fws
/
ansible-roles
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update to 2020-04-27 16:00

Browse Source
master
Daniel Berteaud 5 years ago
parent 50501d87ac
commit 94d4700d76
14 changed files with 482 additions and 529 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. BIN
      roles/seafile/defaults/.main.yml.swp
  2. BIN
      roles/seafile/tasks/.install.yml.swp
  3. 15
      roles/seafile/tasks/archive_post.yml
  4. 38
      roles/seafile/tasks/archive_pre.yml
  5. 11
      roles/seafile/tasks/cleanup.yml
  6. 45
      roles/seafile/tasks/conf.yml
  7. 37
      roles/seafile/tasks/directories.yml
  8. 81
      roles/seafile/tasks/facts.yml
  9. 212
      roles/seafile/tasks/install.yml
  10. 10
      roles/seafile/tasks/iptables.yml
  11. 540
      roles/seafile/tasks/main.yml
  12. 10
      roles/seafile/tasks/services.yml
  13. 6
      roles/seafile/tasks/user.yml
  14. 6
      roles/seafile/tasks/write_version.yml

BIN
roles/seafile/defaults/.main.yml.swp
View File

Binary file not shown.

BIN
roles/seafile/tasks/.install.yml.swp
View File

Binary file not shown.

15
roles/seafile/tasks/archive_post.yml
Unescape View File

@ -0,0 +1,15 @@
---
- name: Compress previous version
command: tar cJf {{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }}.txz ./
environment:
XZ_OPT: -T0
args:
chdir: "{{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }}"
warn: False
tags: seafile
- name: Remove archive directory
file: path={{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }} state=absent
tags: seafile

38
roles/seafile/tasks/archive_pre.yml
Unescape View File

@ -0,0 +1,38 @@
---
- name: Create archive directory
file: path={{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }} state=directory
tags: seafile
- name: Stop the service during upgrade
service: name={{ item }} state=stopped
with_items:
- seafile
- seahub
tags: seafile
- name: Backup the databases
mysql_db:
state: dump
name: "{{ item }}"
target: "{{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }}/{{ item }}.sql"
login_host: "{{ seafile_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
quick: True
single_transaction: True
with_items:
- "{{ seafile_db_seafile }}"
- "{{ seafile_db_ccnet }}"
- "{{ seafile_db_seahub }}"
tags: seafile
- name: Archive seafile server
synchronize:
src: "{{ seafile_root_dir }}/seafile-server"
dest: "{{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }}/"
recursive: True
delete: True
delegate_to: "{{ inventory_hostname }}"
tags: seafile

11
roles/seafile/tasks/cleanup.yml
Unescape View File

@ -0,0 +1,11 @@
---
- name: Remove tmp files
file: path={{ item }} state=absent
with_items:
- "{{ seafile_root_dir }}/tmp/seafile-server_{{ seafile_version }}_x86-64.tar.gz"
- "{{ seafile_root_dir }}/tmp/seafile-server-{{ seafile_version }}"
- "{{ seafile_root_dir }}/tmp/seafile-pro-server_{{ seafile_version }}_x86-64.tar.gz"
- "{{ seafile_root_dir }}/tmp/seafile-pro-server-{{ seafile_version }}"
- "/etc/cron.d/seafil_gc"
tags: seafile

45
roles/seafile/tasks/conf.yml
Unescape View File

@ -0,0 +1,45 @@
---
- name: Generate an RSA private key
command: openssl genrsa -out {{ seafile_root_dir }}/ccnet/mykey.peer 2048
args:
creates: "{{ seafile_root_dir }}/ccnet/mykey.peer"
tags: seafile
- name: Deploy seafile configuration
template: src={{ item }}.j2 dest={{ seafile_root_dir }}/conf/{{ item }} group={{ seafile_group }} mode=640
with_items:
- ccnet.conf
- seafdav.conf
- seafile.conf
- seahub_settings.py
- gunicorn.conf
notify:
- restart seafile
- restart seahub
tags: seafile
- name: Deploy seafile pro configuration
template: src={{ item }}.j2 dest={{ seafile_root_dir }}/conf/{{ item }} group={{ seafile_group }} mode=640
with_items:
- seafevents.conf
when: seafile_license is defined
notify:
- restart seafile
- restart seahub
tags: seafile
- name: Deploy ccnet ini file
copy:
content: |
{{ seafile_data_dir }}
dest: "{{ seafile_root_dir }}/ccnet/seafile.ini"
notify:
- restart seafile
- restart seahub
tags: seafile
- name: Deploy initial admin info
template: src=admin.txt.j2 dest={{ seafile_root_dir }}/conf/admin.txt group={{ seafile_group }} mode=640
when: seafile_install_mode == 'install'
tags: seafile

