Update to 2023-10-13 15:00

roles/babashka/defaults/main.yml

@@ -1,8 +1,8 @@
 ---
 
 # Babashka version to deploy
-bb_version: 1.3.181
+bb_version: 1.3.185
 # URL of the archive
 bb_archive_url: https://github.com/babashka/babashka/releases/download/v{{ bb_version }}/babashka-{{ bb_version }}-linux-amd64-static.tar.gz
 # Expected sha256sum of the archive
-bb_archive_sha256: fb7fb2b6f525833f1cf5aae285ba95e97428fa079ddd7d65e1fdd1376e2373aa
+bb_archive_sha256: fcb19364c7c377d8d8ba5564146489b35499e869670202284dbb405953691203

roles/common/defaults/main.yml

@@ -121,4 +121,9 @@ system_ansible_ssh_keys_options:
 # If set, will restrict the ansible ssh keys to the configured IP.
 # An empty list means no restriction
 system_ansible_src_ip: []
+
+# List of global env variable
+# system_env:
+#   DOCKER_SCRIPTS_DIR: /data/docker/environments/qa/scripts
+system_env: {}
 ...

roles/common/tasks/system.yml

@@ -160,4 +160,8 @@
 - name: Enable rc-local-shutdown service
   service: name=rc-local-shutdown enabled=True
 
+- name: Deploy system env profile script
+  template: src=system_env.sh.j2 dest=/etc/profile.d/system_env.sh mode=755
+  tags: system,env
+
 ...

roles/common/templates/system_env.sh.j2

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+{% for env in system_env.keys() | list %}
+export {{ env }}={{ system_env[env] }}
+{% endfor %}

roles/consul_template/defaults/main.yml

@@ -1,11 +1,11 @@
 ---
 
 # Version of consul-template to install
-consul_tpl_version: 0.33.0
+consul_tpl_version: 0.34.0
 # URL of the archive
 consul_tpl_archive_url: https://releases.hashicorp.com/consul-template/{{ consul_tpl_version }}/consul-template_{{ consul_tpl_version }}_linux_amd64.zip
 # Expected sha256 of the archive
-consul_tpl_archive_sha256: eea287d363e52894d4698f40b0ac667d57443b20e3317792ec2aca0161fd6c81
+consul_tpl_archive_sha256: c7a5817547d6545f8c5ce2dfea62c821ddd324dd9a3414519ebaba2aeeff59a0
 
 # Root dir where consul-template will be installed
 consul_tpl_root_dir: /opt/consul_template

roles/etherpad/defaults/main.yml

@@ -8,11 +8,11 @@ etherpad_root_dir: /opt/etherpad_{{ etherpad_id }}
 # Unix account under which etherpad will run. The user will be created if it doesn't exist
 etherpad_user: etherpad_{{ etherpad_id }}
 # Version to deploy
-etherpad_version: 1.9.2
+etherpad_version: 1.9.3
 # URL from where the archive will be downloaded
 etherpad_archive_url: https://github.com/ether/etherpad-lite/archive/{{ etherpad_version }}.tar.gz
 # Expected sha256 of the archive, to check the download were OK
-etherpad_archive_sha256: 7d8168cdb6d6ca84ee48978e8c654f75703d6431203c756ba55c50aa54cc75a3
+etherpad_archive_sha256: e2907f35f4f7026860bed6b6e847ec964f1c3d51d2e2212247d7bf9db5b4f18d
 # Port on which the service will listen
 etherpad_port: 9003
 # List of IP/CIDR for which the port will be opened (if iptables_manage == True)

roles/gitea/defaults/main.yml

@@ -1,11 +1,11 @@
 ---
 
 # Version to install
-gitea_version: 1.20.4
+gitea_version: 1.20.5
 # URL to the binary
 gitea_bin_url: https://dl.gitea.io/gitea/{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64
 # sha256 of the binary
-gitea_bin_sha256: fea25c6001b9ded08542f480bdaccea981a465fee07aa3ec9c7494ad95717aba
+gitea_bin_sha256: ae8d21f36098a62272fcfa67ecbb567d0ba6cf5aecaaab29a6b98a407d435bdf
 # Handle updates. If set to false, ansible will only install
 # Gitea and then won't touch an existing installation
 gitea_manage_upgrade: True

