From d917d434ebd8707192ee934203477683ed84a468 Mon Sep 17 00:00:00 2001 From: Lorenzo Date: Fri, 18 Nov 2016 12:37:09 +0100 Subject: [PATCH] adding seafile and seafile.mysql roles --- roles/seafile.mysql/README.md | 124 ++++ roles/seafile.mysql/defaults/main.yml | 23 + roles/seafile.mysql/handlers/main.yml | 3 + roles/seafile.mysql/meta/main.yml | 26 + roles/seafile.mysql/tasks/main.yml | 95 +++ roles/seafile.mysql/templates/.my.cnf.j2 | 3 + .../seafile.mysql/templates/my.cnf.Debian.j2 | 56 ++ .../seafile.mysql/templates/my.cnf.RedHat.j2 | 33 + roles/seafile.mysql/vars/Debian.yml | 9 + roles/seafile.mysql/vars/RedHat.yml | 9 + roles/seafile.mysql/vars/main.yml | 4 + roles/seafile/.gitignore | 54 ++ roles/seafile/LICENSE | 674 ++++++++++++++++++ roles/seafile/README.md | 16 + roles/seafile/TODO.md | 4 + roles/seafile/defaults/main.yml | 121 ++++ roles/seafile/example/README.md | 12 + roles/seafile/example/group_vars/seafile.yml | 143 ++++ roles/seafile/example/seafile.yml | 37 + roles/seafile/handlers/main.yml | 28 + roles/seafile/meta/main.yml | 23 + roles/seafile/tasks/1_prerequisites.yml | 32 + roles/seafile/tasks/2_provision.yml | 35 + roles/seafile/tasks/3_download.yml | 61 ++ roles/seafile/tasks/4_preconfigure.yml | 49 ++ roles/seafile/tasks/5_configure.yml | 83 +++ roles/seafile/tasks/6_customize.yml | 60 ++ roles/seafile/tasks/7_database.yml | 9 + roles/seafile/tasks/8_init_admin.yml | 17 + roles/seafile/tasks/9_init.yml | 50 ++ roles/seafile/tasks/main.yml | 45 ++ roles/seafile/templates/bin/environment | 7 + roles/seafile/templates/bin/garbage-collect | 15 + roles/seafile/templates/bin/init_admin.py | 32 + roles/seafile/templates/ccnet/seafile.ini | 1 + roles/seafile/templates/conf/ccnet.conf | 33 + roles/seafile/templates/conf/seafdav.conf | 9 + roles/seafile/templates/conf/seafile.conf | 38 + .../seafile/templates/conf/seahub_settings.py | 117 +++ roles/seafile/templates/init/seafile.conf | 16 + .../templates/init/seafile.initd.Debian | 54 ++ .../templates/init/seafile.initd.RedHat | 64 ++ .../seafile/templates/init/seafile.sysconfig | 12 + .../templates/init/seahub.initd.RedHat | 69 ++ .../seafile/templates/systemd/seafile.service | 16 + .../seafile/templates/systemd/seahub.service | 17 + roles/seafile/vars/main.yml | 63 ++ 47 files changed, 2501 insertions(+) create mode 100644 roles/seafile.mysql/README.md create mode 100644 roles/seafile.mysql/defaults/main.yml create mode 100644 roles/seafile.mysql/handlers/main.yml create mode 100644 roles/seafile.mysql/meta/main.yml create mode 100644 roles/seafile.mysql/tasks/main.yml create mode 100644 roles/seafile.mysql/templates/.my.cnf.j2 create mode 100644 roles/seafile.mysql/templates/my.cnf.Debian.j2 create mode 100644 roles/seafile.mysql/templates/my.cnf.RedHat.j2 create mode 100644 roles/seafile.mysql/vars/Debian.yml create mode 100644 roles/seafile.mysql/vars/RedHat.yml create mode 100644 roles/seafile.mysql/vars/main.yml create mode 100644 roles/seafile/.gitignore create mode 100644 roles/seafile/LICENSE create mode 100644 roles/seafile/README.md create mode 100644 roles/seafile/TODO.md create mode 100644 roles/seafile/defaults/main.yml create mode 100644 roles/seafile/example/README.md create mode 100644 roles/seafile/example/group_vars/seafile.yml create mode 100644 roles/seafile/example/seafile.yml create mode 100644 roles/seafile/handlers/main.yml create mode 100644 roles/seafile/meta/main.yml create mode 100644 roles/seafile/tasks/1_prerequisites.yml create mode 100644 roles/seafile/tasks/2_provision.yml create mode 100644 roles/seafile/tasks/3_download.yml create mode 100644 roles/seafile/tasks/4_preconfigure.yml create mode 100644 roles/seafile/tasks/5_configure.yml create mode 100644 roles/seafile/tasks/6_customize.yml create mode 100644 roles/seafile/tasks/7_database.yml create mode 100644 roles/seafile/tasks/8_init_admin.yml create mode 100644 roles/seafile/tasks/9_init.yml create mode 100644 roles/seafile/tasks/main.yml create mode 100644 roles/seafile/templates/bin/environment create mode 100755 roles/seafile/templates/bin/garbage-collect create mode 100644 roles/seafile/templates/bin/init_admin.py create mode 100644 roles/seafile/templates/ccnet/seafile.ini create mode 100644 roles/seafile/templates/conf/ccnet.conf create mode 100644 roles/seafile/templates/conf/seafdav.conf create mode 100644 roles/seafile/templates/conf/seafile.conf create mode 100644 roles/seafile/templates/conf/seahub_settings.py create mode 100644 roles/seafile/templates/init/seafile.conf create mode 100644 roles/seafile/templates/init/seafile.initd.Debian create mode 100644 roles/seafile/templates/init/seafile.initd.RedHat create mode 100644 roles/seafile/templates/init/seafile.sysconfig create mode 100644 roles/seafile/templates/init/seahub.initd.RedHat create mode 100644 roles/seafile/templates/systemd/seafile.service create mode 100644 roles/seafile/templates/systemd/seahub.service create mode 100644 roles/seafile/vars/main.yml diff --git a/roles/seafile.mysql/README.md b/roles/seafile.mysql/README.md new file mode 100644 index 0000000..561b802 --- /dev/null +++ b/roles/seafile.mysql/README.md @@ -0,0 +1,124 @@ +MySQL Server +============ + +This roles helps to install MySQL Server across RHEL and Ubuntu variants. +Apart from installing the MySQL Server, it applies basic hardening, like +securing the root account with password, and removing test databases. The role +can also be used to add databases to the MySQL server and create users in the +database. It also supports configuring the databases for replication--both +master and slave can be configured via this role. + +Requirements +------------ + +This role requires Ansible 1.4 or higher, and platform requirements are listed +in the metadata file. + +Role Variables +-------------- + +The variables that can be passed to this role and a brief description about +them are as follows: + + mysql_port: 3306 # The port for mysql server to listen + mysql_bind_address: "0.0.0.0" # The bind address for mysql server + mysql_root_db_pass: foobar # The root DB password + + # A list that has all the databases to be + # created and their replication status: + mysql_db: + - name: foo + replicate: yes + - name: bar + replicate: no + + # A list of the mysql users to be created + # and their password and privileges: + mysql_users: + - name: benz + pass: foobar + priv: "*.*:ALL" + + # If the database is replicated the users + # to be used for replication: + mysql_repl_user: + - name: repl + pass: foobar + + # The role of this server in replication: + mysql_repl_role: master + + # A unique id for the mysql server (used in replication): + mysql_db_id: 7 + +Examples +-------- + +1) Install MySQL Server and set the root password, but don't create any +database or users. + + - hosts: all + roles: + - {role: mysql, mysql_root_db_pass: foobar, mysql_db: none, mysql_users: none } + +2) Install MySQL Server and create 2 databases and 2 users. + + - hosts: all + roles: + - {role: mysql, mysql_db: [{name: benz}, + {name: benz2}], + mysql_users: [{name: ben3, pass: foobar, priv: "*.*:ALL"}, + {name: ben2, pass: foo}] } + +Note: If users are specified and password/privileges are not specified, then +default values are set. + +3) Install MySQL Server and create 2 databases and 2 users and configure the +database as replication master with one database configured for replication. + + - hosts: all + roles: + - {role: mysql, mysql_db: [{name: benz, replicate: yes }, + { name: benz2, replicate: no}], + mysql_users: [{name: ben3, pass: foobar, priv: "*.*:ALL"}, + {name: ben2, pass: foo}], + mysql_repl_user: [{name: repl, pass: foobar}] } + +4) A fully installed/configured MySQL Server with master and slave +replication. + + - hosts: master + roles: + - {role: mysql, mysql_db: [{name: benz}, {name: benz2}], + mysql_users: [{name: ben3, pass: foobar, priv: "*.