Update to 2022-01-12 23:00

2025-04-16 02:03:09 +02:00 · 2022-01-12 23:00:05 +01:00 · 2022-01-12 23:00:05 +01:00 · 106aeda320
commit 106aeda320
parent e73f05f073
7 changed files with 61 additions and 56 deletions
--- a/roles/rpm_build_server/defaults/main.yml
+++ b/roles/rpm_build_server/defaults/main.yml
@ -7,8 +7,6 @@ rpm_packager: RPM Builder <rpms@{{ ansible_domain }}>
 rpm_user: rpmbuilder
 # Unix group allowed to submit builds
 rpm_build_group: rpmbuilders
-# Admin email where notifications will be sent
-rpm_admin_email: "{{ system_admin_email | default('root@' ~ ansible_domain) }}"
 # name of the GPG key used to sign the packages
 rpm_gpg_name: RPM Signing Key
 rpm_gpg_email: rpms@{{ ansible_domain }}
--- a/roles/rpm_build_server/files/watcher.pl
+++ b/roles/rpm_build_server/files/watcher.pl
@ -53,48 +53,7 @@ if ( -e $opt->{config} ) {
  die "Config file " . $opt->{config} . " doesn't exist\n";
 }

-# If ldap is configured, we'll use it to lookup email
-# addresses of submitters to send them notifications
-my $ldap;
 my $ldap_msg;
-if (defined $conf->{ldap} and defined $conf->{ldap}->{servers}){
-  log_verbose("Connecting to " . join(', ', @{$conf->{ldap}->{servers}}));
-  $ldap = new Net::LDAP($conf->{ldap}->{servers},
-    timeout => 10,
-  );
-  if (not defined $ldap){
-    log_info("Couldn't connect to any LDAP servers (" . join(',', @{$conf->{ldap}->{servers}}) . ")");
-  } else {
-    if (defined $conf->{ldap}->{start_tls} and $conf->{ldap}->{start_tls}){
-      log_verbose("Upgrade LDAP connection using StartTLS");
-      $ldap_msg = $ldap->start_tls(
-        verify => 'require'
-      );
-      if ($ldap_msg->code){
-        log_verbose("StartTLS failed : " . $ldap_msg->error);
-        log_verbose("LDAP support will be disabled");
-        $ldap = undef;
-      }
-    }
-    if (defined $conf->{ldap}->{bind_dn} and defined $conf->{ldap}->{bind_pass}){
-      log_verbose("Binding as $conf->{ldap}->{bind_dn}");
-      $ldap_msg = $ldap->bind(
-        $conf->{ldap}->{bind_dn},
-        password => $conf->{ldap}->{bind_pass}
-      );
-      if ($ldap_msg->code){
-        log_verbose("LDAP bind failed : " . $ldap_msg->error);
-        log_verbose("LDAP support will be disabled");
-        $ldap = undef;
-      }
-    } else {
-      log_verbose("Using anonymous bind");
-      $ldap_msg = $ldap->bind;
-    }
-  }
-} else {
-  log_verbose("No LDAP servers configured");
-}

 my $inotify = new Linux::Inotify2
   or die "Unable to create new inotify object: $!";
@ -161,8 +120,9 @@ sub handle_submit {
  my $submiter = getpwuid(stat($srpm)->uid);
  my $email;
  log_info("File submited by $submiter");
+  my $ldap = ldap_connect();
  if (defined $ldap){
-    $email = user2email($submiter);
+    $email = user2email($ldap, $submiter);
    if (not defined $email){
      log_verbose("LDAP returned no result");
    }
@ -172,6 +132,8 @@ sub handle_submit {
  } else {
    log_verbose("No email address for $submiter, no notification will be sent");
  }
+  $ldap->done;
+  $ldap->disconnect;
  # Do not check the signature here
  # We could try to submit a signed src.rpm for which we do not have the key system-wide
  my $src_pkg = RPM2->open_package($srpm, RPM2->_rpmvsf_nosignatures);
@ -288,6 +250,11 @@ sub handle_submit {
      );
    }
  }
+  if (defined $ldap){
+    $ldap->done;
+    $ldap->disconnect;
+  }
+  return;
 }

 # Handle errors. Log it, and notify the admin
@ -298,13 +265,6 @@ sub handle_error {
  my $dest   = shift;

  log_error( $err );
-  if ( defined $conf->{notify}->{to} ) {
-    send_notification(
-      $conf->{notify}->{to},
-      "Error while building $job_id",
-      "Building $job_id failed at step '$step'. The error was\n$err\n"
-    );
-  }
  if ( defined $dest ) {
    send_notification(
      $dest,
@ -337,8 +297,10 @@ sub send_notification {