roles/glpi/defaults/main.yml

@@ -2,14 +2,14 @@
 
 glpi_id: 1
 glpi_manage_upgrade: True
-glpi_version: '10.0.9'
+glpi_version: '10.0.10'
 glpi_archive_url: https://github.com/glpi-project/glpi/releases/download/{{ glpi_version }}/glpi-{{ glpi_version }}.tgz
-glpi_archive_sha256: d104c7135b1924f32ab6ca831fbaf319893af0bd932a035cb93ccb4021b2a946
+glpi_archive_sha256: b303eece25bcbf81cd6bcd74b2a8412f02b33c3471bd935530b06470dcf7b051
 glpi_root_dir: /opt/glpi_{{ glpi_id }}
 glpi_php_user: php-glpi_{{ glpi_id }}
 # If set, will use the following custom PHP FPM pool, which must be created
 # glpi_php_fpm_pool: php70
-glpi_php_version: 81
+glpi_php_version: 83
 glpi_mysql_server: "{{ mysql_server | default('localhost') }}"
 glpi_mysql_db: glpi_{{ glpi_id }}
 glpi_mysql_user: glpi_{{ glpi_id }}
@@ -43,25 +43,25 @@ glpi_plugins:
     sha256: fe1b9ad1ef9bc95953e47dc6b0112e028ed98c43656aab608bf06d0cb5e1bf4c
     url: https://github.com/InfotelGLPI/manufacturersimports/releases/download/3.0.5/glpi-manufacturersimports-3.0.5.tar.bz2
   tag:
-    version: 2.11.2
-    sha256: dcd494e353563b890efef93afac2d9bef73085022cd1cb58f5e1bd436071f45b
-    url: https://github.com/pluginsGLPI/tag/releases/download/2.11.2/glpi-tag-2.11.2.tar.bz2
+    version: 2.11.6
+    sha256: c003943136c41b7444b90d563df07ac95d517ecd38cd9858beb095027157a78e
+    url: https://github.com/pluginsGLPI/tag/releases/download/2.11.6/glpi-tag-2.11.6.tar.bz2
   mreporting:
-    version: 1.8.2
-    sha256: 6563eb016d9e2106f2f3ac99eaf8add4260797526f7ece32b42df895ec2d90b4
-    url: https://github.com/pluginsGLPI/mreporting/releases/download/1.8.2/glpi-mreporting-1.8.2.tar.bz2
+    version: 1.8.3
+    sha256: c021c2ab82879bac92a54d74f2f92c13c1b1c4ee7988dffa8b85d47ffdadb71e
+    url: https://github.com/pluginsGLPI/mreporting/releases/download/1.8.3/glpi-mreporting-1.8.3.tar.bz2
   fields:
-    version: 1.20.6
-    sha256: 40003edbfafb07f3b2f05a14c470985e67d069e02ba4fc044a78f01e4956a134
-    url: https://github.com/pluginsGLPI/fields/releases/download/1.20.6/glpi-fields-1.20.6.tar.bz2
+    version: 1.21.4
+    sha256: 8b6f0c4793db16fd7dd80c66760436557373f9a97e612171b46d7045a2065a04
+    url: https://github.com/pluginsGLPI/fields/releases/download/1.21.4/glpi-fields-1.21.4.tar.bz2
   webapplications:
     version: 4.0.1
     sha256: bbd3a9a01c2bd708af83563ed162ebfa9f56fdd616aaf6f1892e9a36e970ec9d
     url: https://github.com/InfotelGLPI/webapplications/releases/download/4.0.1/glpi-webapplications-4.0.1.tar.bz2
   genericobject:
-    version: 2.14.3
-    sha256: b0d47eac8ad407d8c3df0bd5fa27a33b15bd6eda28c4c790665e7c558eb0b6a9
-    url: https://github.com/pluginsGLPI/genericobject/releases/download/2.14.3/glpi-genericobject-2.14.3.tar.bz2
+    version: 2.14.7
+    sha256: 30f3a5d46031f328fde13e7db9b094bc8f99b82dc170c24126365f74446d309c
+    url: https://github.com/pluginsGLPI/genericobject/releases/download/2.14.7/glpi-genericobject-2.14.7.tar.bz2
   mydashboard:
     version: 2.1.5
     sha256: 42e15102b16e034feff4edd130e11fc3aee29e1e75af2d41068ef6dca7ce4977

