๐Ÿ“— Ansible playbooks and roles for building an idempotent, interconnected and scalable infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ansible-playbooks/roles/seafile/tasks/main.yml

243 lines
5.4 KiB

2 years ago
- name: gather facts
setup:
gather_subset:
- min
- name: fail if this is not debian
fail:
msg: "this role only supports debian hosts"
when: ansible_distribution != 'Debian'
- name: set seaf_cfg
set_fact:
seaf_cfg: "{{ seaf_default_config | d({}) | combine(seaf_config | d({}), recursive=true) }}"
- name: install mariadb
include_role:
name: mariadb
vars:
function: install
mariadb_config:
old_passwords: 0
ssl_ca:
ssl_cert:
ssl_key:
tls_version:
mariadb_enable_tls: no
- name: add mariadb users
include_role:
name: mariadb
vars:
function: add_user
mariadb_server: "{{ inventory_hostname }}"
user:
name: "{{ seaf_db_user }}"
password: "{{ seaf_db_password }}"
privs:
- key: "{{ seaf_db_ccnet }}.*"
value: ALL
- key: "{{ seaf_db_seafile }}.*"
value: ALL
- key: "{{ seaf_db_seahub }}.*"
value: ALL
- name: add mariadb databases
include_role:
name: mariadb
vars:
function: add_db
mariadb_server: "{{ inventory_hostname }}"
database:
name: "{{ item }}"
encoding: utf8
loop:
- "{{ seaf_db_ccnet }}"
- "{{ seaf_db_seafile }}"
- "{{ seaf_db_seahub }}"
- name: install dependencies
include_tasks: tasks/install_packages.yml
vars:
package:
- python3
- python3-setuptools
- python3-pip
- libmariadb-dev
- memcached
- libmemcached-dev
- libffi-dev
- name: install pip dependencies
pip:
name:
- django==3.2.*
- Pillow
- pylibmc
- captcha
- jinja2
- sqlalchemy==1.4.3
- django-pylibmc
- django-simple-captcha
- python3-ldap
- mysqlclient
- pycryptodome==3.12.0
- cffi==1.14.0
- name: create user and group
include_tasks: tasks/create_user.yml
vars:
user:
name: "{{ seaf_user }}"
group: "{{ seaf_group }}"
dir: "{{ seaf_dir }}"
shell: /bin/bash
- name: download and extract seafile distro
unarchive:
src: "https://s3.eu-central-1.amazonaws.com/download.seadrive.org/seafile-server_{{ seaf_version }}_x86-64.tar.gz"
dest: "{{ seaf_dir }}"
remote_src: yes
owner: "{{ seaf_user }}"
group: "{{ seaf_group }}"
creates: "{{ seaf_dir }}/seafile-server-{{ seaf_version }}"
- name: set seafile setup script parameters
set_fact:
seaf_script_params: "{{ [(('--server-name ' ~ (seaf_server_name | quote)) if (seaf_server_name is defined) else ''),
'--server-ip ' ~ (host_fqdn | quote),
'--use-existing-db 1',
'--mysql-user ' ~ seaf_db_user,
'--mysql-user-passwd ' ~ seaf_db_password
] | select() | list | join(' ') }}"
- name: run seafile setup script
shell:
cmd: "./setup-seafile-mysql.sh auto {{ seaf_script_params }}"
chdir: "{{ seaf_dir }}/seafile-server-{{ seaf_version }}"
creates: "{{ seaf_dir }}/seafile-server-latest"
become: yes
become_method: su
become_flags: '-s /bin/bash'
become_user: "{{ seaf_user }}"
register: result
- name: template configs
template:
src: "{{ item.src }}.j2"
dest: "{{ seaf_dir }}/conf/{{ item.dest }}"
force: yes
mode: "{{ item.mode | d(omit) }}"
owner: "{{ seaf_user }}"
group: "{{ seaf_group }}"
loop:
- { src: 'ccnet', dest: 'ccnet.conf' }
- { src: 'seafile', dest: 'seafile.conf' }
- { src: 'seahub_settings', dest: 'seahub_settings.py', mode: '0700' }
notify:
- restart seafile
- restart seahub
- name: template cleanup script
template:
src: cleanup.j2
dest: "{{ seaf_dir }}/cleanup_script.sh"
force: yes
mode: "+x"
owner: "{{ seaf_user }}"
group: "{{ seaf_group }}"
- name: create cron entry for cleanup script
cron:
name: seafile-cleanup
minute: "{{ seaf_cleanup.minute | d(0) }}"
hour: "{{ seaf_cleanup.hour | d(2) }}"
weekday: "{{ seaf_cleanup.weekday | d(0) }}"
job: "{{ seaf_dir }}/cleanup_script.sh"
- name: template systemd init files
template:
src: "{{ item.src }}.j2"
dest: "/etc/systemd/system/{{ item.dest }}.service"
force: yes
loop:
- { src: 'seafile_service', dest: 'seafile' }
- { src: 'seahub_service', dest: 'seahub' }
notify: reload systemd daemons
- name: install and configure memcached
include_role:
name: memcached
- name: install and configure collabora online
include_role:
name: officeonline
- name: install and configure logrotate
include_role:
name: logrotate
vars:
logrotate_services:
- name: seafile
template: logrotate_seafile
- name: install and configure nginx
include_role:
name: nginx
vars:
nginx:
servers:
- conf: nginx_server
certs: "{{ host_tls }}"
security_headers: no
conf:
http:
disable_symlinks: no
ssl_conf_command: []
- name: flush handlers
meta: flush_handlers
- name: add directories to backup plan
include_role:
name: backup
vars:
function: add
backup_items:
- "{{ seaf_dir }}/ccnet"
- "{{ seaf_dir }}/conf"
- "{{ seaf_dir }}/seafile-server-latest"
- "{{ seaf_dir }}/cleanup_script.sh"
- name: enable and start services
systemd:
daemon_reload: yes
enabled: yes
name: "{{ item }}"
state: started
loop:
- seafile
- seahub