mirror of
https://github.com/YunoHost-Apps/seafile_ynh.git
synced 2024-09-03 20:26:01 +02:00
First draft to use docker image with systemd
This commit is contained in:
parent
b80a0fc628
commit
b00bffc734
12 changed files with 83 additions and 86 deletions
|
@ -7,7 +7,7 @@ workers = 5
|
|||
bind = "127.0.0.1:__PORT_SEAHUB__"
|
||||
|
||||
# Pid
|
||||
pids_dir = '__INSTALL_DIR__/pids'
|
||||
pids_dir = '/opt/seafile/pids'
|
||||
pidfile = os.path.join(pids_dir, 'seahub.pid')
|
||||
|
||||
# for file upload, we need a longer timeout value (default is only 30s, too short)
|
||||
|
|
|
@ -16,7 +16,11 @@ location __PATH__ {
|
|||
}
|
||||
|
||||
location __PATH__/media/ {
|
||||
alias __INSTALL_DIR__/seafile-server-latest/seahub/media/;
|
||||
alias __SEAFILE_CODE__/seahub/media/;
|
||||
}
|
||||
|
||||
location __PATH__/media/avatars/ {
|
||||
alias __DATA_DIR__/seahub-data/avatars/;
|
||||
}
|
||||
|
||||
location /seafhttp/ {
|
||||
|
|
|
@ -5,11 +5,15 @@ After=mysql.service
|
|||
|
||||
[Service]
|
||||
Type=forking
|
||||
ExecStart=/opt/yunohost/__APP__/seafile-server-latest/seafile.sh start
|
||||
ExecStop=/opt/yunohost/__APP__/seafile-server-latest/seafile.sh stop
|
||||
ExecStart=/opt/seafile/seafile-server-__SEAFILE_VERSION__/seafile.sh start
|
||||
ExecStop=/opt/seafile/seafile-server-__SEAFILE_VERSION__/seafile.sh stop
|
||||
User=__APP__
|
||||
Group=__APP__
|
||||
|
||||
# Config releated to run in docker provied file system
|
||||
RootDirectory=__INSTALL_DIR__/seafile_image
|
||||
BindPaths=__SYSTEMD_SEAFILE_BIND_MOUNT__
|
||||
|
||||
# Sandboxing options to harden security
|
||||
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
||||
NoNewPrivileges=yes
|
||||
|
|
|
@ -4,11 +4,15 @@ After=network.target seafile.service
|
|||
|
||||
[Service]
|
||||
Type=forking
|
||||
ExecStart=/opt/yunohost/__APP__/seafile-server-latest/seahub.sh start
|
||||
ExecStop=/opt/yunohost/__APP__/seafile-server-latest/seahub.sh stop
|
||||
ExecStart=/opt/seafile/seafile-server-__SEAFILE_VERSION__/seahub.sh start
|
||||
ExecStop=/opt/seafile/seafile-server-__SEAFILE_VERSION__/seahub.sh stop
|
||||
User=__APP__
|
||||
Group=__APP__
|
||||
|
||||
# Config releated to run in docker provied file system
|
||||
RootDirectory=__INSTALL_DIR__/seafile_image
|
||||
BindPaths=__SYSTEMD_SEAFILE_BIND_MOUNT__
|
||||
|
||||
# Sandboxing options to harden security
|
||||
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
||||
NoNewPrivileges=yes
|
||||
|
|
|
@ -23,8 +23,8 @@ architectures = ["amd64", "arm64"]
|
|||
multi_instance = false
|
||||
ldap = true
|
||||
sso = true
|
||||
disk = "1G"
|
||||
ram.build = "500M"
|
||||
disk = "1.5G"
|
||||
ram.build = "0M"
|
||||
ram.runtime = "500M"
|
||||
|
||||
[install]
|
||||
|
@ -66,8 +66,8 @@ ram.runtime = "500M"
|
|||
|
||||
[resources.install_dir]
|
||||
dir = "/opt/yunohost/__APP__"
|
||||
owner = "__APP__:rwX"
|
||||
group = "__APP__:rX"
|
||||
owner = "__APP__:rwx"
|
||||
group = "www-data:rx"
|
||||
|
||||
[resources.data_dir]
|
||||
dir = "/home/yunohost.app/__APP__"
|
||||
|
@ -128,12 +128,7 @@ ram.runtime = "500M"
|
|||