37
roles/seafile/tasks/directories.yml
Unescape View File

@ -0,0 +1,37 @@
---
- name: Create directories
file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
with_items:
- dir: "{{ seafile_root_dir }}/tmp"
mode: 700
- dir: "{{ seafile_root_dir }}/meta"
mode: 700
- dir: "{{ seafile_root_dir }}/archives"
mode: 700
- dir: "{{ seafile_root_dir }}"
- dir: "{{ seafile_root_dir }}/fuse"
- dir: "{{ seafile_root_dir }}/seafile-server"
- dir: "{{ seafile_root_dir }}/conf"
- dir: "{{ seafile_root_dir }}/ccnet"
- dir: "{{ seafile_root_dir }}/logs"
- dir: "{{ seafile_root_dir }}/pids"
- dir: "{{ seafile_data_dir }}"
- dir: "{{ seafile_data_dir }}/thumbnails"
- dir: "{{ seafile_data_dir }}/seahub"
- dir: "{{ seafile_data_dir }}/seahub/custom"
owner: "{{ seafile_user }}"
group: "{{ seafile_user }}"
- dir: "{{ seafile_data_dir }}/seahub/cache"
owner: "{{ seafile_user }}"
group: "{{ seafile_user }}"
- dir: "{{ seafile_data_dir }}/seahub/avatars"
owner: "{{ seafile_user }}"
group: "{{ seafile_user }}"
- dir: "{{ seafile_data_dir }}/pro"
- dir: "{{ seafile_data_dir }}/backup"
mode: 700
owner: root
group: root
ignore_errors: True # So we can run when the fuse mount point is active
tags: seafile

81
roles/seafile/tasks/facts.yml
Unescape View File

@ -0,0 +1,81 @@
---
- name: Set default install mode
set_fact: seafile_install_mode='none'
tags: seafile
# Makes sur we do not have a trailing / on the public url
- set_fact: seafile_public_url={{ seafile_public_url | regex_replace('/$','') }}
tags: seafile
- name: Check if seafile is installed
stat: path={{ seafile_root_dir }}/meta/ansible_version
register: seafile_version_file
tags: seafile
- name: Check installed version
command: cat {{ seafile_root_dir }}/meta/ansible_version
register: seafile_current_version
when: seafile_version_file.stat.exists
changed_when: False
tags: seafile
- name: Set install mode to install
set_fact: seafile_install_mode='install'
when: not seafile_version_file.stat.exists
tags: seafile
- name: Set install mode to upgrade
set_fact: seafile_install_mode='upgrade'
when:
- seafile_version_file.stat.exists
- seafile_current_version is defined
- seafile_current_version.stdout != seafile_version
tags: seafile
# Needed to have consistent behaviour with the various components
# which do not all support unix socket
- name: Set DB server to 127.0.0.1
set_fact: seafile_db_server="127.0.0.1"
when: seafile_db_server == 'localhost'
tags: seafile
- name: Generate a ID for seahub
shell: date | sha1sum | awk '{ print $1 }' > {{ seafile_root_dir }}/meta/ansible_ccnet_id
args:
creates: "{{ seafile_root_dir }}/meta/ansible_ccnet_id"
when: seafile_ccnet_id is not defined
tags: seafile
- name: Read seahub ID
command: cat {{ seafile_root_dir }}/meta/ansible_ccnet_id
register: seafile_seahub_rand_id
when: seafile_ccnet_id is not defined
changed_when: False
tags: seafile
- name: Set seahub ID
set_fact: seafile_ccnet_id={{ seafile_seahub_rand_id.stdout }}
when: seafile_ccnet_id is not defined
tags: seafile
- name: Generate a password for the database
block:
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ seafile_root_dir }}/meta/ansible_dbpass"
- set_fact: seafile_db_pass={{ rand_pass }}
when: seafile_db_pass is not defined
tags: seafile
- name: Set seafile ports
set_fact:
seafile_ports: "[ {{ seafile_seafile_port }}, {{ seafile_seahub_port }} ]"
tags: seafile
- name: Add webdav port
set_fact:
seafile_ports: "{{ seafile_ports }} + [ {{ seafile_webdav_port }} ]"
when: seafile_webdav == True
tags: seafile

