil_gc - "{{ seafile_data_dir }}/db_dumps" - "{{ seafile_data_dir }}/backup" # All these are obsoletes backup hooks @@ -15,4 +14,8 @@ - /etc/backup/pre.d/seafile_mount_fuse.sh - /etc/backup/post.d/seafile_rm_dumps.sh - /etc/backup/post.d/seafile_umount_fuse.sh + # Old cron job, replaced with systemd timers + - /etc/cron.d/seafile_gc + # This one has a typo in even older versions of the role + - /etc/cron.d/seafil_gc tags: seafile diff --git a/roles/seafile/tasks/install.yml b/roles/seafile/tasks/install.yml index 32fde41..f8b8a8b 100644 --- a/roles/seafile/tasks/install.yml +++ b/roles/seafile/tasks/install.yml @@ -214,10 +214,14 @@ tags: seafile - name: Deploy systemd services - template: src={{ item }}.service.j2 dest=/etc/systemd/system/{{ item }}.service + template: src={{ item }}.j2 dest=/etc/systemd/system/{{ item }} with_items: - - seafile - - seahub + - seafile.service + - seahub.service + - seafile-clean-db.service + - seafile-clean-db.timer + - seafile-gc.service + - seafile-gc.timer notify: - restart seafile - restart seahub @@ -273,19 +277,10 @@ mode: 0755 tags: seafile -- name: Deploy script to run garbage collector - template: src=gc.sh.j2 dest={{ seafile_root_dir }}/seafile-server/gc.sh mode=0755 - tags: seafile - -- name: Add a cron job for garbage collector - cron: - name: seafile_gc - minute: 10 - hour: 02 - weekday: 0 - user: root - job: '{{ seafile_root_dir }}/seafile-server/gc.sh' - cron_file: seafile_gc - state: present +- name: Deploy maintenance scripts + template: src={{ item }}.sh.j2 dest={{ seafile_root_dir }}/bin/{{ item }}.sh mode=0700 + loop: + - gc + - clean_db tags: seafile diff --git a/roles/seafile/tasks/services.yml b/roles/seafile/tasks/services.yml index a995e38..764b6fc 100644 --- a/roles/seafile/tasks/services.yml +++ b/roles/seafile/tasks/services.yml @@ -1,10 +1,17 @@ --- -- name: Start and enable the services - service: name={{ item }} state=started enabled=yes - with_items: +- name: Start and enable services + service: name={{ item }} state=started enabled=True + loop: - seafile - seahub when: seafile_install_mode != 'upgrade' # We need to run upgrade script manually tags: seafile +- name: Start and enable timers + systemd: name={{ item }}.timer state=started enabled=True + loop: + - seafile-clean-db + - seafile-gc + tags: seafile + diff --git a/roles/seafile/templates/clean_db.sh.j2 b/roles/seafile/templates/clean_db.sh.j2 new file mode 100644 index 0000000..efd2844 --- /dev/null +++ b/roles/seafile/templates/clean_db.sh.j2 @@ -0,0 +1,10 @@ +#!/bin/sh + +set -eo pipefail + +PATH=/opt/seafile/bin:/bin:/usr/bin +PYTHONPATH=/opt/seafile/lib64/python3.6/site-packages/ +PYTHON=/opt/seafile/bin/python +cd {{ seafile_root_dir }}/seafile-server +./seahub.sh python-env python3 seahub/manage.py clearsessions + diff --git a/roles/seafile/templates/gc.sh.j2 b/roles/seafile/templates/gc.sh.j2 index c57ff81..dff48c8 100644 --- a/roles/seafile/templates/gc.sh.j2 +++ b/roles/seafile/templates/gc.sh.j2 @@ -1,11 +1,9 @@ #!/bin/sh {% if seafile_license is not defined %} -/usr/bin/systemctl stop seafile -/usr/bin/systemctl stop seahub +/usr/bin/systemctl stop seafile seahub {% endif %} /usr/bin/systemd-cat /usr/bin/sudo -u {{ seafile_user }} {{ seafile_root_dir }}/seafile-server/seaf-gc.sh {% if seafile_license is not defined %} -/usr/bin/systemctl start seafile -/usr/bin/systemctl start seahub +/usr/bin/systemctl start seafile seahub {% endif %} diff --git a/roles/seafile/templates/seafile-clean-db.service.j2 b/roles/seafile/templates/seafile-clean-db.service.j2 new file mode 100644 index 0000000..d3d6cc6 --- /dev/null +++ b/roles/seafile/templates/seafile-clean-db.service.j2 @@ -0,0 +1,7 @@ +[Unit] +Description=Seafile DB cleaner