roles/httpd_php/vars/RedHat-8.yml

@@ -34,4 +34,5 @@ httpd_php_versions:
   - 80
   - 81
   - 82
+  - 83
 

roles/httpd_php/vars/RedHat-9.yml

@@ -29,4 +29,5 @@ httpd_php_versions:
   - 80
   - 81
   - 82
+  - 83
 

roles/kimai/defaults/main.yml

@@ -5,12 +5,12 @@
 # You can set it to a number or a simple string (no special chars)
 kimai_id: 1
 # Kimai version to deploy
-kimai_version: '2.0.34'
+kimai_version: '2.0.35'
 
 # URL of the archive
 kimai_archive_url: https://github.com/kevinpapst/kimai2/archive/refs/tags/{{ kimai_version }}.tar.gz
 # Expected sha256 of the archive
-kimai_archive_sha256: ec0faef8512ea1659b86361ccbbe4c4afa32225e07d664b765a42775bad0006d
+kimai_archive_sha256: 11f4075cae82962eaacbae5231eb9313fa1648daa3399a4765da7a7621a89a85
 
 # Directory where kimai will be installed
 kimai_root_dir: /opt/kimai_{{ kimai_id }}

roles/ldap2pg/defaults/main.yml

@@ -1,5 +1,14 @@
 ---
 
+# The version of ldap2pg to deploy
+ldap2pg_version: 6.0
+
+# The URL where the ldap2pg archive can be fetched
+ldap2pg_archive_url: https://github.com/dalibo/ldap2pg/releases/download/v{{ ldap2pg_version }}/ldap2pg_{{ ldap2pg_version }}_linux_amd64.tar.gz
+
+# The expected sha256 checksum of the archive
+ldap2pg_archive_sha256: 0f587cb6a6e4953820fabcaba46bbfbe9acdffe79c42b1f53e789f5d7215d26b
+
 # How often ldap2pg will sync (eg hourly, '*:0:15', systemd timer syntaxe)
 ldap2pg_sync_freq: hourly
 
@@ -10,88 +19,64 @@ ldap2pg_user: postgres
 # Set dry mode to False to actually do the sync
 ldap2pg_dry_mode: True
 
+ldap2pg_env:
+  PGHOST: /var/run/postgresql
+  LDAPTLS_REQCERT: hard
+#  LDAPURI: "{{ ldap_uri | default('ldap://ldap.' ~ ansible_domain) }}"
+#  LDAPBINDDN: CN=Postgres,OU=Apps,{{ (ad_auth | default(False) | ternary('DC=' ~ ad_realm | default(samba_realm) | default(ansible_domain) | regex_replace('\.',',DC='), 'dc=' ~ ansible_domain | regex_replace('\.',',dc='))) }}
+#  LDAPPASSWORD: XXX
+
 ldap2pg_base_conf:
-  version: 5  
-  ldap:
-    uri: "{{ ldap_uri | default('ldap://ldap.' ~ ansible_domain) }}"
-    binddn: CN=Postgres,OU=Apps,{{ (ad_auth | default(False) | ternary('DC=' ~ ad_realm | default(samba_realm) | default(ansible_domain) | regex_replace('\.',',DC='), 'dc=' ~ ansible_domain | regex_replace('\.',',dc='))) }}
-    password: XXX
-    starttls: True
+  version: 6
   postgres:
-    dsn: postgres://%2Fvar%2Frun%2Fpostgresql/
     databases_query: |
       SELECT datname
       FROM pg_catalog.pg_database
-      WHERE datallowconn IS TRUE AND datname NOT IN ('postgres', 'template0', 'template1');
-  
-    # Only roles member of the special ldap_roles group can be dropped
+      WHERE datallowconn IS TRUE AND datname NOT IN ('template0', 'template1');
+
+    # Only roles member of the special managed_roles group can be dropped
     # other role (created manually or outside of ldap2pg scope) will never be dropped
     managed_roles_query: |
-      SELECT DISTINCT role.rolname
-      FROM pg_roles AS role
-      LEFT OUTER JOIN pg_auth_members AS ms ON ms.member = role.oid
-      LEFT OUTER JOIN pg_roles AS ldap_roles
-        ON ldap_roles.rolname = 'ldap_roles' AND ldap_roles.oid = ms.roleid
-      WHERE ldap_roles.oid IS NOT NULL
+      VALUES
+        ('managed_roles')
+      UNION
+        SELECT DISTINCT role.rolname
+          FROM pg_roles AS role
+          JOIN pg_auth_members AS ms
+            ON ms.member = role.oid
+          JOIN pg_roles AS parent
+            ON parent.rolname = 'managed_roles' AND parent.oid = ms.roleid
       ORDER BY 1;
   
