You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
534 lines
16 KiB
534 lines
16 KiB
---
|
|
|
|
- name: Set default install mode
|
|
set_fact: seafile_install_mode='none'
|
|
tags: seafile
|
|
|
|
# Makes sur we do not have a trailing / on the public url
|
|
- set_fact: seafile_public_url={{ seafile_public_url | regex_replace('/$','') }}
|
|
tags: seafile
|
|
|
|
- name: Check if seafile is installed
|
|
stat: path={{ seafile_root_dir }}/meta/ansible_version
|
|
register: seafile_version_file
|
|
tags: seafile
|
|
|
|
- name: Check installed version
|
|
command: cat {{ seafile_root_dir }}/meta/ansible_version
|
|
register: seafile_current_version
|
|
when: seafile_version_file.stat.exists
|
|
changed_when: False
|
|
tags: seafile
|
|
|
|
- name: Set install mode to install
|
|
set_fact: seafile_install_mode='install'
|
|
when: not seafile_version_file.stat.exists
|
|
tags: seafile
|
|
|
|
- name: Set install mode to upgrade
|
|
set_fact: seafile_install_mode='upgrade'
|
|
when:
|
|
- seafile_version_file.stat.exists
|
|
- seafile_current_version is defined
|
|
- seafile_current_version.stdout != seafile_version
|
|
tags: seafile
|
|
|
|
# Needed to have consistent behaviour with the various components
|
|
# which do not all support unix socket
|
|
- name: Set DB server to 127.0.0.1
|
|
set_fact: seafile_db_server="127.0.0.1"
|
|
when: seafile_db_server == 'localhost'
|
|
tags: seafile
|
|
|
|
- name: Install RPM dependencies
|
|
yum:
|
|
name:
|
|
- python-imaging
|
|
- MySQL-python
|
|
- python-memcached
|
|
- python-ldap
|
|
- python-urllib3
|
|
- python-virtualenv
|
|
- ffmpeg
|
|
- ffmpeg-devel
|
|
- libmemcached-devel
|
|
- mysql-devel
|
|
- zlib-devel
|
|
- gcc
|
|
- tar
|
|
- mariadb
|
|
- fuse
|
|
- java-1.8.0-openjdk # For seafile-pro
|
|
- poppler-utils # For seafile-pro
|
|
- unoconv # For seafile-pro
|
|
tags: seafile
|
|
|
|
- name: Install or update python modules in the virtualenv
|
|
pip:
|
|
state: latest
|
|
virtualenv: "{{ seafile_root_dir }}"
|
|
virtualenv_python: python2.7
|
|
name:
|
|
- pip
|
|
- virtualenv
|
|
- pillow
|
|
#- moviepy
|
|
- pylibmc
|
|
- django-pylibmc
|
|
- requests_oauthlib
|
|
- MySQL-python
|
|
notify:
|
|
- restart seafile
|
|
- restart seahub
|
|
tags: seafile
|
|
|
|
- name: Create user account
|
|
user: name={{ seafile_user }} comment="Seafile user account" system=yes shell=/sbin/nologin
|
|
tags: seafile
|
|
|
|
- name: Create base directories
|
|
file: path={{ item.dir }} state=directory owner={{ item.owner | default(seafile_user) }} group={{ item.group | default(seafile_group) }} mode={{ item.mode | default('0700') }}
|
|
with_items:
|
|
- dir: "{{ seafile_root_dir }}/tmp"
|
|
owner: root
|
|
group: root
|
|
- dir: "{{ seafile_root_dir }}/meta"
|
|
owner: root
|
|
group: root
|
|
- dir: "{{ seafile_root_dir }}/archives"
|
|
owner: root
|
|
group: root
|
|
tags: seafile
|
|
|
|
- name: Install Seafile pro license