service + +[Service] +Type=oneshot +PrivateTmp=yes +ExecStart={{ seafile_root_dir }}/bin/clean_db.sh diff --git a/roles/seafile/templates/seafile-clean-db.timer.j2 b/roles/seafile/templates/seafile-clean-db.timer.j2 new file mode 100644 index 0000000..d84f1be --- /dev/null +++ b/roles/seafile/templates/seafile-clean-db.timer.j2 @@ -0,0 +1,9 @@ +[Unit] +Description=Seafile DB cleaner service + +[Timer] +OnCalendar=daily +Persistent=true + +[Install] +WantedBy=timers.target diff --git a/roles/seafile/templates/seafile-gc.service.j2 b/roles/seafile/templates/seafile-gc.service.j2 new file mode 100644 index 0000000..07ba972 --- /dev/null +++ b/roles/seafile/templates/seafile-gc.service.j2 @@ -0,0 +1,7 @@ +[Unit] +Description=Seafile Garbage Collect service + +[Service] +Type=oneshot +PrivateTmp=yes +ExecStart={{ seafile_root_dir }}/bin/gc.sh diff --git a/roles/seafile/templates/seafile-gc.timer.j2 b/roles/seafile/templates/seafile-gc.timer.j2 new file mode 100644 index 0000000..85d2fab --- /dev/null +++ b/roles/seafile/templates/seafile-gc.timer.j2 @@ -0,0 +1,9 @@ +[Unit] +Description=Seafile Garbage Collect service + +[Timer] +OnCalendar=Sun *-*-* 02:10:00 +Persistent=true + +[Install] +WantedBy=timers.target diff --git a/roles/seafile/templates/seafile.conf.j2 b/roles/seafile/templates/seafile.conf.j2 index 32bf0cb..cfd4faa 100644 --- a/roles/seafile/templates/seafile.conf.j2 +++ b/roles/seafile/templates/seafile.conf.j2 @@ -29,7 +29,7 @@ max_upload_size = {{ seafile_max_upload_size }} max_download_dir_size = {{ seafile_max_download_dir_size }} {% endif %} web_token_expire_time = 7200 -{% if seafile_version is version('9.0.0', '>=') %} +{% if seafile_version is version('9.0.1', '>') %} use_go_fileserver = true {% endif %} diff --git a/roles/seafile/templates/seahub.service.j2 b/roles/seafile/templates/seahub.service.j2 index 0e9039c..3f530fc 100644 --- a/roles/seafile/templates/seahub.service.j2 +++ b/roles/seafile/templates/seahub.service.j2 @@ -6,7 +6,7 @@ After=network.target seafile.service Type=forking Environment=PYTHONPATH={{ seafile_root_dir }}/lib64/python3.6/site-packages/ Environment=PYTHON={{ seafile_root_dir }}/bin/python -ExecStart={{ seafile_root_dir }}/seafile-server/seahub.sh {{ seafile_seahub_fastcgi | ternary('start-fastcgi','start') }} {{ seafile_seahub_port }} +ExecStart={{ seafile_root_dir }}/seafile-server/seahub.sh start {{ seafile_seahub_port }} ExecStop={{ seafile_root_dir }}/seafile-server/seahub.sh stop User={{ seafile_user }} Group={{ seafile_group }} diff --git a/roles/seafile/templates/seahub_settings.py.j2 b/roles/seafile/templates/seahub_settings.py.j2 index 64e1565..5297b78 100644 --- a/roles/seafile/templates/seahub_settings.py.j2 +++ b/roles/seafile/templates/seahub_settings.py.j2 @@ -99,9 +99,6 @@ REPO_PASSWORD_MIN_LENGTH = 4 ENABLE_REPO_SNAPSHOT_LABEL = True -ENABLE_VIDEO_THUMBNAIL = False -THUMBNAIL_VIDEO_FRAME_TIME = 5 - {% if seafile_oauth2_auth == True %} ENABLE_OAUTH = True OAUTH_ENABLE_INSECURE_TRANSPORT = True @@ -157,3 +154,12 @@ ONLYOFFICE_JWT_SECRET = '{{ seafile_oo_secret }}' USE_X_FORWARDED_HOST = True SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') {% endif %} + +{% if seafile_license is defined %} +{% if seafile_scan_av %} +ENABLE_UPLOAD_LINK_VIRUS_CHECK = True +{% endif %} +{% if system_admin_email is defined %} +VIRUS_SCAN_NOTIFY_LIST = ['{{ system_admin_email }}'] +{% endif %} +{% endif %} diff --git a/roles/seafile/vars/RedHat-8.yml b/roles/seafile/vars/RedHat-8.yml index 65edb83..794106f 100644 --- a/roles/seafile/vars/RedHat-8.yml +++ b/roles/seafile/vars/RedHat-8.yml @@ -43,3 +43,4 @@ seafile_rm_libs: - libsasl2.so.3 - libldap_r-2.4.so.2 # 9.0.0 - libcrypto.so.1.1 # 9.0.0 + - libssl.so.1.1 # 9.0.0