jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-10-31 19:01:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2021-12-01 19:13

Browse Source
This commit is contained in:
Daniel Berteaud
2021-12-01 19:13:34 +01:00
commit 4c4556c660
2153 changed files with 60999 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

117
roles/seafile/defaults/main.yml Normal file
View File

@@ -0,0 +1,117 @@
---
# seafile_license: |
# #Seafile server licence
# Name = "Firewall Services #20193111573"
# Licencetype = "User"
# LicenceKEY = "XXX"
# ProductID = "Seafile server"
# Expiration = "2020-01-09"
# MaxUsers = "9"
# Mode = "subscription"
# etc...
seafile_version: "{{ seafile_license is defined | ternary('8.0.14','9.0.1') }}"
# Archive URL and sha1 are only used for the community version
seafile_archive_url: https://s3.eu-central-1.amazonaws.com/download.seadrive.org/seafile-server_{{ seafile_version }}_x86-64.tar.gz
seafile_archive_sha1: 6f55aa1d465e94a7ada1dff7e1923e020ddb5a6c
seafile_root_dir: /opt/seafile
seafile_data_dir: "{{ seafile_root_dir }}/data"
seafile_db_server: "{{ mysql_server | default('127.0.0.1') }}"
seafile_db_port: 3306
seafile_db_user: seafile
# If not set, a random password will be generated and stored in the meta directory
# seafile_db_pass:
seafile_db_ccnet: ccnet
seafile_db_seafile: seafile
seafile_db_seahub: seahub
# Set to none to disable memcached
seafile_memcached_server: 127.0.0.1:11211
# Account under which services will run
seafile_user: seafile
seafile_group: "{{ seafile_user }}"
# A random one will be generated if not defined here
# seafile_seahub_secret:
# seafile_seahub_id:
# Main seafile daemon port
seafile_seafile_port: 8082
# Seahub port
seafile_seahub_port: 8000
# If you want webdav to be enabled
seafile_webdav: True
seafile_webdav_port: 8080
# Restrict access to seafile ports
# empty means only loopback
seafile_src_ip: []
# Public URL of the service
seafile_public_url: http://{{ inventory_hostname }}:{{ seafile_seahub_port }}
# Default admin user, created at install time
seafile_admin_email: admin@{{ ansible_domain }}
seafile_admin_pass: seafile
# LDAP integration
seafile_ldap_auth: "{{ (ad_auth | default(False) or ldap_auth | default(False)) | ternary(True,False) }}"
seafile_ldap_uri: "{{ ad_auth | default(False) | ternary('ldaps://' + ad_realm | default(samba_realm) | default(ansible_domain) | lower,ldap_uri | default('ldap://ldap' ~ ansible_domain) | regex_replace('^ldap://(.*)','ldaps://\\1')) }}"
seafile_ldap_base: "{{ ad_auth | default(False) | ternary('DC=' + ad_realm | default(samba_realm) | default(ansible_domain) | regex_replace('\\.',',DC='), 'ou=Users,' + ldap_base) }}"
# seafile_ldap_bind_dn:
# Note that seafile_ldap_bind_pass should not contain special caracter, as it might break the parser and
# prevent seafevents from starting !
# seafile_ldap_bind_pass:
seafile_ldap_login_attr: "{{ ad_auth | default(False) | ternary('userPrincipalName','mail') }}"
seafile_ldap_filter: "{{ ad_auth | default(False) | ternary('&(objectClass=user)(objectCategory=person)(primaryGroupId=513)','objectClass=inetOrgPerson') }}"
# seafile_ldap_group_filter: (mail=*)
# oAuth2 authentication
seafile_oauth2_auth: False
seafile_oauth2_id: seafile
# seafile_oauth2_secret:
seafile_oauth2_sso: https://sso.{{ ansible_domain }}
seafile_oauth2_callback_url: "{{ seafile_public_url }}/oauth/callback/"
seafile_oauth2_provider_domain: "{{ ansible_domain }}"
seafile_oauth2_authorization_url: "{{ seafile_oauth2_sso }}/oauth2/authorize"
seafile_oauth2_token_url: "{{ seafile_oauth2_sso }}/oauth2/token"
seafile_oauth2_user_info_url: "{{ seafile_oauth2_sso }}/oauth2/userinfo"
# Proxy authentication
seafile_header_auth: False
seafile_header_auth_name: HTTP_USER_PRINCIPAL
seafile_header_auth_domain: ''
seafile_header_auth_protected_paths:
- 'sso'
seafile_header_auth_force_logout: False
# Default quota (in GB) to apply to all users
# seafile_default_quota: 20
# Default history to keep (in days) for libraries
seafile_default_history: 365
# You can set max sizes (in MB)
# seafile_max_upload_size
# seafile_max_download_dir_size
# Max cookie lifetime
seafile_cookie_age: '60 * 60 * 12'
# Name and title of your Seafile instance
seafile_site_name: 'Seafile'
seafile_site_title: 'Mon cloud privé'
# Set to your OnlyOffice url to enable integration
# seafile_oo_uri: https://oods.example.org/
# Optional secret token shared with OnlyOffice
# seafile_oo_secret: XXXXX
# Enable ClamAV scanning of files
# Only available if you run the PRO edition
seafile_scan_av: True

BIN
roles/seafile/files/avatars/default-non-register.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.8 KiB

BIN
roles/seafile/files/avatars/default.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.5 KiB

BIN
roles/seafile/files/office-template/empty.docx Normal file
View File

Binary file not shown.

BIN
roles/seafile/files/office-template/empty.pptx Normal file
View File

Binary file not shown.

BIN
roles/seafile/files/office-template/empty.xlsx Normal file
View File

Binary file not shown.

