From 38b4a31d1908d4d9a68a96fa46b2131e668f81d1 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Fri, 16 Jun 2023 18:00:09 +0200 Subject: [PATCH] Update to 2023-06-16 18:00 --- roles/common/vars/RedHat-9.yml | 13 +++++ roles/ntp_client/vars/RedHat-9.yml | 6 +++ roles/repo_base/tasks/AlmaLinux-9.yml | 49 ++++++++++++++----- roles/repo_samba4/defaults/main.yml | 2 +- roles/repo_zabbix/tasks/RedHat.yml | 38 +------------- roles/repo_zabbix/tasks/facts.yml | 10 ++++ roles/repo_zabbix/tasks/main.yml | 3 ++ roles/repo_zabbix/vars/RedHat-7.yml | 3 ++ roles/repo_zabbix/vars/RedHat-8.yml | 3 ++ roles/repo_zabbix/vars/RedHat-9.yml | 3 ++ roles/seafile/defaults/main.yml | 12 ++++- ...ile-pro-server_10.0.5_x86-64_CentOS.tar.gz | 3 ++ ...ile-pro-server_9.0.16_x86-64_CentOS.tar.gz | 3 -- roles/seafile/meta/main.yml | 3 -- roles/seafile/tasks/facts.yml | 13 ++++- roles/seafile/tasks/install.yml | 45 +++++++++++++++-- roles/seafile/templates/clean_db.sh.j2 | 1 - roles/seafile/templates/perms.sh.j2 | 3 +- roles/seafile/templates/seafevents.conf.j2 | 1 + roles/seafile/templates/seafile.conf.j2 | 12 +++++ roles/seafile/templates/seafile.service.j2 | 2 +- roles/seafile/templates/seahub.service.j2 | 2 +- roles/seafile/templates/seahub_settings.py.j2 | 6 +++ roles/seafile/vars/RedHat-8.yml | 13 +++-- 24 files changed, 173 insertions(+), 76 deletions(-) create mode 100644 roles/common/vars/RedHat-9.yml create mode 100644 roles/ntp_client/vars/RedHat-9.yml create mode 100644 roles/repo_zabbix/tasks/facts.yml create mode 100644 roles/repo_zabbix/vars/RedHat-7.yml create mode 100644 roles/repo_zabbix/vars/RedHat-8.yml create mode 100644 roles/repo_zabbix/vars/RedHat-9.yml create mode 100644 roles/seafile/files/seafile-pro-server_10.0.5_x86-64_CentOS.tar.gz delete mode 100644 roles/seafile/files/seafile-pro-server_9.0.16_x86-64_CentOS.tar.gz diff --git a/roles/common/vars/RedHat-9.yml b/roles/common/vars/RedHat-9.yml new file mode 100644 index 0000000..f06567a --- /dev/null +++ b/roles/common/vars/RedHat-9.yml @@ -0,0 +1,13 @@ +--- + +system_distro_utils: + - openssh-clients + - nc + - xz + - lz4 + - yum-utils + - fuse-sshfs + - policycoreutils-python-utils + - python3-mysqlclient + - python3-psycopg2 + - zstd diff --git a/roles/ntp_client/vars/RedHat-9.yml b/roles/ntp_client/vars/RedHat-9.yml new file mode 100644 index 0000000..cf8b402 --- /dev/null +++ b/roles/ntp_client/vars/RedHat-9.yml @@ -0,0 +1,6 @@ +--- + +ntp_ntpd_service: ntpd +ntp_chrony_service: chronyd +ntp_chrony_conf: /etc/chrony.conf +ntp_chrony_keyfile: /etc/chrony.keys diff --git a/roles/repo_base/tasks/AlmaLinux-9.yml b/roles/repo_base/tasks/AlmaLinux-9.yml index 3e27874..3fcb835 100644 --- a/roles/repo_base/tasks/AlmaLinux-9.yml +++ b/roles/repo_base/tasks/AlmaLinux-9.yml @@ -1,5 +1,21 @@ --- +- set_fact: + base_repos: + - name: baseos + file: almalinux + dir: BaseOS + - name: appstream + file: almalinux + dir: AppStream + - name: crb + file: almalinux + dir: CRB + - name: extras + file: almalinux + dir: extras + tags: repo + - name: Configure repositories yum_repository: file: "{{ item.file }}" @@ -9,19 +25,25 @@ gpgcheck: True gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9 enabled: "{{ item.enabled | default(True) }}" - loop: - - name: baseos - file: almalinux - dir: BaseOS - - name: appstream - file: almalinux - dir: AppStream - - name: crb - file: almalinux - dir: CRB - - name: extras - file: almalinux - dir: extras + loop: "{{ base_repos }}" + tags: repo + +- name: Empty default file + yum_repository: + file: almalinux-{{ item.name }} + name: "{{ item.name }}" + state: absent + loop: "{{ base_repos }}" + tags: repo + +- name: Configure COPR for FusionInventory + yum_repository: + name: fusioninventory + description: Copr repo for FusionInventory + file: fusioninventory + baseurl: https://download.copr.fedorainfracloud.org/results/frsoftware/FusionInventory/epel-$releasever-$basearch/ + gpgcheck: True + gpgkey: https://download.copr.fedorainfracloud.org/results/frsoftware/FusionInventory/pubkey.gpg tags: repo - include_tasks: epel_{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml @@ -32,3 +54,4 @@ - include_tasks: postgres_client_{{ ansible_os_family }}.yml tags: always + diff --git a/roles/repo_samba4/defaults/main.yml b/roles/repo_samba4/defaults/main.yml index 52ecc4a..98c0774 100644 --- a/roles/repo_samba4/defaults/main.yml +++ b/roles/repo_samba4/defaults/main.yml @@ -1,3 +1,3 @@ --- # Select a branch from https://samba.tranquil.it/centos7/ or https://samba.tranquil.it/centos7/ -samba_major_version: samba-{{ (ansible_distribution_major_version is version('8','<')) | ternary('4.12.15','4.18.2') }} +samba_major_version: samba-{{ (ansible_distribution_major_version is version('8','<')) | ternary('4.12.15','4.18.3') }} diff --git a/roles/repo_zabbix/tasks/RedHat.yml b/roles/repo_zabbix/tasks/RedHat.yml index 9a6492f..fbf00d4 100644 --- a/roles/repo_zabbix/tasks/RedHat.yml +++ b/roles/repo_zabbix/tasks/RedHat.yml @@ -1,48 +1,12 @@ --- -- name: Install GPG Key for Zabbix repo - copy: - content: | - -----BEGIN PGP PUBLIC KEY BLOCK----- - Version: GnuPG v1.4.10 (GNU/Linux) - - mQENBFeIdv0BCADAzkjO9jHoDRfpJt8XgfsBS8FpANfHF2L29ntRwd8ocDwxXSbt - BuGIkUSkOPUTx6i/e9hd8vYh4mcX3yYpiW8Sui4aXbJu9uuSdU5KvPOaTsFeit9j - BDK4b0baFYBDpcBBrgQuyviMAVAczu5qlwolA/Vu6DWqah1X9p+4EFa1QitxkhYs - 3br2ZGy7FZA3f2sZaVhHAPAOBSuQ1W6tiUfTIj/Oc7N+FBjmh3VNfIvMBa0E3rA2 - JlObxUEywsgGo7FPWnwjZyv883slHp/I3H4Or9VBouTWA2yICeROmMwjr4mOZtJT - z9e4v/a2cG/mJXgxCe+FjBvTvrgOVHAXaNwLABEBAAG0IFphYmJpeCBMTEMgPHBh - Y2thZ2VyQHphYmJpeC5jb20+iQE4BBMBAgAiBQJXiHb9AhsDBgsJCAcDAgYVCAIJ - CgsEFgIDAQIeAQIXgAAKCRAIKrVroU/lkbO8B/4/MhxoUN2RPmH7BzFGIntKEWAw - bRkDzyQOk9TjXVegfsBnzmDSdowh7gyteVauvr62jiVtowlE/95vbXqbBCISLqKG - i9Wmbrj7lUXBd2sP7eApFzMUhb3G3GuV5pCnRBIzerDfhXiLE9EWRN89JYDxwCLY - ctQHieZtdmlnPyCbFF6wcXTHUEHBPqdTa6hvUqQL2lHLFoduqQz4Q47Cz7tZxnbr - akAewEToPcjMoteCSfXwF/BRxSUDlN7tKFfBpYQawS8ZtN09ImHOO6CZ/pA0qQim - iNiRUfA25onIDWLLY/NMWg+gK94NVVZ7KmFG3upDB5/uefK6Xwu2PsgiXSQguQEN - BFeIdv0BCACZgfqgz5YoX+ujVlw1gX1J+ygf10QsUM9GglLEuDiSS/Aa3C2UbgEa - +N7JuvzZigGFCvxtAzaerMMDzbliTqtMGJOTjWEVGxWQ3LiY6+NWgmV46AdXik7s - UXM155f1vhOzYp6EZj/xtGvyUzTLUkAlnZNrhEUbUmOhDLassVi32hIyMR5W7w6I - Ii0zIM1mSuLR0H6oDEpR3GzuGVHGj4/sLeAg7iY5MziGwySBQk0Dg0xH5YqHb+uK - zCTH/ILu3srPJq+237Px/PctAZCEA96ogc/DNF2XjdUpMSaEybR0LuHHstAqkrq8 - AyRtDJNYE+09jDFdUIukhErLuo1YPWqFABEBAAGJAR8EGAECAAkFAleIdv0CGwwA - CgkQCCq1a6FP5ZH8+wf/erZneDXqM6xYT8qncFpc1GtOCeODNb19Ii22lDEXd9qN - UlAz2SB6zC5oywlnR0o1cglcrW96MD/uuCL/+tTczeB2C455ofs2mhpK7nKiA4FM - +JZZ6XSBnq7sfsYD6knbvS//SXQV/qYb4bKMvwYnyMz63escgQhOsTT20ptc/w7f - C+YPBR/rHImKspyIwxyqU8EXylFW8f3Ugi2+Fna3CAPR9yQIAChkCjUawUa2VFmm - 5KP8DHg6oWM5mdqcpvU5DMqpi8SA26DEFvULs8bR+kgDd5AU3I4+ei71GslOdfk4 - s1soKT4X2UK+dCCXui+/5ZJHakC67t5OgbMas3Hz4Q== - =5TOS - -----END PGP PUBLIC KEY BLOCK----- - dest: /etc/pki/rpm-gpg/RPM-GPG-KEY-zabbix - tags: repo,zabbix - - name: Configure Zabbix repo yum_repository: name: zabbix description: Zabbix Repository baseurl: http://repo.zabbix.com/zabbix/{{ zabbix_major_version }}/rhel/$releasever/$basearch/ gpgcheck: True - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-zabbix + gpgkey: "{{ zabbix_repo_key }}" priority: 50 includepkgs: - zabbix* diff --git a/roles/repo_zabbix/tasks/facts.yml b/roles/repo_zabbix/tasks/facts.yml new file mode 100644 index 0000000..e147482 --- /dev/null +++ b/roles/repo_zabbix/tasks/facts.yml @@ -0,0 +1,10 @@ +--- + +# Load distribution specific variables +- include_vars: "{{ item }}" + with_first_found: + - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" + - "{{ role_path }}/vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml" + - "{{ role_path }}/vars/{{ ansible_distribution }}.yml" + - "{{ role_path }}/vars/{{ ansible_os_family }}.yml" + tags: repo,zabbix diff --git a/roles/repo_zabbix/tasks/main.yml b/roles/repo_zabbix/tasks/main.yml index 8ce24eb..e6a673f 100644 --- a/roles/repo_zabbix/tasks/main.yml +++ b/roles/repo_zabbix/tasks/main.yml @@ -1,4 +1,7 @@ --- +- include_tasks: facts.yml + tags: always + - include_tasks: "{{ ansible_os_family }}.yml" tags: always diff --git a/roles/repo_zabbix/vars/RedHat-7.yml b/roles/repo_zabbix/vars/RedHat-7.yml new file mode 100644 index 0000000..13068c5 --- /dev/null +++ b/roles/repo_zabbix/vars/RedHat-7.yml @@ -0,0 +1,3 @@ +--- + +zabbix_repo_key: https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-79EA5ED4 diff --git a/roles/repo_zabbix/vars/RedHat-8.yml b/roles/repo_zabbix/vars/RedHat-8.yml new file mode 100644 index 0000000..13068c5 --- /dev/null +++ b/roles/repo_zabbix/vars/RedHat-8.yml @@ -0,0 +1,3 @@ +--- + +zabbix_repo_key: https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-79EA5ED4 diff --git a/roles/repo_zabbix/vars/RedHat-9.yml b/roles/repo_zabbix/vars/RedHat-9.yml new file mode 