 # Lookup in LDAP if we can get the email address of a user
 sub user2email {
+  my $ldap = shift;
  my $user = shift;
  if (not defined $ldap or not defined $conf->{ldap}->{search_base} or not defined $conf->{ldap}->{search_filter}){
+    log_verbose("LDAP not connected or not configured, skiping lookup");
    return;
  }
  my $filter = $conf->{ldap}->{search_filter};
@ -359,3 +321,48 @@ sub user2email {
  }
  return $results->entry(0)->get_value( $conf->{ldap}->{email_attr} );
 }
+
+# Connect to LDAP
+# which will be used to lookup the email address of the submiter
+sub ldap_connect {
+  my $ldaph;
+  if (defined $conf->{ldap} and defined $conf->{ldap}->{servers}){
+    log_verbose("Connecting to " . join(', ', @{$conf->{ldap}->{servers}}));
+    $ldaph = new Net::LDAP($conf->{ldap}->{servers},
+      timeout => 10,
+    );
+    if (not defined $ldaph){
+      log_info("Couldn't connect to any LDAP servers (" . join(',', @{$conf->{ldap}->{servers}}) . ")");
+    } else {
+      if (defined $conf->{ldap}->{start_tls} and $conf->{ldap}->{start_tls}){
+        log_verbose("Upgrade LDAP connection using StartTLS");
+        $ldap_msg = $ldaph->start_tls(
+          verify => 'require'
+        );
+        if ($ldap_msg->code){
+          log_verbose("StartTLS failed : " . $ldap_msg->error);
+          log_verbose("LDAP support will be disabled");
+          $ldaph = undef;
+        }
+      }
+      if (defined $conf->{ldap}->{bind_dn} and defined $conf->{ldap}->{bind_pass}){
+        log_verbose("Binding as $conf->{ldap}->{bind_dn}");
+        $ldap_msg = $ldaph->bind(
+          $conf->{ldap}->{bind_dn},
+          password => $conf->{ldap}->{bind_pass}
+        );
+        if ($ldap_msg->code){
+          log_verbose("LDAP bind failed : " . $ldap_msg->error);
+          log_verbose("LDAP support will be disabled");
+          $ldaph = undef;
+        }
+      } else {
+        log_verbose("Using anonymous bind");
+        $ldap_msg = $ldaph->bind;
+      }
+    }
+  } else {
+    log_verbose("No LDAP servers configured");
+  }
+  return $ldaph;
+}
--- a/roles/rpm_build_server/templates/build-watcher.service.j2
+++ b/roles/rpm_build_server/templates/build-watcher.service.j2
@ -10,6 +10,7 @@ WorkingDirectory={{ rpm_root_dir }}/
 Restart=always
 ReadWritePaths=/run {{ rpm_root_dir }}/repo {{ rpm_root_dir }}/cache {{ rpm_root_dir }}/builds
 PrivateTmp=true
+SyslogIdentifier=build-watcher

 [Install]
 WantedBy=multi-user.target
--- a/roles/rpm_build_server/templates/config.yml.j2
+++ b/roles/rpm_build_server/templates/config.yml.j2
@ -14,7 +14,6 @@ paths:

 notify:
  from: buildsys@{{ ansible_domain }}
-  to: {{ rpm_admin_email }}

 {% if rpm_mirrors is defined and rpm_mirrors | length > 0 %}
 mirror:
--- a/roles/seafile/defaults/main.yml
+++ b/roles/seafile/defaults/main.yml
@ -11,7 +11,7 @@
 #   MaxUsers = "9"
 #   Mode = "subscription"
 #   etc...
-seafile_version: "{{ seafile_license is defined | ternary('8.0.15','9.0.2') }}"
+seafile_version: "{{ seafile_license is defined | ternary('8.0.17','9.0.2') }}"

 # Archive URL and sha1 are only used for the community version
 seafile_archive_url: https://s3.eu-central-1.amazonaws.com/download.seadrive.org/seafile-server_{{ seafile_version }}_x86-64.tar.gz
--- a/roles/seafile/files/seafile-pro-server_8.0.15_x86-64_CentOS.tar.gz
+++ b/roles/seafile/files/seafile-pro-server_8.0.15_x86-64_CentOS.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:cd7a93e14735f3bcc576a3c8f85937078e7805e50a613dff1c0f62ace5068112
-size 124779753
--- a/roles/seafile/files/seafile-pro-server_8.0.17_x86-64_CentOS.tar.gz
+++ b/roles/seafile/files/seafile-pro-server_8.0.17_x86-64_CentOS.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8e6f50e8470f0c0835b4c4c6507242929f496c6df68ab297bb184a1eed0ce0c4
+size 125213881