From e8489678a544f6c20d151c80e9e0323d1687b485 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Thu, 24 Oct 2019 12:34:42 +1100 Subject: [PATCH 01/71] ITOPSENG-277 fixed bad path for synchrony wrapper script --- roles/synchrony_config/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/synchrony_config/tasks/main.yml b/roles/synchrony_config/tasks/main.yml index 966e84f..f3cf3f2 100644 --- a/roles/synchrony_config/tasks/main.yml +++ b/roles/synchrony_config/tasks/main.yml @@ -3,7 +3,7 @@ - name: Install the startup wrapper script copy: src: start-synchrony - dest: "{{ atl_installation_base }}/bin/start-synchrony" + dest: "{{ atl_product_installation_current }}/bin/start-synchrony" group: "{{ atl_product_user }}" mode: "0750" From 4e5bd0b16d372f7ae3cfa61c54ca3bebb361d325 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Thu, 24 Oct 2019 14:44:32 +1100 Subject: [PATCH 02/71] ITOPSENG-277 fixed startup exec path for synchrony service --- aws_confluence_synchrony_node.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws_confluence_synchrony_node.yml b/aws_confluence_synchrony_node.yml index ed05766..3d13d85 100644 --- a/aws_confluence_synchrony_node.yml +++ b/aws_confluence_synchrony_node.yml @@ -14,7 +14,7 @@ - "EnvironmentFile=/etc/atl.synchrony" - "WorkingDirectory={{ atl_product_installation_current }}/logs/" atl_startup_exec_options: [] - atl_startup_exec_path: "{{ atl_installation_base }}/bin/start-synchrony" + atl_startup_exec_path: "{{ atl_product_installation_current }}/bin/start-synchrony" atl_systemd_service_name: "synchrony.service" roles: From 5709fc5000436ebc4d96d5915d2a2f053f9cb608 Mon Sep 17 00:00:00 2001 From: btisekar Date: Wed, 30 Oct 2019 18:45:06 +0530 Subject: [PATCH 03/71] fix broken path for synchrony service --- aws_confluence_synchrony_node.yml | 2 +- roles/synchrony_config/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/aws_confluence_synchrony_node.yml b/aws_confluence_synchrony_node.yml index ed05766..3d13d85 100644 --- a/aws_confluence_synchrony_node.yml +++ b/aws_confluence_synchrony_node.yml @@ -14,7 +14,7 @@ - "EnvironmentFile=/etc/atl.synchrony" - "WorkingDirectory={{ atl_product_installation_current }}/logs/" atl_startup_exec_options: [] - atl_startup_exec_path: "{{ atl_installation_base }}/bin/start-synchrony" + atl_startup_exec_path: "{{ atl_product_installation_current }}/bin/start-synchrony" atl_systemd_service_name: "synchrony.service" roles: diff --git a/roles/synchrony_config/tasks/main.yml b/roles/synchrony_config/tasks/main.yml index 966e84f..f3cf3f2 100644 --- a/roles/synchrony_config/tasks/main.yml +++ b/roles/synchrony_config/tasks/main.yml @@ -3,7 +3,7 @@ - name: Install the startup wrapper script copy: src: start-synchrony - dest: "{{ atl_installation_base }}/bin/start-synchrony" + dest: "{{ atl_product_installation_current }}/bin/start-synchrony" group: "{{ atl_product_user }}" mode: "0750" From b1643eccee7ce138a0e2340b088702de926476da Mon Sep 17 00:00:00 2001 From: Ben Partridge Date: Wed, 13 Nov 2019 17:31:06 +1100 Subject: [PATCH 04/71] DCD-802: become product user when unarchiving shared home. Implement test that shared home is owned by correct user --- roles/restore_backups/molecule/restore/playbook.yml | 5 ++--- .../restore_backups/molecule/restore/tests/test_default.py | 6 ++++++ roles/restore_backups/tasks/main.yml | 3 +-- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/roles/restore_backups/molecule/restore/playbook.yml b/roles/restore_backups/molecule/restore/playbook.yml index b3c60b0..e2f8157 100644 --- a/roles/restore_backups/molecule/restore/playbook.yml +++ b/roles/restore_backups/molecule/restore/playbook.yml @@ -6,6 +6,5 @@ atl_product_user: 'jira' atl_backup_home_restore_canary_path: '/tmp/canary.tmp' - tasks: - - name: Install distro-specific restore support packages - include_tasks: "../../tasks/{{ ansible_distribution|lower }}.yml" + roles: + - restore_backups diff --git a/roles/restore_backups/molecule/restore/tests/test_default.py b/roles/restore_backups/molecule/restore/tests/test_default.py index 6f88a4f..d8ec2b2 100644 --- a/roles/restore_backups/molecule/restore/tests/test_default.py +++ b/roles/restore_backups/molecule/restore/tests/test_default.py @@ -18,3 +18,9 @@ def test_postgresql_amazon_linux_extras_exes(host, exe): def test_postgresql_version(host): pg_dump_version_output = host.check_output('pg_dump --version') assert '(PostgreSQL) 9.6' in pg_dump_version_output + +def test_shared_home_owner(host): + for root, dirs, files in os.walk('/media/atl/jira/shared'): + for fileName in files + dirs: + assert host.file(fileName).user == 'jira' + assert host.file(fileName).group == 'jira' \ No newline at end of file diff --git a/roles/restore_backups/tasks/main.yml b/roles/restore_backups/tasks/main.yml index 1f9ebdb..825517b 100644 --- a/roles/restore_backups/tasks/main.yml +++ b/roles/restore_backups/tasks/main.yml @@ -124,8 +124,7 @@ unarchive: src: "{{ atl_backup_home_dest }}" dest: "{{ atl_product_home_shared }}" - owner: "{{ atl_product_user }}" - group: "{{ atl_product_user }}" + become: "{{ atl_product_user }}" - name: Create restore-canary if necessary copy: From 4827ae84236049d1edb491c5fd090cca1b89e058 Mon Sep 17 00:00:00 2001 From: Ben Partridge Date: Mon, 18 Nov 2019 16:37:26 +1100 Subject: [PATCH 05/71] DCD-802: Fix test and implementation for setting shared home owner and group to application user --- .../molecule/restore/playbook.yml | 55 ++++++++++++++++++- .../molecule/restore/tests/test_default.py | 14 +++-- roles/restore_backups/tasks/home_restore.yml | 37 +++++++++++++ roles/restore_backups/tasks/main.yml | 29 +--------- 4 files changed, 101 insertions(+), 34 deletions(-) create mode 100644 roles/restore_backups/tasks/home_restore.yml diff --git a/roles/restore_backups/molecule/restore/playbook.yml b/roles/restore_backups/molecule/restore/playbook.yml index e2f8157..d174e48 100644 --- a/roles/restore_backups/molecule/restore/playbook.yml +++ b/roles/restore_backups/molecule/restore/playbook.yml @@ -4,7 +4,58 @@ vars: atl_backup_manifest_url: 's3://dcd-slingshot-test/dummy_manifest.json' atl_product_user: 'jira' + atl_product_user_uid: '2001' atl_backup_home_restore_canary_path: '/tmp/canary.tmp' + atl_product_home_shared: '/media/atl/jira/shared' + atl_backup_id: 'test-backup' + atl_backup_home_dest: "{{ test_archive }}" - roles: - - restore_backups + test_archive_source: '/tmp/hello' + test_archive_file: 'hello.txt' + test_archive: '/tmp/hello.tar.gz' + test_pre_step_prefix: '[PRE-TEST]' + + pre_tasks: + - name: "{{ test_pre_step_prefix }} Install tar" + package: + state: present + name: tar + + - name: "{{ test_pre_step_prefix }} Install useradd and groupadd binaries" + package: + state: present + name: shadow-utils + + - name: "{{ test_pre_step_prefix }} Create application group" + group: + name: "{{ atl_product_user }}" + gid: "{{ atl_product_user_uid }}" + + - name: "{{ test_pre_step_prefix }} Create application user" + user: + name: "{{ atl_product_user }}" + uid: "{{ atl_product_user_uid }}" + group: "{{ atl_product_user }}" + + - block: + - name: "{{ test_pre_step_prefix }} Create a directory for the shared home archive" + file: + path: "{{ test_archive_source }}" + state: directory + - name: "{{ test_pre_step_prefix }} Create a file in the shared home" + lineinfile: + create: yes + line: 'Hello, world!' + path: "{{ test_archive_source }}/{{ test_archive_file }}" + - name: "{{ test_pre_step_prefix }} Archive the shared home" + archive: + path: "{{ test_archive_source }}" + dest: "{{ test_archive }}" + owner: "{{ atl_product_user }}" + + tasks: + - name: Install distro-specific restore support packages + include_tasks: "../../tasks/{{ ansible_distribution|lower }}.yml" + + - name: Restore shared home + include_tasks: "../../tasks/home_restore.yml" diff --git a/roles/restore_backups/molecule/restore/tests/test_default.py b/roles/restore_backups/molecule/restore/tests/test_default.py index d8ec2b2..f8ab676 