-    # Exclude information_schema, pg_catalog, pg_toast, and other system schemas
-    # from privilege management.
-    schemas_query: |
-      SELECT nspname FROM pg_catalog.pg_namespace
-      WHERE nspname NOT LIKE 'pg_%' AND nspname <> 'information_schema'
-      ORDER BY 1;
-
   privileges:
     ro:
       - __connect__
       - __select_on_tables__
       - __select_on_sequences__
       - __usage_on_schemas__
-      - __usage_on_types__
-  
+      - __usage_on_sequences__
+
     rw:
+      - ro
       - __temporary__
-      - __all_on_tables__
-      - __all_on_sequences__
-  
-    ddl:
-      - __create_on_schemas__
+      - __insert_on_tables__
+      - __update_on_tables__
+      - __delete__on_tables__
+      - __update_on_sequences__
+      - __execute_on_functions__
+      - __trigger_on_tables__
 
     full:
       - rw
-      - __all_on_schemas__
+      - __create_on_schemas__
+      - __truncate_on_tables__
 
-  sync_map:
-    - description: "Create the ldap_roles group"
+  rules:
+    - description: "Create static roles"
       roles:
-        - name: ldap_roles
+        - name: managed_roles
           options: NOLOGIN
   
-    - description: "Create static ldap groups"
-      roles:
-        - names:
-            - support_ro
-            - support_rw
-          parent:
-            - ldap_roles
-          options: NOLOGIN
-  
-      grant:
-        - privilege: ro
-          roles:
-            - support_ro
-            - support_rw
-  
-        - privilege: rw
-          roles:
-            - support_rw
-  
-        - privilege: ddl
-          roles:
-            - support_rw
-  
-  
 #    - description: "Query LDAP to populate support_ro role"
 #      ldapsearch:
 #        base: OU=People,DC=example,DC=org
@@ -101,7 +86,7 @@ ldap2pg_base_conf:
 #        options: LOGIN
 #        parent:
 #          - support_ro
-#          - ldap_roles
+#          - managed_roles
 #        comment: "From LDAP account {dn}"
 #  
 #  
@@ -114,7 +99,7 @@ ldap2pg_base_conf:
 #        options: LOGIN
 #        parent:
 #          - support_rw
-#          - ldap_roles
+#          - managed_roles
 #        comment: 'From LDAP account {dn}'
 
 ldap2pg_extra_conf: {}

roles/ldap2pg/meta/main.yml

@@ -2,4 +2,3 @@
 
 dependencies:
   - role: mkdir
-  - role: repo_dalibolabs

roles/ldap2pg/tasks/conf.yml

@@ -1,5 +1,9 @@
 ---
 
+- name: Deploy env file
+  template: src=ldap2pg.env.j2 dest=/etc/sysconfig/ldap2pg owner=root group=postgres mode=640
+  tags: pg
+
 - name: Deploy ldap2pg configuration
   block:
     - name: Render config template
@@ -15,10 +19,11 @@
         - restart ldap2pg.timer
 