arm64.sha256 = "035923b7982c2ccd5d8a9813948a670b70e3fefdb91ec76d33ba1280c9c14d40"
|
||||
|
||||
[resources.apt]
|
||||
packages = ["python3", "python3-venv", "python3-setuptools", "python3-pip", "python3-dev",
|
||||
"python3-requests", "python3-scipy", "python3-matplotlib",
|
||||
"mariadb-server", "libmariadb-dev-compat", "libmariadb-dev",
|
||||
"ldap-utils", "libldap2-dev", "libsasl2-dev",
|
||||
"memcached", "libmemcached-dev",
|
||||
"ffmpeg"]
|
||||
packages = ["mariadb-server", "memcached"]
|
||||
|
||||
[resources.database]
|
||||
type = "mysql"
|
||||
|
|
|
@ -4,6 +4,12 @@
|
|||
|
||||
readonly time_zone="$(cat /etc/timezone)"
|
||||
readonly python_version="$(python3 -V | cut -d' ' -f2 | cut -d. -f1-2)"
|
||||
systemd_seafile_bind_mount="$data_dir/seafile-data:/opt/seafile/seafile-data "
|
||||
systemd_seafile_bind_mount+="$data_dir/seahub-data:/opt/seafile/seahub-data "
|
||||
systemd_seafile_bind_mount+="/var/log/$app:/opt/seafile/logs "
|
||||
systemd_seafile_bind_mount+="$install_dir/conf:/opt/seafile/conf "
|
||||
systemd_seafile_bind_mount+="/proc "
|
||||
systemd_seafile_bind_mount+="/dev"
|
||||
|
||||
# Create special path with / at the end
|
||||
if [[ "$path" == '/' ]]
|
||||
|
@ -23,54 +29,40 @@ fi
|
|||
# DEFINE ALL COMMON FONCTIONS
|
||||
#=================================================
|
||||
|
||||
install_pkg_conf() {
|
||||
# Install manually pkgconf
|
||||
# WARNING don't move this to dependencies
|
||||
# We install this manually because we have an issue between pkgconf and pkg-config.
|
||||
# If pkg-config is already installed on the system we can't declare pkgconf as dependency as pkg-config need to be removed to install pkgconf (note that pkgconf replace pkg-config and both can't be installed)
|
||||
ynh_apt install pkgconf
|
||||
}
|
||||
|
||||
install_dependance() {
|
||||
# Clean venv is it was on python3 with old version in case major upgrade of debian
|
||||
if [ ! -e "$install_dir"/venv/bin/python3 ] || [ ! -e "$install_dir/venv/lib/python$python_version" ]; then
|
||||
ynh_secure_remove --file="$install_dir"/venv/bin
|
||||
ynh_secure_remove --file="$install_dir"/venv/lib
|
||||
ynh_secure_remove --file="$install_dir"/venv/lib64
|
||||
ynh_secure_remove --file="$install_dir"/venv/include
|
||||
ynh_secure_remove --file="$install_dir"/venv/share
|
||||
ynh_secure_remove --file="$install_dir"/venv/pyvenv.cfg
|
||||
fi
|
||||
|
||||
# Create venv if it don't exist
|
||||
test -e "$install_dir"/venv/bin/python3 || python3 -m venv "$install_dir"/venv
|
||||
|
||||
py_dependancy="django==4.2.* future==0.18.* mysqlclient==2.1.* pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 psd-tools django-pylibmc django_simple_captcha==0.6.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 lxml python-ldap==3.4.3"
|
||||
"$install_dir"/venv/bin/pip3 install --upgrade --timeout=3600 $py_dependancy
|
||||
|
||||
# Create symbolic link to venv package on seahub
|
||||
ls "$install_dir/venv/lib/python$python_version/site-packages" | while read -r f; do
|
||||
if [ ! -e "$install_dir/seafile-server-$seafile_version/seahub/thirdpart/$f" ]; then