100644 --- a/roles/restore_backups/molecule/restore/tests/test_default.py +++ b/roles/restore_backups/molecule/restore/tests/test_default.py @@ -19,8 +19,12 @@ def test_postgresql_version(host): pg_dump_version_output = host.check_output('pg_dump --version') assert '(PostgreSQL) 9.6' in pg_dump_version_output -def test_shared_home_owner(host): - for root, dirs, files in os.walk('/media/atl/jira/shared'): - for fileName in files + dirs: - assert host.file(fileName).user == 'jira' - assert host.file(fileName).group == 'jira' \ No newline at end of file +@pytest.mark.parametrize('file', [ + '/media/atl/jira/shared', + '/media/atl/jira/shared/hello', + '/media/atl/jira/shared/hello/hello.txt' +]) +def test_shared_home_owner(host, file): + assert host.file(file).exists + assert host.file(file).user == 'jira' + assert host.file(file).group == 'jira' \ No newline at end of file diff --git a/roles/restore_backups/tasks/home_restore.yml b/roles/restore_backups/tasks/home_restore.yml new file mode 100644 index 0000000..2a9fa1f --- /dev/null +++ b/roles/restore_backups/tasks/home_restore.yml @@ -0,0 +1,37 @@ +--- +- name: Check for the restore canary file + stat: + path: "{{ atl_backup_home_restore_canary_path }}" + register: restore_canary + +- block: + - name: Create shared home if necessary + file: + path: "{{ atl_product_home_shared }}" + state: directory + mode: 0750 + owner: "{{ atl_product_user }}" + group: "{{ atl_product_user }}" + + - name: Restore the shared-home backup + unarchive: + src: "{{ atl_backup_home_dest }}" + remote_src: yes + dest: "{{ atl_product_home_shared }}" + mode: 0640 + + - name: Set shared home file owner to application user + file: + path: "{{ atl_product_home_shared }}" + recurse: yes + group: "{{ atl_product_user }}" + state: directory + mode: 0640 + owner: "{{ atl_product_user }}" + + - name: Create restore-canary if necessary + copy: + dest: "{{ atl_backup_home_restore_canary_path }}" + content: "{{ atl_backup_id }}" + + when: not restore_canary.stat.exists diff --git a/roles/restore_backups/tasks/main.yml b/roles/restore_backups/tasks/main.yml index 3071044..c5b26ed 100644 --- a/roles/restore_backups/tasks/main.yml +++ b/roles/restore_backups/tasks/main.yml @@ -108,33 +108,8 @@ when: db_created.changed and atl_backup_db_dest is defined - - name: Check for the restore canary file - stat: - path: "{{ atl_backup_home_restore_canary_path }}" - register: restore_canary - - - block: - - - name: Create shared home if necessary - file: - path: "{{ atl_product_home_shared }}" - state: directory - mode: 0750 - owner: "{{ atl_product_user }}" - group: "{{ atl_product_user }}" - - - name: Restore the shared-home backup - unarchive: - src: "{{ atl_backup_home_dest }}" - dest: "{{ atl_product_home_shared }}" - become: "{{ atl_product_user }}" - - - name: Create restore-canary if necessary - copy: - dest: "{{ atl_backup_home_restore_canary_path }}" - content: "{{ atl_backup_id }}" - - when: not restore_canary.stat.exists + - name: Restore shared home + include_tasks: "{{ home_restore.yml }}" when: atl_restore_required From 688be1f5d79f2ff75b51d3aadbf71055f7b482fe Mon Sep 17 00:00:00 2001 From: Ben Partridge Date: Mon, 18 Nov 2019 16:59:56 +1100 Subject: [PATCH 06/71] DCD-802: Add test and logic for setting version file owner to root in shared home --- roles/restore_backups/molecule/restore/playbook.yml | 12 +++++++++++- .../molecule/restore/tests/test_default.py | 7 ++++++- roles/restore_backups/tasks/home_restore.yml | 13 +++++++++++-- 3 files changed, 28 insertions(+), 4 deletions(-) diff --git a/roles/restore_backups/molecule/restore/playbook.yml b/roles/restore_backups/molecule/restore/playbook.yml index d174e48..3e4272c 100644 --- a/roles/restore_backups/molecule/restore/playbook.yml +++ b/roles/restore_backups/molecule/restore/playbook.yml @@ -4,6 +4,8 @@ vars: atl_backup_manifest_url: 's3://dcd-slingshot-test/dummy_manifest.json' atl_product_user: 'jira' + atl_product_edition: 'jira-software' + atl_product_version_cache: "{{ atl_product_home_shared }}/{{ atl_product_edition }}.version" atl_product_user_uid: '2001' atl_backup_home_restore_canary_path: '/tmp/canary.tmp' atl_product_home_shared: '/media/atl/jira/shared' @@ -12,6 +14,7 @@ test_archive_source: '/tmp/hello' test_archive_file: 'hello.txt' + test_product_version_file: "/tmp/{{ atl_product_edition }}.version" test_archive: '/tmp/hello.tar.gz' test_pre_step_prefix: '[PRE-TEST]' @@ -47,9 +50,16 @@ create: yes line: 'Hello, world!' path: "{{ test_archive_source }}/{{ test_archive_file }}" + - name: "{{ test_pre_step_prefix }} Create the version file in the shared home" + lineinfile: + create: yes + line: '8.5' + path: "{{ test_product_version_file }}" - name: "{{ test_pre_step_prefix }} Archive the shared home" archive: - path: "{{ test_archive_source }}" + path: + - "{{ test_archive_source }}" + - "{{ test_product_version_file }}" dest: "{{ test_archive }}" owner: "{{ atl_product_user }}" diff --git a/roles/restore_backups/molecule/restore/tests/test_default.py b/roles/restore_backups/molecule/restore/tests/test_default.py index f8ab676..98af566 100644 --- a/roles/restore_backups/molecule/restore/tests/test_default.py +++ b/roles/restore_backups/molecule/restore/tests/test_default.py @@ -27,4 +27,9 @@ def test_postgresql_version(host): def test_shared_home_owner(host, file): assert host.file(file).exists assert host.file(file).user == 'jira' - assert host.file(file).group == 'jira' \ No newline at end of file + assert host.file(file).group == 'jira' + +def test_version_file_owned_by_root(host): + assert host.file('/media/atl/jira/shared/jira-software.version').exists + assert host.file('/media/atl/jira/shared/jira-software.version').user == 'root' + assert host.file('/media/atl/jira/shared/jira-software.version').group == 'root' \ No newline at end of file diff --git a/roles/restore_backups/tasks/home_restore.yml b/roles/restore_backups/tasks/home_restore.yml index 2a9fa1f..c3cb081 100644 --- a/roles/restore_backups/tasks/home_restore.yml +++ b/roles/restore_backups/tasks/home_restore.yml @@ -20,14 +20,23 @@ dest: "{{ atl_product_home_shared }}" mode: 0640 - - name: Set shared home file owner to application user + - name: Set shared home owner and group to application user file: path: "{{ atl_product_home_shared }}" recurse: yes group: "{{ atl_product_user }}" + owner: "{{ atl_product_user }}" state: directory mode: 0640 - owner: "{{ atl_product_user }}" + + - name: Set version file owner and group to root + file: + path: "{{ atl_product_version_cache }}" + group: root + owner: root + state: file + # Ignore the error in case there is no product version file in the backup + ignore_errors: yes - name: Create restore-canary if necessary copy: From cbe62d02fd4c49a2bc795b5b886fd99f73bf0523 Mon Sep 17 00:00:00 2001 From: Ben Partridge Date: Mon, 18 Nov 2019 17:02:08 +1100 Subject: [PATCH 07/71] DCD-802: Organise vars in restore molecule playbook --- .../molecule/restore/playbook.yml | 23 ++++++++++--------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/roles/restore_backups/molecule/restore/playbook.yml b/roles/restore_backups/molecule/restore/playbook.yml index 3e4272c..a2b36ea 100644 --- a/roles/restore_backups/molecule/restore/playbook.yml +++ b/roles/restore_backups/molecule/restore/playbook.yml @@ -2,21 +2,22 @@ - name: Converge hosts: all vars: - atl_backup_manifest_url: 's3://dcd-slingshot-test/dummy_manifest.json' - atl_product_user: 'jira' - atl_product_edition: 'jira-software' - atl_product_version_cache: "{{ atl_product_home_shared }}/{{ atl_product_edition }}.version" - atl_product_user_uid: '2001' - atl_backup_home_restore_canary_path: '/tmp/canary.tmp' - atl_product_home_shared: '/media/atl/jira/shared' - atl_backup_id: 'test-backup' atl_backup_home_dest: "{{ test_archive }}" + atl_backup_home_restore_canary_path: '/tmp/canary.tmp' + atl_backup_id: 'test-backup' + atl_backup_manifest_url: 'fake_manifest' + + atl_product_edition: 