     - name: Validate new configuration
-      command: /bin/ldap2pg --config /etc/ldap2pg.yml --dry
+      command: /usr/local/bin/ldap2pg --config /etc/ldap2pg.yml
       changed_when: False
       become_user: "{{ ldap2pg_user }}"
       register: ldap2pg_conf_validation
+      environment: "{{ ldap2pg_env }}"
 
   rescue:
     - name: Rollback previous configuration
@@ -35,6 +40,7 @@
 
 - name: Fails if new configuration isn't validated
   fail:
-    msg: "Failed to validate /etc/ldap2pg: {{ ldap2pg_conf_validation.stdout }}"
+    msg: "Failed to validate /etc/ldap2pg.yml: {{ ldap2pg_conf_validation.stdout }}"
   when: ldap2pg_conf_validation.rc != 0
   tags: pg
+

roles/ldap2pg/tasks/facts.yml

@@ -1,10 +1,27 @@
 ---
 
-# Load distribution specific variables
-- include_vars: "{{ item }}"
-  with_first_found:
-    - "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
-    - "{{ role_path }}/vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
-    - "{{ role_path }}/vars/{{ ansible_distribution }}.yml"
-    - "{{ role_path }}/vars/{{ ansible_os_family }}.yml"
+- name: Set default install mode
+  set_fact: ldap2pg_install_mode='none'
+  tags: pg
+
+- name: Check if ldap2pg is installed
+  stat: path=/usr/local/bin/ldap2pg
+  register: ldap2pg_bin
+  tags: pg
+
+- name: Check installed version
+  shell: ldap2pg -V | head -1 | sed -E 's/ldap2pg v(\d+)/\1/'
+  register: ldap2pg_current_version
+  when: ldap2pg_bin.stat.exists
+  changed_when: False
+  tags: pg
+
+- name: Set install mode
+  set_fact: ldap2pg_install_mode='install'
+  when: not ldap2pg_bin.stat.exists
+  tags: pg
+
+- name: Set install_mode to upgrade
+  set_fact: ldap2pg_install_mode='upgrade'
+  when: ldap2pg_bin.stat.exists and ldap2pg_current_version.stdout != ldap2pg_version
   tags: pg

roles/ldap2pg/tasks/install.yml

@@ -1,20 +1,28 @@
 ---
 
-- name: Install packages
-  package: name={{ ldap2pg_packages }}
+- name: Ensure ldap2pg package is removed
+  package: name=ldap2pg state=absent
   tags: pg
 
-- when: ansible_os_family == 'RedHat' and ansible_distribution_major_version is version('8', '<')
+- when: ldap2pg_install_mode != 'none'
   block:
-    - name: Check if ldap2Pg is built with python 2 or 3
-      stat: path=/usr/lib/python3.6/site-packages/ldap2pg/ldap.py
-      register: ldap2pg_py
+    - name: Download ldap2pg binary
+      get_url:
+        url: "{{ ldap2pg_archive_url }}"
+        dest: /tmp/ldap2pg.tar.gz
+        checksum: "sha256:{{ ldap2pg_archive_sha256 }}"
 
-    - name: Set ldap.py path
-      set_fact: ldap_py_ver={{ ldap2pg_py.stat.exists | ternary('3.6', '2.7') }}
+    - name: Extract ldap2pg archive
+      unarchive:
+        src: /tmp/ldap2pg.tar.gz
+        dest: /usr/local/bin
+        include:
+          - ldap2pg
+        owner: root
+        group: root
+        mode: 755
+        remote_src: True
 
-    - name: Patch ldap2pg to specify global cacert
-      patch: src=ldap2pg_cacert.diff dest=/usr/lib/python{{ ldap_py_ver }}/site-packages/ldap2pg/ldap.py
   tags: pg
 
