First draft to use docker image with systemd

2024-09-03 20:26:01 +02:00 · 2024-05-30 23:22:07 +02:00 · 2024-05-30 23:22:07 +02:00 · b00bffc734
commit b00bffc734
parent b80a0fc628
12 changed files with 83 additions and 86 deletions
--- a/conf/gunicorn.conf.py
+++ b/conf/gunicorn.conf.py
@ -7,7 +7,7 @@ workers = 5
 bind = "127.0.0.1:__PORT_SEAHUB__"

 # Pid
-pids_dir = '__INSTALL_DIR__/pids'
+pids_dir = '/opt/seafile/pids'
 pidfile = os.path.join(pids_dir, 'seahub.pid')

 # for file upload, we need a longer timeout value (default is only 30s, too short)
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@ -16,7 +16,11 @@ location __PATH__ {
 }

 location __PATH__/media/ {
-        alias  __INSTALL_DIR__/seafile-server-latest/seahub/media/;
+        alias  __SEAFILE_CODE__/seahub/media/;
+}
+
+location __PATH__/media/avatars/ {
+        alias  __DATA_DIR__/seahub-data/avatars/;
 }

 location /seafhttp/ {
--- a/conf/seafile.service
+++ b/conf/seafile.service
@ -5,11 +5,15 @@ After=mysql.service

 [Service]
 Type=forking
-ExecStart=/opt/yunohost/__APP__/seafile-server-latest/seafile.sh start
-ExecStop=/opt/yunohost/__APP__/seafile-server-latest/seafile.sh stop
+ExecStart=/opt/seafile/seafile-server-__SEAFILE_VERSION__/seafile.sh start
+ExecStop=/opt/seafile/seafile-server-__SEAFILE_VERSION__/seafile.sh stop
 User=__APP__
 Group=__APP__

+# Config releated to run in docker provied file system
+RootDirectory=__INSTALL_DIR__/seafile_image
+BindPaths=__SYSTEMD_SEAFILE_BIND_MOUNT__
+
 # Sandboxing options to harden security
 # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
 NoNewPrivileges=yes
--- a/conf/seahub.service
+++ b/conf/seahub.service
@ -4,11 +4,15 @@ After=network.target seafile.service

 [Service]
 Type=forking
-ExecStart=/opt/yunohost/__APP__/seafile-server-latest/seahub.sh start
-ExecStop=/opt/yunohost/__APP__/seafile-server-latest/seahub.sh stop
+ExecStart=/opt/seafile/seafile-server-__SEAFILE_VERSION__/seahub.sh start
+ExecStop=/opt/seafile/seafile-server-__SEAFILE_VERSION__/seahub.sh stop
 User=__APP__
 Group=__APP__

+# Config releated to run in docker provied file system
+RootDirectory=__INSTALL_DIR__/seafile_image
+BindPaths=__SYSTEMD_SEAFILE_BIND_MOUNT__
+
 # Sandboxing options to harden security
 # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
 NoNewPrivileges=yes
--- a/manifest.toml
+++ b/manifest.toml
@ -23,8 +23,8 @@ architectures = ["amd64", "arm64"]
 multi_instance = false
 ldap = true
 sso = true
-disk = "1G"
-ram.build = "500M"
+disk = "1.5G"
+ram.build = "0M"
 ram.runtime = "500M"

 [install]
@ -66,8 +66,8 @@ ram.runtime = "500M"

    [resources.install_dir]
    dir = "/opt/yunohost/__APP__"
-    owner = "__APP__:rwX"
-    group = "__APP__:rX"
+    owner = "__APP__:rwx"
+    group = "www-data:rx"

    [resources.data_dir]
    dir = "/home/yunohost.app/__APP__"
@ -128,12 +128,7 @@ ram.runtime = "500M"
    arm64.sha256 = "035923b7982c2ccd5d8a9813948a670b70e3fefdb91ec76d33ba1280c9c14d40"

    [resources.apt]
-    packages = ["python3", "python3-venv", "python3-setuptools", "python3-pip", "python3-dev",
-                "python3-requests", "python3-scipy", "python3-matplotlib",
-                "mariadb-server", "libmariadb-dev-compat", "libmariadb-dev",
-                "ldap-utils", "libldap2-dev", "libsasl2-dev",
-                "memcached", "libmemcached-dev",
-                "ffmpeg"]
+    packages = ["mariadb-server", "memcached"]