100644 index 0000000..9461b46 --- /dev/null +++ b/roles/repo_zabbix/vars/RedHat-9.yml @@ -0,0 +1,3 @@ +--- + +zabbix_repo_key: https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-08EFA7DD diff --git a/roles/seafile/defaults/main.yml b/roles/seafile/defaults/main.yml index 6ece097..e8a99d4 100644 --- a/roles/seafile/defaults/main.yml +++ b/roles/seafile/defaults/main.yml @@ -11,11 +11,11 @@ # MaxUsers = "9" # Mode = "subscription" # etc... -seafile_version: "{{ seafile_license is defined | ternary('9.0.16','9.0.10') }}" +seafile_version: "{{ seafile_license is defined | ternary('10.0.5','10.0.1') }}" # Archive URL and sha256 are only used for the community version seafile_archive_url: https://s3.eu-central-1.amazonaws.com/download.seadrive.org/seafile-server_{{ seafile_version }}_x86-64.tar.gz -seafile_archive_sha256: cb2a22482e3383c53d5be0d54845a88727f4c42b9cd0e1381e01d9fadbc20670 +seafile_archive_sha256: 4ce8d51c464ccde8478dfb5f6c92a43b6beece210a939e799b647521ce5baf42 seafile_root_dir: /opt/seafile seafile_data_dir: "{{ seafile_root_dir }}/data" @@ -34,6 +34,8 @@ seafile_memcached_server: 127.0.0.1:11211 # Elasticsearch is only used with pro edition seafile_es_server: localhost seafile_es_port: 9200 +# Number of shards. Each shard should be between 10 and 50GB for optimal perf +seafile_es_shards: 1 # Account under which services will run seafile_user: seafile @@ -45,6 +47,8 @@ seafile_group: "{{ seafile_user }}" # Main seafile daemon port seafile_seafile_port: 8082 +# Notification server port +seafile_notification_port: 8083 # Seahub port seafile_seahub_port: 8000 @@ -56,6 +60,10 @@ seafile_webdav_port: 8080 # empty means only loopback seafile_src_ip: [] +# JWT private key used by the notification server +# A random one will be created if not defined +# seafile_jwt_key: MSjQej7wFv4vxMNvfubfN3wswUE9firjKQ/wnzsGP0g= + # Public URL of the service seafile_public_url: http://{{ inventory_hostname }}:{{ seafile_seahub_port }} diff --git a/roles/seafile/files/seafile-pro-server_10.0.5_x86-64_CentOS.tar.gz b/roles/seafile/files/seafile-pro-server_10.0.5_x86-64_CentOS.tar.gz new file mode 100644 index 0000000..32cd691 --- /dev/null +++ b/roles/seafile/files/seafile-pro-server_10.0.5_x86-64_CentOS.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1769a7734571c0abaecc71dafcbc3683a150951f7196eb626bc21ab658958f97 +size 144175847 diff --git a/roles/seafile/files/seafile-pro-server_9.0.16_x86-64_CentOS.tar.gz b/roles/seafile/files/seafile-pro-server_9.0.16_x86-64_CentOS.tar.gz deleted file mode 100644 index e8cd952..0000000 --- a/roles/seafile/files/seafile-pro-server_9.0.16_x86-64_CentOS.