 - name: Install systemd unit

roles/ldap2pg/templates/ldap2pg.env.j2

@@ -0,0 +1,3 @@
+{% for env in ldap2pg_env.keys() | list %}
+{{ env }}={{ ldap2pg_env[env] }}
+{% endfor %}

roles/ldap2pg/templates/ldap2pg.service.j2

@@ -4,7 +4,8 @@ Description=Sync postgres role from LDAP
 [Service]
 Type=oneshot
 PrivateTmp=yes
+EnvironmentFile=/etc/sysconfig/ldap2pg
 User={{ ldap2pg_user }}
 Group={{ ldap2pg_user }}
-ExecStart=/bin/ldap2pg -c /etc/ldap2pg.yml --{{ ldap2pg_dry_mode | ternary('dry', 'real') }}
+ExecStart=/usr/local/bin/ldap2pg -c /etc/ldap2pg.yml {{ ldap2pg_dry_mode | ternary('', '--real') }}
 TimeoutSec=30m

roles/ldap2pg/vars/RedHat-7.yml

@@ -1,6 +0,0 @@
----
-
-ldap2pg_packages:
-  - ldap2pg
-  - python-setuptools
-  - patch

roles/ldap2pg/vars/RedHat-8.yml

@@ -1,4 +0,0 @@
----
-
-ldap2pg_packages:
-  - ldap2pg

roles/ldap2pg/vars/RedHat-9.yml

@@ -1,4 +0,0 @@
----
-
-ldap2pg_packages:
-  - ldap2pg

roles/matrix_element/defaults/main.yml

@@ -5,8 +5,8 @@
 element_id: element
 
 # Version to deploy, and expected sha256
-element_version: 1.11.43
-element_archive_sha256: e5b8d48498ceedced1dd19116a61e8e1809e173ea14a43a0f1e40353873969a3
+element_version: 1.11.46
+element_archive_sha256: bbb8be838643dc0f9071591d0d1f8758935c21ad9e7e3697d6a9162a3aae32cd
 
 # Where to install element
 element_root_dir: /opt/matrix/element

roles/matrix_synapse/defaults/main.yml

@@ -1,7 +1,7 @@
 ---
 
 # Synapse version to deploy
-synapse_version: '1.92.3'
+synapse_version: '1.94.0'
 
 # Should ansible handle Synapse upgrades ? If false, only initial install will be done
 synapse_manage_upgrade: True

roles/metabase/defaults/main.yml

@@ -1,15 +1,15 @@
 ---
 
 # Version to deploy
-metabase_version: 0.47.2
+metabase_version: 0.47.4
 # URL to fetch the jar
 metabase_jar_url: https://downloads.metabase.com/v{{ metabase_version }}/metabase.jar
 # Expected sha256 of the jar
-metabase_jar_sha256: 94f7335561881f6da4f4cea54683e477e9da91eeade99f97bce020281a23076c
+metabase_jar_sha256: e687fdaabf06e23ed1f4bf6e40173834d2fc9b2b306796ab67b1d7603f483fd2
 # When building from source
 metabase_archive_url: https://github.com/metabase/metabase/archive/refs/tags/v{{ metabase_version }}.tar.gz
 # Expected sha256 of the archive
-metabase_archive_sha256: 5add9fb25674c820bf0c9dc16929fa42cf7ae2affb5b55e3988a1bacb21673c1
+metabase_archive_sha256: 3836fca4ea077ce0aeced82c38f0d7838d3972232f93d15998c484ad939e3a2f
 # Should ansible handle upgrades ? If set to false, only the initial install (and the config) will be handled
 metabase_manage_upgrade: True
 

roles/n8n/defaults/main.yml

@@ -1,7 +1,7 @@
 ---
 
 # Version to deploy
-n8n_version: 1.1.1
+n8n_version: 1.7.1
 # Root directory where n8n will be installed
 n8n_root_dir: /opt/n8n
 # User account under which n8n will run

roles/postgresql_exporter/defaults/main.yml

@@ -1,8 +1,8 @@
 ---
 
-pg_exporter_version: 0.8.0
-pg_exporter_archive_url: https://github.com/wrouesnel/postgres_exporter/releases/download/v{{ pg_exporter_version }}/postgres_exporter_v{{ pg_exporter_version }}_linux-amd64.tar.gz
-pg_exporter_archive_sha1: 9af399257fe6ad20bf6ea7a4984721ae364bd574
+pg_exporter_version: 0.14.0
+pg_exporter_archive_url: https://github.com/prometheus-community/postgres_exporter/releases/download/v{{ pg_exporter_version }}/postgres_exporter-{{ pg_exporter_version }}.linux-amd64.tar.gz
+pg_exporter_archive_sha256: 389f8c8d9a57132b9744b2108bee168085da729b574de5996e42cda15110c672
 pg_exporter_root_dir: /opt/pg_exporter
 