|
|
copy: content={{ seafile_license }} dest={{ seafile_root_dir }}/seafile-license.txt
|
|
when: seafile_license is defined
|
|
tags: seafile
|
|
|
|
- name: Create archive directory
|
|
file: path={{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }} state=directory
|
|
when: seafile_install_mode == 'upgrade'
|
|
tags: seafile
|
|
|
|
- name: Stop the service during upgrade
|
|
service: name={{ item }} state=stopped
|
|
with_items:
|
|
- seafile
|
|
- seahub
|
|
when: seafile_install_mode == 'upgrade'
|
|
tags: seafile
|
|
|
|
- name: Backup the databases
|
|
mysql_db:
|
|
state: dump
|
|
name: "{{ item }}"
|
|
target: "{{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }}/{{ item }}.sql"
|
|
login_host: "{{ seafile_db_server }}"
|
|
login_user: sqladmin
|
|
login_password: "{{ mysql_admin_pass }}"
|
|
quick: True
|
|
single_transaction: True
|
|
with_items:
|
|
- "{{ seafile_db_seafile }}"
|
|
- "{{ seafile_db_ccnet }}"
|
|
- "{{ seafile_db_seahub }}"
|
|
when: seafile_install_mode == 'upgrade'
|
|
tags: seafile
|
|
|
|
- name: Archive seafile server
|
|
synchronize:
|
|
src: "{{ seafile_root_dir }}/seafile-server"
|
|
dest: "{{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }}/"
|
|
recursive: True
|
|
delete: True
|
|
delegate_to: "{{ inventory_hostname }}"
|
|
when: seafile_install_mode == 'upgrade'
|
|
tags: seafile
|
|
|
|
- name: Download seafile archive
|
|
get_url:
|
|
url: "{{ seafile_archive_url }}"
|
|
dest: "{{ seafile_root_dir }}/tmp/seafile-server_{{ seafile_version }}_x86-64.tar.gz"
|
|
checksum: "sha1:{{ seafile_archive_sha1 }}"
|
|
when:
|
|
- seafile_install_mode != 'none'
|
|
- seafile_license is not defined
|
|
tags: seafile
|
|
|
|
- name: Copy Seafile pro archive
|
|
copy: src=seafile-pro-server_{{ seafile_version }}_x86-64.tar.gz dest={{ seafile_root_dir }}/tmp/
|
|
when:
|
|
- seafile_install_mode != 'none'
|
|
- seafile_license is defined
|
|
tags: seafile
|
|
|
|
- name: Extract seafile archive
|
|
unarchive:
|
|
src: "{{ seafile_root_dir }}/tmp/seafile-{{ seafile_license is defined | ternary('pro-','') }}server_{{ seafile_version }}_x86-64.tar.gz"
|
|
dest: "{{ seafile_root_dir }}/tmp"
|
|
remote_src: yes
|
|
when: seafile_install_mode != 'none'
|
|
tags: seafile
|
|
|
|
- name: Create directories
|
|
file: path={{ item.dir }} state=directory owner={{ item.owner | default(seafile_user) }} group={{ item.group | default(seafile_group) }} mode={{ item.mode | default('0770') }}
|
|
with_items:
|
|
- dir: "{{ seafile_root_dir }}"
|
|
mode: 755
|
|
- dir: "{{ seafile_root_dir }}/fuse"
|
|
- dir: "{{ seafile_root_dir }}/seafile-server"
|
|
mode: 755
|
|
- dir: "{{ seafile_root_dir }}/conf"
|
|
- dir: "{{ seafile_root_dir }}/ccnet"
|
|
- dir: "{{ seafile_root_dir }}/logs"
|
|
- dir: "{{ seafile_root_dir }}/pids"
|
|
- dir: "{{ seafile_data_dir }}"
|
|
- dir: "{{ seafile_data_dir }}/thumbnails"
|
|
- dir: "{{ seafile_data_dir }}/seahub"