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:bf8c1c9b7d0dfb92f2dd1d306605efe4bf99809639487566a4426e6cd33d2454 -size 98137375 diff --git a/roles/seafile/meta/main.yml b/roles/seafile/meta/main.yml index 4214110..0eae0c4 100644 --- a/roles/seafile/meta/main.yml +++ b/roles/seafile/meta/main.yml @@ -8,9 +8,6 @@ dependencies: - role: mysql_server when: seafile_db_server in ['127.0.0.1', 'localhost'] - role: elasticsearch - vars: - es_version: 7.16.3 - es_archive_sha512: d9ad7a510b8bad63788f5081b9431519e0581242499394f7a2c59f6097f8956603b28881e30697c50fe440b0ced7a2eb66afadb0e12bf97126db1d468d3818ff when: - seafile_license is defined - seafile_es_server in ['127.0.0.1', 'localhost'] diff --git a/roles/seafile/tasks/facts.yml b/roles/seafile/tasks/facts.yml index c2e03e2..14e8045 100644 --- a/roles/seafile/tasks/facts.yml +++ b/roles/seafile/tasks/facts.yml @@ -80,9 +80,20 @@ when: seafile_db_pass is not defined tags: seafile +- name: Generate a JWT private key + block: + - import_tasks: ../includes/get_rand_pass.yml + vars: + - pass_file: "{{ seafile_root_dir }}/meta/ansible_jwt_key" + - size: 45 + - complex: False + - set_fact: seafile_jwt_key={{ rand_pass }} + when: seafile_jwt_key is not defined + tags: seafile + - name: Set seafile ports set_fact: - seafile_ports: "{{ [ seafile_seafile_port ] + [ seafile_seahub_port ] }}" + seafile_ports: "{{ [ seafile_seafile_port ] + [ seafile_notification_port ] + [ seafile_seahub_port ] }}" tags: seafile - name: Add webdav port diff --git a/roles/seafile/tasks/install.yml b/roles/seafile/tasks/install.yml index ae873b0..f7123a3 100644 --- a/roles/seafile/tasks/install.yml +++ b/roles/seafile/tasks/install.yml @@ -18,28 +18,53 @@ register: seafile_py2 tags: seafile -- name: Clear the venv as we migrate to py3 +- name: Check if venv uses py 3.6 + stat: path={{ seafile_root_dir }}/bin/python3.6 + register: seafile_py36 + tags: seafile + +- name: Clear the venv as we migrate to python 3.9 file: path={{ seafile_root_dir }}/{{ item }} state=absent loop: - lib - lib64 - bin - include - when: seafile_py2.stat.exists + when: seafile_py2.stat.exists or seafile_py36.stat.exists tags: seafile - name: Install or update python modules in the virtualenv pip: state: "{{ (seafile_install_mode == 'upgrade') | ternary('latest', 'present') }}" virtualenv: "{{ seafile_root_dir }}" - virtualenv_command: /usr/bin/virtualenv-3 - virtualenv_python: /usr/bin/python3 + virtualenv_command: /bin/python3.9 -m venv name: "{{ seafile_python_libs }}" notify: - restart seafile - restart seahub tags: seafile +- name: Installer version specific python modules + pip: + virtualenv: "{{ seafile_root_dir }}" + virtualenv_command: /bin/python3.9 -m venv + name: + - future==0.18.* + - mysqlclient==2.1.* + - pillow==9.3.* + - captcha==0.4 + - django_simple_captcha==0.5.* + - djangosaml2==1.5.* + - pysaml2==7.2.* + - pycryptodome==3.16.