|
||||
ln -s "../../../venv/lib/python$python_version/site-packages/$f" "$install_dir/seafile-server-$seafile_version/seahub/thirdpart/$f"
|
||||
fi
|
||||
done
|
||||
run_seafile_cmd() {
|
||||
ynh_exec_warn_less systemd-run --wait --uid="$app" --gid="$app" \
|
||||
--property=RootDirectory="$install_dir"/seafile_image \
|
||||
--property="BindPaths=$systemd_seafile_bind_mount" \
|
||||
$@
|
||||
}
|
||||
|
||||
install_source() {
|
||||
ynh_setup_source --dest_dir="$install_dir"/docker_image --full_replace
|
||||
ynh_secure_remove --file="$install_dir/seafile-server-$seafile_version"
|
||||
mv "$install_dir/docker_image/opt/seafile/seafile-server-$seafile_version" "$install_dir/seafile-server-$seafile_version"
|
||||
ynh_secure_remove --file="$install_dir"/docker_image
|
||||
ynh_setup_source --dest_dir="$install_dir"/seafile_image --full_replace
|
||||
mkdir -p "$install_dir"/seafile_image/opt/seafile/{seafile-data,seahub-data,conf,logs}
|
||||
grep "^$app:x" /etc/passwd | sed "s|$install_dir|/opt/seafile|" >> "$install_dir"/seafile_image/etc/passwd
|
||||
grep "^$app:x" /etc/group >> "$install_dir"/seafile_image/etc/group
|
||||
grep "^$app:x" /etc/group- >> "$install_dir"/seafile_image/etc/group-
|
||||
grep "^$app:" /etc/shadow >> "$install_dir"/seafile_image/etc/shadow
|
||||
}
|
||||
|
||||
set_permission() {
|
||||
chown -R "$app:$app" "$install_dir"
|
||||
chmod -R u+rwX,g-wx,o= "$install_dir"
|
||||
setfacl -m user:www-data:rX "$install_dir"
|
||||
setfacl -m user:www-data:rX "$install_dir/seafile-server-$seafile_version"
|
||||
chown -R "$app:$app" "$install_dir"/conf
|
||||
chmod -R u+rwX,g-w,o= "$install_dir"/conf
|
||||
chown -R "$app:$app" "$install_dir"/seafile_image/opt/seafile
|
||||
chmod -R u+rwX,g-w,o= "$install_dir"/seafile_image/opt/seafile
|
||||
|
||||
# Allow to www-data to each dir between /opt/yunohost/seafile and /opt/yunohost/seafile/seafile_image/opt/seafile/seahub/media
|
||||
local dir_path=''
|
||||
while read -r -d/ dir_name; do
|
||||
dir_path+="$dir_name/"
|
||||
if [[ "$dir_path" == "$install_dir"* ]] && [ -e "$dir_path" ]; then
|
||||
setfacl -m user:www-data:rX "$dir_path"
|
||||
fi
|
||||
done <<< "$seafile_code/seahub/media"
|
||||
test -e "$install_dir/seafile_image/opt/seafile/seahub-data" && setfacl -m user:www-data:rX "$install_dir/seafile_image/opt/seafile/seahub-data"
|
||||
test -e "$seafile_code/seahub/media" && setfacl -R -m user:www-data:rX "$seafile_code/seahub/media"
|
||||
|
||||
# At install time theses directory are not available
|
||||
test -e "$install_dir/seafile-server-$seafile_version/seahub" && setfacl -m user:www-data:rX "$install_dir/seafile-server-$seafile_version/seahub"
|
||||
test -e "$install_dir/seafile-server-$seafile_version/seahub/media" && setfacl -R -m user:www-data:rX "$install_dir/seafile-server-$seafile_version/seahub/media"
|
||||
test -e "$install_dir"/seahub-data && setfacl -m user:www-data:rX "$data_dir"
|
||||
test -e "$install_dir"/seahub-data && setfacl -R -m user:www-data:rX "$data_dir"/seahub-data
|
||||
|
||||
|
|
|
@ -12,6 +12,7 @@ source ../settings/scripts/_common.sh
|
|||