*:ALL"}, + {name: ben2, pass: foo}], + mysql_db_id: 8 } + + - hosts: slave + roles: + - {role: mysql, mysql_db: none, mysql_users: none, + mysql_repl_role: slave, mysql_repl_master: vm2, + mysql_db_id: 9, mysql_repl_user: [{name: repl, pass: foobar}] } + +Note: When configuring the full replication please make sure the master is +configured via this role and the master is available in inventory and facts +have been gathered for master. The replication tasks assume the database is +new and has no data. + + +Dependencies +------------ + +None + +License +------- + +BSD + +Author Information +------------------ + +Benno Joy + + diff --git a/roles/seafile.mysql/defaults/main.yml b/roles/seafile.mysql/defaults/main.yml new file mode 100644 index 0000000..50a27f2 --- /dev/null +++ b/roles/seafile.mysql/defaults/main.yml @@ -0,0 +1,23 @@ +--- + +mysql_port: 3306 +mysql_bind_address: "0.0.0.0" +mysql_root_db_pass: foobar + +mysql_db: + - name: foo + replicate: yes + - name: bar + replicate: no + +mysql_users: + - name: benz + pass: foobar + priv: "*.*:ALL" + +mysql_repl_user: + - name: repl + pass: foobar + +mysql_repl_role: master +mysql_db_id: 7 diff --git a/roles/seafile.mysql/handlers/main.yml b/roles/seafile.mysql/handlers/main.yml new file mode 100644 index 0000000..4bc46e2 --- /dev/null +++ b/roles/seafile.mysql/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart mysql + service: name={{ mysql_service }} state=restarted diff --git a/roles/seafile.mysql/meta/main.yml b/roles/seafile.mysql/meta/main.yml new file mode 100644 index 0000000..18e76b3 --- /dev/null +++ b/roles/seafile.mysql/meta/main.yml @@ -0,0 +1,26 @@ +--- +galaxy_info: + author: "Benno Joy" + company: AnsibleWorks + license: license (BSD) + min_ansible_version: 1.4 + platforms: + - name: EL + versions: + - 5 + - 6 + - name: Fedora + versions: + - 16 + - 17 + - 18 + - name: Ubuntu + versions: + - precise + - quantal + - raring + - saucy + categories: + - database:sql +dependencies: [] + diff --git a/roles/seafile.mysql/tasks/main.yml b/roles/seafile.mysql/tasks/main.yml new file mode 100644 index 0000000..e298de3 --- /dev/null +++ b/roles/seafile.mysql/tasks/main.yml @@ -0,0 +1,95 @@ +--- +- name: Add the OS specific variables + include_vars: "{{ ansible_os_family }}.yml" + +- name: Install the mysql packages in Redhat derivatives + yum: name={{ item }} state=installed + with_items: mysql_pkgs + when: ansible_os_family == 'RedHat' + +- name: Install the mysql packages in Debian derivatives + apt: name={{ item }} state=installed update_cache=yes + with_items: "{{ mysql_pkgs }}" + environment: env + when: ansible_os_family == 'Debian' + +- name: Copy the my.cnf file + template: src=my.cnf.{{ ansible_os_family }}.j2 dest={{ mysql_conf_dir }}/my.cnf + notify: + - restart mysql + +- name: Create the directory /etc/mysql/conf.d + file: path=/etc/mysql/conf.d state=directory + notify: + - restart mysql + +- name: Start the mysql services Redhat + service: name={{ mysql_service }} state=started enabled=yes + +- name: update mysql root password for all root accounts + mysql_user: name=root host={{ item }} password={{ mysql_root_db_pass }} + with_items: + - "{{ ansible_hostname }}" + - 127.0.0.1 + - ::1 + - localhost + when: ansible_hostname != 'localhost' + +- name: update mysql root password for all root accounts + mysql_user: name=root host={{ item }} password={{ mysql_root_db_pass }} + with_items: + - 127.0.0.1 + - ::1 + - localhost + when: ansible_hostname == 'localhost' + +- name: copy .my.cnf file with root password credentials + template: src=.my.cnf.j2 dest=~/.my.cnf mode=0600 + +- name: ensure anonymous users are not in the database + mysql_user: name='' host={{ item }} state=absent + with_items: + - localhost + - "{{ ansible_hostname }}" + +- name: remove the test database + mysql_db: name=test state=absent + +- name: Create the database\'s + mysql_db: name={{ item.name }} state=present + with_items: "{{ mysql_db }}" + when: mysql_db|lower() != 'none' + +- name: Create the database users + mysql_user: name={{ item.name }} password={{ item.pass|default("foobar") }} + priv={{ item.priv|default("*.*:ALL") }} state=present host={{ item.host | default("localhost") }} + with_items: "{{ mysql_users }}" + when: mysql_users|lower() != 'none' + +- name: Create the replication users + mysql_user: name={{ item.name }} host="%" password={{ item.pass|default("foobar") }} + priv="*.*:REPLICATION SLAVE" state=present + with_items: "{{ mysql_repl_user }}" + when: mysql_repl_role == 'master' + +- name: Check if slave is already configured for replication + mysql_replication: mode=getslave + ignore_errors: true + register: slave + when: mysql_repl_role == 'slave' + +- name: Ensure the hostname entry for master is available for the client. + lineinfile: dest=/etc/hosts regexp="{{ mysql_repl_master }}" line="{{ hostvars[mysql_repl_master].ansible_default_ipv4.address + " " + mysql_repl_master }}" state=present + when: slave|failed and mysql_repl_role == 'slave' and mysql_repl_master is defined + +- name: Get the current master servers replication status + mysql_replication: mode=getmaster + delegate_to: "{{ mysql_repl_master }}" + register: repl_stat + when: slave|failed and mysql_repl_role == 'slave' and mysql_repl_master is defined + +- name: Change the master in slave to start the replication + mysql_replication: mode=changemaster master_host={{ mysql_repl_master }} master_log_file={{ repl_stat.File }} master_log_pos={{ repl_stat.Position }} master_user={{ mysql_repl_user[0].name }} master_password={{ mysql_repl_user[0].pass }} + when: slave|failed and mysql_repl_role == 'slave' and mysql_repl_master is defined + + diff --git a/roles/seafile.mysql/templates/.my.cnf.j2 b/roles/seafile.mysql/templates/.my.cnf.j2 new file mode 100644 index 0000000..2832cdb --- /dev/null +++ b/roles/seafile.mysql/templates/.my.cnf.j2 @@ -0,0 +1,3 @@ +[client] +user=root +password={{ mysql_root_db_pass }} diff --git a/roles/seafile.mysql/templates/my.cnf.Debian.j2 b/roles/seafile.mysql/templates/my.cnf.Debian.j2 new file mode 100644 index 0000000..e3bf9d3 --- /dev/null +++ b/roles/seafile.mysql/templates/my.cnf.Debian.j2 @@ -0,0 +1,56 @@ +# +# The MySQL database server configuration file. +# +[client] +port = {{ mysql_port }} +socket = /var/run/mysqld/mysqld.sock + +# This was formally known as [safe_mysqld]. Both versions are currently parsed. +[mysqld_safe] +socket = /var/run/mysqld/mysqld.sock +nice = 0 + +[mysqld] +user = mysql +pid-file = /var/run/mysqld/mysqld.pid +socket = /var/run/mysqld/mysqld.sock +port = {{ mysql_port }} +basedir = /usr +datadir = /var/lib/mysql +tmpdir = /tmp +lc-messages-dir = /usr/share/mysql +skip-external-locking + +bind-address = {{ mysql_bind_address }} + +key_buffer = 16M +max_allowed_packet = 16M +thread_stack = 192K +thread_cache_size = 8 + +query_cache_limit = 1M +query_cache_size = 16M +log_error = /var/log/mysql/error.log +server-id = {{ mysql_db_id }} + +{% if mysql_repl_role == 'master' %} +log_bin = mysql-bin +expire_logs_days = 10 +max_binlog_size = 100M + +{% if mysql_db is iterable and mysql_db is not string %} +{% for i in mysql_db %} +{% if i.replicate|default(1) %} +binlog_do_db = {{ i.name }} +{% endif %} +{% endfor %} + +{% for i in mysql_db %} +{% if not i.replicate|default(1) %} +binlog_ignore_db = {{ i.name }} +{% endif %} +{% endfor %} +{% endif %} +{% endif %} + +!includedir /etc/mysql/conf.d/ diff --git a/roles/seafile.mysql/templates/my.cnf.RedHat.j2 b/roles/seafile.mysql/templates/my.cnf.RedHat.j2 new file mode 100644 index 0000000..b2fdba3 --- /dev/null +++ b/roles/seafile.mysql/templates/my.cnf.RedHat.j2 @@ -0,0 +1,33 @@ +[mysqld] +datadir=/var/lib/mysql +socket=/var/lib/mysql/mysql.sock +user=mysql +# Disabling symbolic-links is recommended to prevent assorted security risks +symbolic-links=0 +port={{ mysql_port }} +bind-address={{ mysql_bind_address }} +server-id = {{ mysql_db_id }} + +{% if mysql_repl_role == 'master' %} +log_bin = mysql-bin +expire_logs_days = 10 +max_binlog_size = 100M + +{% for i in mysql_db %} +{% if i.replicate|default(1) %} +binlog_do_db = {{ i.name }} +{% endif %} +{% endfor %} + +{% for i in mysql_db %} +{% if not i.replicate|default(1) %} +binlog_ignore_db = {{ i.name }} +{% endif %} +{% endfor %} +{% endif %} + +[mysqld_safe] +log-error=/var/log/mysqld.log +pid-file=/var/run/mysqld/mysqld.pid + +!includedir /etc/mysql/conf.d/ diff --git a/roles/seafile.mysql/vars/Debian.yml b/roles/seafile.mysql/vars/Debian.yml new file mode 100644 index 0000000..e49a5ed --- /dev/null +++ b/roles/seafile.mysql/vars/Debian.yml @@ -0,0 +1,9 @@ +--- + +mysql_pkgs: + - python-selinux + - mysql-server + - python-mysqldb + +mysql_service: mysql +mysql_conf_dir: "/etc/mysql/" diff --git a/roles/seafile.mysql/vars/RedHat.yml b/roles/seafile.mysql/vars/RedHat.yml new file mode 100644 index 0000000..115dfe8 --- /dev/null +++ b/roles/seafile.mysql/vars/RedHat.yml @@ -0,0 +1,9 @@ +--- +mysql_pkgs: + - libselinux-python + - mysql-server + - MySQL-python + +mysql_service: mysqld + +mysql_conf_dir: "/etc/" diff --git a/roles/seafile.mysql/vars/main.yml b/roles/seafile.mysql/vars/main.yml new file mode 100644 index 0000000..345df2a --- /dev/null +++ b/roles/seafile.mysql/vars/main.yml @@ -0,0 +1,4 @@ +--- +env: + RUNLEVEL: 1 + diff --git a/roles/seafile/.gitignore b/roles/seafile/.gitignore new file mode 100644 index 0000000..c196b49 --- /dev/null +++ b/roles/seafile/.gitignore @@ -0,0 +1,54 @@ +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] + +# C extensions +*.so + +# Distribution / packaging +.Python +env/ +#bin/ +build/ +develop-eggs/ +dist/ +eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +*.egg-info/ +.installed.cfg +*.egg + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.coverage +.cache +nosetests.xml +coverage.xml + +# Translations +*.mo + +# Mr Developer +.mr.developer.cfg +.project +.pydevproject + +# Rope +.ropeproject + +# Django stuff: +*.log +*.pot + +# Sphinx documentation +docs/_build/ + diff --git a/roles/seafile/LICENSE b/roles/seafile/LICENSE new file mode 100644 index 0000000..70566f2 --- /dev/null +++ b/roles/seafile/LICENSE @@ -0,0 +1,674 @@ +GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + {one line to give the program's name and a brief idea of what it does.} + Copyright (C) {year} {name of author} + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + {project} Copyright (C) {year} {fullname} + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. \ No newline at end of file diff --git a/roles/seafile/README.md b/roles/seafile/README.md new file mode 100644 index 0000000..a7f4741 --- /dev/null +++ b/roles/seafile/README.md @@ -0,0 +1,16 @@ +ansible-role-seafile +==================== + +An ansible role to deploy Seafile, an Open Source Cloud Storage. http://seafile.com/ + +version tags +------------ + +Version tags (at least starting from 4.0) follow this scheme X.Y.Z scheme: + +X.Y points to the major.minor upstream version of seafile, this role supports, or was +at least tested with. + +Z points to bugfix updates to this role itself, and does not depend on any bugfix +release from upstream or any upstream version change. + diff --git a/roles/seafile/TODO.md b/roles/seafile/TODO.md new file mode 100644 index 0000000..825dc0a --- /dev/null +++ b/roles/seafile/TODO.md @@ -0,0 +1,4 @@ +* When upgrading to 4.2 from 4.1, if you deploy Seafile in a non-root domain, you need to add the following extra settings in seahub_settings.py: + + COMPRESS_URL = MEDIA_URL + STATIC_URL = MEDIA_URL + '/assets/' diff --git a/roles/seafile/defaults/main.yml b/roles/seafile/defaults/main.yml new file mode 100644 index 0000000..b18a6fc --- /dev/null +++ b/roles/seafile/defaults/main.yml @@ -0,0 +1,121 @@ +--- +# version to install +seafile_install_version: '5.0.0' +seafile_install_version_beta: False + +# distribution download info +seafile_tarball_url_base: https://bintray.com/artifact/download/seafile-org/seafile/ +seafile_tarball_name: seafile-server_{{ seafile_install_version }}_{{ ansible_architecture|replace("_","-")}}.tar.gz +seafile_tarball_url: '{{ seafile_tarball_url_base + seafile_tarball_name }}' + +# names, files and directory locations +seafile_user: seafile +seafile_user_home: /home/seafile +# defining seafile_user_uid will explicitly set the given value +# leaving it undefined will fallback on adduser picking the value +#seafile_user_uid: 999 +seafile_org_name: Seafile +seafile_org_dir: '{{ seafile_user_home +"/"+ seafile_org_name|lower }}' +seafile_distrib_dir: '{{ seafile_org_dir + "/seafile-server-" + seafile_install_version }}' +seafile_ccnet_dir: '{{ seafile_org_dir + "/ccnet" }}' +seafile_conf_dir: '{{ seafile_org_dir + "/conf" }}' +seafile_latest_dir: '{{ seafile_org_dir + "/seafile-server-latest" }}' +seafile_latest2_dir: '{{ seafile_org_dir + "/latest" }}' +seafile_data_dir: '{{ seafile_org_dir + "/seafile-data" }}' +seafile_seahubdata_dir: '{{ seafile_org_dir + "/seahub-data" }}' +seafile_mylib_dir: '{{ seafile_org_dir + "/lib" }}' +seafile_server_name: '{{ seafile_org_name }}' +seafile_ip_or_domain: seacloud.cc +seafile_service_url: http://{{ seafile_ip_or_domain }}:{{ seafile_fastcgi_port }} + +# the path to a local directory relative to your playbook, that holds +# customisation files to be copied to +# seafile-server-latest/seahub/media/custom/ +#seafile_custom_files_path: custom # see tasks/configure.yml + +# when using an ssl terminating reverse proxy, you'' want to set this to: +#seafile_service_url: https://{{ seafile_ip_or_domain }} + +seafile_quota_enable: false +seafile_quota_default: 2 + +seafile_history_keepall: true # set to false to enable keep_days limit +seafile_history_keep_days: 30 + +seafile_max_upload_size_enable: false # set to true to enable max +seafile_max_upload_size: 200 # MB +seafile_max_download_dir_size_enable: false # set to true to enable max +seafile_max_download_dir_size: 200 # MB + +seafile_email_enable: false +seafile_email_use_tls: false +seafile_email_host: localhost +seafile_email_user: '{{ seafile_seahub_admin_email }}' +seafile_email_password: '' +seafile_email_port: 25 +seafile_default_from_email: '{{ seafile_email_user }}' +seafile_server_email: '{{ seafile_email_user }}' + +seafile_time_zone: 'UTC' +seafile_site_base: 'http://{{ seafile_ip_or_domain }}/' +seafile_site_name: '{{ seafile_org_name }}' # used in email notifications +seafile_site_title: '{{ seafile_org_name }}' +seafile_site_root: '/' +seafile_use_pdfjs: true +seafile_enable_signup: false +seafile_activate_after_registration: false +seafile_send_email_on_adding_system_member: true +seafile_send_email_on_resetting_user_passwd: true +seafile_cloud_mode: true +seafile_file_preview_max_size: 30 * 1024 * 1024 +seafile_session_cookie_age: 60 * 60 * 24 * 7 * 2 +seafile_session_save_every_request: false +seafile_session_expire_at_browser_close: false +seafile_force_server_crypto: true +seafile_logo_path: # default none +seafile_css_path: # default none +seafile_allowed_hosts: # default none + +# network ports +seafile_ccnet_port: 10001 +seafile_seafile_port: 12001 +seafile_httpserver_port: 8082 +seafile_webdav_port: 8080 +# fastcgi +seafile_fastcgi_enabled: false +seafile_fastcgi_port: 8000 + +# webdav settings +seafile_webdav_enabled: false +seafile_webdav_fastcgi: false +seafile_webdav_path: '/' + +# seahub settings +seafile_seahub_admin_email: admin@{{ seafile_ip_or_domain }} + +# No default, this needs to be set explicitly. +#seafile_seahub_admin_password: + +# database settings +seafile_backend: 'sqlite' +# the next settings are not used for sqlite +seafile_db_host: '127.0.0.1' +seafile_db_port: '3306' +seafile_db_user: 'seafile' +seafile_db_pass: 's3cr3t' +seafile_db_name: + ccnet: 'ccnet' + seafile: 'seafile' + seahub: 'seahub' + +## cron jobs +# a weekly job to perform garbage collection +seafile_cron_gc_enabled: false + +## ldap +#seafile_ldap: +# host: 'ldap://127.0.0.1' +# base: 'ou=people,dc=example,dc=com' +# user_dn: 'cn=seafile,ou=services,dc=example,dc=com' +# password: 'cleartext-password' +# login_attr: mail diff --git a/roles/seafile/example/README.md b/roles/seafile/example/README.md new file mode 100644 index 0000000..e4c05c1 --- /dev/null +++ b/roles/seafile/example/README.md @@ -0,0 +1,12 @@ +dependencies +============ + +The seafile.yml example playbook deploys seafile with nginx as frontend reverse +proxy and ssl terminator. + +It deploys the a mysql server (using the Galaxy role bennojoy.mysql) and also +enables fastcgi and webdav. + +For nginx, it needs the Ginsys.nginx role, which is a fork of bennojoy's nginx +role. + diff --git a/roles/seafile/example/group_vars/seafile.yml b/roles/seafile/example/group_vars/seafile.yml new file mode 100644 index 0000000..37a434a --- /dev/null +++ b/roles/seafile/example/group_vars/seafile.yml @@ -0,0 +1,143 @@ +--- +# version to install +seafile_install_version: '6.0.4' + +# names, files and directory locations +seafile_user: seafile +seafile_user_home: /home/seafile +seafile_org_name: Ginsys +seafile_server_name: '{{ seafile_org_name }}' +seafile_ip_or_domain: seafile.ginsys.eu +seafile_service_url: https://{{ seafile_ip_or_domain }} + +seafile_quota_enable: false +seafile_quota_default: 2 + +seafile_history_keepall: true # set to false to enable keep_days limit +seafile_history_keep_days: 30 + +seafile_max_upload_size_enable: false # set to true to enable max +seafile_max_upload_size: 200 # MB +seafile_max_download_dir_size_enable: false # set to true to enable max +seafile_max_download_dir_size: 200 # MB + +seafile_email_enable: enable +seafile_email_use_tls: false +#seafile_email_host: smtp.myisp.example +seafile_email_user: '{{ seafile_seahub_admin_email }}' +seafile_email_password: '' +seafile_email_port: 25 +seafile_default_from_email: '{{ seafile_email_user }}' +seafile_server_email: '{{ seafile_email_user }}' + +seafile_time_zone: 'Europe/Brussels' +seafile_site_base: 'http://{{ seafile_ip_or_domain }}/' +seafile_site_name: '{{ seafile_org_name }}' # used in email notifications +seafile_site_title: '{{ seafile_org_name }}' +seafile_site_root: '/' +seafile_cloud_mode: true +seafile_logo_path: 'custom/ginsys_seafile_logo.png' + +seafile_fastcgi_enabled: true + +# webdav settings +seafile_webdav_enabled: true +seafile_webdav_fastcgi: true +seafile_webdav_path: /dav + +# seahub settings +seafile_seahub_admin_email: admon@ginsys.eu +seafile_seahub_admin_password: myDarkS3cr3T + +# database settings +seafile_backend: mysql + +#mysql configuration +# +seafile_db_user: 'seafile' +mysql_bind_address: '{{ seafile_db_host }}' +mysql_db: +- name: '{{ seafile_db_name.ccnet }}' + replicate: no +- name: '{{ seafile_db_name.seafile }}' + replicate: no +- name: '{{ seafile_db_name.seahub }}' + replicate: no +mysql_users: +- name: '{{ seafile_db_user }}' + pass: '{{ seafile_db_pass }}' + priv: > + {{ seafile_db_name.ccnet ~ ".*:ALL/" ~ + seafile_db_name.seafile ~ ".*:ALL/" ~ + seafile_db_name.seahub ~ ".*:ALL" }} + +mysql_root_db_pass: dark +seafile_db_pass: secret + +#nginx configuration +# +nginx_max_clients: 128 +nginx_http_params: + sendfile: "on" + tcp_nopush: "on" + tcp_nodelay: "on" + keepalive_timeout: "65" + access_log: "/var/log/nginx/access.log" + error_log: "/var/log/nginx/error.log" + types_hash_max_size: 2048 + +nginx_sites: + - server: + file_name: '{{ seafile_ip_or_domain }}' + server_name: '{{ seafile_ip_or_domain }}' + listen: 80 + rewrite: ^ https://$http_host$request_uri? permanent + - server: + file_name: '{{ seafile_ip_or_domain }}-ssl' + server_name: '{{ seafile_ip_or_domain }}' + listen: 443 + ssl: "on" + ssl_certificate_key: /etc/ssl/private/server.key.pem + ssl_certificate: /etc/ssl/private/server.crt.pem + location: + - name: / + fastcgi_pass: 127.0.0.1:{{ seafile_fastcgi_port }} + "fastcgi_param SCRIPT_FILENAME": $document_root$fastcgi_script_name + "fastcgi_param PATH_INFO": $fastcgi_script_name + "fastcgi_param SERVER_PROTOCOL": $server_protocol + "fastcgi_param QUERY_STRING": $query_string + "fastcgi_param REQUEST_METHOD": $request_method + "fastcgi_param CONTENT_TYPE": $content_type + "fastcgi_param CONTENT_LENGTH": $content_length + "fastcgi_param SERVER_ADDR": $server_addr + "fastcgi_param SERVER_PORT": $server_port + "fastcgi_param SERVER_NAME": $server_name + "fastcgi_param HTTPS": on + "fastcgi_param HTTP_SCHEME": https + access_log: /var/log/nginx/seahub.access.log + error_log: /var/log/nginx/seahub.error.log + - name: /seafhttp + rewrite: ^/seafhttp(.*)$ $1 break + proxy_pass: http://127.0.0.1:{{ seafile_httpserver_port }} + client_max_body_size: 0 + - name: /media + root: '{{ seafile_latest_dir }}/seahub' + - name: '{{ seafile_webdav_path }}' + fastcgi_pass: 127.0.0.1:{{ seafile_webdav_port }} + "fastcgi_param SCRIPT_FILENAME": $document_root$fastcgi_script_name + "fastcgi_param PATH_INFO": $fastcgi_script_name + "fastcgi_param SERVER_PROTOCOL": $server_protocol + "fastcgi_param QUERY_STRING": $query_string + "fastcgi_param REQUEST_METHOD": $request_method + "fastcgi_param CONTENT_TYPE": $content_type + "fastcgi_param CONTENT_LENGTH": $content_length + "fastcgi_param SERVER_ADDR": $server_addr + "fastcgi_param SERVER_PORT": $server_port + "fastcgi_param SERVER_NAME": $server_name + "fastcgi_param HTTPS": on + "fastcgi_param HTTP_SCHEME": https + client_max_body_size: 50m + access_log: /var/log/nginx/seafdav.access.log + error_log: /var/log/nginx/seafdav.error.log + + diff --git a/roles/seafile/example/seafile.yml b/roles/seafile/example/seafile.yml new file mode 100644 index 0000000..ea7013e --- /dev/null +++ b/roles/seafile/example/seafile.yml @@ -0,0 +1,37 @@ +- hosts: seafile + gather_facts: true + remote_user: root + pre_tasks: + - name: provision ssl dir + file: + dest: /etc/ssl/private + state: directory + owner: root + group: root + mode: 0700 + + - name: copy ssl certificates + copy: + src: files/ssl/{{ item }} + dest: /etc/ssl/private/{{ item }} + owner: root + group: root + mode: 0600 + with_items: + - server.key.pem + - server.crt.pem + + + roles: + - role: bennojoy.mysql + - role: Ginsys.seafile + - role: Ginsys.nginx + + + post_tasks: + - name: allow web server access to seafile data + user: + name: 'www-data' + groups: '{{ seafile_user }}' + append: yes + diff --git a/roles/seafile/handlers/main.yml b/roles/seafile/handlers/main.yml new file mode 100644 index 0000000..0442e85 --- /dev/null +++ b/roles/seafile/handlers/main.yml @@ -0,0 +1,28 @@ +--- +- name: systemd_reload + command: systemctl daemon-reload + +- name: restart_seafile + service: + name: '{{ item.name }}' + state: restarted + sleep: 5 + when: ansible_os_family in item.os_family + with_items: '{{SEAFILE_INIT_SCRIPTS}}' + +- name: start_seafile + service: + name: '{{ item.name }}' + state: started + sleep: 5 + when: ansible_os_family in item.os_family + with_items: '{{SEAFILE_INIT_SCRIPTS}}' + +- name: stop_seafile + service: + name: '{{ item.name }}' + state: stopped + sleep: 5 + when: ansible_os_family in item.os_family + with_items: '{{SEAFILE_INIT_SCRIPTS}}' + diff --git a/roles/seafile/meta/main.yml b/roles/seafile/meta/main.yml new file mode 100644 index 0000000..70407ef --- /dev/null +++ b/roles/seafile/meta/main.yml @@ -0,0 +1,23 @@ +--- +galaxy_info: + author: Serge van Ginderachter + description: > + Install and configure Seafile, an Open Source Cloud Storage. + Homepage http://seafile.com + company: ginsys.eu + license: GPLv3 + min_ansible_version: 1.9 + platforms: + - name: EL + versions: + - 6 + - name: Ubuntu + versions: + - trusty + - name: Debian + versions: + - jessie + categories: + - web +dependencies: [] + diff --git a/roles/seafile/tasks/1_prerequisites.yml b/roles/seafile/tasks/1_prerequisites.yml new file mode 100644 index 0000000..1e5d707 --- /dev/null +++ b/roles/seafile/tasks/1_prerequisites.yml @@ -0,0 +1,32 @@ +--- +- name: check supported versions + assert: + that: + - ansible_version is defined + - ansible_version.full|version_compare(min_ansible_version, '>=') + - ansible_distribution in SEAFILE_SUPPORTED_DISTRIBUTIONS + - '".".join(seafile_install_version.split(".")