--- - name: Set default install mode set_fact: seafile_install_mode='none' tags: seafile # Makes sur we do not have a trailing / on the public url - set_fact: seafile_public_url={{ seafile_public_url | regex_replace('/$','') }} tags: seafile - name: Check if seafile is installed stat: path={{ seafile_root_dir }}/meta/ansible_version register: seafile_version_file tags: seafile - name: Check installed version command: cat {{ seafile_root_dir }}/meta/ansible_version register: seafile_current_version when: seafile_version_file.stat.exists changed_when: False tags: seafile - name: Set install mode to install set_fact: seafile_install_mode='install' when: not seafile_version_file.stat.exists tags: seafile - name: Set install mode to upgrade set_fact: seafile_install_mode='upgrade' when: - seafile_version_file.stat.exists - seafile_current_version is defined - seafile_current_version.stdout != seafile_version tags: seafile # Needed to have consistent behaviour with the various components # which do not all support unix socket - name: Set DB server to 127.0.0.1 set_fact: seafile_db_server="127.0.0.1" when: seafile_db_server == 'localhost' tags: seafile - name: Install RPM dependencies yum: name: - python-imaging - MySQL-python - python-memcached - python-ldap - python-urllib3 - python-virtualenv - ffmpeg - ffmpeg-devel - libmemcached-devel - mysql-devel - zlib-devel - gcc - tar - mariadb - fuse - java-1.8.0-openjdk # For seafile-pro - poppler-utils # For seafile-pro - unoconv # For seafile-pro tags: seafile - name: Install or update python modules in the virtualenv pip: state: latest virtualenv: "{{ seafile_root_dir }}" virtualenv_python: python2.7 name: - pip - virtualenv - pillow #- moviepy - pylibmc - django-pylibmc - requests_oauthlib - MySQL-python notify: - restart seafile - restart seahub tags: seafile - name: Create user account user: name={{ seafile_user }} comment="Seafile user account" system=yes shell=/sbin/nologin tags: seafile - name: Create base directories file: path={{ item.dir }} state=directory owner={{ item.owner | default(seafile_user) }} group={{ item.group | default(seafile_group) }} mode={{ item.mode | default('0700') }} with_items: - dir: "{{ seafile_root_dir }}/tmp" owner: root group: root - dir: "{{ seafile_root_dir }}/meta" owner: root group: root - dir: "{{ seafile_root_dir }}/archives" owner: root group: root tags: seafile - name: Install Seafile pro license copy: content={{ seafile_license }} dest={{ seafile_root_dir }}/seafile-license.txt when: seafile_license is defined tags: seafile - name: Create archive directory file: path={{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }} state=directory when: seafile_install_mode == 'upgrade' tags: seafile - name: Stop the service during upgrade service: name={{ item }} state=stopped with_items: - seafile - seahub when: seafile_install_mode == 'upgrade' tags: seafile - name: Backup the databases mysql_db: state: dump name: "{{ item }}" target: "{{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }}/{{ item }}.sql" login_host: "{{ seafile_db_server }}" login_user: sqladmin login_password: "{{ mysql_admin_pass }}" quick: True single_transaction: True with_items: - "{{ seafile_db_seafile }}" - "{{ seafile_db_ccnet }}" - "{{ seafile_db_seahub }}" when: seafile_install_mode == 'upgrade' tags: seafile - name: Archive seafile server synchronize: src: "{{ seafile_root_dir }}/seafile-server" dest: "{{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }}/" recursive: True delete: True delegate_to: "{{ inventory_hostname }}" when: seafile_install_mode == 'upgrade' tags: seafile - name: Download seafile archive get_url: url: "{{ seafile_archive_url }}" dest: "{{ seafile_root_dir }}/tmp/seafile-server_{{ seafile_version }}_x86-64.tar.gz" checksum: "sha1:{{ seafile_archive_sha1 }}" when: - seafile_install_mode != 'none' - seafile_license is not defined tags: seafile - name: Copy Seafile pro archive copy: src=seafile-pro-server_{{ seafile_version }}_x86-64.tar.gz dest={{ seafile_root_dir }}/tmp/ when: - seafile_install_mode != 'none' - seafile_license is defined tags: seafile - name: Extract seafile archive unarchive: src: "{{ seafile_root_dir }}/tmp/seafile-{{ seafile_license is defined | ternary('pro-','') }}server_{{ seafile_version }}_x86-64.tar.gz" dest: "{{ seafile_root_dir }}/tmp" remote_src: yes when: seafile_install_mode != 'none' tags: seafile - name: Create directories file: path={{ item.dir }} state=directory owner={{ item.owner | default(seafile_user) }} group={{ item.group | default(seafile_group) }} mode={{ item.mode | default('0770') }} with_items: - dir: "{{ seafile_root_dir }}" mode: 755 - dir: "{{ seafile_root_dir }}/fuse" - dir: "{{ seafile_root_dir }}/seafile-server" mode: 755 - dir: "{{ seafile_root_dir }}/conf" - dir: "{{ seafile_root_dir }}/ccnet" - dir: "{{ seafile_root_dir }}/logs" - dir: "{{ seafile_root_dir }}/pids" - dir: "{{ seafile_data_dir }}" - dir: "{{ seafile_data_dir }}/thumbnails" - dir: "{{ seafile_data_dir }}/seahub" mode: 755 - dir: "{{ seafile_data_dir }}/seahub/custom" mode: 755 - dir: "{{ seafile_data_dir }}/seahub/cache" mode: 755 - dir: "{{ seafile_data_dir }}/seahub/avatars" mode: 755 - dir: "{{ seafile_data_dir }}/pro" - dir: "{{ seafile_data_dir }}/db_dumps" owner: root group: root ignore_errors: True # So we can run when the fuse mount point is active tags: seafile - name: Move seafile to the correct location synchronize: src: "{{ seafile_root_dir }}/tmp/seafile-{{ seafile_license is defined | ternary('pro-','') }}server-{{ seafile_version }}/" dest: "{{ seafile_root_dir }}/seafile-server/" recursive: True delete: True delegate_to: "{{ inventory_hostname }}" when: seafile_install_mode != 'none' tags: seafile - name: Check if avatar is a dir or a link stat: path={{ seafile_root_dir }}/seafile-server/seahub/media/avatars register: seafile_avatar tags: seafile - name: Remove default avatar directory file: path={{ seafile_root_dir }}/seafile-server/seahub/media/avatars state=absent when: seafile_avatar.stat.isdir is defined and seafile_avatar.stat.isdir tags: seafile - name: Create seahub symlinks file: src={{ seafile_data_dir }}/seahub/{{ item.src }} dest={{ seafile_root_dir }}/seafile-server/seahub/media/{{ item.dest }} state=link force=True with_items: - src: custom dest: custom - src: cache dest: CACHE - src: avatars dest: avatars tags: seafile - name: Create pro-data link file: src={{ seafile_data_dir }}/pro dest={{ seafile_root_dir }}/pro-data state=link force=True when: seafile_license is defined tags: seafile - name: Set permissions on seahub runtime directory file: path={{ seafile_root_dir }}/seafile-server/runtime state=directory owner={{ seafile_user }} mode=700 tags: seafile - name: Create library-template file: path={{ seafile_data_dir }}/library-template state=directory when: seafile_install_mode == 'install' tags: seafile # Needed since CentOS 7.5 so ldaps can be used - name: Remove bundled libs file: path={{ seafile_root_dir }}/seafile-server/seafile/lib/{{ item }} state=absent with_items: - libnssutil3.so notify: restart seafile tags: seafile - name: Copy documentation copy: src={{ seafile_root_dir }}/tmp/seafile-server-{{ seafile_version }}/seafile/docs/seafile-tutorial.doc dest={{ seafile_data_dir }}/library-template remote_src=yes when: seafile_install_mode == 'install' tags: seafile - name: Generate a secret for seahub shell: python2.7 {{ seafile_root_dir }}/seafile-server/seahub/tools/secret_key_generator.py > {{ seafile_root_dir }}/meta/ansible_hub_secret args: creates: "{{ seafile_root_dir }}/meta/ansible_hub_secret" when: seafile_seahub_secret is not defined