212
roles/seafile/tasks/install.yml
Unescape View File

@ -0,0 +1,212 @@
---
- name: Install RPM dependencies
yum:
name:
- python-imaging
- MySQL-python
- python-memcached
- python-ldap
- python-urllib3
- python-virtualenv
- ffmpeg
- ffmpeg-devel
- libmemcached-devel
- mysql-devel
- zlib-devel
- gcc
- tar
- mariadb
- fuse
- java-1.8.0-openjdk # For seafile-pro
- poppler-utils # For seafile-pro
- unoconv # For seafile-pro
tags: seafile
- name: Install or update python modules in the virtualenv
pip:
state: latest
virtualenv: "{{ seafile_root_dir }}"
virtualenv_python: python2.7
name:
- pip
- virtualenv
- pillow
#- moviepy
- pylibmc
- django-pylibmc
- requests_oauthlib
- MySQL-python
notify:
- restart seafile
- restart seahub
tags: seafile
- name: Install Seafile pro license
copy: content={{ seafile_license }} dest={{ seafile_root_dir }}/seafile-license.txt
when: seafile_license is defined
tags: seafile
- name: Download seafile archive
get_url:
url: "{{ seafile_archive_url }}"
dest: "{{ seafile_root_dir }}/tmp/seafile-server_{{ seafile_version }}_x86-64.tar.gz"
checksum: "sha1:{{ seafile_archive_sha1 }}"
when:
- seafile_install_mode != 'none'
- seafile_license is not defined
tags: seafile
- name: Copy Seafile pro archive
copy: src=seafile-pro-server_{{ seafile_version }}_x86-64.tar.gz dest={{ seafile_root_dir }}/tmp/
when:
- seafile_install_mode != 'none'
- seafile_license is defined
tags: seafile
- name: Extract seafile archive
unarchive:
src: "{{ seafile_root_dir }}/tmp/seafile-{{ seafile_license is defined | ternary('pro-','') }}server_{{ seafile_version }}_x86-64.tar.gz"
dest: "{{ seafile_root_dir }}/tmp"
remote_src: yes
when: seafile_install_mode != 'none'
tags: seafile
- name: Move seafile to the correct location
synchronize:
src: "{{ seafile_root_dir }}/tmp/seafile-{{ seafile_license is defined | ternary('pro-','') }}server-{{ seafile_version }}/"
dest: "{{ seafile_root_dir }}/seafile-server/"
recursive: True
delete: True
delegate_to: "{{ inventory_hostname }}"
when: seafile_install_mode != 'none'
tags: seafile
- name: Check if avatar is a dir or a link
stat: path={{ seafile_root_dir }}/seafile-server/seahub/media/avatars
register: seafile_avatar
tags: seafile
- name: Remove default avatar directory
file: path={{ seafile_root_dir }}/seafile-server/seahub/media/avatars state=absent
when: seafile_avatar.stat.isdir is defined and seafile_avatar.stat.isdir
tags: seafile
- name: Create seahub symlinks
file: src={{ seafile_data_dir }}/seahub/{{ item.src }} dest={{ seafile_root_dir }}/seafile-server/seahub/media/{{ item.dest }} state=link force=True
with_items:
- src: custom
dest: custom
- src: cache
dest: CACHE
- src: avatars
dest: avatars
tags: seafile
- name: Create pro-data link
file: src={{ seafile_data_dir }}/pro dest={{ seafile_root_dir }}/pro-data state=link force=True
when: seafile_license is defined
tags: seafile
- name: Set permissions on seahub runtime directory
file: path={{ seafile_root_dir }}/seafile-server/runtime state=directory owner={{ seafile_user }} mode=700