'jira-software' + atl_product_home_shared: '/media/atl/jira/shared' + atl_product_user: 'jira' + atl_product_user_uid: '2001' + atl_product_version_cache: "{{ atl_product_home_shared }}/{{ atl_product_edition }}.version" - test_archive_source: '/tmp/hello' - test_archive_file: 'hello.txt' - test_product_version_file: "/tmp/{{ atl_product_edition }}.version" test_archive: '/tmp/hello.tar.gz' + test_archive_file: 'hello.txt' + test_archive_source: '/tmp/hello' test_pre_step_prefix: '[PRE-TEST]' + test_product_version_file: "/tmp/{{ atl_product_edition }}.version" pre_tasks: - name: "{{ test_pre_step_prefix }} Install tar" From b12d26c282e77c2bc51bb4ac389a5fc2974909ac Mon Sep 17 00:00:00 2001 From: Ben Partridge Date: Tue, 19 Nov 2019 16:01:23 +1100 Subject: [PATCH 08/71] DCD-802: Fix reference to home_restore task in include task in restore_backups main.yml --- roles/restore_backups/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/restore_backups/tasks/main.yml b/roles/restore_backups/tasks/main.yml index c5b26ed..1c81430 100644 --- a/roles/restore_backups/tasks/main.yml +++ b/roles/restore_backups/tasks/main.yml @@ -109,7 +109,7 @@ - name: Restore shared home - include_tasks: "{{ home_restore.yml }}" + include_tasks: "home_restore.yml" when: atl_restore_required From 096549edadb1006effb3989782249b3a87ae1f16 Mon Sep 17 00:00:00 2001 From: Ben Partridge Date: Wed, 20 Nov 2019 13:55:59 +1100 Subject: [PATCH 09/71] Preserve file permissions when restoring the shared home backup --- roles/restore_backups/tasks/home_restore.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/restore_backups/tasks/home_restore.yml b/roles/restore_backups/tasks/home_restore.yml index c3cb081..bdeb866 100644 --- a/roles/restore_backups/tasks/home_restore.yml +++ b/roles/restore_backups/tasks/home_restore.yml @@ -18,7 +18,7 @@ src: "{{ atl_backup_home_dest }}" remote_src: yes dest: "{{ atl_product_home_shared }}" - mode: 0640 + mode: preserve - name: Set shared home owner and group to application user file: @@ -27,7 +27,6 @@ group: "{{ atl_product_user }}" owner: "{{ atl_product_user }}" state: directory - mode: 0640 - name: Set version file owner and group to root file: From cb6647ba8e70108d5bf4400c617a13497b5aac7a Mon Sep 17 00:00:00 2001 From: Ben Partridge Date: Wed, 20 Nov 2019 15:53:16 +1100 Subject: [PATCH 10/71] DCD-802: Fix file mode preservation in restore and add test for file mode --- roles/restore_backups/molecule/restore/playbook.yml | 3 +++ roles/restore_backups/molecule/restore/tests/test_default.py | 5 +++++ roles/restore_backups/tasks/home_restore.yml | 1 - 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/roles/restore_backups/molecule/restore/playbook.yml b/roles/restore_backups/molecule/restore/playbook.yml index a2b36ea..073d24b 100644 --- a/roles/restore_backups/molecule/restore/playbook.yml +++ b/roles/restore_backups/molecule/restore/playbook.yml @@ -46,16 +46,19 @@ file: path: "{{ test_archive_source }}" state: directory + mode: 0755 - name: "{{ test_pre_step_prefix }} Create a file in the shared home" lineinfile: create: yes line: 'Hello, world!' path: "{{ test_archive_source }}/{{ test_archive_file }}" + mode: 0640 - name: "{{ test_pre_step_prefix }} Create the version file in the shared home" lineinfile: create: yes line: '8.5' path: "{{ test_product_version_file }}" + mode: 0640 - name: "{{ test_pre_step_prefix }} Archive the shared home" archive: path: diff --git a/roles/restore_backups/molecule/restore/tests/test_default.py b/roles/restore_backups/molecule/restore/tests/test_default.py index 98af566..c9882bc 100644 --- a/roles/restore_backups/molecule/restore/tests/test_default.py +++ b/roles/restore_backups/molecule/restore/tests/test_default.py @@ -1,5 +1,6 @@ import os import pytest +from stat import * import testinfra.utils.ansible_runner @@ -29,6 +30,10 @@ def test_shared_home_owner(host, file): assert host.file(file).user == 'jira' assert host.file(file).group == 'jira' +def test_file_modes(host): + assert host.file('/media/atl/jira/shared/hello').mode == 0o755 + assert host.file('/media/atl/jira/shared/hello/hello.txt').mode == 0o640 + def test_version_file_owned_by_root(host): assert host.file('/media/atl/jira/shared/jira-software.version').exists assert host.file('/media/atl/jira/shared/jira-software.version').user == 'root' diff --git a/roles/restore_backups/tasks/home_restore.yml b/roles/restore_backups/tasks/home_restore.yml index bdeb866..4c5f2ad 100644 --- a/roles/restore_backups/tasks/home_restore.yml +++ b/roles/restore_backups/tasks/home_restore.yml @@ -18,7 +18,6 @@ src: "{{ atl_backup_home_dest }}" remote_src: yes dest: "{{ atl_product_home_shared }}" - mode: preserve - name: Set shared home owner and group to application user file: From 0cbd11c7020144ec863533c8e84117c0c8407e1c Mon Sep 17 00:00:00 2001 From: Ben Partridge Date: Wed, 20 Nov 2019 15:54:08 +1100 Subject: [PATCH 11/71] DCD-802: Fix unused import in restore test --- roles/restore_backups/molecule/restore/tests/test_default.py | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/restore_backups/molecule/restore/tests/test_default.py b/roles/restore_backups/molecule/restore/tests/test_default.py index c9882bc..bcfa53d 100644 --- a/roles/restore_backups/molecule/restore/tests/test_default.py +++ b/roles/restore_backups/molecule/restore/tests/test_default.py @@ -1,6 +1,5 @@ import os import pytest -from stat import * import testinfra.utils.ansible_runner From d534a15c03e4674a7ba54d27eacfa156bcf5dcda Mon Sep 17 00:00:00 2001 From: Don Domingo Date: Thu, 21 Nov 2019 03:12:05 +0000 Subject: [PATCH 12/71] README.md edited online with Bitbucket --- README.md | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 72136e1..3485790 100644 --- a/README.md +++ b/README.md @@ -27,12 +27,11 @@ sourced as environment variables to be retrieved at runtime . See the helper-script `bin/ansible-with-atl-env` and the corresponding `groups_vars/aws_node_local.yml` var-file. -#### Overriding parameters +### Customizing your deployment -If you want to customise the playbook behaviour the simplest method is to fork -this repository and add your own. However, for some one-off tasks you can also -override the default and calculated settings with special values. To do this, provide -command-line overrides to +To customise playbook behaviour, you can fork this repository and edit it as +needed. However, for one-off tasks you can also override the default and +calculated settings with special values. To do this, provide command-line overrides to [ansible-playbook](https://docs.ansible.com/ansible/latest/cli/ansible-playbook.html). The most likely use-case for this is to download a custom product distribution @@ -61,6 +60,14 @@ them in the `Custom command-line parameters for Ansible` field: -e atl_product_download_url=http://s3.amazon.com/atlassian/jira-9.0.0-PRE-TEST.tar.gz -e atl_use_system_jdk=true -e atl_download_format=tarball +#### Parameters you can override + +The following files contain many of the most common system configuration parameters +you can override for your deployment: + +- `[/roles/product_install/defaults/main.yml](roles/product_install/defaults/main.yml)` +- `[/group_vars/aws_node_local.yml](group_vars/aws_node_local.yml)` + ## Reporting issues If you find any bugs in this repository, or have feature requests or use cases @@ -79,11 +86,14 @@ Where possible the roles are also product-agnostic (e.g. downloads), with more specific functionality added in later product-specific roles. Roles should be reasonably self-contained, with sensible defaults configured in -`/defaults/main.yml` and overridden by the playbook at runtime. Roles may +`/roles//defaults/main.yml`. Like all playbook parameters, you can override +them at runtime (see + +and overridden by the playbook at runtime. Roles may implicitly depend on variables being defined elsewhere where they cannot define -them natively (e.g. the `jira_config` role depends on the `atl_cluster_node_id` +them natively. For example, the `jira_config` role depends on the `atl_cluster_node_id` var being defined; on AWS this is provided by the `aws_common` role, which -should be run first). +should be run first. ### Development and testing From c0d2eb2674ae4c87bb987c744f7a4dd47613e47f Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Thu, 21 Nov 2019 15:43:43 +1100 Subject: [PATCH 13/71] ITOPSENG-277 allow cloned to update the jdbc_user password --- roles/database_init/tasks/main.