diff --git a/roles/rpm_build_server/defaults/main.yml b/roles/rpm_build_server/defaults/main.yml index 8da020f..0a29f6b 100644 --- a/roles/rpm_build_server/defaults/main.yml +++ b/roles/rpm_build_server/defaults/main.yml @@ -7,8 +7,6 @@ rpm_packager: RPM Builder rpm_user: rpmbuilder # Unix group allowed to submit builds rpm_build_group: rpmbuilders -# Admin email where notifications will be sent -rpm_admin_email: "{{ system_admin_email | default('root@' ~ ansible_domain) }}" # name of the GPG key used to sign the packages rpm_gpg_name: RPM Signing Key rpm_gpg_email: rpms@{{ ansible_domain }} diff --git a/roles/rpm_build_server/files/watcher.pl b/roles/rpm_build_server/files/watcher.pl index 636c6e3..056a153 100644 --- a/roles/rpm_build_server/files/watcher.pl +++ b/roles/rpm_build_server/files/watcher.pl @@ -53,48 +53,7 @@ if ( -e $opt->{config} ) { die "Config file " . $opt->{config} . " doesn't exist\n"; } -# If ldap is configured, we'll use it to lookup email -# addresses of submitters to send them notifications -my $ldap; my $ldap_msg; -if (defined $conf->{ldap} and defined $conf->{ldap}->{servers}){ - log_verbose("Connecting to " . join(', ', @{$conf->{ldap}->{servers}})); - $ldap = new Net::LDAP($conf->{ldap}->{servers}, - timeout => 10, - ); - if (not defined $ldap){ - log_info("Couldn't connect to any LDAP servers (" . join(',', @{$conf->{ldap}->{servers}}) . ")"); - } else { - if (defined $conf->{ldap}->{start_tls} and $conf->{ldap}->{start_tls}){ - log_verbose("Upgrade LDAP connection using StartTLS"); - $ldap_msg = $ldap->start_tls( - verify => 'require' - ); - if ($ldap_msg->code){ - log_verbose("StartTLS failed : " . $ldap_msg->error); - log_verbose("LDAP support will be disabled"); - $ldap = undef; - } - } - if (defined $conf->{ldap}->{bind_dn} and defined $conf->{ldap}->{bind_pass}){ - log_verbose("Binding as $conf->{ldap}->{bind_dn}"); - $ldap_msg = $ldap->bind( - $conf->{ldap}->{bind_dn}, - password => $conf->{ldap}->{bind_pass} - ); - if ($ldap_msg->code){ - log_verbose("LDAP bind failed : " . $ldap_msg->error); - log_verbose("LDAP support will be disabled"); - $ldap = undef; - } - } else { - log_verbose("Using anonymous bind"); - $ldap_msg = $ldap->bind; - } - } -} else { - log_verbose("No LDAP servers configured"); -} my $inotify = new Linux::Inotify2 or die "Unable to create new inotify object: $!"; @@ -161,8 +120,9 @@ sub handle_submit { my $submiter = getpwuid(stat($srpm)->uid); my $email; log_info("File submited by $submiter"); + my $ldap = ldap_connect(); if (defined $ldap){ - $email = user2email($submiter); + $email = user2email($ldap, $submiter); if (not defined $email){ log_verbose("LDAP returned no result"); } @@ -172,6 +132,8 @@ sub handle_submit { } else { log_verbose("No email address for $submiter, no notification will be sent"); } + $ldap->done; + $ldap->disconnect; # Do not check the signature here # We could try to submit a signed src.rpm for which we do not have the key system-wide my $src_pkg = RPM2->open_package($srpm, RPM2->_rpmvsf_nosignatures); @@ -288,6 +250,11 @@ sub handle_submit { ); } } + if (defined $ldap){ + $ldap->done; + $ldap->disconnect; + } + return; } # Handle errors. Log it, and notify the admin @@ -298,13 +265,6 @@ sub handle_error { my $dest = shift; log_error( $err ); - if ( defined $conf->{notify}->{to} ) { - send_notification( - $conf->{notify}->{to}, - "Error while building $job_id", - "Building $job_id failed at step '$step'. The error was\n$err\n" - ); - } if ( defined $dest ) { send_notification( $dest, @@ -337,8 +297,10 @@ sub send_notification { # Lookup in LDAP if we can get the email address of a user sub user2email { + my $ldap = shift; my $user = shift; if (not defined $ldap or not defined $conf->{ldap}->{search_base} or not defined $conf->{ldap}->{search_filter}){ + log_verbose("LDAP not connected or not configured, skiping lookup"); return; } my $filter = $conf->{ldap}->{search_filter}; @@ -359,3 +321,48 @@ sub user2email { } return $results->entry(0)->get_value( $conf->{ldap}->{email_attr} ); } + +# Connect to LDAP +# which will be used to lookup the email address of the submiter +sub ldap_connect { + my $ldaph; + if (defined $conf->{ldap} and defined $conf->{ldap}->{servers}){ + log_verbose("Connecting to " . join(', ', @{$conf->{ldap}->{servers}})); + $ldaph = new Net::LDAP($conf->{ldap}->{servers}, + timeout => 10, + ); + if (not defined $ldaph){ + log_info("Couldn't connect to any LDAP servers (" . join(',', @{$conf->{ldap}->{servers}}) . ")"); + } else { + if (defined $conf->{ldap}->{start_tls} and $conf->{ldap}->{start_tls}){ + log_verbose("Upgrade LDAP connection using StartTLS"); + $ldap_msg = $ldaph->start_tls( + verify => 'require' + ); + if ($ldap_msg->code){ + log_verbose("StartTLS failed : " . $ldap_msg->error); + log_verbose("LDAP support will be disabled"); + $ldaph = undef; + } + } + if (defined $conf->{ldap}->{bind_dn} and defined $conf->{ldap}->{bind_pass}){ + log_verbose("Binding as $conf->{ldap}->{bind_dn}"); + $ldap_msg = $ldaph->bind( + $conf->{ldap}->{bind_dn}, + password => $conf->{ldap}->{bind_pass} + ); + if ($ldap_msg->code){ + log_verbose("LDAP bind failed : " . $ldap_msg->error); + log_verbose("LDAP support will be disabled"); + $ldaph = undef; + } + } else { + log_verbose("Using anonymous bind"); + $ldap_msg = $ldaph->bind; + } + } + } else { + log_verbose("No LDAP servers configured"); + } + return $ldaph; +} diff --git a/roles/rpm_build_server/templates/build-watcher.service.j2 b/roles/rpm_build_server/templates/build-watcher.service.j2 index c4a1439..cc0c739 100644 --- a/roles/rpm_build_server/templates/build-watcher.service.j2 +++ b/roles/rpm_build_server/templates/build-watcher.service.j2 @@ -10,6 +10,7 @@ WorkingDirectory={{ rpm_root_dir }}/ Restart=always ReadWritePaths=/run {{ rpm_root_dir }}/repo {{ rpm_root_dir }}/cache {{ rpm_root_dir }}/builds PrivateTmp=true +SyslogIdentifier=build-watcher [Install] WantedBy=multi-user.target diff --git a/roles/rpm_build_server/templates/config.yml.j2 b/roles/rpm_build_server/templates/config.yml.j2 index 0a87afb..2de8cfa 100644 --- a/roles/rpm_build_server/templates/config.yml.j2 +++ b/roles/rpm_build_server/templates/config.yml.j2 @@ -14,7 +14,6 @@ paths: notify: from: buildsys@{{ ansible_domain }} - to: {{ rpm_admin_email }} {% if rpm_mirrors is defined and rpm_mirrors | length > 0 %} mirror: diff --git a/roles/seafile/defaults/main.yml b/roles/seafile/defaults/main.yml index c4a926c..c1eaaa2 100644 --- a/roles/seafile/defaults/main.yml +++ b/roles/seafile/defaults/main.yml @@ -11,7 +11,7 @@ # MaxUsers = "9" # Mode = "subscription" # etc... -seafile_version: "{{ seafile_license is defined | ternary('8.0.15','9.0.2') }}" +seafile_version: "{{ seafile_license is defined | ternary('8.0.17','9.0.2') }}" # Archive URL and sha1 are only used for the community version seafile_archive_url: https://s3.eu-central-1.amazonaws.com/download.seadrive.org/seafile-server_{{ seafile_version }}_x86-64.tar.gz diff --git a/roles/seafile/files/seafile-pro-server_8.0.15_x86-64_CentOS.tar.gz b/roles/seafile/files/seafile-pro-server_8.0.15_x86-64_CentOS.tar.gz deleted file mode 100644 index 379917f..0000000 --- a/roles/seafile/files/seafile-pro-server_8.0.15_x86-64_CentOS.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:cd7a93e14735f3bcc576a3c8f85937078e7805e50a613dff1c0f62ace5068112 -size 124779753 diff --git a/roles/seafile/files/seafile-pro-server_8.0.17_x86-64_CentOS.tar.gz b/roles/seafile/files/seafile-pro-server_8.0.17_x86-64_CentOS.tar.gz new file mode 100644 index 0000000..351f917 --- /dev/null +++ b/roles/seafile/files/seafile-pro-server_8.0.17_x86-64_CentOS.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8e6f50e8470f0c0835b4c4c6507242929f496c6df68ab297bb184a1eed0ce0c4 +size 125213881