    [resources.database]
    type = "mysql"
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@ -4,6 +4,12 @@

 readonly time_zone="$(cat /etc/timezone)"
 readonly python_version="$(python3 -V | cut -d' ' -f2 | cut -d. -f1-2)"
+systemd_seafile_bind_mount="$data_dir/seafile-data:/opt/seafile/seafile-data "
+systemd_seafile_bind_mount+="$data_dir/seahub-data:/opt/seafile/seahub-data "
+systemd_seafile_bind_mount+="/var/log/$app:/opt/seafile/logs "
+systemd_seafile_bind_mount+="$install_dir/conf:/opt/seafile/conf "
+systemd_seafile_bind_mount+="/proc "
+systemd_seafile_bind_mount+="/dev"

 # Create special path with / at the end
 if [[ "$path" == '/' ]]
@ -23,54 +29,40 @@ fi
 # DEFINE ALL COMMON FONCTIONS
 #=================================================

-install_pkg_conf() {
-    # Install manually pkgconf
-    # WARNING don't move this to dependencies
-    # We install this manually because we have an issue between pkgconf and pkg-config.
-    # If pkg-config is already installed on the system we can't declare pkgconf as dependency as pkg-config need to be removed to install pkgconf (note that pkgconf replace pkg-config and both can't be installed)
-    ynh_apt install pkgconf
-}
-
-install_dependance() {
-    # Clean venv is it was on python3 with old version in case major upgrade of debian
-    if [ ! -e "$install_dir"/venv/bin/python3 ] || [ ! -e "$install_dir/venv/lib/python$python_version" ]; then
-        ynh_secure_remove --file="$install_dir"/venv/bin
-        ynh_secure_remove --file="$install_dir"/venv/lib
-        ynh_secure_remove --file="$install_dir"/venv/lib64
-        ynh_secure_remove --file="$install_dir"/venv/include
-        ynh_secure_remove --file="$install_dir"/venv/share
-        ynh_secure_remove --file="$install_dir"/venv/pyvenv.cfg
-    fi
-
-    # Create venv if it don't exist
-    test -e "$install_dir"/venv/bin/python3 || python3 -m venv "$install_dir"/venv
-
-    py_dependancy="django==4.2.* future==0.18.* mysqlclient==2.1.* pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 psd-tools django-pylibmc django_simple_captcha==0.6.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 lxml python-ldap==3.4.3"
-    "$install_dir"/venv/bin/pip3 install --upgrade --timeout=3600 $py_dependancy
-
-    # Create symbolic link to venv package on seahub
-    ls "$install_dir/venv/lib/python$python_version/site-packages" | while read -r f; do
-        if [ ! -e "$install_dir/seafile-server-$seafile_version/seahub/thirdpart/$f" ]; then
-            ln -s "../../../venv/lib/python$python_version/site-packages/$f" "$install_dir/seafile-server-$seafile_version/seahub/thirdpart/$f"
-        fi
-    done
+run_seafile_cmd() {
+    ynh_exec_warn_less systemd-run --wait --uid="$app" --gid="$app" \
+        --property=RootDirectory="$install_dir"/seafile_image \
+        --property="BindPaths=$systemd_seafile_bind_mount" \
+        $@
 }

 install_source() {
-    ynh_setup_source --dest_dir="$install_dir"/docker_image --full_replace
-    ynh_secure_remove --file="$install_dir/seafile-server-$seafile_version"
-    mv "$install_dir/docker_image/opt/seafile/seafile-server-$seafile_version" "$install_dir/seafile-server-$seafile_version"
-    ynh_secure_remove --file="$install_dir"/docker_image
+    ynh_setup_source --dest_dir="$install_dir"/seafile_image --full_replace
+    mkdir -p "$install_dir"/seafile_image/opt/seafile/{seafile-data,seahub-data,conf,logs}
+    grep "^$app:x"  /etc/passwd | sed "s|$install_dir|/opt/seafile|" >> "$install_dir"/seafile_image/etc/passwd
+    grep "^$app:x"  /etc/group >> "$install_dir"/seafile_image/etc/group
+    grep "^$app:x"  /etc/group- >> "$install_dir"/seafile_image/etc/group-
+    grep "^$app:"  /etc/shadow >> "$install_dir"/seafile_image/etc/shadow
 }