source /usr/share/yunohost/helpers
|
||||
|
||||
seafile_version=$(ynh_app_upstream_version)
|
||||
seafile_code="$install_dir/seafile_image/opt/seafile/seafile-server-$seafile_version"
|
||||
|
||||
if systemctl is-active seafile --quiet || systemctl is-active seahub --quiet; then
|
||||
ynh_print_warn --message="It's hightly recommended to make your backup when the service is stopped. Please stop seafile service and seahub service with this command before to run the backup 'systemctl stop seafile.service seahub.service'"
|
||||
|
|
|
@ -12,6 +12,7 @@ source ./_common.sh
|
|||
source /usr/share/yunohost/helpers
|
||||
|
||||
seafile_version="$(ynh_app_upstream_version)"
|
||||
seafile_code="$install_dir/seafile_image/opt/seafile/seafile-server-$seafile_version"
|
||||
|
||||
#=================================================
|
||||
# STANDARD MODIFICATIONS
|
||||
|
|
|
@ -13,8 +13,7 @@ source /usr/share/yunohost/helpers
|
|||
source ./ynh_setup_source
|
||||
|
||||
seafile_version=$(ynh_app_upstream_version)
|
||||
|
||||
install_pkg_conf
|
||||
seafile_code="$install_dir/seafile_image/opt/seafile/seafile-server-$seafile_version"
|
||||
|
||||
ensure_vars_set
|
||||
|
||||
|
@ -33,14 +32,12 @@ fi
|
|||
|
||||
mkdir -p /var/log/"$app"
|
||||
mkdir -p "$data_dir"/{seafile-data,seahub-data}
|
||||
mkdir -p "$install_dir"/conf
|
||||
|
||||
# Download new version from sources
|
||||
ynh_script_progression --message="Installing sources files..." --weight=7
|
||||
install_source
|
||||
|
||||
ynh_script_progression --message="Installing python dependancies..."
|
||||
install_dependance
|
||||
|
||||
# init databases
|
||||
ynh_script_progression --message="Configuring MySQL database..."
|
||||
db_user=seafile
|
||||
|
@ -53,8 +50,8 @@ ynh_script_progression --message="Configuring application..." --weight=3
|
|||
set_permission
|
||||
ynh_replace_special_string --match_string='seafile_config.seafile_dir = seafile_config.validate_seafile_dir(seafile_dir)' \
|
||||
--replace_string 'seafile_config.seafile_dir = seafile_dir' \
|
||||
--target_file "$install_dir/seafile-server-$seafile_version/setup-seafile-mysql.py"
|
||||
sudo -u "$app" bash "$install_dir/seafile-server-$seafile_version/setup-seafile-mysql.sh" auto \
|
||||
--target_file "$seafile_code/setup-seafile-mysql.py"
|
||||
run_seafile_cmd bash "/opt/seafile/seafile-server-$seafile_version/setup-seafile-mysql.sh" auto \
|
||||
--server-name "$server_name" \
|
||||
--server-ip "$domain" \
|
||||
--fileserver-port "$port_fileserver" \
|
||||
|
@ -104,7 +101,7 @@ ln -s "$data_dir"/seahub-data "$install_dir"/seahub-data
|
|||
ln -s /var/log/"$app" "$install_dir"/logs
|
||||
|
||||
# Fix local warning
|
||||
ynh_replace_string --match_string=en_US.UTF-8 --replace_string="${LANG:-'en_US.UTF-8'}" --target_file="$install_dir/seafile-server-$seafile_version/seahub.sh"
|
||||
ynh_replace_string --match_string=en_US.UTF-8 --replace_string="${LANG:-'en_US.UTF-8'}" --target_file="$seafile_code/seahub.sh"
|
||||
|
||||
# Add Seafile Server to startup
|
||||
ynh_script_progression --message="Configuring a systemd service..."