tags: seafile - name: Read seahub secret command: cat {{ seafile_root_dir }}/meta/ansible_hub_secret register: seafile_seahub_rand_secret when: seafile_seahub_secret is not defined changed_when: False tags: seafile - name: Set seahub secret key set_fact: seafile_seahub_secret={{ seafile_seahub_rand_secret.stdout }} when: seafile_seahub_secret is not defined tags: seafile - name: Generate a ID for seahub shell: date | sha1sum | awk '{ print $1 }' > {{ seafile_root_dir }}/meta/ansible_ccnet_id args: creates: "{{ seafile_root_dir }}/meta/ansible_ccnet_id" when: seafile_ccnet_id is not defined tags: seafile - name: Read seahub ID command: cat {{ seafile_root_dir }}/meta/ansible_ccnet_id register: seafile_seahub_rand_id when: seafile_ccnet_id is not defined changed_when: False tags: seafile - name: Set seahub ID set_fact: seafile_ccnet_id={{ seafile_seahub_rand_id.stdout }} when: seafile_ccnet_id is not defined tags: seafile - name: Generate a random pass for the database shell: openssl rand -base64 45 > {{ seafile_root_dir }}/meta/ansible_dbpass args: creates: "{{ seafile_root_dir }}/meta/ansible_dbpass" when: seafile_db_pass is not defined tags: seafile - name: Read database password command: cat {{ seafile_root_dir }}/meta/ansible_dbpass register: seafile_rand_pass when: seafile_db_pass is not defined changed_when: False tags: seafile - name: Set database pass set_fact: seafile_db_pass={{ seafile_rand_pass.stdout }} when: seafile_db_pass is not defined tags: seafile - name: Create the databases mysql_db: name: "{{ item }}" login_host: "{{ seafile_db_server }}" login_user: sqladmin login_password: "{{ mysql_admin_pass }}" state: present with_items: - "{{ seafile_db_seafile }}" - "{{ seafile_db_ccnet }}" - "{{ seafile_db_seahub }}" tags: seafile - name: Create database user mysql_user: name: "{{ seafile_db_user }}" password: "{{ seafile_db_pass }}" priv: "{{ seafile_db_seafile }}.*:ALL/{{ seafile_db_ccnet }}.*:ALL/{{ seafile_db_seahub }}.*:ALL" host: "{{ item }}" login_host: "{{ seafile_db_server }}" login_user: sqladmin login_password: "{{ mysql_admin_pass }}" state: present with_items: "{{ (seafile_db_server == '127.0.0.1') | ternary(['127.0.0.1','localhost'],ansible_all_ipv4_addresses) }}" tags: seafile - name: Load seahub schema mysql_db: state: import target: "{{ seafile_root_dir }}/seafile-server/seahub/sql/mysql.sql" name: "{{ seafile_db_seahub }}" login_host: "{{ seafile_db_server }}" login_user: sqladmin login_password: "{{ mysql_admin_pass }}" when: seafile_install_mode == 'install' tags: seafile - name: Generate an RSA private key command: openssl genrsa -out {{ seafile_root_dir }}/ccnet/mykey.peer 2048 args: creates: "{{ seafile_root_dir }}/ccnet/mykey.peer" tags: seafile - name: Deploy seafile configuration template: src={{ item }}.j2 dest={{ seafile_root_dir }}/conf/{{ item }} group={{ seafile_group }} mode=640 with_items: - ccnet.conf - seafdav.conf - seafile.conf - seahub_settings.py - gunicorn.conf notify: - restart seafile - restart seahub tags: seafile - name: Deploy seafile pro configuration template: src={{ item }}.j2 dest={{ seafile_root_dir }}/conf/{{ item }} group={{ seafile_group }} mode=640 with_items: - seafevents.conf when: seafile_license is defined notify: - restart seafile - restart seahub tags: seafile - name: Deploy ccnet ini file copy: content: | {{ seafile_data_dir }} dest: "{{ seafile_root_dir }}/ccnet/seafile.ini" notify: - restart seafile - restart seahub tags: seafile - name: Deploy initial admin info template: src=admin.txt.j2 dest={{ seafile_root_dir }}/conf/admin.txt group={{ seafile_group }} mode=640 when: seafile_install_mode == 'install' tags: seafile - name: Set seafile ports set_fact: seafile_ports: "[ {{ seafile_seafile_port }}, {{ seafile_seahub_port }} ]" tags: seafile - name: Add webdav port