tags: seafile
- name: Create library-template
file: path={{ seafile_data_dir }}/library-template state=directory
when: seafile_install_mode == 'install'
tags: seafile
# Needed since CentOS 7.5 so ldaps can be used
- name: Remove bundled libs
file: path={{ seafile_root_dir }}/seafile-server/seafile/lib/{{ item }} state=absent
with_items:
- libnssutil3.so
notify: restart seafile
tags: seafile
- name: Copy documentation
copy: src={{ seafile_root_dir }}/tmp/seafile-server-{{ seafile_version }}/seafile/docs/seafile-tutorial.doc dest={{ seafile_data_dir }}/library-template remote_src=True
when: seafile_install_mode == 'install'
tags: seafile
- name: Generate a secret for seahub
shell: python2.7 {{ seafile_root_dir }}/seafile-server/seahub/tools/secret_key_generator.py > {{ seafile_root_dir }}/meta/ansible_hub_secret
args:
creates: "{{ seafile_root_dir }}/meta/ansible_hub_secret"
when: seafile_seahub_secret is not defined
tags: seafile
- name: Read seahub secret
command: cat {{ seafile_root_dir }}/meta/ansible_hub_secret
register: seafile_seahub_rand_secret
when: seafile_seahub_secret is not defined
changed_when: False
tags: seafile
- name: Set seahub secret key
set_fact: seafile_seahub_secret={{ seafile_seahub_rand_secret.stdout }}
when: seafile_seahub_secret is not defined
tags: seafile
- name: Create the databases
mysql_db:
name: "{{ item }}"
login_host: "{{ seafile_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
state: present
with_items:
- "{{ seafile_db_seafile }}"
- "{{ seafile_db_ccnet }}"
- "{{ seafile_db_seahub }}"
tags: seafile
- name: Create database user
mysql_user:
name: "{{ seafile_db_user }}"
password: "{{ seafile_db_pass }}"
priv: "{{ seafile_db_seafile }}.*:ALL/{{ seafile_db_ccnet }}.*:ALL/{{ seafile_db_seahub }}.*:ALL"
host: "{{ item }}"
login_host: "{{ seafile_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
state: present
with_items: "{{ (seafile_db_server == '127.0.0.1') | ternary(['127.0.0.1','localhost'],ansible_all_ipv4_addresses) }}"
tags: seafile
- name: Load database schema schema
mysql_db:
state: import
target: "{{ seafile_root_dir }}/seafile-server/seahub/sql/mysql.sql"
name: "{{ seafile_db_seahub }}"
login_host: "{{ seafile_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
loop:
- db: "{{ seafile_db_seahub }}"
file: "{{ seafile_root_dir }}/seafile-server/seahub/sql/mysql.sql"
- db: "{{ seafile_db_seafile }}"
file: "{{ seafile_root_dir }}/seafile-server/sql/mysql/seafile.sql"
- db: "{{ seafile_db_ccnet }}"
file: "{{ seafile_root_dir }}/seafile-server/sql/mysql/ccnet.sql"
when: seafile_install_mode == 'install'
tags: seafile
- name: Deploy systemd services
template: src={{ item }}.service.j2 dest=/etc/systemd/system/{{ item }}.service
with_items:
- seafile
- seahub
notify:
- restart seafile
- restart seahub
register: seafile_systemd_unit
tags: seafile
- name: Reload systemd
command: systemctl daemon-reload
when: seafile_systemd_unit.changed
tags: seafile