3
roles/seafile/files/seafile-pro-server_8.0.14_x86-64_CentOS.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:dd731df5358d2d85ac8813826edee53f2363e4a1374b99343cdc870d4563d1d5
size 124758132

11
roles/seafile/handlers/main.yml Normal file
View File

@@ -0,0 +1,11 @@
---
- include: ../common/handlers/main.yml
- name: restart seafile
service: name=seafile state=restarted
when: seafile_install_mode != 'upgrade'
- name: restart seahub
service: name=seahub state=restarted
when: seafile_install_mode != 'upgrade'

9
roles/seafile/meta/main.yml Normal file
View File

@@ -0,0 +1,9 @@
---
dependencies:
- role: repo_rpmfusion
- role: memcached_server
when: seafile_memcached_server is search('^(127\.0\.0\.1|localhost)')
- role: clamav
when: seafile_license is defined and seafile_scan_av == True
- role: mysql_server
when: seafile_db_server in ['127.0.0.1', 'localhost']

15
roles/seafile/tasks/archive_post.yml Normal file
View File

@@ -0,0 +1,15 @@
---
- name: Compress previous version
command: tar cJf {{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }}.txz ./
environment:
XZ_OPT: -T0
args:
chdir: "{{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }}"
warn: False
tags: seafile
- name: Remove archive directory
file: path={{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }} state=absent
tags: seafile

41
roles/seafile/tasks/archive_pre.yml Normal file
View File

@@ -0,0 +1,41 @@
---
- name: Create archive directory
file: path={{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }} state=directory
tags: seafile
- name: Stop services during upgrade
systemd: name={{ item }} state=stopped
loop:
- seafile.service
- seahub.service
- seafile-clean-db.timer
- seafile-gc.timer
tags: seafile
- name: Backup the databases
mysql_db:
state: dump
name: "{{ item }}"
target: "{{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }}/{{ item }}.sql"
login_host: "{{ seafile_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
quick: True
single_transaction: True
with_items:
- "{{ seafile_db_seafile }}"
- "{{ seafile_db_ccnet }}"
- "{{ seafile_db_seahub }}"
tags: seafile
- name: Archive seafile server
synchronize:
src: "{{ seafile_root_dir }}/seafile-server"
dest: "{{ seafile_root_dir }}/archives/{{ seafile_current_version.stdout }}/"
recursive: True
delete: True
compress: False
delegate_to: "{{ inventory_hostname }}"
tags: seafile

21
roles/seafile/tasks/cleanup.yml Normal file
View File

@@ -0,0 +1,21 @@
---
- name: Remove tmp and obsolete files
file: path={{ item }} state=absent
loop:
- "{{ seafile_root_dir }}/tmp/seafile-server_{{ seafile_version }}_x86-64.tar.gz"
- "{{ seafile_root_dir }}/tmp/seafile-server-{{ seafile_version }}"
- "{{ seafile_root_dir }}/tmp/seafile-pro-server_{{ seafile_version }}_x86-64_CentOS.tar.gz"
- "{{ seafile_root_dir }}/tmp/seafile-pro-server-{{ seafile_version }}"
- "{{ seafile_data_dir }}/db_dumps"
- "{{ seafile_data_dir }}/backup"
# All these are obsoletes backup hooks
- /etc/backup/pre.d/seafile_dump_db.sh
- /etc/backup/pre.d/seafile_mount_fuse.sh
- /etc/backup/post.d/seafile_rm_dumps.sh
- /etc/backup/post.d/seafile_umount_fuse.sh
# Old cron job, replaced with systemd timers
- /etc/cron.d/seafile_gc
# This one has a typo in even older versions of the role
- /etc/cron.d/seafil_gc
tags: seafile

49
roles/seafile/tasks/conf.yml Normal file
View File

@@ -0,0 +1,49 @@
---
- name: Generate an RSA private key
command: openssl genrsa -out {{ seafile_root_dir }}/ccnet/mykey.peer 2048
args:
creates: "{{ seafile_root_dir }}/ccnet/mykey.peer"
tags: seafile
- name: Deploy seafile configuration
template: src={{ item }}.j2 dest={{ seafile_root_dir }}/conf/{{ item }} group={{ seafile_group }} mode=640
with_items:
- ccnet.conf
- seafdav.conf
- seafile.conf
- seahub_settings.py
- gunicorn.conf.py
notify:
- restart seafile
- restart seahub
tags: seafile
- name: Deploy seafile pro configuration
template: src={{ item }}.j2 dest={{ seafile_root_dir }}/conf/{{ item }} group={{ seafile_group }} mode=640
with_items:
- seafevents.conf
when: seafile_license is defined
notify:
- restart seafile
- restart seahub
tags: seafile
- name: Deploy ccnet ini file
copy:
content: |
{{ seafile_data_dir }}
dest: "{{ seafile_root_dir }}/ccnet/seafile.ini"
notify:
- restart seafile
- restart seahub
tags: seafile
- name: Deploy initial admin info
template: src=admin.txt.j2 dest={{ seafile_root_dir }}/conf/admin.txt group={{ seafile_group }} mode=640
when: seafile_install_mode == 'install'
tags: seafile
- name: Deploy logrotate configuration
template: src=logrotate.conf.j2 dest=/etc/logrotate.d/seafile
tags: seafile

39
roles/seafile/tasks/directories.yml Normal file
View File

@@ -0,0 +1,39 @@
---
- name: Create directories
file: path={{ item.dir }} state=directory owner={{ item.owner | default(seafile_user) }} group={{ item.group | default(seafile_user) }} mode={{ item.mode | default(omit) }}
with_items:
- dir: "{{ seafile_root_dir }}/tmp"
mode: 700
owner: root
group: root
- dir: "{{ seafile_root_dir }}/meta"
mode: 700
owner: root
group: root
- dir: "{{ seafile_root_dir }}/archives"
mode: 700
owner: root
group: root
- dir: "{{ seafile_root_dir }}"
- dir: "{{ seafile_root_dir }}/fuse"
- dir: "{{ seafile_root_dir }}/seafile-server"
- dir: "{{ seafile_root_dir }}/conf"
- dir: "{{ seafile_root_dir }}/ccnet"
mode: 770
- dir: "{{ seafile_root_dir }}/logs"
- dir: "{{ seafile_root_dir }}/pids"
- dir: "{{ seafile_data_dir }}"
mode: 770
- dir: "{{ seafile_data_dir }}/thumbnails"
- dir: "{{ seafile_data_dir }}/seahub"
- dir: "{{ seafile_data_dir }}/seahub/custom"
- dir: "{{ seafile_data_dir }}/seahub/cache"
- dir: "{{ seafile_data_dir }}/seahub/avatars"
- dir: "{{ seafile_data_dir }}/pro"
- dir: "{{ seafile_root_dir }}/backup"
mode: 700
owner: root
group: root
ignore_errors: True # So we can run when the fuse mount point is active
tags: seafile