 set_permission() {
-    chown -R "$app:$app" "$install_dir"
-    chmod -R u+rwX,g-wx,o= "$install_dir"
-    setfacl -m user:www-data:rX "$install_dir"
-    setfacl -m user:www-data:rX "$install_dir/seafile-server-$seafile_version"
+    chown -R "$app:$app" "$install_dir"/conf
+    chmod -R u+rwX,g-w,o= "$install_dir"/conf
+    chown -R "$app:$app" "$install_dir"/seafile_image/opt/seafile
+    chmod -R u+rwX,g-w,o= "$install_dir"/seafile_image/opt/seafile
+
+    # Allow to www-data to each dir between /opt/yunohost/seafile and /opt/yunohost/seafile/seafile_image/opt/seafile/seahub/media
+    local dir_path=''
+    while read -r -d/ dir_name; do
+        dir_path+="$dir_name/"
+        if [[ "$dir_path" == "$install_dir"* ]] && [ -e "$dir_path" ]; then
+            setfacl -m user:www-data:rX "$dir_path"
+        fi
+    done <<< "$seafile_code/seahub/media"
+    test -e "$install_dir/seafile_image/opt/seafile/seahub-data" && setfacl -m user:www-data:rX "$install_dir/seafile_image/opt/seafile/seahub-data"
+    test -e "$seafile_code/seahub/media" && setfacl -R -m user:www-data:rX "$seafile_code/seahub/media"
+
    # At install time theses directory are not available
-    test -e "$install_dir/seafile-server-$seafile_version/seahub" && setfacl -m user:www-data:rX "$install_dir/seafile-server-$seafile_version/seahub"
-    test -e "$install_dir/seafile-server-$seafile_version/seahub/media" && setfacl -R -m user:www-data:rX "$install_dir/seafile-server-$seafile_version/seahub/media"
    test -e "$install_dir"/seahub-data && setfacl -m user:www-data:rX "$data_dir"
    test -e "$install_dir"/seahub-data && setfacl -R -m user:www-data:rX "$data_dir"/seahub-data

--- a/scripts/backup
+++ b/scripts/backup
@ -12,6 +12,7 @@ source ../settings/scripts/_common.sh
 source /usr/share/yunohost/helpers

 seafile_version=$(ynh_app_upstream_version)
+seafile_code="$install_dir/seafile_image/opt/seafile/seafile-server-$seafile_version"

 if systemctl is-active seafile --quiet || systemctl is-active seahub --quiet; then
    ynh_print_warn --message="It's hightly recommended to make your backup when the service is stopped. Please stop seafile service and seahub service with this command before to run the backup 'systemctl stop seafile.service seahub.service'"
--- a/scripts/change_url
+++ b/scripts/change_url
@ -12,6 +12,7 @@ source ./_common.sh
 source /usr/share/yunohost/helpers

 seafile_version="$(ynh_app_upstream_version)"
+seafile_code="$install_dir/seafile_image/opt/seafile/seafile-server-$seafile_version"

 #=================================================
 # STANDARD MODIFICATIONS
--- a/scripts/install
+++ b/scripts/install
@ -13,8 +13,7 @@ source /usr/share/yunohost/helpers
 source ./ynh_setup_source

 seafile_version=$(ynh_app_upstream_version)
-
-install_pkg_conf
+seafile_code="$install_dir/seafile_image/opt/seafile/seafile-server-$seafile_version"

 ensure_vars_set

@ -33,14 +32,12 @@ fi

 mkdir -p /var/log/"$app"
 mkdir -p "$data_dir"/{seafile-data,seahub-data}
+mkdir -p "$install_dir"/conf

 # Download new version from sources
 ynh_script_progression --message="Installing sources files..." --weight=7
 install_source