10
roles/seafile/tasks/iptables.yml
Unescape View File

@ -0,0 +1,10 @@
---
- name: Handle seafile ports
iptables_raw:
name: seafile_ports
state: "{{ (seafile_src_ip | length > 0) | ternary('present','absent') }}"
rules: "-A INPUT -m state --state NEW -p tcp -m multiport --dports {{ seafile_ports | join(',') }} -s {{ seafile_src_ip | join(',') }} -j ACCEPT"
when: iptables_manage | default(True)
tags: seafile

540
roles/seafile/tasks/main.yml
Unescape View File

@ -1,534 +1,16 @@
---
- name: Set default install mode
set_fact: seafile_install_mode='none'
tags: seafile
# Makes sur we do not have a trailing / on the public url
- set_fact: seafile_public_url={{ seafile_public_url | regex_replace('/$','') }}
tags: seafile
- name: Check if seafile is installed
stat: path={{ seafile_root_dir }}/meta/ansible_version
register: seafile_version_file
tags: seafile
- name: Check installed version
command: cat {{ seafile_root_dir }}/meta/ansible_version
register: seafile_current_version
when: seafile_version_file.stat.exists
changed_when: False
tags: seafile
- name: Set install mode to install
set_fact: seafile_install_mode='install'
when: not seafile_version_file.stat.exists
tags: seafile
- name: Set install mode to upgrade
set_fact: seafile_install_mode='upgrade'
when:
- seafile_version_file.stat.exists
- seafile_current_version is defined
- seafile_current_version.stdout != seafile_version
tags: seafile
# Needed to have consistent behaviour with the various components
# which do not all support unix socket
- name: Set DB server to 127.0.0.1
set_fact: seafile_db_server="127.0.0.1"
when: seafile_db_server == 'localhost'
tags: seafile
- name: Install RPM dependencies
yum:
name:
- python-imaging
- MySQL-python
- python-memcached
- python-ldap
- python-urllib3
- python-virtualenv
- ffmpeg
- ffmpeg-devel
- libmemcached-devel
- mysql-devel
- zlib-devel
- gcc
- tar
- mariadb
- fuse
- java-1.8.0-openjdk # For seafile-pro
- poppler-utils # For seafile-pro
- unoconv # For seafile-pro
tags: seafile
- name: Install or update python modules in the virtualenv
pip:
state: latest
virtualenv: "{{ seafile_root_dir }}"
virtualenv_python: python2.7
name:
- pip
- virtualenv
- pillow
#- moviepy
- pylibmc
- django-pylibmc
- requests_oauthlib
- MySQL-python
notify:
- restart seafile
- restart seahub
tags: seafile
- name: Create user account
user: name={{ seafile_user }} comment="Seafile user account" system=yes shell=/sbin/nologin
tags: seafile
- name: Create base directories
file: path={{ item.dir }} state=directory owner={{ item.owner | default(seafile_user) }} group={{ item.group | default(seafile_group) }} mode={{ item.mode | default('0700') }}
with_items:
- dir: "{{ seafile_root_dir }}/tmp"
owner: root
group: root
- dir: "{{ seafile_root_dir }}/meta"
owner: root
group: root
- dir: "{{ seafile_root_dir }}/archives"
owner: root
group: root
tags: seafile
- name: Install Seafile pro license
copy: content={{ seafile_license }} dest={{ seafile_root_dir }}/seafile-license.txt
when: seafile_license is defined
tags: seafile
- name: Create archive directory
file: path={{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }} state=directory
when: seafile_install_mode == 'upgrade'
tags: seafile
- name: Stop the service during upgrade
service: name={{ item }} state=stopped
with_items:
- seafile
- seahub
when: seafile_install_mode == 'upgrade'
tags: seafile
- name: Backup the databases
mysql_db:
state: dump
name: "{{ item }}"
target: "{{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }}/{{ item }}.sql"
login_host: "{{ seafile_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
quick: True
single_transaction: True
with_items:
- "{{ seafile_db_seafile }}"
- "{{ seafile_db_ccnet }}"
- "{{ seafile_db_seahub }}"
when: seafile_install_mode == 'upgrade'
tags: seafile
- name: Archive seafile server
synchronize:
src: "{{ seafile_root_dir }}/seafile-server"
dest: "{{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }}/"
recursive: True
delete: True
delegate_to: "{{ inventory_hostname }}"
when: seafile_install_mode == 'upgrade'
tags: seafile
- name: Download seafile archive
get_url:
url: "{{ seafile_archive_url }}"