90
roles/seafile/tasks/facts.yml Normal file
View File

@@ -0,0 +1,90 @@
---
- include_vars: "{{ item }}"
with_first_found:
- vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
- vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml
- vars/{{ ansible_distribution }}.yml
- vars/{{ ansible_os_family }}.yml
tags: seafile
- name: Set default install mode
set_fact: seafile_install_mode='none'
tags: seafile
# Makes sur we do not have a trailing / on the public url
- set_fact: seafile_public_url={{ seafile_public_url | regex_replace('/$','') }}
tags: seafile
- name: Check if seafile is installed
stat: path={{ seafile_root_dir }}/meta/ansible_version
register: seafile_version_file
tags: seafile
- name: Check installed version
command: cat {{ seafile_root_dir }}/meta/ansible_version
register: seafile_current_version
when: seafile_version_file.stat.exists
changed_when: False
tags: seafile
- name: Set install mode to install
set_fact: seafile_install_mode='install'
when: not seafile_version_file.stat.exists
tags: seafile
- name: Set install mode to upgrade
set_fact: seafile_install_mode='upgrade'
when:
- seafile_version_file.stat.exists
- seafile_current_version is defined
- seafile_current_version.stdout != seafile_version
tags: seafile
# Needed to have consistent behaviour with the various components
# which do not all support unix socket
- name: Set DB server to 127.0.0.1
set_fact: seafile_db_server="127.0.0.1"
when: seafile_db_server == 'localhost'
tags: seafile
- name: Generate an ID for seahub
shell: date | sha1sum | awk '{ print $1 }' > {{ seafile_root_dir }}/meta/ansible_ccnet_id
args:
creates: "{{ seafile_root_dir }}/meta/ansible_ccnet_id"
when: seafile_ccnet_id is not defined
tags: seafile
- name: Read seahub ID
command: cat {{ seafile_root_dir }}/meta/ansible_ccnet_id
register: seafile_seahub_rand_id
when: seafile_ccnet_id is not defined
changed_when: False
tags: seafile
- name: Set seahub ID
set_fact: seafile_ccnet_id={{ seafile_seahub_rand_id.stdout }}
when: seafile_ccnet_id is not defined
tags: seafile
- name: Generate a password for the database
block:
- import_tasks: ../includes/get_rand_pass.yml
vars:
- pass_file: "{{ seafile_root_dir }}/meta/ansible_dbpass"
- complex: False
- set_fact: seafile_db_pass={{ rand_pass }}
when: seafile_db_pass is not defined
tags: seafile
- name: Set seafile ports
set_fact:
seafile_ports: "[ {{ seafile_seafile_port }}, {{ seafile_seahub_port }} ]"
tags: seafile
- name: Add webdav port
set_fact:
seafile_ports: "{{ seafile_ports }} + [ {{ seafile_webdav_port }} ]"
when: seafile_webdav == True
tags: seafile

5
roles/seafile/tasks/filebeat.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- name: Deploy filebeat configuration
template: src=filebeat.yml.j2 dest=/etc/filebeat/ansible_inputs.d/seafile.yml
tags: seafile,log