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/database_init/tasks/main.yml b/roles/database_init/tasks/main.yml index 8827f99..2df59db 100644 --- a/roles/database_init/tasks/main.yml +++ b/roles/database_init/tasks/main.yml @@ -1,16 +1,16 @@ --- -- block: +- name: Create application DB user + postgresql_user: + login_host: "{{ atl_db_host }}" + login_user: "{{ atl_db_root_user }}" + login_password: "{{ atl_db_root_password }}" + port: "{{ atl_db_port }}" + name: "{{ atl_jdbc_user }}" + password: "{{ atl_jdbc_password }}" + expires: 'infinity' - - name: Create application DB user - postgresql_user: - login_host: "{{ atl_db_host }}" - login_user: "{{ atl_db_root_user }}" - login_password: "{{ atl_db_root_password }}" - port: "{{ atl_db_port }}" - name: "{{ atl_jdbc_user }}" - password: "{{ atl_jdbc_password }}" - expires: 'infinity' +- block: - name: Update root privs for new user postgresql_privs: From 2e3db07637879dad10ec9c58dc4149782ad8b37c Mon Sep 17 00:00:00 2001 From: Don Domingo Date: Thu, 21 Nov 2019 05:59:41 +0000 Subject: [PATCH 14/71] More edits --- README.md | 43 +++++++++++++++++++++---------------------- 1 file changed, 21 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index 3485790..ce36a5c 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ cloud environments. ## Usage -### Cloud DC-node deployment playbooks +### Configuring Data Center nodes on cloud deployments The usual scenario for usage as part of a cloud deployment is to invoke the script as part of post-creation actions invoked while a new product node is @@ -60,38 +60,34 @@ them in the `Custom command-line parameters for Ansible` field: -e atl_product_download_url=http://s3.amazon.com/atlassian/jira-9.0.0-PRE-TEST.tar.gz -e atl_use_system_jdk=true -e atl_download_format=tarball -#### Parameters you can override +#### Other customizable parameters -The following files contain many of the most common system configuration parameters -you can override for your deployment: +Consult the following files for clues on other parameters you can customize for your deployment: - `[/roles/product_install/defaults/main.yml](roles/product_install/defaults/main.yml)` - `[/group_vars/aws_node_local.yml](group_vars/aws_node_local.yml)` -## Reporting issues +More customizable parameters are defined in specific roles -- specifically, in the +role's `defaults/main.yml` file. Most of these parameters use the `atl_` prefix. You can +use the following [Bitbucket code search query](https://confluence.atlassian.com/bitbucket/search-873876782.html) to find them: -If you find any bugs in this repository, or have feature requests or use cases -for us, please raise them in our [public Jira project](https://jira.atlassian.com/projects/SCALE/summary). + repo:dc-deployments-automation repo:dc-deployments-automation path:*/defaults/main.yml atl ## Development ### Development philosophy The suite is intended to consist of a number of small, composable roles that can -be combined together into playbooks. Wherever possible the roles should be -platform-agnostic as possible, with platform-specific functionality broken out -into more specific roles. - -Where possible the roles are also product-agnostic (e.g. downloads), with more -specific functionality added in later product-specific roles. +be combined together into playbooks. Wherever possible, roles should be product-agnostic +(e.g. downloads) and platform-agnostic. Functions that are product-specific or +platform-specific are split off into separate roles. Roles should be reasonably self-contained, with sensible defaults configured in `/roles//defaults/main.yml`. Like all playbook parameters, you can override -them at runtime (see +them at runtime. -and overridden by the playbook at runtime. Roles may -implicitly depend on variables being defined elsewhere where they cannot define -them natively. For example, the `jira_config` role depends on the `atl_cluster_node_id` +Some roles implicitly depend on other variables beind defined elsewhere. +For example, the `jira_config` role depends on the `atl_cluster_node_id` var being defined; on AWS this is provided by the `aws_common` role, which should be run first. @@ -107,15 +103,18 @@ environment and running tests. information. * Inventory files are under `inv/`. For AWS `cfn-init` the inventory `inv/aws_node_local` inventory is probably what you want. - * Note that this expects the environment to be setup with infrastructure - information; see _Usage_ above. + * Note that this expects the environment to be setup with infrastructure information (refer to the _Usage_ section above). * Global group vars loaded automatically from `group_vars/.yml`. In particular note `group_vars/aws_node_local.yml` which loads infrastructure information from the environment. * Roles are under `roles/` - * Platform specific roles start with `_...`, - e.g. `roles/aws_common/`. - * Similarly, product-specific roles should start with `_...`. + * Platform specific roles start with `_...`, e.g. `roles/aws_common/`. + * Similarly, product-specific roles should start with `_...`. + +## Reporting issues + +If you find any bugs in this repository, or have feature requests or use cases +for us, please raise them in our [public Jira project](https://jira.atlassian.com/projects/SCALE/summary). ## License From deb3d2a6cf5e9a7a73817872c96007e70f311d6d Mon Sep 17 00:00:00 2001 From: Don Domingo Date: Thu, 21 Nov 2019 13:42:55 +0000 Subject: [PATCH 15/71] More edits added TOC testing anchor links --- README.md | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index ce36a5c..b313967 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,8 @@ # Atlassian Data-Center Installation Automation +[TOC] + ## Introduction This repository is a suite of Ansible roles, playbooks and support scripts to @@ -62,22 +64,27 @@ them in the `Custom command-line parameters for Ansible` field: #### Other customizable parameters -Consult the following files for clues on other parameters you can customize for your deployment: +For more deployment customization options, consult the following files for parameters you can +override: -- `[/roles/product_install/defaults/main.yml](roles/product_install/defaults/main.yml)` -- `[/group_vars/aws_node_local.yml](group_vars/aws_node_local.yml)` +- [`/roles/product_install/defaults/main.yml`](roles/product_install/defaults/main.yml) +- [`/group_vars/aws_node_local.yml`](group_vars/aws_node_local.yml) More customizable parameters are defined in specific roles -- specifically, in the role's `defaults/main.yml` file. Most of these parameters use the `atl_` prefix. You can -use the following [Bitbucket code search query](https://confluence.atlassian.com/bitbucket/search-873876782.html) to find them: +use the following [Bitbucket code search query](https://confluence.atlassian.com/bitbucket/search-873876782.html) +to find them: repo:dc-deployments-automation repo:dc-deployments-automation path:*/defaults/main.yml atl -## Development +### Development and testing -### Development philosophy +See [Development](DEVELOPMENT.md) for details on setting up a development +environment and running tests. -The suite is intended to consist of a number of small, composable roles that can +## Roles philosophy + +This suite is intended to consist of many small, composable roles that can be combined together into playbooks. Wherever possible, roles should be product-agnostic (e.g. downloads) and platform-agnostic. Functions that are