[0:2]) in SEAFILE_SUPPORTED_VERSIONS' + - seafile_backend in SEAFILE_SUPPORTED_BACKENDS + - ansible_python_version.startswith('2.6') or ansible_python_version.startswith('2.7') + +- name: install dependencies - deb + apt: + name: '{{ item }}' + state: latest + with_items: "{{ DEPENDENCY_PACKAGES_APT }}" + when: ansible_pkg_mgr == 'apt' + +- name: install dependencies - rpm + python 2.6 + yum: + name: '{{ item }}' + state: latest + with_items: DEPENDENCY_PACKAGES_RPM + when: ansible_pkg_mgr == 'yum' and ansible_python_version.startswith('2.6') + +- name: install dependencies - rpm + python 2.7 + yum: + name: '{{ item }}' + state: latest + with_items: DEPENDENCY_PACKAGES_RPM + when: ansible_pkg_mgr == 'yum' and ansible_python_version.startswith('2.7') + diff --git a/roles/seafile/tasks/2_provision.yml b/roles/seafile/tasks/2_provision.yml new file mode 100644 index 0000000..e56a196 --- /dev/null +++ b/roles/seafile/tasks/2_provision.yml @@ -0,0 +1,35 @@ +--- +- name: provision seafile user + user: + name: '{{ seafile_user }}' + state: present + comment: Seafile + createhome: yes + generate_ssh_key: no + home: '{{ seafile_user_home }}' + move_home: yes + system: yes + uid: '{{ seafile_user_uid|default(omit) }}' + +- name: provision directories + become: yes + become_user: '{{ seafile_user }}' + file: + path: '{{ item }}' + owner: '{{ seafile_user }}' + group: '{{ seafile_user }}' + mode: 0755 + state: directory + with_items: + - '{{ seafile_org_dir }}' + - '{{ seafile_org_dir + "/bin" }}' + - '{{ seafile_org_dir + "/installed" }}' + - '{{ seafile_ccnet_dir }}' + - '{{ seafile_conf_dir }}' + - '{{ seafile_log_dir }}' + - '{{ seafile_data_dir }}' + - '{{ seafile_seahubdata_dir }}' + - '{{ seafile_seahubdata_dir + "/avatars" }}' + - '{{ seafile_seahubdata_dir + "/custom" }}' + - '{{ seafile_mylib_dir }}' + diff --git a/roles/seafile/tasks/3_download.yml b/roles/seafile/tasks/3_download.yml new file mode 100644 index 0000000..e02b773 --- /dev/null +++ b/roles/seafile/tasks/3_download.yml @@ -0,0 +1,61 @@ +--- +- name: Install seafile beta + set_fact: + seafile_tarball_url: '{{ seafile_tarball_url|replace(".tar.gz", "-beta.tar.gz") }}' + when: seafile_install_version_beta + +- name: download release tarball + become: yes + become_user: '{{ seafile_user }}' + get_url: + url: '{{ seafile_tarball_url }}' + validate_certs: no + dest: '{{ seafile_org_dir + "/installed" }}' + register: seafile_tarball_dl + always_run: true + +- name: untar tarball + become: yes + become_user: '{{ seafile_user }}' + unarchive: + copy: no + src: '{{ seafile_tarball_dl.dest }}' + dest: '{{ seafile_org_dir }}' + creates: '{{ seafile_distrib_dir }}' + register: seafile_tarball_ex + +- name: check if we already have init scripts + stat: + path: /etc/init.d/{{ item.name }} + with_items: "{{ SEAFILE_INIT_SCRIPTS }}" + when: ansible_os_family in item.os_family + register: _seafile_init_script_present + +- name: stop_seafile + service: + name: '{{ item.0.name }}' + state: stopped + sleep: 5 + with_nested: + - '{{SEAFILE_INIT_SCRIPTS}}' + - "{{ _seafile_init_script_present.results }}" + when: + - ansible_os_family in item.0.os_family + - not item.1|skipped + - item.1.stat.exists + - seafile_tarball_dl|changed or seafile_tarball_ex|changed + +- name: link latest release + become: yes + become_user: '{{ seafile_user }}' + file: + src: '{{ seafile_distrib_dir }}' + dest: '{{ item }}' + owner: '{{ seafile_user }}' + group: '{{ seafile_user }}' + state: link + notify: restart_seafile + with_items: + - '{{ seafile_latest_dir }}' + - '{{ seafile_latest2_dir }}' + register: seafile_new_release diff --git a/roles/seafile/tasks/4_preconfigure.yml b/roles/seafile/tasks/4_preconfigure.yml new file mode 100644 index 0000000..014a96c --- /dev/null +++ b/roles/seafile/tasks/4_preconfigure.yml @@ -0,0 +1,49 @@ +--- +# prepare ccnet config +- name: generate ccnet config + become: yes + become_user: '{{ seafile_user }}' + command: > + {{ SEAFILE_CCNET_INIT }} -c {{ seafile_mylib_dir }}/ccnet --name {{ seafile_user }} --port {{ seafile_ccnet_port }} --host {{ seafile_ip_or_domain }} + creates={{ seafile_mylib_dir }}/ccnet/ + environment: '{{ SEAFILE_ENVIRONMENT }}' + +- name: register ccnet key ID + become: yes + become_user: '{{ seafile_user }}' + shell: grep ID {{ seafile_mylib_dir }}/ccnet/ccnet.conf | cut -d= -f2 + register: _seafile_ccnet_ID + always_run: true + changed_when: false + failed_when: _seafile_ccnet_ID.stdout == "" or _seafile_ccnet_ID.stderr != "" + +- name: link ccnet peer key + become: yes + become_user: '{{ seafile_user }}' + file: + src: '{{ seafile_mylib_dir }}/ccnet/mykey.peer' + dest: '{{ seafile_ccnet_dir }}/mykey.peer' + state: link + force: yes + owner: '{{ seafile_user }}' + group: '{{ seafile_user }}' + mode: 0640 + +# prepare seahub_settings secret key +- name: generate seahub_settings secret key + become: yes + become_user: '{{ seafile_user }}' + shell: > + {{ SEAFILE_SECRET_KEYGEN }} > {{ seafile_mylib_dir }}/seahub_settings_secret_key + creates={{ seafile_mylib_dir }}/seahub_settings_secret_key + environment: '{{ SEAFILE_ENVIRONMENT }}' + +- name: register seahub_settings secret key + become: yes + become_user: '{{ seafile_user }}' + command: cat {{ seafile_mylib_dir }}/seahub_settings_secret_key + register: _seafile_seahub_settings_secret_key + always_run: true + changed_when: false + failed_when: _seafile_seahub_settings_secret_key.stdout == "" or _seafile_seahub_settings_secret_key.stderr != "" + diff --git a/roles/seafile/tasks/5_configure.yml b/roles/seafile/tasks/5_configure.yml new file mode 100644 index 0000000..3d50f59 --- /dev/null +++ b/roles/seafile/tasks/5_configure.yml @@ -0,0 +1,83 @@ +--- +- name: provision configuration files and scripts + become: yes + become_user: '{{ seafile_user }}' + template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: '{{ seafile_user }}' + group: '{{ seafile_user }}' + mode: '{{ item.exec | default(false) | ternary(0750,0640) }}' + with_items: + # configuration files + - src: 'ccnet/seafile.ini' + dest: '{{ seafile_ccnet_dir }}/' + - src: 'conf/ccnet.conf' + dest: '{{ seafile_conf_dir }}/' + - src: 'conf/seafile.conf' + dest: '{{ seafile_conf_dir }}/' + - src: 'conf/seafdav.conf' + dest: '{{ seafile_conf_dir }}/' + - src: 'conf/seahub_settings.py' + dest: '{{ seafile_conf_dir }}/' + # handy environment file to be sourced when doing things manually + - src: 'bin/environment' + dest: '{{ seafile_org_dir + "/bin/" }}' + # perform a garbage collection maintenance + - src: 'bin/garbage-collect' + dest: '{{ seafile_org_dir + "/bin/" }}' + exec: true + notify: restart_seafile + +- name: provision crontabs + cron: + name: '{{ item.name }}' + user: '{{ seafile_user }}' + job: '{{ seafile_org_dir + "/bin/" + item.script }}' + minute: '{{ item.min | default(omit) }}' + hour: '{{ item.hou | default(omit) }}' + day: '{{ item.dom | default(omit) }}' + month: '{{ item.mon | default(omit) }}' + weekday: '{{ item.dow | default(omit) }}' + state: '{{ item.enabled | default(False) | ternary("present", "absent") }}' + with_items: + - name: Weekly Garbage Collection + script: garbage-collect + min: 0 + hou: 5 + dow: 7 + enabled: '{{ seafile_cron_gc_enabled }}' + +- name: move the default avatars directory out of the way + become: yes + become_user: '{{ seafile_user }}' + shell: > + ORI='{{ seafile_latest_dir }}/seahub/media/avatars'; + test -e $ORI && (test -L $ORI || mv -v $ORI ${ORI}.ori) + register: _shell + changed_when: _shell.stdout_lines|length > 0 + +- name: link media folders with local custom data + become: yes + become_user: '{{ seafile_user }}' + file: + src: '{{ seafile_seahubdata_dir +"/"+ item }}' + dest: '{{ seafile_latest_dir +"/seahub/media/" + item }}' + owner: '{{ seafile_user }}' + group: '{{ seafile_user }}' + mode: 0755 + state: link + force: yes + with_items: + - avatars + - custom + +- name: copy default avatars to custom data dir + become: yes + become_user: '{{ seafile_user }}' + shell: | + ORI='{{ seafile_latest_dir }}/seahub/media/avatars'; + rsync -ai ${ORI}.ori/ $ORI/ + register: _shell + changed_when: _shell.stdout_lines|length > 0 + diff --git a/roles/seafile/tasks/6_customize.yml b/roles/seafile/tasks/6_customize.yml new file mode 100644 index 0000000..a7cb5f0 --- /dev/null +++ b/roles/seafile/tasks/6_customize.yml @@ -0,0 +1,60 @@ +--- +# handle