286
roles/seafile/tasks/install.yml Normal file
View File

@@ -0,0 +1,286 @@
---
- name: Install RPM dependencies
yum: name={{ seafile_packages }}
tags: seafile
- name: Install MariaDB libs
yum:
name:
- MariaDB-shared
when:
- mysql_mariadb_version is defined
- mysql_mariadb_version != 'default'
tags: seafile
- name: Check if py2 venv is setup
stat: path={{ seafile_root_dir }}/bin/python2
register: seafile_py2
tags: seafile
- name: Clear the venv as we migrate to py3
file: path={{ seafile_root_dir }}/{{ item }} state=absent
loop:
- lib
- lib64
- bin
- include
when: seafile_py2.stat.exists
tags: seafile
- name: Install or update python modules in the virtualenv
pip:
state: "{{ (seafile_install_mode == 'upgrade') | ternary('latest', 'present') }}"
virtualenv: "{{ seafile_root_dir }}"
virtualenv_command: /usr/bin/virtualenv-3
virtualenv_python: /usr/bin/python3
name: "{{ seafile_python_libs }}"
notify:
- restart seafile
- restart seahub
tags: seafile
- name: Install Seafile pro license
copy: content={{ seafile_license }} dest={{ seafile_root_dir }}/seafile-license.txt
when:
- seafile_license is defined
- seafile_license != '' # defining an empty license means using the Free for 3 user offer
notify:
- restart seafile
- restart seahub
tags: seafile
- name: Download seafile archive
get_url:
url: "{{ seafile_archive_url }}"
dest: "{{ seafile_root_dir }}/tmp/seafile-server_{{ seafile_version }}_x86-64.tar.gz"
checksum: "sha1:{{ seafile_archive_sha1 }}"
when:
- seafile_install_mode != 'none'
- seafile_license is not defined
tags: seafile
- name: Copy Seafile pro archive
copy: src=seafile-pro-server_{{ seafile_version }}_x86-64_CentOS.tar.gz dest={{ seafile_root_dir }}/tmp/
when:
- seafile_install_mode != 'none'
- seafile_license is defined
tags: seafile
- name: Extract seafile archive
unarchive:
src: "{{ seafile_root_dir }}/tmp/{{ seafile_license is defined | ternary('seafile-pro-server_' ~ seafile_version ~ '_x86-64_CentOS.tar.gz','seafile-server_' ~ seafile_version ~ '_x86-64.tar.gz') }}"
dest: "{{ seafile_root_dir }}/tmp"
remote_src: yes
when: seafile_install_mode != 'none'
tags: seafile
- name: Move seafile to the correct location
synchronize:
src: "{{ seafile_root_dir }}/tmp/seafile-{{ seafile_license is defined | ternary('pro-','') }}server-{{ seafile_version }}/"
dest: "{{ seafile_root_dir }}/seafile-server/"
recursive: True
delete: True
compress: False
delegate_to: "{{ inventory_hostname }}"
when: seafile_install_mode != 'none'
tags: seafile
- name: Chown seafile install dir
shell: chown -R {{ seafile_user }}:{{ seafile_group }} {{ seafile_root_dir }}/seafile-server/*
args:
warn: False
when: seafile_install_mode != 'none'
tags: seafile
- name: Check if avatar is a dir or a link
stat: path={{ seafile_root_dir }}/seafile-server/seahub/media/avatars
register: seafile_avatar
tags: seafile
- name: Remove default avatar directory
file: path={{ seafile_root_dir }}/seafile-server/seahub/media/avatars state=absent
when: seafile_avatar.stat.isdir is defined and seafile_avatar.stat.isdir
tags: seafile
- name: Create seahub symlinks
file: src={{ seafile_data_dir }}/seahub/{{ item.src }} dest={{ seafile_root_dir }}/seafile-server/seahub/media/{{ item.dest }} state=link force=True
with_items:
- src: custom
dest: custom
- src: cache
dest: CACHE
- src: avatars
dest: avatars
tags: seafile
- name: Create data dir link
file: src={{ seafile_data_dir }} dest={{ seafile_root_dir }}/seafile-data state=link
tags: seafile
- name: Create pro-data link
file: src={{ seafile_data_dir }}/pro dest={{ seafile_root_dir }}/pro-data state=link force=True
when: seafile_license is defined
tags: seafile
- name: Set permissions on seahub runtime directory
file: path={{ seafile_root_dir }}/seafile-server/runtime state=directory owner={{ seafile_user }} mode=700
tags: seafile
- name: Create library-template
file: path={{ seafile_data_dir }}/library-template state=directory
when: seafile_install_mode == 'install'
tags: seafile
- name: Copy default avatars
copy: src=avatars/ dest={{ seafile_data_dir }}/seahub/avatars/
tags: seafile
# Needed since CentOS 7.5 so ldaps can be used
- name: Remove bundled libs
file: path={{ seafile_root_dir }}/seafile-server/seafile/lib/{{ item }} state=absent
loop: "{{ seafile_rm_libs }}"
notify: restart seafile
tags: seafile
- name: Copy documentation
copy: src={{ seafile_root_dir }}/tmp/seafile-{{ (seafile_license is defined) | ternary('pro-','') }}server-{{ seafile_version }}/seafile/docs/seafile-tutorial.doc dest={{ seafile_data_dir }}/library-template remote_src=True
when: seafile_install_mode == 'install'
tags: seafile
- name: Generate a secret for seahub
shell: "{{ seafile_root_dir }}/bin/python {{ seafile_root_dir }}/seafile-server/seahub/tools/secret_key_generator.py > {{ seafile_root_dir }}/meta/ansible_hub_secret"
args:
creates: "{{ seafile_root_dir }}/meta/ansible_hub_secret"
when: seafile_seahub_secret is not defined
tags: seafile
- name: Read seahub secret
command: cat {{ seafile_root_dir }}/meta/ansible_hub_secret
register: seafile_seahub_rand_secret
when: seafile_seahub_secret is not defined
changed_when: False
tags: seafile
- name: Set seahub secret key
set_fact: seafile_seahub_secret={{ seafile_seahub_rand_secret.stdout }}
when: seafile_seahub_secret is not defined
tags: seafile
- name: Create the databases
mysql_db:
name: "{{ item }}"
login_host: "{{ seafile_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
encoding: utf8
collation: utf8_general_ci
state: present
with_items:
- "{{ seafile_db_seafile }}"
- "{{ seafile_db_ccnet }}"
- "{{ seafile_db_seahub }}"
tags: seafile
- name: Create database user
mysql_user:
name: "{{ seafile_db_user }}"
password: "{{ seafile_db_pass }}"
priv: "{{ seafile_db_seafile }}.*:ALL/{{ seafile_db_ccnet }}.*:ALL/{{ seafile_db_seahub }}.*:ALL"
host: "{{ item }}"
login_host: "{{ seafile_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
state: present
with_items: "{{ (seafile_db_server == '127.0.0.1') | ternary(['127.0.0.1','localhost'],ansible_all_ipv4_addresses) }}"
tags: seafile
- name: Load database schema schema
mysql_db:
state: import
target: "{{ item.file }}"
name: "{{ item.db }}"
login_host: "{{ seafile_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
loop:
- db: "{{ seafile_db_seahub }}"
file: "{{ seafile_root_dir }}/seafile-server/seahub/sql/mysql.sql"
- db: "{{ seafile_db_seafile }}"
file: "{{ seafile_root_dir }}/seafile-server/sql/mysql/seafile.sql"
- db: "{{ seafile_db_ccnet }}"
file: "{{ seafile_root_dir }}/seafile-server/sql/mysql/ccnet.sql"
when: seafile_install_mode == 'install'
tags: seafile
- name: Deploy systemd services
template: src={{ item }}.j2 dest=/etc/systemd/system/{{ item }}
with_items:
- seafile.service
- seahub.service
- seafile-clean-db.service
- seafile-clean-db.timer
- seafile-gc.service
- seafile-gc.timer
notify:
- restart seafile
- restart seahub
register: seafile_systemd_unit
tags: seafile
- name: Reload systemd
command: systemctl daemon-reload
when: seafile_systemd_unit.changed
tags: seafile
- name: Deploy pre and post backup hooks
template: src={{ item }}-backup.sh.j2 dest=/etc/backup/{{ item }}.d/seafile.sh mode=700
loop:
- pre
- post
tags: seafile
- name: Check if there are custom office templates
local_action: stat path=config/{{ inventory_hostname }}/seafile/office-template/empty.{{ item }}
register: seafile_custom_office_template
vars:
ansible_become: False
loop:
- docx
- pptx
- xlsx
tags: seafile
- name: Override office templates
copy:
src: "{{ item.stat.exists | ternary('config/' + inventory_hostname + '/seafile/office-template/empty.','office-template/empty.' ) }}{{ item.item }}"
dest: "{{ seafile_root_dir }}/seafile-server/seahub/media/office-template/"
loop: "{{ seafile_custom_office_template.results }}"
tags: seafile
- name: Deploy a clamdscan wrapper script
copy:
content: |
#!/bin/bash -e
/bin/clamdscan -c /etc/clamd.conf $@
dest: "{{ seafile_root_dir }}/seafile-server/clamdscan.sh"
mode: 0755
tags: seafile
- name: Deploy a python wrapper for Seafile
copy:
content: |
#!/bin/bash -e
export PYTHONPATH={{ seafile_root_dir }}/lib/python3.6/site-packages/
{{ seafile_root_dir }}/bin/python3 $@
dest: /usr/local/bin/seafpy
mode: 0755
tags: seafile
- name: Deploy maintenance scripts
template: src={{ item }}.sh.j2 dest={{ seafile_root_dir }}/bin/{{ item }}.sh mode=0700
loop:
- gc
- clean_db
tags: seafile