product-specific or platform-specific are split off into separate roles. @@ -91,23 +98,19 @@ For example, the `jira_config` role depends on the `atl_cluster_node_id` var being defined; on AWS this is provided by the `aws_common` role, which should be run first. -### Development and testing - -See [Development](DEVELOPMENT.md) for details on setting up a development -environment and running tests. ## Ansible layout * Helper scripts are in `bin/`. In particular the `bin/ansible-with-atl-env` - wrapper is of use during AWS node initialisation. See _Usage_ above for more - information. + wrapper is of use during AWS node initialisation. Refer to the [Usage](#markdown-header-usage) section for + more information. * Inventory files are under `inv/`. For AWS `cfn-init` the inventory `inv/aws_node_local` inventory is probably what you want. * Note that this expects the environment to be setup with infrastructure information (refer to the _Usage_ section above). * Global group vars loaded automatically from `group_vars/.yml`. In particular note `group_vars/aws_node_local.yml` which loads infrastructure information from the environment. -* Roles are under `roles/` +* Roles are defined in `roles/` * Platform specific roles start with `_...`, e.g. `roles/aws_common/`. * Similarly, product-specific roles should start with `_...`. From 22f05459e58f05a90b324acc8167a555d8527ab7 Mon Sep 17 00:00:00 2001 From: Don Domingo Date: Thu, 21 Nov 2019 14:01:55 +0000 Subject: [PATCH 16/71] more edits, then added proper page anchors --- README.md | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index b313967..29605c6 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,16 @@ - -# Atlassian Data-Center Installation Automation - -[TOC] - -## Introduction +# Atlassian Data Center Installation Automation This repository is a suite of Ansible roles, playbooks and support scripts to automate the installation and maintenance of Atlassian Data Center products in cloud environments. -## Usage +On this page: -### Configuring Data Center nodes on cloud deployments +[TOC] + +# Usage + +## Configuring Data Center nodes on cloud deployments The usual scenario for usage as part of a cloud deployment is to invoke the script as part of post-creation actions invoked while a new product node is @@ -25,11 +24,11 @@ In practice, the Ansible roles require some information about the infrastructure that was deployed (e.g. RDS endpoint/password). The way this is currently achieved (on AWS) is that have the CloudFormation template dump this information into the file `/etc/atl` as `RESOURCE_VAR=` lines. This can be then -sourced as environment variables to be retrieved at runtime . See the +sourced as environment variables to be retrieved at runtime. See the helper-script `bin/ansible-with-atl-env` and the corresponding `groups_vars/aws_node_local.yml` var-file. -### Customizing your deployment +## Customizing your deployment To customise playbook behaviour, you can fork this repository and edit it as needed. However, for one-off tasks you can also override the default and @@ -62,7 +61,7 @@ them in the `Custom command-line parameters for Ansible` field: -e atl_product_download_url=http://s3.amazon.com/atlassian/jira-9.0.0-PRE-TEST.tar.gz -e atl_use_system_jdk=true -e atl_download_format=tarball -#### Other customizable parameters +### Other customizable parameters For more deployment customization options, consult the following files for parameters you can override: @@ -77,12 +76,12 @@ to find them: repo:dc-deployments-automation repo:dc-deployments-automation path:*/defaults/main.yml atl -### Development and testing +# Development and testing See [Development](DEVELOPMENT.md) for details on setting up a development environment and running tests. -## Roles philosophy +# Roles philosophy This suite is intended to consist of many small, composable roles that can be combined together into playbooks. Wherever possible, roles should be product-agnostic @@ -99,14 +98,15 @@ var being defined; on AWS this is provided by the `aws_common` role, which should be run first. -## Ansible layout +# Ansible layout * Helper scripts are in `bin/`. In particular the `bin/ansible-with-atl-env` wrapper is of use during AWS node initialisation. Refer to the [Usage](#markdown-header-usage) section for more information. * Inventory files are under `inv/`. For AWS `cfn-init` the inventory `inv/aws_node_local` inventory is probably what you want. - * Note that this expects the environment to be setup with infrastructure information (refer to the _Usage_ section above). + * Note that this expects the environment to be setup with infrastructure information. + Refer to the [Usage](#markdown-header-usage) section for more information. * Global group vars loaded automatically from `group_vars/.yml`. In particular note `group_vars/aws_node_local.yml` which loads infrastructure information from the environment. @@ -114,12 +114,12 @@ should be run first. * Platform specific roles start with `_...`, e.g. `roles/aws_common/`. * Similarly, product-specific roles should start with `_...`. -## Reporting issues +# Reporting issues If you find any bugs in this repository, or have feature requests or use cases for us, please raise them in our [public Jira project](https://jira.atlassian.com/projects/SCALE/summary). -## License +# License Copyright © 2019 Atlassian Corporation Pty Ltd. Licensed under the Apache License, Version 2.0. From 7b7daf153c4fe3cbdb3bd59eb91753834afc9b7e Mon Sep 17 00:00:00 2001 From: Varun Arbatti <1063972+theghostwhoforks@users.noreply.github.com> Date: Fri, 22 Nov 2019 16:22:46 +1100 Subject: [PATCH 17/71] DCD-686: Restore backup from manifest --- aws_bitbucket_dc_node.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/aws_bitbucket_dc_node.yml b/aws_bitbucket_dc_node.yml index 7834e12..0258da8 100644 --- a/aws_bitbucket_dc_node.yml +++ b/aws_bitbucket_dc_node.yml @@ -31,5 +31,6 @@ - role: product_common - role: product_install - role: database_init + - role: restore_backups - role: bitbucket_config - role: product_startup From e42c58e1f5e987fcaa9c1a8d7fbcb1c1cc498d19 Mon Sep 17 00:00:00 2001 From: Steve Smith Date: Mon, 25 Nov 2019 14:28:56 +1100 Subject: [PATCH 18/71] DCD-791: Create a link to redirect local attachments to the shared home. --- roles/confluence_config/tasks/main.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/roles/confluence_config/tasks/main.yml b/roles/confluence_config/tasks/main.yml index f1e69fc..372b03a 100644 --- a/roles/confluence_config/tasks/main.yml +++ b/roles/confluence_config/tasks/main.yml @@ -13,6 +13,18 @@ - "{{ atl_product_shared_plugins }}" changed_when: false # For Molecule idempotence check +- name: Symlink local attachments to shared storage + # Create symlink to force single (unclustered) Confluence to store + # attachment in the shared drive. + file: + path: "{{ atl_product_home_shared }}/attachments/" + dest: "{{ atl_product_home }}/attachments/" + force: false + state: link + mode: 0750 + owner: "{{ atl_product_user }}" + group: "{{ atl_product_user }}" + - name: Create Tomcat server config template: From 7ec6e9eb37599ce6770629c6b8037093af1751a8 Mon Sep 17 00:00:00 2001 From: Steve Smith Date: Mon, 25 Nov 2019 14:32:51 +1100 Subject: [PATCH 19/71] DCD-791: Create the shared attachments directory up front. --- roles/confluence_config/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/confluence_config/tasks/main.yml b/roles/confluence_config/tasks/main.yml index 372b03a..fe52a95 100644 --- a/roles/confluence_config/tasks/main.yml +++ b/roles/confluence_config/tasks/main.yml @@ -10,6 +10,7 @@ with_items: - "{{ atl_product_home }}" - "{{ atl_product_home_shared }}" + - "{{ atl_product_home_shared }}/attachments" - "{{ atl_product_shared_plugins }}" changed_when: false # For Molecule idempotence check From b64961cb967b4f372dbbc957521db6eaffd191a8 Mon Sep 17 00:00:00 2001 From: Steve Smith Date: Mon, 25 Nov 2019 15:36:07 +1100 Subject: [PATCH 20/71] DCD-791: Symlink both the local shared-home and attachments into the shared drive. --- roles/confluence_config/tasks/main.yml | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/roles/confluence_config/tasks/main.yml b/roles/confluence_config/tasks/main.yml index fe52a95..b560dab 100644 --- a/roles/confluence_config/tasks/main.yml +++ b/roles/confluence_config/tasks/main.yml @@ -14,11 +14,26 @@ - "{{ atl_product_shared_plugins }}" changed_when: false # For Molecule idempotence check +# Create symlink to force single (unclustered) Confluence to store +# shared-data and attachments in the shared drive. - name: Symlink local attachments to shared storage - # Create symlink to force single (unclustered) Confluence to store - # attachment in the shared drive. file: - path: "{{ atl_product_home_shared }}/attachments/" + src: "{{ item[0] }}" + dest: "{{ item[1] }}" + force: false + state: link + mode: 0750 + owner: "{{ atl_product_user }}" + group: "{{ atl_product_user }}" + with_items: + - ["{{ atl_product_home_shared }}/", + "{{ atl_product_home }}/shared-home/"] + - ["{{ atl_product_home_shared }}/attachments/", + "{{ atl_product_home }}/attachments/"] + +- name: Symlink local attachments to shared storage + file: + src: "{{ atl_product_home_shared }}/attachments/" dest: "{{ atl_product_home }}/attachments/" force: false state: link From 3feeec1185dabfe2a3c6a111ef275bce40e1dd51 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Mon, 25 Nov 2019 15:37:43 +1100 Subject: [PATCH 21/71] ITOPSENG-277 only write synchrony.service.url if it has a value --- roles/synchrony_config/templates/atl.synchrony.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/synchrony_config/templates/atl.synchrony.j2 b/roles/synchrony_config/templates/atl.synchrony.j2 index e340fa3..6a90f7d 100644 --- a/roles/synchrony_config/templates/atl.synchrony.j2 +++ b/roles/synchrony_config/templates/atl.synchrony.j2 @@ -19,7 +19,9 @@ ATL_SYNCHRONY_JVM_PROPERTIES="{{ atl_synchrony_stack_space }} {{ atl_synchrony_m -Dsynchrony.cluster.bind={{ atl_local_ipv4 }} \ -Dcluster.interfaces={{ atl_local_ipv4 }} \ -Dsynchrony.cluster.base.port=25500 \ + {% if atl_synchrony_service_url|length %} -Dsynchrony.service.url={{ atl_synchrony_service_url }} \ + {% endif %} -Dsynchrony.context.path=/synchrony \ -Dsynchrony.port=8091 \ -Dcluster.name=Synchrony-Cluster \ From d02b7a6e4e95ace173c13d7ba652dca7dd0a7a35 Mon Sep 17 00:00:00 2001 From: Steve Smith Date: Mon, 25 Nov 2019 15:40:00 +1100 Subject: [PATCH 22/71] DCD-791: Remove duplicate task. --- roles/confluence_config/tasks/main.yml | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/roles/confluence_config/tasks/main.yml b/roles/confluence_config/tasks/main.yml index b560dab..24e68b8 100644 --- a/roles/confluence_config/tasks/main.yml +++ b/roles/confluence_config/tasks/main.yml @@ -30,17 +30,6 @@ "{{ atl_product_home }}/shared-home/"] - ["{{ atl_product_home_shared }}/attachments/", "{{ atl_product_home }}/attachments/"] - -- name: Symlink local attachments to shared storage - file: - src: "{{ atl_product_home_shared }}/attachments/" - dest: "{{ atl_product_home }}/attachments/" - force: false - state: link - mode: 0750 - owner: "{{ atl_product_user }}" - group: "{{ atl_product_user }}" - - name: Create Tomcat server config template: From deff784b6aae4fde1b5d6228c50d969c92aa5ddb Mon Sep 17 00:00:00 2001 From: Steve Smith Date: Mon, 25 Nov 2019 16:24:14 +1100 Subject: [PATCH 23/71] DCD-791: Ansible flattens nested lists, so use maps. --- roles/confluence_config/tasks/main.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/confluence_config/tasks/main.yml b/roles/confluence_config/tasks/main.yml index 24e68b8..5a1f10e 100644 --- a/roles/confluence_config/tasks/main.yml +++ b/roles/confluence_config/tasks/main.yml @@ -18,18 +18,18 @@ # shared-data and attachments in the shared drive. - name: Symlink local attachments to shared storage file: - src: "{{ item[0] }}" - dest: "{{ item[1] }}" + src: "{{ item.from }}" + dest: "{{ item.to }}" force: false state: link mode: 0750 owner: "{{ atl_product_user }}" group: "{{ atl_product_user }}" with_items: - - ["{{ atl_product_home_shared }}/", - "{{ atl_product_home }}/shared-home/"] - - ["{{ atl_product_home_shared }}/attachments/", - "{{ atl_product_home }}/attachments/"] + - {from:: "{{ atl_product_home_shared }}/", + to: "{{ atl_product_home }}/shared-home/"} + - {from: "{{ atl_product_home_shared }}/attachments/", + to: "{{ atl_product_home }}/attachments/"} - name: Create Tomcat server config template: From 8f521d7d9571cca0a1af61fe6ee7179d3cded730 Mon Sep 17 00:00:00 2001 From: Steve Smith Date: Tue, 26 Nov 2019 08:58:19 +1100 Subject: [PATCH 24/71] DCD-791: Use nested lists. --- roles/confluence_config/tasks/main.yml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/roles/confluence_config/tasks/main.yml b/roles/confluence_config/tasks/main.yml index 5a1f10e..365dce8 100644 --- a/roles/confluence_config/tasks/main.yml +++ b/roles/confluence_config/tasks/main.yml @@ -18,18 +18,19 @@ # shared-data and attachments in the shared drive. - name: Symlink local attachments to shared storage file: - src: "{{ item.from }}" - dest: "{{ item.to }}" + src: "{{ item.0 }}" + dest: "{{ item.1 }}" force: false state: link mode: 0750 owner: "{{ atl_product_user }}" group: "{{ atl_product_user }}" - with_items: - - {from:: "{{ atl_product_home_shared }}/", - to: "{{ atl_product_home }}/shared-home/"} - - {from: "{{ atl_product_home_shared }}/attachments/", - to: "{{ atl_product_home }}/attachments/"} + vars: + - links: + - ["{{ atl_product_home_shared }}/", "{{ atl_product_home }}/shared-home/"] + - ["{{ atl_product_home_shared }}/attachments/", "{{ atl_product_home }}/attachments/"] + with_nested: + - "{{ links }}" - name: Create Tomcat server config template: From 883df8e1ea800cffc9bfef3887546171bb29fc1c Mon Sep 17 00:00:00 2001 From: Steve Smith Date: Tue, 26 Nov 2019 09:00:42 +1100 Subject: [PATCH 25/71] DCD-791: Remove trailing slashes. --- roles/confluence_config/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/confluence_config/tasks/main.yml b/roles/confluence_config/tasks/main.yml index 365dce8..55b8541 100644 --- a/roles/confluence_config/tasks/main.yml +++ b/roles/confluence_config/tasks/main.yml @@ -27,8 +27,8 @@ group: "{{ atl_product_user }}" vars: - links: - - ["{{ atl_product_home_shared }}/", "{{ atl_product_home }}/shared-home/"] - - ["{{ atl_product_home_shared }}/attachments/", "{{ atl_product_home }}/attachments/"] + - ["{{ atl_product_home_shared }}/", "{{ atl_product_home }}/shared-home"] + - ["{{ atl_product_home_shared }}/attachments/", "{{ atl_product_home }}/attachments"] with_nested: - "{{ links }}" From 49066285a80db3de6b211d7b01bbc249b654d0a7 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Tue, 26 Nov 2019 09:20:06 +1100 Subject: [PATCH 26/71] ITOPSENG-277 only write synchrony.service.url if it has a value(in the right place this time) --- roles/confluence_config/defaults/main.yml | 3 ++- roles/synchrony_config/templates/atl.synchrony.j2 | 2 -- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/confluence_config/defaults/main.yml b/roles/confluence_config/defaults/main.yml index 22ed871..783a567 100644 --- a/roles/confluence_config/defaults/main.yml +++ b/roles/confluence_config/defaults/main.yml @@ -17,6 +17,7 @@ atl_hazelcast_network_aws_iam_role: "{{ lookup('env', 'ATL_HAZELCAST_NETWORK_AWS atl_hazelcast_network_aws_tag_value: "{{ lookup('env', 'ATL_HAZELCAST_NETWORK_AWS_TAG_VALUE') }}" atl_catalina_opts: "" +atl_synchrony_url: "{% if atl_synchrony_service_url|length %}-Dsynchrony.service.url={{ atl_synchrony_service_url }}{% endif %}" atl_catalina_opts_extra: >- -Datlassian.event.thread_pool_configuration.queue_size=4096 -Datlassian.plugins.enable.wait=300 @@ -28,9 +29,9 @@ atl_catalina_opts_extra: >- -XX:+PrintGCDetails -XX:+PrintTenuringDistribution -Dsynchrony.proxy.enabled=false - -Dsynchrony.service.url={{ atl_synchrony_service_url }} -Dconfluence.cluster.node.name={{ atl_local_ipv4 }} -Dconfluence.cluster.hazelcast.max.no.heartbeat.seconds=60 + {% if atl_synchrony_service_url|length %}-Dsynchrony.service.url={{ atl_synchrony_service_url }}{% endif %} atl_tomcat_port: "8080" atl_tomcat_mgmt_port: "8005" diff --git a/roles/synchrony_config/templates/atl.synchrony.j2 b/roles/synchrony_config/templates/atl.synchrony.j2 index 6a90f7d..e340fa3 100644 --- a/roles/synchrony_config/templates/atl.synchrony.j2 +++ b/roles/synchrony_config/templates/atl.synchrony.j2 @@ -19,9 +19,7 @@ ATL_SYNCHRONY_JVM_PROPERTIES="{{ atl_synchrony_stack_space }} {{ atl_synchrony_m -Dsynchrony.cluster.bind={{ atl_local_ipv4 }} \ -Dcluster.interfaces={{ atl_local_ipv4 }} \ -Dsynchrony.cluster.base.port=25500 \ - {% if atl_synchrony_service_url|length %} -Dsynchrony.service.url={{ atl_synchrony_service_url }} \ - {% endif %} -Dsynchrony.context.path=/synchrony \ -Dsynchrony.port=8091 \ -Dcluster.name=Synchrony-Cluster \ From b58deab2c3e5364f918871036b594528d0f69e97 Mon Sep 17 00:00:00 2001 From: Varun Arbatti <1063972+theghostwhoforks@users.noreply.github.com> Date: Tue, 26 Nov 2019 15:23:51 +1100 Subject: [PATCH 27/71] DCD-686: Use dict var to store results of urlsplit --- roles/restore_backups/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/restore_backups/tasks/main.yml b/roles/restore_backups/tasks/main.yml index 1c81430..a3ccbff 100644 --- a/roles/restore_backups/tasks/main.yml +++ b/roles/restore_backups/tasks/main.yml @@ -29,13 +29,13 @@ - name: Parse the manifest URL set_fact: - atl_backup_manifest_url: "{{ atl_backup_manifest_url | urlsplit }}" + atl_backup_manifest_dict: "{{ atl_backup_manifest_url | urlsplit }}" - name: Extract manifest file information set_fact: - atl_backup_manifest_bucket: "{{ atl_backup_manifest_url.hostname }}" - atl_backup_manifest_path: "{{ atl_backup_manifest_url.path }}" - atl_backup_manifest_dest: "{{ atl_installer_temp }}/{{ atl_backup_manifest_url.path | basename }}" + atl_backup_manifest_bucket: "{{ atl_backup_manifest_dict.hostname }}" + atl_backup_manifest_path: "{{ atl_backup_manifest_dict.path }}" + atl_backup_manifest_dest: "{{ atl_installer_temp }}/{{ atl_backup_manifest_dict.path | basename }}" - name: Fetch the manifest from S3 aws_s3: From 07f55f27bc6a6d0c71cd6f20b8ddf0f0a510467c Mon Sep 17 00:00:00 2001 From: Varun Arbatti <1063972+theghostwhoforks@users.noreply.github.com> Date: Tue, 26 Nov 2019 15:58:50 +1100 Subject: [PATCH 28/71] DCD-686: Use dict var to store results of when looking up the scheme field --- roles/restore_backups/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/restore_backups/tasks/main.yml b/roles/restore_backups/tasks/main.yml index a3ccbff..7b47149 100644 --- a/roles/restore_backups/tasks/main.yml +++ b/roles/restore_backups/tasks/main.yml @@ -44,7 +44,7 @@ bucket: "{{ atl_backup_manifest_bucket }}" object: "{{ atl_backup_manifest_path }}" dest: "{{ atl_backup_manifest_dest }}" - when: atl_backup_manifest_url.scheme == 's3' + when: atl_backup_manifest_dict.scheme == 's3' - name: Load parameters from manifest include_vars: From 0a716a29ed8ec3ccb1ca6a2bad9c04f2d8199d55 Mon Sep 17 00:00:00 2001 From: Steve Smith Date: Wed, 27 Nov 2019 11:59:00 +1100 Subject: [PATCH 29/71] DCD-791: Make linter happy and add symlink test. --- .../molecule/default/tests/test_default.py | 10 ++++++++++ roles/confluence_config/tasks/main.yml | 4 ++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/roles/confluence_config/molecule/default/tests/test_default.py b/roles/confluence_config/molecule/default/tests/test_default.py index a8d3013..16c0a94 100644 --- a/roles/confluence_config/molecule/default/tests/test_default.py +++ b/roles/confluence_config/molecule/default/tests/test_default.py @@ -16,6 +16,16 @@ def test_conf_init_file(host): assert f.exists assert f.contains('confluence.home = /var/atlassian/application-data/confluence') +def test_conf_attachment_symlinks(host): + assert host.file('/var/atlassian/application-data/confluence').is_directory + assert host.file('/media/atl/confluence/shared-home/attachments/').is_directory + + f = host.file('/var/atlassian/application-data/confluence/attachments') + assert f.is_symlink and f.linked_to == '/media/atl/confluence/shared-home/attachments' + + f = host.file('/var/atlassian/application-data/confluence/shared-home') + assert f.is_symlink and f.linked_to == '/media/atl/confluence/shared-home' + def test_setenv_file(host): f = host.file('/opt/atlassian/confluence/current/bin/setenv.sh') assert f.exists diff --git a/roles/confluence_config/tasks/main.yml b/roles/confluence_config/tasks/main.yml index 55b8541..80473c8 100644 --- a/roles/confluence_config/tasks/main.yml +++ b/roles/confluence_config/tasks/main.yml @@ -27,8 +27,8 @@ group: "{{ atl_product_user }}" vars: - links: - - ["{{ atl_product_home_shared }}/", "{{ atl_product_home }}/shared-home"] - - ["{{ atl_product_home_shared }}/attachments/", "{{ atl_product_home }}/attachments"] + - ["{{ atl_product_home_shared }}/", "{{ atl_product_home }}/shared-home"] + - ["{{ atl_product_home_shared }}/attachments/", "{{ atl_product_home }}/attachments"] with_nested: - "{{ links }}" From 85c614d57baa02f07baa4dda1af2f05f8b257b9a Mon Sep 17 00:00:00 2001 From: Varun Arbatti <1063972+theghostwhoforks@users.noreply.github.com> Date: Wed, 27 Nov 2019 15:48:39 +1100 Subject: [PATCH 30/71] DCD-686: add restore backups to confluence node role --- aws_confluence_dc_node.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/aws_confluence_dc_node.yml b/aws_confluence_dc_node.yml index 979f96b..ce6c06e 100644 --- a/aws_confluence_dc_node.yml +++ b/aws_confluence_dc_node.yml @@ -18,6 +18,7 @@ - role: product_common - role: product_install - role: database_init + - role: restore_backups - role: confluence_common - role: confluence_config - role: product_startup From c3fd34b134c15fe8030328543e4b978c370f9fb4 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Thu, 28 Nov 2019 14:35:41 +1100 Subject: [PATCH 31/71] ITOPSENG-277 handle updating base_url --- aws_confluence_dc_node.yml | 4 +++- bin/ansible-with-atl-env | 2 ++ roles/confluence_config/tasks/main.yml | 13 ++++++++++++- .../templates/seraph-config.xml.j2 | 6 +++--- 4 files changed, 20 insertions(+), 5 deletions(-) diff --git a/aws_confluence_dc_node.yml b/aws_confluence_dc_node.yml index 979f96b..f2f9a34 100644 --- a/aws_confluence_dc_node.yml +++ b/aws_confluence_dc_node.yml @@ -7,10 +7,12 @@ atl_product_family: "confluence" atl_product_user: "confluence" atl_product_edition: "confluence" - atl_jdbc_encoding: 'UTF-8' atl_jdbc_collation: 'en_US.UTF-8' + vars_files: + - /etc/atl_vars.yml + roles: - role: linux_common - role: aws_common diff --git a/bin/ansible-with-atl-env b/bin/ansible-with-atl-env index 3685381..bc97f57 100755 --- a/bin/ansible-with-atl-env +++ b/bin/ansible-with-atl-env @@ -10,6 +10,8 @@ ENV_FILE=${4:-"/etc/atl"} export PATH=/usr/local/bin:$PATH +# get /etc/atl into usable vars which can be included in ansible playbooks +grep -v PASSWORD /etc/atl | sed -r -e 's/(^.+)(=)(.*$)/\L\1:\ \3/g' > /etc/atl_vars.yml # Set the environment with default exports set -a diff --git a/roles/confluence_config/tasks/main.yml b/roles/confluence_config/tasks/main.yml index f1e69fc..b8b5131 100644 --- a/roles/confluence_config/tasks/main.yml +++ b/roles/confluence_config/tasks/main.yml @@ -52,7 +52,6 @@ owner: "{{ atl_product_user }}" group: "{{ atl_product_user }}" - - name: Limit permissions on the installation directory file: path: "{{ atl_product_installation_versioned }}" @@ -79,3 +78,15 @@ - "{{ atl_product_installation_versioned }}/temp" - "{{ atl_product_installation_versioned }}/work" changed_when: false # For Molecule idempotence check + +- name: Assert baseurl to same as atl_proxy_name + postgresql_query: + login_host: "{{ atl_db_host }}" + login_user: "{{ atl_jdbc_user }}" + login_password: "{{ atl_jdbc_password }}" + db: "{{ atl_jdbc_db_name }}" + query: update bandana set bandanavalue=regexp_replace(%s, %s, %s) where bandanacontext = '_GLOBAL' and bandanakey = 'atlassian.confluence.settings'; + positional_args: + - bandanavalue + - .