-ynh_script_progression --message="Installing python dependancies..."
-install_dependance
-
 # init databases
 ynh_script_progression --message="Configuring MySQL database..."
 db_user=seafile
@ -53,8 +50,8 @@ ynh_script_progression --message="Configuring application..." --weight=3
 set_permission
 ynh_replace_special_string --match_string='seafile_config.seafile_dir = seafile_config.validate_seafile_dir(seafile_dir)' \
                           --replace_string 'seafile_config.seafile_dir = seafile_dir' \
-                           --target_file "$install_dir/seafile-server-$seafile_version/setup-seafile-mysql.py"
-sudo -u "$app" bash "$install_dir/seafile-server-$seafile_version/setup-seafile-mysql.sh" auto \
+                           --target_file "$seafile_code/setup-seafile-mysql.py"
+run_seafile_cmd bash "/opt/seafile/seafile-server-$seafile_version/setup-seafile-mysql.sh" auto \
    --server-name "$server_name" \
    --server-ip "$domain" \
    --fileserver-port "$port_fileserver" \
@ -104,7 +101,7 @@ ln -s "$data_dir"/seahub-data "$install_dir"/seahub-data
 ln -s /var/log/"$app" "$install_dir"/logs

 # Fix local warning
-ynh_replace_string --match_string=en_US.UTF-8 --replace_string="${LANG:-'en_US.UTF-8'}" --target_file="$install_dir/seafile-server-$seafile_version/seahub.sh"
+ynh_replace_string --match_string=en_US.UTF-8 --replace_string="${LANG:-'en_US.UTF-8'}" --target_file="$seafile_code/seahub.sh"

 # Add Seafile Server to startup
 ynh_script_progression --message="Configuring a systemd service..."
--- a/scripts/remove
+++ b/scripts/remove
@ -12,6 +12,7 @@ source ./_common.sh
 source /usr/share/yunohost/helpers

 seafile_version="$(ynh_app_upstream_version)"
+seafile_code="$install_dir/seafile_image/opt/seafile/seafile-server-$seafile_version"

 #=================================================
 # STANDARD REMOVE
--- a/scripts/restore
+++ b/scripts/restore
@ -12,6 +12,7 @@ source ../settings/scripts/_common.sh
 source /usr/share/yunohost/helpers

 seafile_version="$(ynh_app_upstream_version)"
+seafile_code="$install_dir/seafile_image/opt/seafile/seafile-server-$seafile_version"

 ynh_script_progression --message="Loading settings..."

--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -15,14 +15,14 @@ source ./ynh_setup_source
 seafile_version="$(ynh_app_upstream_version)"
 installed_version="${YNH_APP_CURRENT_VERSION/~ynh*/}"

+seafile_code="$install_dir/seafile_image/opt/seafile/seafile-server-$seafile_version"
+
 ensure_vars_set

 if [ "$YNH_APP_CURRENT_VERSION" == '-' ] || ynh_compare_current_package_version --comparison=le --version='7.0~ynh1'; then
    ynh_die "Upgrade from this version not supported"
 fi

-install_pkg_conf
-
 ynh_script_progression --message="Stoping services..."

 ynh_systemd_action --service_name=seafile --action=stop
@ -105,9 +105,6 @@ if [ "$YNH_APP_UPGRADE_TYPE" == UPGRADE_APP ]; then
    install_source
 fi

-ynh_script_progression --message="Installing python dependancies..."
-install_dependance
-
 ynh_script_progression --message="Configuring application..."

 # permission to execute update script and expect helper
@ -128,13 +125,13 @@ case "$installed_version" in
 ;&
 "7.0"* )
    # Fix file comment
-    pushd "$install_dir/seafile-server-$seafile_version"
-    sudo -u "$app" "$install_dir/seafile-server-$seafile_version/seahub.sh" python-env python3 seahub/manage.py migrate_file_comment
+    pushd "$seafile_code"
+    run_seafile_cmd "/opt/seafile/seafile-server-$seafile_version/seahub.sh" python-env python3 seahub/manage.py migrate_file_comment
    popd

    # Update seafile by script
-    ynh_replace_string --match_string='read dummy' --replace_string='# patched' --target_file="$install_dir/seafile-server-$seafile_version/upgrade/upgrade_7.0_7.1.sh"
-    sudo -u "$app" bash "$install_dir/seafile-server-$seafile_version/upgrade/upgrade_7.0_7.1.sh"
+    ynh_replace_string --match_string='read dummy' --replace_string='# patched' --target_file="$seafile_code/upgrade/upgrade_7.0_7.1.sh"
+    run_seafile_cmd "/opt/seafile/seafile-server-$seafile_version/upgrade/upgrade_7.0_7.1.sh"