10
roles/seafile/tasks/iptables.yml Normal file
View File

@@ -0,0 +1,10 @@
---
- name: Handle seafile ports
iptables_raw:
name: seafile_ports
state: "{{ (seafile_src_ip | length > 0) | ternary('present','absent') }}"
rules: "-A INPUT -m state --state NEW -p tcp -m multiport --dports {{ seafile_ports | join(',') }} -s {{ seafile_src_ip | join(',') }} -j ACCEPT"
when: iptables_manage | default(True)
tags: seafile

16
roles/seafile/tasks/main.yml Normal file
View File

@@ -0,0 +1,16 @@
---
- include: user.yml
- include: directories.yml
- include: facts.yml
- include: archive_pre.yml
when: seafile_install_mode == 'upgrade'
- include: install.yml
- include: conf.yml
- include: iptables.yml
- include: services.yml
- include: archive_post.yml
when: seafile_install_mode == 'upgrade'
- include: write_version.yml
- include: cleanup.yml
- include: filebeat.yml

17
roles/seafile/tasks/services.yml Normal file
View File

@@ -0,0 +1,17 @@
---
- name: Start and enable services
service: name={{ item }} state=started enabled=True
loop:
- seafile
- seahub
when: seafile_install_mode != 'upgrade' # We need to run upgrade script manually
tags: seafile
- name: Start and enable timers
systemd: name={{ item }}.timer state=started enabled=True
loop:
- seafile-clean-db
- seafile-gc
tags: seafile

6
roles/seafile/tasks/user.yml Normal file
View File

@@ -0,0 +1,6 @@
---
- name: Create user account
user: name={{ seafile_user }} comment="Seafile user account" system=True shell=/sbin/nologin
tags: seafile

6
roles/seafile/tasks/write_version.yml Normal file
View File

@@ -0,0 +1,6 @@
---
- name: Write version
copy: content={{ seafile_version }} dest={{ seafile_root_dir }}/meta/ansible_version
when: seafile_install_mode != 'none'
tags: seafile

4
roles/seafile/templates/admin.txt.j2 Normal file
View File

@@ -0,0 +1,4 @@
{
"email": "{{ seafile_admin_email }}",
"password": "{{ seafile_admin_pass }}"
}

49
roles/seafile/templates/ccnet.conf.j2 Normal file
View File

@@ -0,0 +1,49 @@
[General]
USER_NAME = {{ seafile_user }}
ID = {{ seafile_ccnet_id }}
NAME = seafile
{% if seafile_version is version('9.0.0', '<') %}
SERVICE_URL = {{ seafile_public_url }}
{% endif %}
[Database]
ENGINE = mysql
HOST = {{ seafile_db_server }}
PORT = {{ seafile_db_port }}
USER = {{ seafile_db_user }}
PASSWD = {{ seafile_db_pass }}
DB = {{ seafile_db_ccnet }}
CONNECTION_CHARSET = utf8
{% if seafile_ldap_auth is defined and seafile_ldap_auth %}
[LDAP]
HOST = {{ seafile_ldap_uri }}
BASE = {{ seafile_ldap_base }}
{% if seafile_ldap_bind_dn is defined and seafile_ldap_bind_pass is defined %}
USER_DN = {{ seafile_ldap_bind_dn }}
PASSWORD = {{ seafile_ldap_bind_pass }}
{% endif %}
LOGIN_ATTR = {{ seafile_ldap_login_attr }}
FILTER = {{ seafile_ldap_filter }}
{% if seafile_license is defined %}
[LDAP_SYNC]
ENABLE_USER_SYNC = true
ENABLE_GROUP_SYNC = true
{% if seafile_ldap_group_filter is defined %}
GROUP_FILTER = {{ seafile_ldap_group_filter }}
{% endif %}
DEACTIVE_USER_IF_NOTFOUND = true
SYNC_INTERVAL = 60
USER_OBJECT_CLASS = person
ENABLE_EXTRA_USER_INFO_SYNC = true
FIRST_NAME_ATTR = givenName
LAST_NAME_ATTR = sn
DEPT_ATTR = department
UID_ATTR = sAMAccountName
CONTACT_EMAIL_ATTR = mail
ACTIVATE_USER_WHEN_IMPORT = false
ACTIVATE_AFTER_FIRST_LOGIN = True
{% endif %}
{% endif %}

10
roles/seafile/templates/clean_db.sh.j2 Normal file
View File

@@ -0,0 +1,10 @@
#!/bin/sh
set -eo pipefail
PATH=/opt/seafile/bin:/bin:/usr/bin
PYTHONPATH=/opt/seafile/lib64/python3.6/site-packages/
PYTHON=/opt/seafile/bin/python
cd {{ seafile_root_dir }}/seafile-server
./seahub.sh python-env python3 seahub/manage.py clearsessions