 # Account under which postgres-exporter will run

roles/postgresql_exporter/tasks/install.yml

@@ -5,17 +5,17 @@
     get_url:
       url: "{{ pg_exporter_archive_url }}"
       dest: "{{ pg_exporter_root_dir }}/tmp/"
-      checksum: sha1:{{ pg_exporter_archive_sha1 }}
+      checksum: sha256:{{ pg_exporter_archive_sha256 }}
   
   - name: Extract pg_exporter
     unarchive:
-      src: "{{ pg_exporter_root_dir }}/tmp/postgres_exporter_v{{ pg_exporter_version }}_linux-amd64.tar.gz"
+      src: "{{ pg_exporter_root_dir }}/tmp/postgres_exporter-{{ pg_exporter_version }}.linux-amd64.tar.gz"
       dest: "{{ pg_exporter_root_dir }}/tmp/"
       remote_src: True
 
   - name: Move the binary to its final location
     copy:
-      src: "{{ pg_exporter_root_dir }}/tmp/postgres_exporter_v{{ pg_exporter_version }}_linux-amd64/postgres_exporter"
+      src: "{{ pg_exporter_root_dir }}/tmp/postgres_exporter-{{ pg_exporter_version }}.linux-amd64/postgres_exporter"
       dest: "{{ pg_exporter_root_dir }}/app/"
       mode: '755'
       remote_src: True

roles/seafile/defaults/main.yml

@@ -11,7 +11,7 @@
 #   MaxUsers = "9"
 #   Mode = "subscription"
 #   etc...
-seafile_version: "{{ seafile_license is defined | ternary('10.0.6','10.0.1') }}"
+seafile_version: "{{ seafile_license is defined | ternary('10.0.9','10.0.1') }}"
 
 # Archive URL and sha256 are only used for the community version
 seafile_archive_url: https://s3.eu-central-1.amazonaws.com/download.seadrive.org/seafile-server_{{ seafile_version }}_x86-64.tar.gz
@@ -128,5 +128,5 @@ seafile_site_title: 'Mon cloud privé'
 # Only available if you run the PRO edition
 seafile_scan_av: True
 
-# Use Go file server. It's still a bit buggy so default to False
-seafile_use_go_fileserver: False
+# Use Go file server
+seafile_use_go_fileserver: True

roles/seafile/files/seafile-pro-server_10.0.6_x86-64_CentOS.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0af3b246ad27fbc49b39ceb6da313404fb6df380a7ab387a44b395dfd4814519
-size 143913267

roles/seafile/files/seafile-pro-server_10.0.9_x86-64_CentOS.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1342b561365a330939e0832f26deefdd4dca12806cb5f87daa083e18e46398f8
+size 205519649

roles/seafile/templates/clean_db.sh.j2

@@ -6,4 +6,4 @@ PATH=/opt/seafile/bin:/bin:/usr/bin
 PYTHON=/opt/seafile/bin/python
 cd {{ seafile_root_dir }}/seafile-server
 ./seahub.sh python-env python3 seahub/manage.py clearsessions
-
+./seahub.sh python-env python3 seahub/manage.py clean_db_records

roles/vault_bin/defaults/main.yml

@@ -1,7 +1,7 @@
 # Version of Vault to install
-vault_version: 1.14.3
+vault_version: 1.15.0
 # URL of the archive
 vault_archive_url: https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_amd64.zip
 # Expected sha256 of the archive
-vault_archive_sha256: 01e1698d2563cf4780438468f9f815eedf707e8ea01f87bb7621e24a00e21d12
+vault_archive_sha256: b69c209f05c1ccfa012a60090adfca1607c8fad14728a5a208979a1706b6cd46