* + - cffi==1.15.1 + - SQLAlchemy==1.4.3 + - chardet + notify: + - restart seafile + - restart seahub + tags: seafile + - name: Install Seafile pro license copy: content={{ seafile_license }} dest={{ seafile_root_dir }}/seafile-license.txt when: @@ -96,6 +121,16 @@ register: seafile_avatar tags: seafile +- name: Check if python2.7 lib dir exists + stat: path={{ seafile_root_dir }}/seafile-server/seafile/lib64/python2.7 + register: seafile_py27_lib + tags: seafile + +- name: Link py27 lib dir to py3 lib dir + file: src={{ seafile_root_dir }}/seafile-server/seafile/lib64/python2.7 dest={{ seafile_root_dir }}/seafile-server/seafile/lib64/python3 state=link force=True + when: seafile_py27_lib.stat.exists + tags: seafile + - name: Remove default avatar directory file: path={{ seafile_root_dir }}/seafile-server/seahub/media/avatars state=absent when: seafile_avatar.stat.isdir is defined and seafile_avatar.stat.isdir @@ -269,7 +304,7 @@ copy: content: | #!/bin/bash -e - export PYTHONPATH={{ seafile_root_dir }}/lib/python3.6/site-packages/ + export PYTHONPATH={{ seafile_root_dir }}/lib/python3.9/site-packages/ {{ seafile_root_dir }}/bin/python3 $@ dest: /usr/local/bin/seafpy mode: 0755 diff --git a/roles/seafile/templates/clean_db.sh.j2 b/roles/seafile/templates/clean_db.sh.j2 index efd2844..85fe0a2 100644 --- a/roles/seafile/templates/clean_db.sh.j2 +++ b/roles/seafile/templates/clean_db.sh.j2 @@ -3,7 +3,6 @@ set -eo pipefail PATH=/opt/seafile/bin:/bin:/usr/bin -PYTHONPATH=/opt/seafile/lib64/python3.6/site-packages/ PYTHON=/opt/seafile/bin/python cd {{ seafile_root_dir }}/seafile-server ./seahub.sh python-env python3 seahub/manage.py clearsessions diff --git a/roles/seafile/templates/perms.sh.j2 b/roles/seafile/templates/perms.sh.j2 index 510de07..cd150f9 100644 --- a/roles/seafile/templates/perms.sh.j2 +++ b/roles/seafile/templates/perms.sh.j2 @@ -1,5 +1,6 @@ #!/bin/bash -chown -R seafile:seafile {{ seafile_root_dir }}/seafile-server/pro/elasticsearch/ +chown -R seafile:seafile {{ seafile_root_dir }}/seafile-server/pro chown -R seafile:seafile {{ seafile_root_dir }}/seahub-data + restorecon -R {{ seafile_root_dir }}/ diff --git a/roles/seafile/templates/seafevents.conf.j2 b/roles/seafile/templates/seafevents.conf.j2 index e8bcc0a..f33f891 100644 --- a/roles/seafile/templates/seafevents.conf.j2 +++ b/roles/seafile/templates/seafevents.conf.j2 @@ -22,6 +22,7 @@ index_office_pdf = true external_es_server = true es_host = {{ seafile_es_server }} es_port = {{ seafile_es_port }} +shards = {{ seafile_es_shards }} [OFFICE CONVERTER] enabled = true diff --git a/roles/seafile/templates/seafile.conf.j2 b/roles/seafile/templates/seafile.conf.j2 index 120bc9e..915fc37 100644 --- a/roles/seafile/templates/seafile.conf.j2 +++ b/roles/seafile/templates/seafile.conf.j2 @@ -32,6 +32,12 @@ web_token_expire_time = 7200 {% if seafile_version is version('9.0.1', '>') %} use_go_fileserver = {{ seafile_use_go_fileserver | ternary('true', 'false') }} {% endif %} +{% if seafile_license is defined %} +use_locked_file_cache = true + +[memcached] +memcached_options = --SERVER={{ seafile_memcached_server }} --POOL-MIN=10 --POOL-MAX=100 +{% endif %} {% if seafile_license is defined and seafile_scan_av == True %} [virus_scan] @@ -39,3 +45,9 @@ scan_command = {{ seafile_root_dir }}/seafile-server/clamdscan.sh virus_code = 1 nonvirus_code = 0 {% endif %} + +[notification] +enabled = true +port = {{ seafile_notification_port }} +log_level = info +jwt_private_key = {{ seafile_jwt_key }} diff --git a/roles/seafile/templates/seafile.service.j2 b/roles/seafile/templates/seafile.service.j2 index ccbd9c4..42b8f90 100644 --- a/roles/seafile/templates/seafile.service.j2 +++ b/roles/seafile/templates/seafile.service.j2 @@ -5,7 +5,7 @@ After=network.target mariadb.service elasticsearch.service [Service] Type=forking Environment=PATH={{ seafile_root_dir }}/bin:/bin:/usr/bin -Environment=PYTHONPATH={{ seafile_root_dir }}/lib64/python3.6/site-packages/ +Environment=PYTHONPATH={{ seafile_root_dir }}/lib64/python3.9/site-packages/ Environment=PYTHON={{ seafile_root_dir }}/bin/python ExecStart={{ seafile_root_dir }}/seafile-server/seafile.sh start ExecStop={{ seafile_root_dir }}/seafile-server/seafile.sh stop diff --git a/roles/seafile/templates/seahub.service.j2 b/roles/seafile/templates/seahub.service.j2 index 3f530fc..e8decb1 100644 --- a/roles/seafile/templates/seahub.service.j2 +++ b/roles/seafile/templates/seahub.service.j2 @@ -4,7 +4,7 @@ After=network.target seafile.service [Service] Type=forking -Environment=PYTHONPATH={{ seafile_root_dir }}/lib64/python3.6/site-packages/ +Environment=PYTHONPATH={{ seafile_root_dir }}/lib64/python3.9/site-packages/ Environment=PYTHON={{ seafile_root_dir }}/bin/python ExecStart={{ seafile_root_dir }}/seafile-server/seahub.sh start {{ seafile_seahub_port }} ExecStop={{ seafile_root_dir }}/seafile-server/seahub.sh stop diff --git a/roles/seafile/templates/seahub_settings.py.j2 b/roles/seafile/templates/seahub_settings.py.j2 index f10e9d3..c41d4bb 100644 --- a/roles/seafile/templates/seahub_settings.py.j2 +++ b/roles/seafile/templates/seahub_settings.py.j2 @@ -4,6 +4,9 @@ SERVICE_URL = '{{ seafile_public_url }}' {% endif %} +CSRF_COOKIE_SECURE = True +CSRF_COOKIE_SAMESITE = 'Strict' + SECRET_KEY = "{{ seafile_seahub_secret }}" DATABASES = { @@ -84,6 +87,9 @@ LOGGING = { }, } +ENABLE_WEBDAV_SECRET = True +WEBDAV_SECRET_MIN_LENGTH = 12 + EMAIL_USE_TLS = False EMAIL_HOST = 'localhost' EMAIL_HOST_USER = '' diff --git a/roles/seafile/vars/RedHat-8.yml b/roles/seafile/vars/RedHat-8.yml index 1808d32..f6dace3 100644 --- a/roles/seafile/vars/RedHat-8.yml +++ b/roles/seafile/vars/RedHat-8.yml @@ -1,12 +1,10 @@ --- seafile_packages: - - python3 - - python3-setuptools - - python3-pip - - python3-virtualenv - - python3-mysql - - python3-devel + - python39 + - python39-setuptools + - python39-pip + - python39-devel - gcc - gcc-c++ - ffmpeg @@ -14,6 +12,7 @@ seafile_packages: - libmemcached-devel - mysql-devel - zlib-devel + - openldap-devel - gcc - tar - mariadb @@ -32,7 +31,7 @@ seafile_python_libs: - psd-tools - django-pylibmc - django-simple-captcha - - python3-ldap + - python-ldap - requests_oauthlib - future - mysqlclient