8
roles/seafile/templates/filebeat.yml.j2 Normal file
View File

@@ -0,0 +1,8 @@
- type: log
enabled: True
paths:
- {{ seafile_root_dir }}/logs/*.log
- {{ seafile_root_dir }}/logs/slow_logs/*.log
exclude_files:
- '\.[gx]z$'
- '\d+$'

9
roles/seafile/templates/gc.sh.j2 Normal file
View File

@@ -0,0 +1,9 @@
#!/bin/sh
{% if seafile_license is not defined %}
/usr/bin/systemctl stop seafile seahub
{% endif %}
/usr/bin/systemd-cat /usr/bin/sudo -u {{ seafile_user }} {{ seafile_root_dir }}/seafile-server/seaf-gc.sh
{% if seafile_license is not defined %}
/usr/bin/systemctl start seafile seahub
{% endif %}

16
roles/seafile/templates/gunicorn.conf.py.j2 Normal file
View File

@@ -0,0 +1,16 @@
import os
daemon = True
workers = 5
bind = "0.0.0.0:{{ seafile_seahub_port }}"
pids_dir = '{{ seafile_root_dir }}/pids'
pidfile = os.path.join(pids_dir, 'seahub.pid')
logs_dir = '{{ seafile_root_dir }}/logs'
errorlog = os.path.join(logs_dir, 'gunicorn_error.log')
accesslog = os.path.join(logs_dir, 'gunicorn_access.log')
timeout = 1200
limit_request_line = 8190

23
roles/seafile/templates/logrotate.conf.j2 Normal file
View File

@@ -0,0 +1,23 @@
{% for log in ['ccnet','controller','elasticsearch_deprecation','elasticsearch_index_indexing_slowlog','elasticsearch_index_search_slowlog','file_updates_sender','gunicorn_error','index','seafdav','seafile','seahub_email_sender','virus_scan'] %}
{{ seafile_root_dir }}/logs/{{ log }}.log
{% endfor %}
{% for log in ['seafile_slow_rpc','seafile_slow_storage'] %}
{{ seafile_root_dir }}/logs/slow_logs/{{ log }}.log
{% endfor %}
{
daily
rotate 365
compress
missingok
copytruncate
su seafile seafile
}
{{ seafile_root_dir }}/logs/seaf-fuse.log
{
daily
rotate 365
compress
missingok
copytruncate
su root seafile
}

5
roles/seafile/templates/perms.sh.j2 Normal file
View File

@@ -0,0 +1,5 @@
#!/bin/bash
chown -R seafile:seafile {{ seafile_root_dir }}/seafile-server/pro/elasticsearch/
chown -R seafile:seafile {{ seafile_root_dir }}/seahub-data
restorecon -R {{ seafile_root_dir }}/

7
roles/seafile/templates/post-backup.sh.j2 Normal file
View File

@@ -0,0 +1,7 @@
#!/bin/bash -e
# Delete database dumps
rm -f {{ seafile_root_dir }}/backup/*
# Umount fuse FS
{{ seafile_root_dir }}/seafile-server/seaf-fuse.sh stop

18
roles/seafile/templates/pre-backup.sh.j2 Normal file
View File

@@ -0,0 +1,18 @@
#!/bin/sh
set -eo pipefail
# Dump Databases
for DB in {{ seafile_db_ccnet }} {{ seafile_db_seafile }} {{ seafile_db_seahub }}; do
/usr/bin/mysqldump \
--quick --single-transaction \
{% if seafile_db_server not in ['127.0.0.1', 'localhost'] %}
--user={{ seafile_db_user }} \
--password={{ seafile_db_pass | quote }} \
--host={{ seafile_db_server }} \
{% endif %}
--add-drop-table $DB | zstd -T0 -c > {{ seafile_root_dir }}/backup/$DB.sql.zst
done
# Mount fuse FS
{{ seafile_root_dir }}/seafile-server/seaf-fuse.sh start {{ seafile_root_dir }}/fuse/

5
roles/seafile/templates/seafdav.conf.j2 Normal file
View File

@@ -0,0 +1,5 @@
[WEBDAV]
enabled = {{ seafile_webdav | ternary('true','false') }}
port = {{ seafile_webdav_port }}
fastcgi = false
share_name = {{ (seafile_public_url == 'http://' + inventory_hostname + ':' + seafile_seahub_port | string) | ternary('/','/seafdav') }}

32
roles/seafile/templates/seafevents.conf.j2 Normal file
View File

@@ -0,0 +1,32 @@
[DATABASE]
type = mysql
host = {{ seafile_db_server }}
port = {{ seafile_db_port }}
username = {{ seafile_db_user }}
password = {{ seafile_db_pass }}
name = {{ seafile_db_seahub }}
[Syslog]
enabled = true
[AUDIT]
enabled = true
[STATISTICS]
enabled = true
[INDEX FILES]
enabled = true
interval = 10m
index_office_pdf = true
[OFFICE CONVERTER]
enabled = true
workers = 2
max-pages = 200
max-size = 20
[SEAHUB EMAIL]
enabled = true
interval = 30m

7
roles/seafile/templates/seafile-clean-db.service.j2 Normal file
View File

@@ -0,0 +1,7 @@
[Unit]
Description=Seafile DB cleaner service
[Service]
Type=oneshot
PrivateTmp=yes
ExecStart={{ seafile_root_dir }}/bin/clean_db.sh

9
roles/seafile/templates/seafile-clean-db.timer.j2 Normal file
View File

@@ -0,0 +1,9 @@
[Unit]
Description=Seafile DB cleaner service
[Timer]
OnCalendar=daily
Persistent=true
[Install]
WantedBy=timers.target

7
roles/seafile/templates/seafile-gc.service.j2 Normal file
View File

@@ -0,0 +1,7 @@
[Unit]
Description=Seafile Garbage Collect service
[Service]
Type=oneshot
PrivateTmp=yes
ExecStart={{ seafile_root_dir }}/bin/gc.sh

9
roles/seafile/templates/seafile-gc.timer.j2 Normal file
View File

@@ -0,0 +1,9 @@
[Unit]
Description=Seafile Garbage Collect service
[Timer]
OnCalendar=Sun *-*-* 03:10:00
Persistent=true
[Install]
WantedBy=timers.target