set_fact: seafile_ports: "{{ seafile_ports }} + [ {{ seafile_webdav_port }} ]" when: seafile_webdav == True tags: seafile - name: Handle seafile ports iptables_raw: name: seafile_ports state: "{{ (seafile_src_ip | length > 0) | ternary('present','absent') }}" rules: "-A INPUT -m state --state NEW -p tcp -m multiport --dports {{ seafile_ports | join(',') }} -s {{ seafile_src_ip | join(',') }} -j ACCEPT" when: iptables_manage | default(True) tags: seafile - name: Compress previous version command: tar cJf {{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }}.txz ./ environment: XZ_OPT: -T0 args: chdir: "{{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }}" warn: False when: seafile_install_mode == 'upgrade' tags: seafile - name: Remove archive directory file: path={{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }} state=absent when: seafile_install_mode == 'upgrade' tags: seafile - name: Remove tmp files file: path={{ item }} state=absent with_items: - "{{ seafile_root_dir }}/tmp/seafile-server_{{ seafile_version }}_x86-64.tar.gz" - "{{ seafile_root_dir }}/tmp/seafile-server-{{ seafile_version }}" - "{{ seafile_root_dir }}/tmp/seafile-pro-server_{{ seafile_version }}_x86-64.tar.gz" - "{{ seafile_root_dir }}/tmp/seafile-pro-server-{{ seafile_version }}" - "/etc/cron.d/seafil_gc" tags: seafile - name: Write version copy: content={{ seafile_version }} dest={{ seafile_root_dir }}/meta/ansible_version when: seafile_install_mode != 'none' tags: seafile - name: Deploy systemd services template: src={{ item }}.service.j2 dest=/etc/systemd/system/{{ item }}.service with_items: - seafile - seahub notify: - restart seafile - restart seahub register: seafile_systemd_unit tags: seafile - name: Reload systemd command: systemctl daemon-reload when: seafile_systemd_unit.changed tags: seafile - name: Start and enable the services service: name={{ item }} state=started enabled=yes with_items: - seafile - seahub when: seafile_install_mode != 'upgrade' # We need to run upgrade script manually tags: seafile - name: Deploy script to run garbage collector template: src=gc.sh.j2 dest={{ seafile_root_dir }}/seafile-server/gc.sh mode=0755 tags: seafile - name: Add a cron job for garbage collector cron: name: seafile_gc special_time: weekly user: root job: '{{ seafile_root_dir }}/seafile-server/gc.sh' cron_file: seafile_gc state: present tags: seafile - name: Deploy a clamdscan wrapper script copy: content: | #!/bin/bash -e /bin/clamdscan -c /etc/clamd.conf $@ dest: "{{ seafile_root_dir }}/seafile-server/clamdscan.sh" mode: 0755 tags: seafile - name: Install backup script template: src={{ item.script }}.j2 dest=/etc/backup/{{ item.type }}.d/{{ item.script }} mode=700 with_items: - script: seafile_dump_db.sh type: pre - script: seafile_mount_fuse.sh type: pre - script: seafile_rm_dumps.sh type: post - script: seafile_umount_fuse.sh type: post tags: seafile - name: Check if there are custom office templates local_action: stat path=config/{{ inventory_hostname }}/seafile/office-template/empty.{{ item }} register: seafile_custom_office_template vars: ansible_become: False loop: - docx - pptx - xlsx tags: seafile - name: Override office templates copy: src={{ item.stat.exists | ternary('config/' + inventory_hostname + '/seafile/office-template/empty.','office-template/empty.' ) }}{{ item.item }} dest={{ seafile_root_dir }}/seafile-server/seahub/media/office-template/ loop: "{{ seafile_custom_office_template.results }}" tags: seafile - name: Deploy permission script template: src=perms.sh.j2 dest={{ seafile_root_dir }}/perms.sh mode=755 register: seafile_perms tags: seafile - name: Set optimal permissions command: "{{ seafile_root_dir }}/perms.sh" changed_when: False when: seafile_perms.changed or seafile_install_mode == 'upgrade' tags: seafile - include: filebeat.yml