|
|
mode: 755
|
|
- dir: "{{ seafile_data_dir }}/seahub/custom"
|
|
mode: 755
|
|
- dir: "{{ seafile_data_dir }}/seahub/cache"
|
|
mode: 755
|
|
- dir: "{{ seafile_data_dir }}/seahub/avatars"
|
|
mode: 755
|
|
- dir: "{{ seafile_data_dir }}/pro"
|
|
- dir: "{{ seafile_data_dir }}/db_dumps"
|
|
owner: root
|
|
group: root
|
|
ignore_errors: True # So we can run when the fuse mount point is active
|
|
tags: seafile
|
|
|
|
- name: Move seafile to the correct location
|
|
synchronize:
|
|
src: "{{ seafile_root_dir }}/tmp/seafile-{{ seafile_license is defined | ternary('pro-','') }}server-{{ seafile_version }}/"
|
|
dest: "{{ seafile_root_dir }}/seafile-server/"
|
|
recursive: True
|
|
delete: True
|
|
delegate_to: "{{ inventory_hostname }}"
|
|
when: seafile_install_mode != 'none'
|
|
tags: seafile
|
|
|
|
- name: Check if avatar is a dir or a link
|
|
stat: path={{ seafile_root_dir }}/seafile-server/seahub/media/avatars
|
|
register: seafile_avatar
|
|
tags: seafile
|
|
|
|
- name: Remove default avatar directory
|
|
file: path={{ seafile_root_dir }}/seafile-server/seahub/media/avatars state=absent
|
|
when: seafile_avatar.stat.isdir is defined and seafile_avatar.stat.isdir
|
|
tags: seafile
|
|
|
|
- name: Create seahub symlinks
|
|
file: src={{ seafile_data_dir }}/seahub/{{ item.src }} dest={{ seafile_root_dir }}/seafile-server/seahub/media/{{ item.dest }} state=link force=True
|
|
with_items:
|
|
- src: custom
|
|
dest: custom
|
|
- src: cache
|
|
dest: CACHE
|
|
- src: avatars
|
|
dest: avatars
|
|
tags: seafile
|
|
|
|
- name: Create pro-data link
|
|
file: src={{ seafile_data_dir }}/pro dest={{ seafile_root_dir }}/pro-data state=link force=True
|
|
when: seafile_license is defined
|
|
tags: seafile
|
|
|
|
- name: Set permissions on seahub runtime directory
|
|
file: path={{ seafile_root_dir }}/seafile-server/runtime state=directory owner={{ seafile_user }} mode=700
|
|
tags: seafile
|
|
|
|
- name: Create library-template
|
|
file: path={{ seafile_data_dir }}/library-template state=directory
|
|
when: seafile_install_mode == 'install'
|
|
tags: seafile
|
|
|
|
# Needed since CentOS 7.5 so ldaps can be used
|
|
- name: Remove bundled libs
|
|
file: path={{ seafile_root_dir }}/seafile-server/seafile/lib/{{ item }} state=absent
|
|
with_items:
|
|
- libnssutil3.so
|
|
notify: restart seafile
|
|
tags: seafile
|
|
|
|
- name: Copy documentation
|
|
copy: src={{ seafile_root_dir }}/tmp/seafile-server-{{ seafile_version }}/seafile/docs/seafile-tutorial.doc dest={{ seafile_data_dir }}/library-template remote_src=yes
|
|
when: seafile_install_mode == 'install'
|
|
tags: seafile
|
|
|
|
- name: Generate a secret for seahub
|
|
shell: python2.7 {{ seafile_root_dir }}/seafile-server/seahub/tools/secret_key_generator.py > {{ seafile_root_dir }}/meta/ansible_hub_secret
|
|
args:
|
|
creates: "{{ seafile_root_dir }}/meta/ansible_hub_secret"
|
|