41
roles/seafile/templates/seafile.conf.j2 Normal file
View File

@@ -0,0 +1,41 @@
[general]
enable_syslog = true
[database]
type = mysql
host = {{ seafile_db_server }}
port = {{ seafile_db_port }}
user = {{ seafile_db_user }}
password = {{ seafile_db_pass }}
db_name = {{ seafile_db_seafile }}
connection_charset = utf8
[quota]
{% if seafile_default_quota is defined %}
default = {{ seafile_default_quota }}
{% endif %}
[history]
{% if seafile_default_history is defined %}
keep_days = {{ seafile_default_history }}
{% endif %}
[fileserver]
port = {{ seafile_seafile_port }}
{% if seafile_max_upload_size is defined %}
max_upload_size = {{ seafile_max_upload_size }}
{% endif %}
{% if seafile_max_download_dir_size is defined %}
max_download_dir_size = {{ seafile_max_download_dir_size }}
{% endif %}
web_token_expire_time = 7200
{% if seafile_version is version('9.0.1', '>') %}
use_go_fileserver = true
{% endif %}
{% if seafile_license is defined and seafile_scan_av == True %}
[virus_scan]
scan_command = {{ seafile_root_dir }}/seafile-server/clamdscan.sh
virus_code = 1
nonvirus_code = 0
{% endif %}

24
roles/seafile/templates/seafile.service.j2 Normal file
View File

@@ -0,0 +1,24 @@
[Unit]
Description=Seafile
After=network.target mariadb.service
[Service]
Type=forking
Environment=PATH={{ seafile_root_dir }}/bin:/bin:/usr/bin
Environment=PYTHONPATH={{ seafile_root_dir }}/lib64/python3.6/site-packages/
Environment=PYTHON={{ seafile_root_dir }}/bin/python
ExecStart={{ seafile_root_dir }}/seafile-server/seafile.sh start
ExecStop={{ seafile_root_dir }}/seafile-server/seafile.sh stop
User={{ seafile_user }}
Group={{ seafile_group }}
PrivateDevices=yes
ProtectSystem=full
ProtectHome=yes
NoNewPrivileges=yes
SyslogIdentifier=seafile
StartLimitInterval=0
RestartSec=5
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target

22
roles/seafile/templates/seahub.service.j2 Normal file
View File

@@ -0,0 +1,22 @@
[Unit]
Description=Seafile hub
After=network.target seafile.service
[Service]
Type=forking
Environment=PYTHONPATH={{ seafile_root_dir }}/lib64/python3.6/site-packages/
Environment=PYTHON={{ seafile_root_dir }}/bin/python
ExecStart={{ seafile_root_dir }}/seafile-server/seahub.sh start {{ seafile_seahub_port }}
ExecStop={{ seafile_root_dir }}/seafile-server/seahub.sh stop
User={{ seafile_user }}
Group={{ seafile_group }}
PrivateDevices=yes
ProtectSystem=full
ProtectHome=yes
NoNewPrivileges=yes
SyslogIdentifier=seahub
StartLimitInterval=0
RestartSec=5
[Install]
WantedBy=multi-user.target