    # Fix seafile data link. Look like that the upgrade script of seafile don't always work correctly
    if [ -e "$install_dir"/seafile-data ]; then
@ -144,26 +141,26 @@ case "$installed_version" in
    ln -s "$data_dir" "$install_dir"/seafile-data
 ;&
 "7.1."* )
-    ynh_replace_string --match_string='read dummy' --replace_string='# patched' --target_file="$install_dir/seafile-server-$seafile_version/upgrade/upgrade_8.0_9.0.sh"
-    sudo -u "$app" bash "$install_dir/seafile-server-$seafile_version/upgrade/upgrade_8.0_9.0.sh"
+    ynh_replace_string --match_string='read dummy' --replace_string='# patched' --target_file="$seafile_code/upgrade/upgrade_8.0_9.0.sh"
+    run_seafile_cmd "/opt/seafile/seafile-server-$seafile_version/upgrade/upgrade_8.0_9.0.sh"
 ;&
 "8.0."* )
-    ynh_replace_string --match_string='read dummy' --replace_string='# patched' --target_file="$install_dir/seafile-server-$seafile_version/upgrade/upgrade_7.1_8.0.sh"
-    sudo -u "$app" bash "$install_dir/seafile-server-$seafile_version/upgrade/upgrade_7.1_8.0.sh"
+    ynh_replace_string --match_string='read dummy' --replace_string='# patched' --target_file="$seafile_code/upgrade/upgrade_7.1_8.0.sh"
+    run_seafile_cmd "/opt/seafile/seafile-server-$seafile_version/upgrade/upgrade_7.1_8.0.sh"
 ;&
 "9."* )
-    ynh_replace_string --match_string='read dummy' --replace_string='# patched' --target_file="$install_dir/seafile-server-$seafile_version/upgrade/upgrade_8.0_9.0.sh"
-    sudo -u "$app" bash "$install_dir/seafile-server-$seafile_version/upgrade/upgrade_8.0_9.0.sh"
+    ynh_replace_string --match_string='read dummy' --replace_string='# patched' --target_file="$seafile_code/upgrade/upgrade_8.0_9.0.sh"
+    run_seafile_cmd "/opt/seafile/seafile-server-$seafile_version/upgrade/upgrade_8.0_9.0.sh"
 ;&
 "10."* )
-    ynh_replace_string --match_string='read dummy' --replace_string='# patched' --target_file="$install_dir/seafile-server-$seafile_version/upgrade/upgrade_9.0_10.0.sh"
-    sudo -u "$app" bash "$install_dir/seafile-server-$seafile_version/upgrade/upgrade_9.0_10.0.sh"
-    sudo -u "$app" "$install_dir"/venv/bin/python "$install_dir/seafile-server-$seafile_version/migrate_ldapusers.py"
+    ynh_replace_string --match_string='read dummy' --replace_string='# patched' --target_file="$seafile_code/upgrade/upgrade_9.0_10.0.sh"
+    run_seafile_cmd "/opt/seafile/seafile-server-$seafile_version/upgrade/upgrade_9.0_10.0.sh"
+    sudo -u "$app" "$install_dir"/venv/bin/python "$seafile_code/migrate_ldapusers.py"
 ;&
 esac

-ynh_replace_string --match_string='read dummy' --replace_string='# patched' --target_file="$install_dir/seafile-server-$seafile_version/upgrade/minor-upgrade.sh"
-sudo -u "$app" bash "$install_dir/seafile-server-$seafile_version/upgrade/minor-upgrade.sh"
+ynh_replace_string --match_string='read dummy' --replace_string='# patched' --target_file="$seafile_code/upgrade/minor-upgrade.sh"
+run_seafile_cmd "/opt/seafile/seafile-server-$seafile_version/upgrade/minor-upgrade.sh"

 # Clean url in config in DB
 clean_url_in_db_config
@ -177,7 +174,7 @@ ynh_add_config --template=seafdav.conf --destination="$install_dir"/conf/seafdav
 ynh_add_config --template=seafevents.conf --destination="$install_dir"/conf/seafevents.conf

 # Fix local warning
-ynh_replace_string --match_string=en_US.UTF-8 --replace_string="${LANG:-'en_US.UTF-8'}" --target_file="$install_dir/seafile-server-$seafile_version/seahub.sh"
+ynh_replace_string --match_string=en_US.UTF-8 --replace_string="${LANG:-'en_US.UTF-8'}" --target_file="$seafile_code/seahub.sh"

 #=================================================
 # STANDARD UPGRADE STEPS