when: seafile_seahub_secret is not defined
|
|
tags: seafile
|
|
|
|
- name: Read seahub secret
|
|
command: cat {{ seafile_root_dir }}/meta/ansible_hub_secret
|
|
register: seafile_seahub_rand_secret
|
|
when: seafile_seahub_secret is not defined
|
|
changed_when: False
|
|
tags: seafile
|
|
|
|
- name: Set seahub secret key
|
|
set_fact: seafile_seahub_secret={{ seafile_seahub_rand_secret.stdout }}
|
|
when: seafile_seahub_secret is not defined
|
|
tags: seafile
|
|
|
|
- name: Generate a ID for seahub
|
|
shell: date | sha1sum | awk '{ print $1 }' > {{ seafile_root_dir }}/meta/ansible_ccnet_id
|
|
args:
|
|
creates: "{{ seafile_root_dir }}/meta/ansible_ccnet_id"
|
|
when: seafile_ccnet_id is not defined
|
|
tags: seafile
|
|
|
|
- name: Read seahub ID
|
|
command: cat {{ seafile_root_dir }}/meta/ansible_ccnet_id
|
|
register: seafile_seahub_rand_id
|
|
when: seafile_ccnet_id is not defined
|
|
changed_when: False
|
|
tags: seafile
|
|
|
|
- name: Set seahub ID
|
|
set_fact: seafile_ccnet_id={{ seafile_seahub_rand_id.stdout }}
|
|
when: seafile_ccnet_id is not defined
|
|
tags: seafile
|
|
|
|
- name: Generate a random pass for the database
|
|
shell: openssl rand -base64 45 > {{ seafile_root_dir }}/meta/ansible_dbpass
|
|
args:
|
|
creates: "{{ seafile_root_dir }}/meta/ansible_dbpass"
|
|
when: seafile_db_pass is not defined
|
|
tags: seafile
|
|
|
|
- name: Read database password
|
|
command: cat {{ seafile_root_dir }}/meta/ansible_dbpass
|
|
register: seafile_rand_pass
|
|
when: seafile_db_pass is not defined
|
|
changed_when: False
|
|
tags: seafile
|
|
|
|
- name: Set database pass
|
|
set_fact: seafile_db_pass={{ seafile_rand_pass.stdout }}
|
|
when: seafile_db_pass is not defined
|
|
tags: seafile
|
|
|
|
- name: Create the databases
|
|
mysql_db:
|
|
name: "{{ item }}"
|
|
login_host: "{{ seafile_db_server }}"
|
|
login_user: sqladmin
|
|
login_password: "{{ mysql_admin_pass }}"
|
|
state: present
|
|
with_items:
|
|
- "{{ seafile_db_seafile }}"
|
|
- "{{ seafile_db_ccnet }}"
|
|
- "{{ seafile_db_seahub }}"
|
|
tags: seafile
|
|
|
|
- name: Create database user
|
|
mysql_user:
|
|
name: "{{ seafile_db_user }}"
|
|
password: "{{ seafile_db_pass }}"
|
|
priv: "{{ seafile_db_seafile }}.*:ALL/{{ seafile_db_ccnet }}.*:ALL/{{ seafile_db_seahub }}.*:ALL"
|
|
host: "{{ item }}"
|
|
login_host: "{{ seafile_db_server }}"
|
|
login_user: sqladmin
|
|
login_password: "{{ mysql_admin_pass }}"
|
|
state: present
|
|
with_items: "{{ (seafile_db_server == '127.0.0.1') | ternary(['127.0.0.1','localhost'],ansible_all_ipv4_addresses) }}"
|
|
tags: seafile
|
|
|
|
- name: Load seahub schema
|
|
mysql_db:
|
|
state: import
|
|
target: "{{ seafile_root_dir }}/seafile-server/seahub/sql/mysql.sql"
|
|
name: "{{ seafile_db_seahub }}"
|
|
login_host: "{{ seafile_db_server }}"
|
|
login_user: sqladmin
|
|
login_password: "{{ mysql_admin_pass }}"
|
|
when: seafile_install_mode == 'install'