custom files outside the role upload + +- name: check for custom files folder + become: false + local_action: + module: stat + path: '{{ seafile_custom_files_path }}' + follow: yes + when: seafile_custom_files_path is defined + register: seafile_custom_files_folder_found + +- name: list custom dirs + become: false + local_action: command chdir="{{ seafile_custom_files_path }}" find . -mindepth 1 -type d + changed_when: false + always_run: yes + register: seafile_custom_files_path_dirs + when: + - not seafile_custom_files_folder_found|skipped + - seafile_custom_files_folder_found.stat.exists + - seafile_custom_files_folder_found.stat.isdir + +- name: list custom files + become: false + local_action: command chdir="{{ seafile_custom_files_path }}" find . -mindepth 1 -type f + changed_when: false + always_run: yes + register: seafile_custom_files_path_files + when: + - not seafile_custom_files_folder_found|skipped + - seafile_custom_files_folder_found.stat.exists + - seafile_custom_files_folder_found.stat.isdir + +- name: create custom files dirs + file: + dest: '{{ seafile_seahubdata_dir +"/custom/" + item }}' + state: directory + owner: '{{ seafile_user }}' + group: '{{ seafile_user }}' + mode: 0755 + with_items: seafile_custom_files_path_dirs.stdout_lines + when: + - not seafile_custom_files_folder_found|skipped + - seafile_custom_files_folder_found.stat.exists + - seafile_custom_files_folder_found.stat.isdir + +- name: copy custom files + copy: + src: '{{ seafile_custom_files_path +"/"+ item }}' + dest: '{{ seafile_seahubdata_dir +"/custom/" + item }}' + owner: '{{ seafile_user }}' + group: '{{ seafile_user }}' + mode: 0644 + with_items: seafile_custom_files_path_files.stdout_lines + when: + - not seafile_custom_files_folder_found|skipped + - seafile_custom_files_folder_found.stat.exists + - seafile_custom_files_folder_found.stat.isdir + diff --git a/roles/seafile/tasks/7_database.yml b/roles/seafile/tasks/7_database.yml new file mode 100644 index 0000000..f3a3111 --- /dev/null +++ b/roles/seafile/tasks/7_database.yml @@ -0,0 +1,9 @@ +--- +- name: provision database + become: yes + become_user: '{{ seafile_user }}' + shell: '{{ SEAFILE_MANAGEPY }} syncdb' + environment: '{{ SEAFILE_ENVIRONMENT }}' + register: seafile_syncdb + changed_when: seafile_syncdb.stdout.find( "Creating table ") != -1 + diff --git a/roles/seafile/tasks/8_init_admin.yml b/roles/seafile/tasks/8_init_admin.yml new file mode 100644 index 0000000..eee88d2 --- /dev/null +++ b/roles/seafile/tasks/8_init_admin.yml @@ -0,0 +1,17 @@ +--- +- name: provision admin user creation script + become: yes + become_user: '{{ seafile_user }}' + template: + src: bin/init_admin.py + dest: '{{ seafile_latest_dir }}/init_admin.py' + mode: 0700 + +- name: provision admin user + become: yes + become_user: '{{ seafile_user }}' + command: /usr/bin/env python {{ seafile_latest_dir }}/init_admin.py + environment: '{{ SEAFILE_ENVIRONMENT }}' + register: seafile_init_admin + changed_when: seafile_init_admin.stdout.find("changed=false") == -1 + diff --git a/roles/seafile/tasks/9_init.yml b/roles/seafile/tasks/9_init.yml new file mode 100644 index 0000000..0e9cafd --- /dev/null +++ b/roles/seafile/tasks/9_init.yml @@ -0,0 +1,50 @@ +--- +- name: provision sysconfig + template: + src: init/seafile.sysconfig + dest: /etc/sysconfig/seafile + owner: root + group: root + mode: 0644 + when: ansible_os_family == "RedHat" + notify: restart_seafile + +- name: provision sysvinit script + template: + src: init/{{ item.name }}.initd.{{ ansible_os_family }} + dest: /etc/init.d/{{ item.name }} + owner: root + group: root + mode: 0750 + when: ansible_os_family in item.os_family and ansible_service_mgr == "sysvinit" + with_items: "{{ SEAFILE_INIT_SCRIPTS }}" + notify: restart_seafile + +- name: provision systemd services + template: + src: systemd/{{ item.name }}.service + dest: /lib/systemd/system/ + when: ansible_service_mgr == "systemd" + with_items: "{{ SEAFILE_INIT_SCRIPTS }}" + notify: + - systemd_reload + - restart_seafile + +- name: provision upstart script + template: + src: init/seafile.conf + dest: /etc/init/seafile.conf + owner: root + group: root + mode: 0644 + when: ansible_service_mgr == "upstart" + notify: restart_seafile + +- name: enable init services + service: + name: '{{ item.name }}' + enabled: yes + when: ansible_os_family in item.os_family + with_items: "{{ SEAFILE_INIT_SCRIPTS }}" + notify: restart_seafile + diff --git a/roles/seafile/tasks/main.yml b/roles/seafile/tasks/main.yml new file mode 100644 index 0000000..626dc3f --- /dev/null +++ b/roles/seafile/tasks/main.yml @@ -0,0 +1,45 @@ +--- +- include: 1_prerequisites.yml + tags: + - seafile_prerequisites + +- include: 2_provision.yml + tags: + - seafile_provision + +- include: 3_download.yml + tags: + - seafile_download + +- include: 4_preconfigure.yml + tags: + - seafile_preconfigure + - seafile_configure + +- include: 5_configure.yml + tags: + - seafile_configure + +- include: 6_customize.yml + tags: + - seafile_customize + +- include: 7_database.yml + tags: + - seafile_database + +- include: 8_init_admin.yml + tags: + - seafile_init_admin + +- include: 9_init.yml + tags: + - seafile_init + +- debug: + msg: > + If you upgraded seafile, please verify if you need to run some upgrade scripts manually. + Have a look at the scripts in {{ seafile_latest_dir }}/upgrade + and see http://manual.seafile.com/deploy/upgrade.html + tags: + - seafile diff --git a/roles/seafile/templates/bin/environment b/roles/seafile/templates/bin/environment new file mode 100644 index 0000000..18d60a2 --- /dev/null +++ b/roles/seafile/templates/bin/environment @@ -0,0 +1,7 @@ +## {{ansible_managed}} + +{% for var in SEAFILE_ENVIRONMENT|dictsort %} +export {{ var[0] }}="{{ var[1] }}" +{% endfor %} + +## {{ansible_managed}} diff --git a/roles/seafile/templates/bin/garbage-collect b/roles/seafile/templates/bin/garbage-collect new file mode 100755 index 0000000..2f2743b --- /dev/null +++ b/roles/seafile/templates/bin/garbage-collect @@ -0,0 +1,15 @@ +#!/bin/bash + +on_exit() { + sleep 5 + {{ seafile_latest_dir }}/seafile.sh start +} +trap on_exit TERM KILL EXIT + +{{ seafile_latest_dir }}/seafile.sh stop +if [ $? -eq 0 ] +then + sleep 30 + {{ seafile_latest_dir }}/seaf-gc.sh +fi + diff --git a/roles/seafile/templates/bin/init_admin.py b/roles/seafile/templates/bin/init_admin.py new file mode 100644 index 0000000..4adb6b3 --- /dev/null +++ b/roles/seafile/templates/bin/init_admin.py @@ -0,0 +1,32 @@ +#!/usr/bin/env python + +#coding: UTF-8 + +# {{ ansible_managed }} + +import check_init_admin +import os +import sys +import subprocess + +def main(): + subprocess.call(["{{ seafile_latest_dir }}/seafile.sh", "start"]) + if check_init_admin.need_create_admin(): + check_init_admin.create_admin('{{ seafile_seahub_admin_email }}', '{{ seafile_seahub_admin_password }}') + else: + print "changed=false" + +if __name__ == '__main__': + try: + main() + except KeyboardInterrupt: + print '\n\n\n' + print 'Aborted.' + print + sys.exit(1) + except Exception, e: + print + print 'Error happened during creating seafile admin:' + print e + print + sys.exit(1) diff --git a/roles/seafile/templates/ccnet/seafile.ini b/roles/seafile/templates/ccnet/seafile.ini new file mode 100644 index 0000000..590fc89 --- /dev/null +++ b/roles/seafile/templates/ccnet/seafile.ini @@ -0,0 +1 @@ +{{ seafile_data_dir }} diff --git a/roles/seafile/templates/conf/ccnet.conf b/roles/seafile/templates/conf/ccnet.conf new file mode 100644 index 0000000..96daacc --- /dev/null +++ b/roles/seafile/templates/conf/ccnet.conf @@ -0,0 +1,33 @@ +[General] +USER_NAME = {{ seafile_user }} +ID = {{ _seafile_ccnet_ID.stdout }} +NAME = {{ seafile_org_name }} +SERVICE_URL = {{ seafile_service_url }} + +[Network] +PORT = {{ seafile_ccnet_port }} + +[Client] +PORT = 13418 + +{% if seafile_backend in SEAFILE_EXTERNAL_BACKENDS %} +[Database] +ENGINE = {{ seafile_backend }} +HOST = {{ seafile_db_host }} +PORT = {{ seafile_db_port }} +USER = {{ seafile_db_user }} +PASSWD = {{ seafile_db_pass }} +DB = {{ seafile_db_name.ccnet }} +CONNECTION_CHARSET=utf8 + +{% endif %} + +{% if seafile_ldap is defined %} +[LDAP] +HOST = {{ seafile_ldap.host }} +BASE = {{ seafile_ldap.base }} +USER_DN = {{ seafile_ldap.user_dn }} +PASSWORD = {{ seafile_ldap.password }} +LOGIN_ATTR = {{ seafile_ldap.login_attr }} + +{% endif %} diff --git a/roles/seafile/templates/conf/seafdav.conf b/roles/seafile/templates/conf/seafdav.conf new file mode 100644 index 0000000..c8e953b --- /dev/null +++ b/roles/seafile/templates/conf/seafdav.conf @@ -0,0 +1,9 @@ +[WEBDAV] +enabled = {% if seafile_webdav_enabled %}true +{% else %}false +{% endif %} +port = {{ seafile_webdav_port }} +fastcgi = {% if seafile_webdav_fastcgi %}true +{% else %}false +{% endif %} +share_name = {{ seafile_webdav_path }} diff --git a/roles/seafile/templates/conf/seafile.conf b/roles/seafile/templates/conf/seafile.conf new file mode 100644 index 0000000..96b7a24 --- /dev/null +++ b/roles/seafile/templates/conf/seafile.conf @@ -0,0 +1,38 @@ +[network] +# tcp port for httpserver +port = {{ seafile_seafile_port }} + +[fileserver] +port = {{ seafile_httpserver_port }} + +# Set maximum upload file size in MB. +{% if not seafile_max_upload_size_enable %}#{% endif %} +max_upload_size = {{ seafile_max_upload_size }} + +# Set maximum download directory size in MB. +{% if not seafile_max_download_dir_size_enable %}#{% endif %} +max_download_dir_size = {{ seafile_max_download_dir_size }} + +[quota] +# default user quota in GB, integer only +{% if not seafile_quota_enable %}#{% endif %} +default = {{ seafile_quota_default }} + +[history] +# If you don't want to keep all file revision history, you may set a default +# history length limit for all libraries. +{% if seafile_history_keepall %}#{% endif %} +keep_days = {{ seafile_history_keep_days }} + +{% if seafile_backend in SEAFILE_EXTERNAL_BACKENDS %} +[database] +type = {{ seafile_backend }} +host = {{ seafile_db_host }} +port = {{ seafile_db_port }} +user = {{ seafile_db_user }} +password = {{ seafile_db_pass }} +db_name = {{ seafile_db_name.seafile }} +CONNECTION_CHARSET=utf8 + +{% endif %} + diff --git a/roles/seafile/templates/conf/seahub_settings.py b/roles/seafile/templates/conf/seahub_settings.py new file mode 100644 index 0000000..f1cd808 --- /dev/null +++ b/roles/seafile/templates/conf/seahub_settings.py @@ -0,0 +1,117 @@ +# secret key +SECRET_KEY = "{{ _seafile_seahub_settings_secret_key.stdout }}" + +## email settings + +{% if not seafile_email_enable %}#{% endif %} +EMAIL_USE_TLS = {{ seafile_email_use_tls }} +{% if not seafile_email_enable %}#{% endif %} +EMAIL_HOST = '{{ seafile_email_host }}' +{% if not seafile_email_enable %}#{% endif %} +EMAIL_HOST_USER = '{{ seafile_email_user }}' +{% if not seafile_email_enable %}#{% endif %} +EMAIL_HOST_PASSWORD = '{{ seafile_email_password }}' +{% if not seafile_email_enable %}#{% endif %} +EMAIL_PORT = {{ seafile_email_port }} +{% if not seafile_email_enable %}#{% endif %} +DEFAULT_FROM_EMAIL = '{{ seafile_default_from_email }}' +{% if not seafile_email_enable %}#{% endif %} +SERVER_EMAIL = '{{ seafile_server_email }}' + + +HTTP_SERVER_ROOT = 'https://{{ seafile_ip_or_domain }}/seafhttp' + +# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name +# although not all choices may be available on all operating systems. +# If running in a Windows environment this must be set to the same as your +# system time zone. +TIME_ZONE = '{{ seafile_time_zone }}' + +# Set this to seahub website's URL. This URL is contained in email notifications. +SITE_BASE = '{{ seafile_site_base }}' + +# Set this to your website's name. This is contained in email notifications. +SITE_NAME = '{{ seafile_site_name }}' + +# Set seahub website's title +SITE_TITLE = '{{ seafile_site_title }}' + +# If you don't want to run seahub website on your site's root path, set this +# option to your preferred path. +# e.g. setting it to '/seahub/' would run seahub on http://example.com/seahub/. +SITE_ROOT = '{{ seafile_site_root }}' + +# Whether to use pdf.js to view pdf files online. Default is `True`, you can +# turn it off. +# NOTE: since version 1.4. +USE_PDFJS = {{ seafile_use_pdfjs }} + +# Enalbe or disalbe registration on web. Default is `False`. +# NOTE: since version 1.4. +ENABLE_SIGNUP = {{ seafile_enable_signup }} + +# Activate or deactivate user when registration complete. Default is `True`. +# If set to `False`, new users need to be activated by admin in admin panel. +# NOTE: since version 1.8 +ACTIVATE_AFTER_REGISTRATION = {{ seafile_activate_after_registration }} + +# Whether to send email when a system admin adding a new member. Default is +# `True`. +# NOTE: since version 1.4. +SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = {{ seafile_send_email_on_adding_system_member }} + +# Whether to send email when a system admin resetting a user's password. +# Default is `True`. +# NOTE: since version 1.4. +SEND_EMAIL_ON_RESETTING_USER_PASSWD = {{ seafile_send_email_on_resetting_user_passwd }} + +# Hide `Organization` tab. +# If you want your private seafile behave exactly like +# https://cloud.seafile.com/, you can set this flag. +CLOUD_MODE = {{ seafile_cloud_mode }} + +# Online preview maximum file size, defaults to 30M. +FILE_PREVIEW_MAX_SIZE = {{ seafile_file_preview_max_size }} + +# Age of cookie, in seconds (default: 2 weeks). +SESSION_COOKIE_AGE = {{ seafile_session_cookie_age }} + +# Whether to save the session data on every request. +SESSION_SAVE_EVERY_REQUEST = {{ seafile_session_save_every_request }} + +# Whether a user's session cookie expires when the Web browser is closed. +SESSION_EXPIRE_AT_BROWSER_CLOSE = {{ seafile_session_expire_at_browser_close }} + +# Using server side crypto by default, otherwise, let user choose crypto method. +FORCE_SERVER_CRYPTO = {{ seafile_force_server_crypto }} + +# Custom logo path +{% if not seafile_logo_path %}#{% endif %} +LOGO_PATH = '{{ seafile_logo_path }}' + +# Custom css path +{% if not seafile_css_path %}#{% endif %} +BRANDING_CSS = '{{ seafile_css_path }}' + +{% if seafile_backend in SEAFILE_EXTERNAL_BACKENDS %} +# External Database settings +DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.{{ seafile_backend }}', + 'NAME' : '{{ seafile_db_name.seahub }}', + 'USER' : '{{ seafile_db_user }}', + 'PASSWORD' : '{{ seafile_db_pass }}', + 'HOST' : '{{ seafile_db_host }}', + 'PORT' : '{{ seafile_db_port }}' + } +} + +{% endif %} +# For security consideration, please set to match the host/domain of your site, +# e.g., ALLOWED_HOSTS = ['.example.com']. +# Please refer to +# https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts for +# details. +{% if not seafile_allowed_hosts %}#{% endif %} +ALLOWED_HOSTS = {{ seafile_allowed_hosts }} + diff --git a/roles/seafile/templates/init/seafile.conf b/roles/seafile/templates/init/seafile.conf new file mode 100644 index 0000000..258b1ec --- /dev/null +++ b/roles/seafile/templates/init/seafile.conf @@ -0,0 +1,16 @@ +# {{ ansible_managed }} + +{% if seafile_backend == 'sqlite' %} +start on (runlevel [2345]) +{% elif seafile_backend == 'mysql' and (seafile_db_host == 'localhost' or seafile_db_host == '127.0.0.1' or seafile_db_host == '::1') %} +start on (started mysql and runlevel [2345]) +{% endif %} +stop on (runlevel [016]) + +pre-start script +/etc/init.d/seafile start +end script + +post-stop script +/etc/init.d/seafile stop +end script diff --git a/roles/seafile/templates/init/seafile.initd.Debian b/roles/seafile/templates/init/seafile.initd.Debian new file mode 100644 index 0000000..a382318 --- /dev/null +++ b/roles/seafile/templates/init/seafile.initd.Debian @@ -0,0 +1,54 @@ +#!