|
||||
|
|
|
@ -12,6 +12,7 @@ source ./_common.sh
|
|||
source /usr/share/yunohost/helpers
|
||||
|
||||
seafile_version="$(ynh_app_upstream_version)"
|
||||
seafile_code="$install_dir/seafile_image/opt/seafile/seafile-server-$seafile_version"
|
||||
|
||||
#=================================================
|
||||
# STANDARD REMOVE
|
||||
|
|
|
@ -12,6 +12,7 @@ source ../settings/scripts/_common.sh
|
|||
source /usr/share/yunohost/helpers
|
||||
|
||||
seafile_version="$(ynh_app_upstream_version)"
|
||||
seafile_code="$install_dir/seafile_image/opt/seafile/seafile-server-$seafile_version"
|
||||
|
||||
ynh_script_progression --message="Loading settings..."
|
||||
|
||||
|
|
|
@ -15,14 +15,14 @@ source ./ynh_setup_source
|
|||
seafile_version="$(ynh_app_upstream_version)"
|
||||
installed_version="${YNH_APP_CURRENT_VERSION/~ynh*/}"
|
||||
|
||||
seafile_code="$install_dir/seafile_image/opt/seafile/seafile-server-$seafile_version"
|
||||
|
||||
ensure_vars_set
|
||||
|
||||
if [ "$YNH_APP_CURRENT_VERSION" == '-' ] || ynh_compare_current_package_version --comparison=le --version='7.0~ynh1'; then
|
||||
ynh_die "Upgrade from this version not supported"
|
||||
fi
|
||||
|
||||
install_pkg_conf
|
||||
|
||||
ynh_script_progression --message="Stoping services..."
|
||||
|
||||
ynh_systemd_action --service_name=seafile --action=stop
|
||||
|
@ -105,9 +105,6 @@ if [ "$YNH_APP_UPGRADE_TYPE" == UPGRADE_APP ]; then
|
|||
install_source
|
||||
fi
|
||||
|
||||
ynh_script_progression --message="Installing python dependancies..."
|
||||
install_dependance
|
||||
|
||||
ynh_script_progression --message="Configuring application..."
|
||||
|
||||
# permission to execute update script and expect helper
|
||||
|
@ -128,13 +125,13 @@ case "$installed_version" in
|
|||
;&
|
||||
"7.0"* )
|
||||
# Fix file comment
|
||||
pushd "$install_dir/seafile-server-$seafile_version"
|
||||
sudo -u "$app" "$install_dir/seafile-server-$seafile_version/seahub.sh" python-env python3 seahub/manage.py migrate_file_comment
|
||||
pushd "$seafile_code"
|
||||
run_seafile_cmd "/opt/seafile/seafile-server-$seafile_version/seahub.sh" python-env python3 seahub/manage.py migrate_file_comment
|
||||
popd
|
||||
|
||||
# Update seafile by script
|
||||
ynh_replace_string --match_string='read dummy' --replace_string='# patched' --target_file="$install_dir/seafile-server-$seafile_version/upgrade/upgrade_7.0_7.1.sh"
|
||||
sudo -u "$app" bash "$install_dir/seafile-server-$seafile_version/upgrade/upgrade_7.0_7.1.sh"
|
||||
ynh_replace_string --match_string='read dummy' --replace_string='# patched' --target_file="$seafile_code/upgrade/upgrade_7.0_7.1.sh"
|
||||
run_seafile_cmd "/opt/seafile/seafile-server-$seafile_version/upgrade/upgrade_7.0_7.1.sh"
|
||||
|
||||
# Fix seafile data link. Look like that the upgrade script of seafile don't always work correctly
|
||||
if [ -e "$install_dir"/seafile-data ]; then
|
||||
|
@ -144,26 +141,26 @@ case "$installed_version" in
|
|||
ln -s "$data_dir" "$install_dir"/seafile-data
|
||||
;&
|
||||
"7.1."* )
|
||||
ynh_replace_string --match_string='read dummy' --replace_string='# patched' --target_file="$install_dir/seafile-server-$seafile_version/upgrade/upgrade_8.0_9.0.sh"
|
||||
sudo -u "$app" bash "$install_dir/seafile-server-$seafile_version/upgrade/upgrade_8.0_9.0.sh"
|
||||