dest: "{{ seafile_root_dir }}/tmp/seafile-server_{{ seafile_version }}_x86-64.tar.gz"
checksum: "sha1:{{ seafile_archive_sha1 }}"
when:
- seafile_install_mode != 'none'
- seafile_license is not defined
tags: seafile
- name: Copy Seafile pro archive
copy: src=seafile-pro-server_{{ seafile_version }}_x86-64.tar.gz dest={{ seafile_root_dir }}/tmp/
when:
- seafile_install_mode != 'none'
- seafile_license is defined
tags: seafile
- name: Extract seafile archive
unarchive:
src: "{{ seafile_root_dir }}/tmp/seafile-{{ seafile_license is defined | ternary('pro-','') }}server_{{ seafile_version }}_x86-64.tar.gz"
dest: "{{ seafile_root_dir }}/tmp"
remote_src: yes
when: seafile_install_mode != 'none'
tags: seafile
- name: Create directories
file: path={{ item.dir }} state=directory owner={{ item.owner | default(seafile_user) }} group={{ item.group | default(seafile_group) }} mode={{ item.mode | default('0770') }}
with_items:
- dir: "{{ seafile_root_dir }}"
mode: 755
- dir: "{{ seafile_root_dir }}/fuse"
- dir: "{{ seafile_root_dir }}/seafile-server"
mode: 755
- dir: "{{ seafile_root_dir }}/conf"
- dir: "{{ seafile_root_dir }}/ccnet"
- dir: "{{ seafile_root_dir }}/logs"
- dir: "{{ seafile_root_dir }}/pids"
- dir: "{{ seafile_data_dir }}"
- dir: "{{ seafile_data_dir }}/thumbnails"
- dir: "{{ seafile_data_dir }}/seahub"
mode: 755
- dir: "{{ seafile_data_dir }}/seahub/custom"
mode: 755
- dir: "{{ seafile_data_dir }}/seahub/cache"
mode: 755
- dir: "{{ seafile_data_dir }}/seahub/avatars"
mode: 755
- dir: "{{ seafile_data_dir }}/pro"
- dir: "{{ seafile_data_dir }}/db_dumps"
owner: root
group: root
ignore_errors: True # So we can run when the fuse mount point is active
tags: seafile
- name: Move seafile to the correct location
synchronize:
src: "{{ seafile_root_dir }}/tmp/seafile-{{ seafile_license is defined | ternary('pro-','') }}server-{{ seafile_version }}/"
dest: "{{ seafile_root_dir }}/seafile-server/"
recursive: True
delete: True
delegate_to: "{{ inventory_hostname }}"
when: seafile_install_mode != 'none'
tags: seafile
- name: Check if avatar is a dir or a link
stat: path={{ seafile_root_dir }}/seafile-server/seahub/media/avatars
register: seafile_avatar
tags: seafile
- name: Remove default avatar directory
file: path={{ seafile_root_dir }}/seafile-server/seahub/media/avatars state=absent
when: seafile_avatar.stat.isdir is defined and seafile_avatar.stat.isdir
tags: seafile
- name: Create seahub symlinks
file: src={{ seafile_data_dir }}/seahub/{{ item.src }} dest={{ seafile_root_dir }}/seafile-server/seahub/media/{{ item.dest }} state=link force=True
with_items:
- src: custom
dest: custom
- src: cache
dest: CACHE
- src: avatars
dest: avatars
tags: seafile
- name: Create pro-data link
file: src={{ seafile_data_dir }}/pro dest={{ seafile_root_dir }}/pro-data state=link force=True
when: seafile_license is defined
tags: seafile
- name: Set permissions on seahub runtime directory
file: path={{ seafile_root_dir }}/seafile-server/runtime state=directory owner={{ seafile_user }} mode=700
tags: seafile
- name: Create library-template
file: path={{ seafile_data_dir }}/library-template state=directory
when: seafile_install_mode == 'install'
tags: seafile
# Needed since CentOS 7.5 so ldaps can be used
- name: Remove bundled libs
file: path={{ seafile_root_dir }}/seafile-server/seafile/lib/{{ item }} state=absent
with_items:
- libnssutil3.so
notify: restart seafile
tags: seafile
- name: Copy documentation
copy: src={{ seafile_root_dir }}/tmp/seafile-server-{{ seafile_version }}/seafile/docs/seafile-tutorial.doc dest={{ seafile_data_dir }}/library-template remote_src=yes
when: seafile_install_mode == 'install'
tags: seafile
- name: Generate a secret for seahub
shell: python2.7 {{ seafile_root_dir }}/seafile-server/seahub/tools/secret_key_generator.py > {{ seafile_root_dir }}/meta/ansible_hub_secret
args:
creates: "{{ seafile_root_dir }}/meta/ansible_hub_secret"
when: seafile_seahub_secret is not defined
tags: seafile
- name: Read seahub secret
command: cat {{ seafile_root_dir }}/meta/ansible_hub_secret
register: seafile_seahub_rand_secret
when: seafile_seahub_secret is not defined
changed_when: False
tags: seafile
- name: Set seahub secret key