|
|
tags: seafile
|
|
|
|
- name: Generate an RSA private key
|
|
command: openssl genrsa -out {{ seafile_root_dir }}/ccnet/mykey.peer 2048
|
|
args:
|
|
creates: "{{ seafile_root_dir }}/ccnet/mykey.peer"
|
|
tags: seafile
|
|
|
|
- name: Deploy seafile configuration
|
|
template: src={{ item }}.j2 dest={{ seafile_root_dir }}/conf/{{ item }} group={{ seafile_group }} mode=640
|
|
with_items:
|
|
- ccnet.conf
|
|
- seafdav.conf
|
|
- seafile.conf
|
|
- seahub_settings.py
|
|
- gunicorn.conf
|
|
notify:
|
|
- restart seafile
|
|
- restart seahub
|
|
tags: seafile
|
|
|
|
- name: Deploy seafile pro configuration
|
|
template: src={{ item }}.j2 dest={{ seafile_root_dir }}/conf/{{ item }} group={{ seafile_group }} mode=640
|
|
with_items:
|
|
- seafevents.conf
|
|
when: seafile_license is defined
|
|
notify:
|
|
- restart seafile
|
|
- restart seahub
|
|
tags: seafile
|
|
|
|
- name: Deploy ccnet ini file
|
|
copy:
|
|
content: |
|
|
{{ seafile_data_dir }}
|
|
dest: "{{ seafile_root_dir }}/ccnet/seafile.ini"
|
|
notify:
|
|
- restart seafile
|
|
- restart seahub
|
|
tags: seafile
|
|
|
|
- name: Deploy initial admin info
|
|
template: src=admin.txt.j2 dest={{ seafile_root_dir }}/conf/admin.txt group={{ seafile_group }} mode=640
|
|
when: seafile_install_mode == 'install'
|
|
tags: seafile
|
|
|
|
- name: Set seafile ports
|
|
set_fact:
|
|
seafile_ports: "[ {{ seafile_seafile_port }}, {{ seafile_seahub_port }} ]"
|
|
tags: seafile
|
|
|
|
- name: Add webdav port
|
|
set_fact:
|
|
seafile_ports: "{{ seafile_ports }} + [ {{ seafile_webdav_port }} ]"
|
|
when: seafile_webdav == True
|
|
tags: seafile
|
|
|
|
- name: Handle seafile ports
|
|
iptables_raw:
|
|
name: seafile_ports
|
|
state: "{{ (seafile_src_ip | length > 0) | ternary('present','absent') }}"
|
|
rules: "-A INPUT -m state --state NEW -p tcp -m multiport --dports {{ seafile_ports | join(',') }} -s {{ seafile_src_ip | join(',') }} -j ACCEPT"
|
|
when: iptables_manage | default(True)
|
|
tags: seafile
|
|
|
|
- name: Compress previous version
|
|
command: tar cJf {{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }}.txz ./
|
|
environment:
|
|
XZ_OPT: -T0
|
|
args:
|
|
chdir: "{{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }}"
|
|
warn: False
|
|
when: seafile_install_mode == 'upgrade'
|
|
tags: seafile
|
|
|
|
- name: Remove archive directory
|
|
file: path={{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }} state=absent
|
|
when: seafile_install_mode == 'upgrade'
|
|
tags: seafile
|
|
|
|
- name: Remove tmp files
|
|
file: path={{ item }} state=absent
|
|
with_items:
|
|
- "{{ seafile_root_dir }}/tmp/seafile-server_{{ seafile_version }}_x86-64.tar.gz"
|
|
- "{{ seafile_root_dir }}/tmp/seafile-server-{{ seafile_version }}"
|
|
- "{{ seafile_root_dir }}/tmp/seafile-pro-server_{{ seafile_version }}_x86-64.tar.gz"
|
|
- "{{ seafile_root_dir }}/tmp/seafile-pro-server-{{ seafile_version }}"
|
|