ynh_replace_string --match_string='read dummy' --replace_string='# patched' --target_file="$seafile_code/upgrade/upgrade_8.0_9.0.sh"
|
||||
run_seafile_cmd "/opt/seafile/seafile-server-$seafile_version/upgrade/upgrade_8.0_9.0.sh"
|
||||
;&
|
||||
"8.0."* )
|
||||
ynh_replace_string --match_string='read dummy' --replace_string='# patched' --target_file="$install_dir/seafile-server-$seafile_version/upgrade/upgrade_7.1_8.0.sh"
|
||||
sudo -u "$app" bash "$install_dir/seafile-server-$seafile_version/upgrade/upgrade_7.1_8.0.sh"
|
||||
ynh_replace_string --match_string='read dummy' --replace_string='# patched' --target_file="$seafile_code/upgrade/upgrade_7.1_8.0.sh"
|
||||
run_seafile_cmd "/opt/seafile/seafile-server-$seafile_version/upgrade/upgrade_7.1_8.0.sh"
|
||||
;&
|
||||
"9."* )
|
||||
ynh_replace_string --match_string='read dummy' --replace_string='# patched' --target_file="$install_dir/seafile-server-$seafile_version/upgrade/upgrade_8.0_9.0.sh"
|
||||
sudo -u "$app" bash "$install_dir/seafile-server-$seafile_version/upgrade/upgrade_8.0_9.0.sh"
|
||||
ynh_replace_string --match_string='read dummy' --replace_string='# patched' --target_file="$seafile_code/upgrade/upgrade_8.0_9.0.sh"
|
||||
run_seafile_cmd "/opt/seafile/seafile-server-$seafile_version/upgrade/upgrade_8.0_9.0.sh"
|
||||
;&
|
||||
"10."* )
|
||||
ynh_replace_string --match_string='read dummy' --replace_string='# patched' --target_file="$install_dir/seafile-server-$seafile_version/upgrade/upgrade_9.0_10.0.sh"
|
||||
sudo -u "$app" bash "$install_dir/seafile-server-$seafile_version/upgrade/upgrade_9.0_10.0.sh"
|
||||
sudo -u "$app" "$install_dir"/venv/bin/python "$install_dir/seafile-server-$seafile_version/migrate_ldapusers.py"
|
||||
ynh_replace_string --match_string='read dummy' --replace_string='# patched' --target_file="$seafile_code/upgrade/upgrade_9.0_10.0.sh"
|
||||
run_seafile_cmd "/opt/seafile/seafile-server-$seafile_version/upgrade/upgrade_9.0_10.0.sh"
|
||||
sudo -u "$app" "$install_dir"/venv/bin/python "$seafile_code/migrate_ldapusers.py"
|
||||
;&
|
||||
esac
|
||||
|
||||
ynh_replace_string --match_string='read dummy' --replace_string='# patched' --target_file="$install_dir/seafile-server-$seafile_version/upgrade/minor-upgrade.sh"
|
||||
sudo -u "$app" bash "$install_dir/seafile-server-$seafile_version/upgrade/minor-upgrade.sh"
|
||||
ynh_replace_string --match_string='read dummy' --replace_string='# patched' --target_file="$seafile_code/upgrade/minor-upgrade.sh"
|
||||
run_seafile_cmd "/opt/seafile/seafile-server-$seafile_version/upgrade/minor-upgrade.sh"
|
||||
|
||||
# Clean url in config in DB
|
||||
clean_url_in_db_config
|
||||
|
@ -177,7 +174,7 @@ ynh_add_config --template=seafdav.conf --destination="$install_dir"/conf/seafdav
|
|||
ynh_add_config --template=seafevents.conf --destination="$install_dir"/conf/seafevents.conf
|
||||
|
||||
# Fix local warning
|
||||
ynh_replace_string --match_string=en_US.UTF-8 --replace_string="${LANG:-'en_US.UTF-8'}" --target_file="$install_dir/seafile-server-$seafile_version/seahub.sh"
|
||||
ynh_replace_string --match_string=en_US.UTF-8 --replace_string="${LANG:-'en_US.UTF-8'}" --target_file="$seafile_code/seahub.sh"
|
||||
|
||||
#=================================================
|
||||
# STANDARD UPGRADE STEPS
|
||||
|
|
Loading…
Add table
Reference in a new issue