set_fact: seafile_seahub_secret={{ seafile_seahub_rand_secret.stdout }}
when: seafile_seahub_secret is not defined
tags: seafile
- name: Generate a ID for seahub
shell: date | sha1sum | awk '{ print $1 }' > {{ seafile_root_dir }}/meta/ansible_ccnet_id
args:
creates: "{{ seafile_root_dir }}/meta/ansible_ccnet_id"
when: seafile_ccnet_id is not defined
tags: seafile
- name: Read seahub ID
command: cat {{ seafile_root_dir }}/meta/ansible_ccnet_id
register: seafile_seahub_rand_id
when: seafile_ccnet_id is not defined
changed_when: False
tags: seafile
- name: Set seahub ID
set_fact: seafile_ccnet_id={{ seafile_seahub_rand_id.stdout }}
when: seafile_ccnet_id is not defined
tags: seafile
- name: Generate a random pass for the database
shell: openssl rand -base64 45 > {{ seafile_root_dir }}/meta/ansible_dbpass
args:
creates: "{{ seafile_root_dir }}/meta/ansible_dbpass"
when: seafile_db_pass is not defined
tags: seafile
- name: Read database password
command: cat {{ seafile_root_dir }}/meta/ansible_dbpass
register: seafile_rand_pass
when: seafile_db_pass is not defined
changed_when: False
tags: seafile
- name: Set database pass
set_fact: seafile_db_pass={{ seafile_rand_pass.stdout }}
when: seafile_db_pass is not defined
tags: seafile
- name: Create the databases
mysql_db:
name: "{{ item }}"
login_host: "{{ seafile_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
state: present
with_items:
- "{{ seafile_db_seafile }}"
- "{{ seafile_db_ccnet }}"
- "{{ seafile_db_seahub }}"
tags: seafile
- name: Create database user
mysql_user:
name: "{{ seafile_db_user }}"
password: "{{ seafile_db_pass }}"
priv: "{{ seafile_db_seafile }}.*:ALL/{{ seafile_db_ccnet }}.*:ALL/{{ seafile_db_seahub }}.*:ALL"
host: "{{ item }}"
login_host: "{{ seafile_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
state: present
with_items: "{{ (seafile_db_server == '127.0.0.1') | ternary(['127.0.0.1','localhost'],ansible_all_ipv4_addresses) }}"
tags: seafile
- name: Load seahub schema
mysql_db:
state: import
target: "{{ seafile_root_dir }}/seafile-server/seahub/sql/mysql.sql"
name: "{{ seafile_db_seahub }}"
login_host: "{{ seafile_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
when: seafile_install_mode == 'install'
tags: seafile
- name: Generate an RSA private key
command: openssl genrsa -out {{ seafile_root_dir }}/ccnet/mykey.peer 2048
args:
creates: "{{ seafile_root_dir }}/ccnet/mykey.peer"
tags: seafile
- name: Deploy seafile configuration
template: src={{ item }}.j2 dest={{ seafile_root_dir }}/conf/{{ item }} group={{ seafile_group }} mode=640
with_items:
- ccnet.conf
- seafdav.conf
- seafile.conf
- seahub_settings.py
- gunicorn.conf
notify:
- restart seafile
- restart seahub
tags: seafile
- name: Deploy seafile pro configuration
template: src={{ item }}.j2 dest={{ seafile_root_dir }}/conf/{{ item }} group={{ seafile_group }} mode=640
with_items:
- seafevents.conf
when: seafile_license is defined
notify:
- restart seafile
- restart seahub
tags: seafile
- name: Deploy ccnet ini file
copy:
content: |
{{ seafile_data_dir }}
dest: "{{ seafile_root_dir }}/ccnet/seafile.ini"
notify:
- restart seafile
- restart seahub
tags: seafile
- name: Deploy initial admin info
template: src=admin.txt.j2 dest={{ seafile_root_dir }}/conf/admin.txt group={{ seafile_group }} mode=640
when: seafile_install_mode == 'install'
tags: seafile
- name: Set seafile ports
set_fact:
seafile_ports: "[ {{ seafile_seafile_port }}, {{ seafile_seahub_port }} ]"
tags: seafile
- name: Add webdav port
set_fact:
seafile_ports: "{{ seafile_ports }} + [ {{ seafile_webdav_port }} ]"
when: seafile_webdav == True
tags: seafile
- name: Handle seafile ports
iptables_raw:
name: seafile_ports
state: "{{ (seafile_src_ip | length > 0) | ternary('present','absent') }}"
rules: "-A INPUT -m state --state NEW -p tcp -m multiport --dports {{ seafile_ports | join(',') }} -s {{ seafile_src_ip | join(',') }} -j ACCEPT"
when: iptables_manage | default(True)
tags: seafile
- name: Compress previous version
command: tar cJf {{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }}.txz ./
environment:
XZ_OPT: -T0
args:
chdir: "{{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }}"
warn: False