- "/etc/cron.d/seafil_gc"
|
|
tags: seafile
|
|
|
|
- name: Write version
|
|
copy: content={{ seafile_version }} dest={{ seafile_root_dir }}/meta/ansible_version
|
|
when: seafile_install_mode != 'none'
|
|
tags: seafile
|
|
|
|
- name: Deploy systemd services
|
|
template: src={{ item }}.service.j2 dest=/etc/systemd/system/{{ item }}.service
|
|
with_items:
|
|
- seafile
|
|
- seahub
|
|
notify:
|
|
- restart seafile
|
|
- restart seahub
|
|
register: seafile_systemd_unit
|
|
tags: seafile
|
|
|
|
- name: Reload systemd
|
|
command: systemctl daemon-reload
|
|
when: seafile_systemd_unit.changed
|
|
tags: seafile
|
|
|
|
- name: Start and enable the services
|
|
service: name={{ item }} state=started enabled=yes
|
|
with_items:
|
|
- seafile
|
|
- seahub
|
|
when: seafile_install_mode != 'upgrade' # We need to run upgrade script manually
|
|
tags: seafile
|
|
|
|
- name: Deploy script to run garbage collector
|
|
template: src=gc.sh.j2 dest={{ seafile_root_dir }}/seafile-server/gc.sh mode=0755
|
|
tags: seafile
|
|
|
|
- name: Add a cron job for garbage collector
|
|
cron:
|
|
name: seafile_gc
|
|
special_time: weekly
|
|
user: root
|
|
job: '{{ seafile_root_dir }}/seafile-server/gc.sh'
|
|
cron_file: seafile_gc
|
|
state: present
|
|
tags: seafile
|
|
|
|
- name: Deploy a clamdscan wrapper script
|
|
copy:
|
|
content: |
|
|
#!/bin/bash -e
|
|
/bin/clamdscan -c /etc/clamd.conf $@
|
|
dest: "{{ seafile_root_dir }}/seafile-server/clamdscan.sh"
|
|
mode: 0755
|
|
tags: seafile
|
|
|
|
- name: Install backup script
|
|
template: src={{ item.script }}.j2 dest=/etc/backup/{{ item.type }}.d/{{ item.script }} mode=700
|
|
with_items:
|
|
- script: seafile_dump_db.sh
|
|
type: pre
|
|
- script: seafile_mount_fuse.sh
|
|
type: pre
|
|
- script: seafile_rm_dumps.sh
|
|
type: post
|
|
- script: seafile_umount_fuse.sh
|
|
type: post
|
|
tags: seafile
|
|
|
|
- name: Check if there are custom office templates
|
|
local_action: stat path=config/{{ inventory_hostname }}/seafile/office-template/empty.{{ item }}
|
|
register: seafile_custom_office_template
|
|
vars:
|
|
ansible_become: False
|
|
loop:
|
|
- docx
|
|
- pptx
|
|
- xlsx
|
|
tags: seafile
|
|
|
|
- name: Override office templates
|
|
copy: src={{ item.stat.exists | ternary('config/' + inventory_hostname + '/seafile/office-template/empty.','office-template/empty.' ) }}{{ item.item }} dest={{ seafile_root_dir }}/seafile-server/seahub/media/office-template/
|
|
loop: "{{ seafile_custom_office_template.results }}"
|
|
tags: seafile
|
|
|
|
- name: Deploy permission script
|
|
template: src=perms.sh.j2 dest={{ seafile_root_dir }}/perms.sh mode=755
|
|
register: seafile_perms
|
|
tags: seafile
|
|
|
|
- name: Set optimal permissions
|
|
command: "{{ seafile_root_dir }}/perms.sh"
|
|
changed_when: False
|
|
when: seafile_perms.changed or seafile_install_mode == 'upgrade'
|
|
tags: seafile
|
|
|
|
- include: filebeat.yml
|
|
|