/bin/bash + +# {{ ansible_managed }} + +### BEGIN INIT INFO +# Provides: seafile-server +# Required-Start: $local_fs $remote_fs $network{% if seafile_backend == 'mysql' and (seafile_db_host == 'localhost' or seafile_db_host == '127.0.0.1' or seafile_db_host == '::1') %} mysql{% endif %} + +# Required-Stop: $local_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Starts Seafile Server +# Description: starts Seafile Server +### END INIT INFO + + +user={{ seafile_user }} +seafile_dir={{ seafile_org_dir }} +script_path={{ seafile_latest_dir }} +seafile_init_log={{ seafile_log_dir }}/seafile.init.log +seahub_init_log={{ seafile_log_dir }}/seahub.init.log +fastcgi={% if seafile_fastcgi_enabled %}true +{% else %}false +{% endif %} +fastcgi_port={{ seafile_fastcgi_port }} + +case "$1" in + start) + sudo -u ${user} ${script_path}/seafile.sh start >> ${seafile_init_log} + if [ $fastcgi = true ]; + then + sudo -u ${user} ${script_path}/seahub.sh start-fastcgi ${fastcgi_port} >> ${seahub_init_log} + else + sudo -u ${user} ${script_path}/seahub.sh start >> ${seahub_init_log} + fi + ;; + restart) + sudo -u ${user} ${script_path}/seafile.sh restart >> ${seafile_init_log} + if [ $fastcgi = true ]; + then + sudo -u ${user} ${script_path}/seahub.sh restart-fastcgi ${fastcgi_port} >> ${seahub_init_log} + else + sudo -u ${user} ${script_path}/seahub.sh restart >> ${seahub_init_log} + fi + ;; + stop) + sudo -u ${user} ${script_path}/seafile.sh $1 >> ${seafile_init_log} + sudo -u ${user} ${script_path}/seahub.sh $1 >> ${seahub_init_log} + ;; + *) + echo "Usage: /etc/init.d/seafile {start|stop|restart}" + exit 1 + ;; +esac diff --git a/roles/seafile/templates/init/seafile.initd.RedHat b/roles/seafile/templates/init/seafile.initd.RedHat new file mode 100644 index 0000000..6b1274b --- /dev/null +++ b/roles/seafile/templates/init/seafile.initd.RedHat @@ -0,0 +1,64 @@ +#!/bin/bash +# +# seafile + +# {{ ansible_managed }} + +# +# chkconfig: - 68 32 +# description: seafile + +# Source function library. +. /etc/init.d/functions + +# Source networking configuration. +. /etc/sysconfig/network + +if [ -f /etc/sysconfig/seafile ];then + . /etc/sysconfig/seafile + else + echo "Config file /etc/sysconfig/seafile not found! Bye." + exit 200 + fi + +RETVAL=0 + +start() { + # Start daemons. + echo -n $"Starting seafile: " + ulimit -n 30000 + su - ${user} -c"${script_path}/seafile.sh start >> ${seafile_init_log} 2>&1" + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/seafile + return $RETVAL +} + +stop() { + echo -n $"Shutting down seafile: " + su - ${user} -c"${script_path}/seafile.sh stop >> ${seafile_init_log} 2>&1" + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/seafile + return $RETVAL +} + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart|reload) + stop + start + RETVAL=$? + ;; + *) + echo $"Usage: $0 {start|stop|restart}" + RETVAL=3 +esac + +exit $RETVAL diff --git a/roles/seafile/templates/init/seafile.sysconfig b/roles/seafile/templates/init/seafile.sysconfig new file mode 100644 index 0000000..3e5dbb7 --- /dev/null +++ b/roles/seafile/templates/init/seafile.sysconfig @@ -0,0 +1,12 @@ +# {{ ansible_managed }} + +user={{ seafile_user }} +seafile_dir={{ seafile_org_dir }} +script_path={{ seafile_latest_dir }} +seafile_init_log={{ seafile_log_dir }}/seafile.init.log +seahub_init_log={{ seafile_log_dir }}/seahub.init.log +fastcgi={% if seafile_fastcgi_enabled %}true +{% else %}false +{% endif %} +fastcgi_port={{ seafile_fastcgi_port }} + diff --git a/roles/seafile/templates/init/seahub.initd.RedHat b/roles/seafile/templates/init/seahub.initd.RedHat new file mode 100644 index 0000000..27910c6 --- /dev/null +++ b/roles/seafile/templates/init/seahub.initd.RedHat @@ -0,0 +1,69 @@ +#!/bin/bash +# +# seahub + +# {{ ansible_managed }} + +# +# chkconfig: - 69 31 +# description: seahub + +# Source function library. +. /etc/init.d/functions + +# Source networking configuration. +. /etc/sysconfig/network + +if [ -f /etc/sysconfig/seafile ];then + . /etc/sysconfig/seafile + else + echo "Config file /etc/sysconfig/seafile not found! Bye." + exit 200 + fi + +RETVAL=0 + +start() { + # Start daemons. + echo -n $"Starting seahub: " + ulimit -n 30000 + if [ $fastcgi = true ]; + then + su - ${user} -c"${script_path}/seahub.sh start-fastcgi ${fastcgi_port} >> ${seahub_init_log} 2>&1" + else + su - ${user} -c"${script_path}/seahub.sh start >> ${seahub_init_log} 2>&1" + fi + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/seahub + return $RETVAL +} + +stop() { + echo -n $"Shutting down seahub: " + su - ${user} -c"${script_path}/seahub.sh stop >> ${seahub_init_log} 2>&1" + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/seahub + return $RETVAL +} + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart|reload) + stop + start + RETVAL=$? + ;; + *) + echo $"Usage: $0 {start|stop|restart}" + RETVAL=3 +esac + +exit $RETVAL diff --git a/roles/seafile/templates/systemd/seafile.service b/roles/seafile/templates/systemd/seafile.service new file mode 100644 index 0000000..3d1a63f --- /dev/null +++ b/roles/seafile/templates/systemd/seafile.service @@ -0,0 +1,16 @@ +# {{ ansible_managed }} + +[Unit] +Description=Seafile +After=network.target {% if seafile_backend != 'sqlite' and seafile_db_host == '127.0.0.1' %} {{ seafile_backend }}.service {% endif %} + +[Service] +Type=oneshot +ExecStart={{ seafile_org_dir }}/seafile-server-latest/seafile.sh restart +ExecStop={{ seafile_org_dir }}/seafile-server-latest/seafile.sh stop +RemainAfterExit=yes +User={{ seafile_user }} +Group=seafile + +[Install] +WantedBy=multi-user.target diff --git a/roles/seafile/templates/systemd/seahub.service b/roles/seafile/templates/systemd/seahub.service new file mode 100644 index 0000000..a37db81 --- /dev/null +++ b/roles/seafile/templates/systemd/seahub.service @@ -0,0 +1,17 @@ +# {{ ansible_managed }} + +[Unit] +Description=Seafile hub +After=network.target seafile.service + +[Service] +# change start to start-fastcgi if you want to run fastcgi +ExecStart={{ seafile_org_dir }}/seafile-server-latest/seahub.sh start-fastcgi +ExecStop={{ seafile_org_dir }}/seafile-server-latest/seahub.sh stop +User={{ seafile_user }} +Group=seafile +Type=oneshot +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/roles/seafile/vars/main.yml b/roles/seafile/vars/main.yml new file mode 100644 index 0000000..f4a53d0 --- /dev/null +++ b/roles/seafile/vars/main.yml @@ -0,0 +1,63 @@ +--- +min_ansible_version: 1.9 +SEAFILE_SUPPORTED_DISTRIBUTIONS: + - 'Ubuntu' + - 'Debian' + - 'CentOS' +SEAFILE_SUPPORTED_VERSIONS: + - '5.0' + - '5.1' + - '6.0' +SEAFILE_SUPPORTED_BACKENDS: + - 'sqlite' + - 'mysql' + #- 'postgresql' +SEAFILE_EXTERNAL_BACKENDS: > + {{ SEAFILE_SUPPORTED_BACKENDS|difference(['sqlite']) }} +SEAFILE_INIT_SCRIPTS: + - name: 'seafile' + os_family: + - 'Debian' + - 'RedHat' + - name: 'seahub' + os_family: + - 'Debian' + - 'RedHat' + +DEPENDENCY_PACKAGES_APT: +- python-setuptools +- python-simplejson +- python-imaging +- python-mysqldb +- sqlite +- rsync +- sudo +- cron +DEPENDENCY_PACKAGES_RPM: +- python2.6-setuptools +- python2.6-simplejson +- python2.6-imaging +- MYSQL-python +- sqlite +- rsync +- sudo + +SEAFILE_ENVIRONMENT: + LD_LIBRARY_PATH: '{{ seafile_latest_dir }}/seafile/lib/:{{ seafile_latest_dir }}/seafile/lib64:${LD_LIBRARY_PATH}' + PYTHONPATH: '{{ seafile_latest_dir }}/seafile/lib/python2.6/site-packages:{{ seafile_latest_dir }}/seafile/lib64/python2.6/site-packages:{{ seafile_latest_dir }}/seahub/thirdpart:{{ seafile_latest_dir }}/seafile/lib/python2.7/site-packages:{{ seafile_latest_dir }}/seafile/lib64/python2.7/site-packages:{{ ansible_env.PYTHONPATH | default("") }}' + CCNET_CONF_DIR: '{{ seafile_ccnet_dir }}' + SEAFILE_CONF_DIR: '{{ seafile_data_dir }}' + SEAFILE_CENTRAL_CONF_DIR: '{{ seafile_conf_dir }}' + +SEAFILE_CCNET_INIT: '{{ seafile_latest_dir }}/seafile/bin/ccnet-init' +SEAFILE_SERVER_INIT: '{{ seafile_latest_dir }}/seafile/bin/seaf-server-init' +SEAFILE_SECRET_KEYGEN: 'python {{ seafile_latest_dir }}/seahub/tools/secret_key_generator.py' +SEAFILE_MANAGEPY: 'python {{ seafile_latest_dir }}/seahub/manage.py' +SEAFILE_AVATAR_SRC: '{{ seafile_seahubdata_dir }}/avatars' +SEAFILE_AVATAR_DEST: '{{ seafile_latest_dir }}/seahub/media/avatars' +SEAFILE_DOCS_SRC: '{{ seafile_latest_dir }}/seafile/docs' +SEAFILE_DOCS_DEST: '{{ seafile_data_dir }}/library-template' + +# moved to vars, seems hardcoded in seafile scripts +seafile_log_dir: '{{ seafile_org_dir + "/logs" }}' +