- include: user.yml
- include: directories.yml
- include: facts.yml
- include: archive_pre.yml
when: seafile_install_mode == 'upgrade'
tags: seafile
- name: Remove archive directory
file: path={{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }} state=absent
- include: install.yml
- include: conf.yml
- include: iptables.yml
- include: services.yml
- include: archive_post.yml
when: seafile_install_mode == 'upgrade'
tags: seafile
- name: Remove tmp files
file: path={{ item }} state=absent
with_items:
- "{{ seafile_root_dir }}/tmp/seafile-server_{{ seafile_version }}_x86-64.tar.gz"
- "{{ seafile_root_dir }}/tmp/seafile-server-{{ seafile_version }}"
- "{{ seafile_root_dir }}/tmp/seafile-pro-server_{{ seafile_version }}_x86-64.tar.gz"
- "{{ seafile_root_dir }}/tmp/seafile-pro-server-{{ seafile_version }}"
- "/etc/cron.d/seafil_gc"
tags: seafile
- name: Write version
copy: content={{ seafile_version }} dest={{ seafile_root_dir }}/meta/ansible_version
when: seafile_install_mode != 'none'
tags: seafile
- name: Deploy systemd services
template: src={{ item }}.service.j2 dest=/etc/systemd/system/{{ item }}.service
with_items:
- seafile
- seahub
notify:
- restart seafile
- restart seahub
register: seafile_systemd_unit
tags: seafile
- name: Reload systemd
command: systemctl daemon-reload
when: seafile_systemd_unit.changed
tags: seafile
- name: Start and enable the services
service: name={{ item }} state=started enabled=yes
with_items:
- seafile
- seahub
when: seafile_install_mode != 'upgrade' # We need to run upgrade script manually
tags: seafile
- name: Deploy script to run garbage collector
template: src=gc.sh.j2 dest={{ seafile_root_dir }}/seafile-server/gc.sh mode=0755
tags: seafile
- name: Add a cron job for garbage collector
cron:
name: seafile_gc
special_time: weekly
user: root
job: '{{ seafile_root_dir }}/seafile-server/gc.sh'
cron_file: seafile_gc
state: present
tags: seafile
- name: Deploy a clamdscan wrapper script
copy:
content: |
#!/bin/bash -e
/bin/clamdscan -c /etc/clamd.conf $@
dest: "{{ seafile_root_dir }}/seafile-server/clamdscan.sh"
mode: 0755
tags: seafile
- name: Install backup script
template: src={{ item.script }}.j2 dest=/etc/backup/{{ item.type }}.d/{{ item.script }} mode=700
with_items:
- script: seafile_dump_db.sh
type: pre
- script: seafile_mount_fuse.sh
type: pre
- script: seafile_rm_dumps.sh
type: post
- script: seafile_umount_fuse.sh
type: post
tags: seafile
- name: Check if there are custom office templates
local_action: stat path=config/{{ inventory_hostname }}/seafile/office-template/empty.{{ item }}
register: seafile_custom_office_template
vars:
ansible_become: False
loop:
- docx
- pptx
- xlsx
tags: seafile
- name: Override office templates
copy: src={{ item.stat.exists | ternary('config/' + inventory_hostname + '/seafile/office-template/empty.','office-template/empty.' ) }}{{ item.item }} dest={{ seafile_root_dir }}/seafile-server/seahub/media/office-template/
loop: "{{ seafile_custom_office_template.results }}"
tags: seafile
- name: Deploy permission script
template: src=perms.sh.j2 dest={{ seafile_root_dir }}/perms.sh mode=755
register: seafile_perms
tags: seafile
- name: Set optimal permissions
command: "{{ seafile_root_dir }}/perms.sh"
changed_when: False
when: seafile_perms.changed or seafile_install_mode == 'upgrade'
tags: seafile
- include: write_version.yml
- include: cleanup.yml
- include: filebeat.yml

10
roles/seafile/tasks/services.yml
Unescape View File

@ -0,0 +1,10 @@
---
- name: Start and enable the services
service: name={{ item }} state=started enabled=yes
with_items:
- seafile
- seahub
when: seafile_install_mode != 'upgrade' # We need to run upgrade script manually
tags: seafile

6
roles/seafile/tasks/user.yml
Unescape View File

@ -0,0 +1,6 @@
---
- name: Create user account
user: name={{ seafile_user }} comment="Seafile user account" system=True shell=/sbin/nologin
tags: seafile

6
roles/seafile/tasks/write_version.yml
Unescape View File

@ -0,0 +1,6 @@
---
- name: Write version
copy: content={{ seafile_version }} dest={{ seafile_root_dir }}/meta/ansible_version
when: seafile_install_mode != 'none'
tags: seafile
Write Preview
Loading…
Cancel
Save