165
roles/seafile/templates/seahub_settings.py.j2 Normal file
View File

@@ -0,0 +1,165 @@
# -*- coding: utf-8 -*-
{% if seafile_version is version('9.0.0', '>=') %}
SERVICE_URL = '{{ seafile_public_url }}'
{% endif %}
SECRET_KEY = "{{ seafile_seahub_secret }}"
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': '{{ seafile_db_seahub }}',
'USER': '{{ seafile_db_user }}',
'PASSWORD': '{{ seafile_db_pass }}',
'HOST': '{{ seafile_db_server }}',
'PORT': '{{ seafile_db_port }}'
}
}
FILE_SERVER_ROOT = "{{ (seafile_public_url == 'http://' + inventory_hostname + ':' + seafile_seahub_port | string) | ternary('http://' + inventory_hostname + ':' + seafile_seafile_port | string,seafile_public_url+'/seafhttp') }}"
THUMBNAIL_ROOT = "{{ seafile_data_dir }}/thumbnails"
SEAHUB_DATA_ROOT = "{{ seafile_data_dir }}/seahub"
{% if seafile_memcached_server is defined and seafile_memcached_server != 'none' %}
CACHES = {
'default': {
'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
'LOCATION': '{{ seafile_memcached_server }}',
}
}
{% endif %}
LOGGING = {
'version': 1,
'disable_existing_loggers': True,
'formatters': {
'verbose': {
'format': '%(process)-5d %(thread)d %(name)-50s %(levelname)-8s %(message)s'
},
'standard': {
'format': '%(asctime)s [%(levelname)s] %(name)s:%(lineno)s %(funcName)s %(message)s'
},
'simple': {
'format': '[%(asctime)s] %(name)s %(levelname)s %(message)s',
'datefmt': '%d/%b/%Y %H:%M:%S'
},
},
'filters': {
'require_debug_false': {
'()': 'django.utils.log.RequireDebugFalse',
},
'require_debug_true': {
'()': 'django.utils.log.RequireDebugTrue',
},
},
'handlers': {
'console': {
'filters': ['require_debug_true'],
'class': 'logging.StreamHandler',
'formatter': 'simple'
},
'syslog': {
'class': 'logging.handlers.SysLogHandler',
'address': '/dev/log',
'formatter': 'standard'
},
},
'loggers': {
# root logger
# All logs printed by Seahub and any third party libraries will be handled by this logger.
'': {
'handlers': ['console', 'syslog'],
'level': 'DEBUG', # Logs when log level is higher than info. Level can be any one of DEBUG, INFO, WARNING, ERROR, CRITICAL.
'disabled': False
},
# This logger recorded logs printed by Django Framework. For example, when you see 5xx page error, you should check the logs recorded by this logger.
'django.request': {
'handlers': ['console', 'syslog'],
'level': 'DEBUG',
'propagate': False,
},
},
}
EMAIL_USE_TLS = False
EMAIL_HOST = 'localhost'
EMAIL_HOST_USER = ''
EMAIL_HOST_PASSWORD = ''
EMAIL_PORT = 25
DEFAULT_FROM_EMAIL = "seafile@{{ ansible_domain }}"
SERVER_EMAIL = DEFAULT_FROM_EMAIL
SHARE_LINK_PASSWORD_MIN_LENGTH = 4
SHARE_LINK_EXPIRE_DAYS_DEFAULT = 7
REPO_PASSWORD_MIN_LENGTH = 4
ENABLE_REPO_SNAPSHOT_LABEL = True
{% if seafile_oauth2_auth == True %}
ENABLE_OAUTH = True
OAUTH_ENABLE_INSECURE_TRANSPORT = True
OAUTH_CLIENT_ID = "{{ seafile_oauth2_id }}"
OAUTH_CLIENT_SECRET = "{{ seafile_oauth2_secret }}"
OAUTH_REDIRECT_URL = "{{ seafile_oauth2_callback_url }}"
OAUTH_PROVIDER_DOMAIN = "{{ seafile_oauth2_provider_domain }}"
OAUTH_AUTHORIZATION_URL = "{{ seafile_oauth2_authorization_url }}"
OAUTH_TOKEN_URL = "{{ seafile_oauth2_token_url }}"
OAUTH_USER_INFO_URL = "{{ seafile_oauth2_user_info_url }}"
OAUTH_SCOPE = ["openid", "profile", "email", ]
OAUTH_ATTRIBUTE_MAP = {
"id": (False, "id"),
"email": (True, "email"),
"name": (False, "name"),
}
{% endif %}
{% if seafile_header_auth == True %}
ENABLE_REMOTE_USER_AUTHENTICATION = True
REMOTE_USER_HEADER = '{{ seafile_header_auth_name }}'
REMOTE_USER_DOMAIN = '{{ seafile_header_auth_domain }}'
REMOTE_USER_PROTECTED_PATH = [
{% for path in seafile_header_auth_protected_paths %}
'{{ path }}',
{% endfor %}
]
REMOTE_USER_FORCE_LOGOUT_IF_NO_HEADER = {{ seafile_header_auth_force_logout | ternary('True','False') }}
{% endif %}
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
SESSION_COOKIE_AGE = {{ seafile_cookie_age }}
SITE_NAME = '{{ seafile_site_name }}'
SITE_TITLE = '{{ seafile_site_title }}'
ENABLE_SYS_ADMIN_VIEW_REPO = True
ENABLE_WIKI = True
{% if seafile_oo_uri is defined %}
ENABLE_ONLYOFFICE = True
VERIFY_ONLYOFFICE_CERTIFICATE = True
ONLYOFFICE_APIJS_URL = "{{ (seafile_oo_uri is search('api\.js$')) | ternary(seafile_oo_uri,seafile_oo_uri | regex_replace('/$','') + '/web-apps/apps/api/documents/api.js') }}"
ONLYOFFICE_FILE_EXTENSION = ('doc', 'docx', 'ppt', 'pptx', 'xls', 'xlsx', 'odt', 'fodt', 'odp', 'fodp', 'ods', 'fods')
ONLYOFFICE_EDIT_FILE_EXTENSION = ('docx', 'pptx', 'xlsx', 'odt', 'ods', 'odp')
ONLYOFFICE_FORCE_SAVE = True
{% if seafile_oo_secret is defined %}
ONLYOFFICE_JWT_SECRET = '{{ seafile_oo_secret }}'
{% endif %}
{% endif %}
{% if seafile_public_url is search '^https://' %}
USE_X_FORWARDED_HOST = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
{% endif %}
{% if seafile_license is defined %}
{% if seafile_scan_av %}
ENABLE_UPLOAD_LINK_VIRUS_CHECK = True
{% endif %}
{% if system_admin_email is defined %}
VIRUS_SCAN_NOTIFY_LIST = ['{{ system_admin_email }}']
{% endif %}
{% endif %}

41
roles/seafile/vars/RedHat-7.yml Normal file
View File

@@ -0,0 +1,41 @@
---
seafile_packages:
- python3
- python3-setuptools
- python3-pip
- python3-virtualenv
- python3-devel
- gcc
- gcc-c++
- MySQL-python
- ffmpeg
- ffmpeg-devel
- libmemcached-devel
- mysql-devel
- zlib-devel
- gcc
- tar
- mariadb
- fuse
- java-1.8.0-openjdk # For seafile-pro
- poppler-utils # For seafile-pro
- unoconv # For seafile-pro
- python-setuptools # needed for ansible to create the venv
seafile_python_libs:
- Pillow
- pylibmc
- captcha
- jinja2
- sqlalchemy
- psd-tools
- django-pylibmc
- django-simple-captcha
- python3-ldap
- requests_oauthlib
- future
- mysqlclient==2.0.1
seafile_rm_libs:
- libnssutil3.so

46
roles/seafile/vars/RedHat-8.yml Normal file
View File

@@ -0,0 +1,46 @@
---
seafile_packages:
- python3
- python3-setuptools
- python3-pip
- python3-virtualenv
- python3-mysql
- python3-devel
- gcc
- gcc-c++
- ffmpeg
- ffmpeg-devel
- libmemcached-devel
- mysql-devel
- zlib-devel
- gcc
- tar
- mariadb
- fuse
- java-1.8.0-openjdk # For seafile-pro
- poppler-utils # For seafile-pro
- unoconv # For seafile-pro
- python3-setuptools # needed for ansible to create the venv
seafile_python_libs:
- Pillow
- pylibmc
- captcha
- jinja2
- sqlalchemy
- psd-tools
- django-pylibmc
- django-simple-captcha
- python3-ldap
- requests_oauthlib
- future
- mysqlclient
seafile_rm_libs:
- liblber-2.4.so.2
- libldap-2.4.so.2
- libsasl2.so.3
- libldap_r-2.4.so.2 # 9.0.0
- libcrypto.so.1.1 # 9.0.0
- libssl.so.1.1 # 9.0.0

3
roles/seafile/vars/main.yml Normal file
View File

@@ -0,0 +1,3 @@
---
clam_user: "{{ seafile_user }}"
clam_group: "{{ seafile_group }}"