* + - "{{ atl_tomcat_scheme }}://{{ atl_proxy_name }}" diff --git a/roles/confluence_config/templates/seraph-config.xml.j2 b/roles/confluence_config/templates/seraph-config.xml.j2 index 8c91e87..5839e9a 100644 --- a/roles/confluence_config/templates/seraph-config.xml.j2 +++ b/roles/confluence_config/templates/seraph-config.xml.j2 @@ -1,4 +1,4 @@ - +grep login.url @@ -16,8 +16,8 @@ login.cookie.key seraph.confluence - - {% if atl_autologin_cookie_age is defined and atl_autologin_cookie_age|length %} + + {% if atl_autologin_cookie_age is defined and atl_autologin_cookie_age is not none %} autologin.cookie.age {{ atl_autologin_cookie_age }} From 078eb1ed7ffe172fdd46ee0fb980d15613a02b06 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Thu, 28 Nov 2019 15:09:57 +1100 Subject: [PATCH 32/71] ITOPSENG-277 fix indent for baseurl task --- roles/confluence_config/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/confluence_config/tasks/main.yml b/roles/confluence_config/tasks/main.yml index b8b5131..e4c6329 100644 --- a/roles/confluence_config/tasks/main.yml +++ b/roles/confluence_config/tasks/main.yml @@ -87,6 +87,6 @@ db: "{{ atl_jdbc_db_name }}" query: update bandana set bandanavalue=regexp_replace(%s, %s, %s) where bandanacontext = '_GLOBAL' and bandanakey = 'atlassian.confluence.settings'; positional_args: - - bandanavalue - - .* - - "{{ atl_tomcat_scheme }}://{{ atl_proxy_name }}" + - bandanavalue + - .* + - "{{ atl_tomcat_scheme }}://{{ atl_proxy_name }}" From d7fdb4c4c24d2d692f73330718a6e6ff29559a07 Mon Sep 17 00:00:00 2001 From: Ben Partridge Date: Thu, 28 Nov 2019 15:29:44 +1100 Subject: [PATCH 33/71] Suppress emoji and standard output when calling pipenv as it outputs characters in non-ascii which causes errors in cloud-init --- bin/install-ansible | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bin/install-ansible b/bin/install-ansible index 196562e..d50f943 100755 --- a/bin/install-ansible +++ b/bin/install-ansible @@ -20,7 +20,8 @@ fi export PATH=/usr/local/bin:$PATH pip3 install pipenv -pipenv sync +echo "Installing ansible and dependencies..." +PIPENV_HIDE_EMOJIS=1 pipenv sync >/dev/null if [[ $1 == "--dev" ]]; then pipenv sync --dev From 14465e259f3e6643b8f63e035660eb841996f2fa Mon Sep 17 00:00:00 2001 From: Ben Partridge Date: Thu, 28 Nov 2019 16:23:48 +1100 Subject: [PATCH 34/71] Redirect all logs to dev/null when running pipenv sync --- bin/install-ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/install-ansible b/bin/install-ansible index d50f943..6d3d349 100755 --- a/bin/install-ansible +++ b/bin/install-ansible @@ -21,7 +21,7 @@ export PATH=/usr/local/bin:$PATH pip3 install pipenv echo "Installing ansible and dependencies..." -PIPENV_HIDE_EMOJIS=1 pipenv sync >/dev/null +PIPENV_HIDE_EMOJIS=1 pipenv sync 2>1 >/dev/null if [[ $1 == "--dev" ]]; then pipenv sync --dev From 843f1c26e73fbe1b2ac44daf269f0f1155e0bb4a Mon Sep 17 00:00:00 2001 From: Ben Partridge Date: Thu, 28 Nov 2019 16:30:35 +1100 Subject: [PATCH 35/71] Revert "Redirect all logs to dev/null when running pipenv sync" This reverts commit 14465e259f3e6643b8f63e035660eb841996f2fa. --- bin/install-ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/install-ansible b/bin/install-ansible index 6d3d349..d50f943 100755 --- a/bin/install-ansible +++ b/bin/install-ansible @@ -21,7 +21,7 @@ export PATH=/usr/local/bin:$PATH pip3 install pipenv echo "Installing ansible and dependencies..." -PIPENV_HIDE_EMOJIS=1 pipenv sync 2>1 >/dev/null +PIPENV_HIDE_EMOJIS=1 pipenv sync >/dev/null if [[ $1 == "--dev" ]]; then pipenv sync --dev From 32bfef040cccd65b5922beb40dd86145776c9972 Mon Sep 17 00:00:00 2001 From: Ben Partridge Date: Thu, 28 Nov 2019 16:41:34 +1100 Subject: [PATCH 36/71] Force no spinner when running pipenv sync --- bin/install-ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/install-ansible b/bin/install-ansible index d50f943..bf76d24 100755 --- a/bin/install-ansible +++ b/bin/install-ansible @@ -21,7 +21,7 @@ export PATH=/usr/local/bin:$PATH pip3 install pipenv echo "Installing ansible and dependencies..." -PIPENV_HIDE_EMOJIS=1 pipenv sync >/dev/null +PIPENV_NOSPIN=1 PIPENV_HIDE_EMOJIS=1 pipenv sync if [[ $1 == "--dev" ]]; then pipenv sync --dev From f48ad28f633554a2e96fea2f8d2d1c45b03e3151 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Thu, 28 Nov 2019 17:07:14 +1100 Subject: [PATCH 37/71] ITOPSENG-277 add the atl vars for the tests --- roles/confluence_config/molecule/aurora/playbook.yml | 2 ++ roles/confluence_config/molecule/default/playbook.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/roles/confluence_config/molecule/aurora/playbook.yml b/roles/confluence_config/molecule/aurora/playbook.yml index d57ff60..b16dc17 100644 --- a/roles/confluence_config/molecule/aurora/playbook.yml +++ b/roles/confluence_config/molecule/aurora/playbook.yml @@ -14,6 +14,8 @@ atl_cluster_node_id: 'FAKEID' atl_autologin_cookie_age: "COOKIEAGE" atl_local_ipv4: "1.1.1.1" + atl_tomcat_scheme: "http" + atl_proxy_name: "localhost." roles: - role: linux_common diff --git a/roles/confluence_config/molecule/default/playbook.yml b/roles/confluence_config/molecule/default/playbook.yml index 612f584..d29762a 100644 --- a/roles/confluence_config/molecule/default/playbook.yml +++ b/roles/confluence_config/molecule/default/playbook.yml @@ -14,6 +14,8 @@ atl_cluster_node_id: 'FAKEID' atl_autologin_cookie_age: "COOKIEAGE" atl_local_ipv4: "1.1.1.1" + atl_tomcat_scheme: "http" + atl_proxy_name: "localhost" roles: - role: linux_common From 5490651e9ef44cd41d048fbb558047fff6fd5215 Mon Sep 17 00:00:00 2001 From: Ben Partridge Date: Fri, 29 Nov 2019 10:32:41 +1100 Subject: [PATCH 38/71] DCD-800: Use iconv to strip non-ascii characters --- bin/install-ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/install-ansible b/bin/install-ansible index bf76d24..0a5ea5f 100755 --- a/bin/install-ansible +++ b/bin/install-ansible @@ -21,7 +21,7 @@ export PATH=/usr/local/bin:$PATH pip3 install pipenv echo "Installing ansible and dependencies..." -PIPENV_NOSPIN=1 PIPENV_HIDE_EMOJIS=1 pipenv sync +PIPENV_NOSPIN=1 PIPENV_HIDE_EMOJIS=1 pipenv sync | iconv -c -f utf-8 -t ascii if [[ $1 == "--dev" ]]; then pipenv sync --dev From 45e357fdd203c41cdb1b05835a5a82cd40497582 Mon Sep 17 00:00:00 2001 From: Ben Partridge Date: Fri, 29 Nov 2019 10:55:20 +1100 Subject: [PATCH 39/71] DCD-800: pipe stderr to iconv as well as stdout --- bin/install-ansible | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/install-ansible b/bin/install-ansible index 0a5ea5f..57a1878 100755 --- a/bin/install-ansible +++ b/bin/install-ansible @@ -21,7 +21,7 @@ export PATH=/usr/local/bin:$PATH pip3 install pipenv echo "Installing ansible and dependencies..." -PIPENV_NOSPIN=1 PIPENV_HIDE_EMOJIS=1 pipenv sync | iconv -c -f utf-8 -t ascii +PIPENV_NOSPIN=1 PIPENV_HIDE_EMOJIS=1 pipenv sync 2>&1 | iconv -c -f utf-8 -t ascii if [[ $1 == "--dev" ]]; then pipenv sync --dev From 3c4beba750360d9b4eb3aa1b359662831fc30a76 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Mon, 2 Dec 2019 13:05:42 +1100 Subject: [PATCH 40/71] ITOPSENG-277 make tests pass --- roles/confluence_config/molecule/aurora/playbook.yml | 2 +- roles/confluence_config/tasks/main.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/confluence_config/molecule/aurora/playbook.yml b/roles/confluence_config/molecule/aurora/playbook.yml index b16dc17..67cc0af 100644 --- a/roles/confluence_config/molecule/aurora/playbook.yml +++ b/roles/confluence_config/molecule/aurora/playbook.yml @@ -15,7 +15,7 @@ atl_autologin_cookie_age: "COOKIEAGE" atl_local_ipv4: "1.1.1.1" atl_tomcat_scheme: "http" - atl_proxy_name: "localhost." + atl_proxy_name: "localhost" roles: - role: linux_common diff --git a/roles/confluence_config/tasks/main.yml b/roles/confluence_config/tasks/main.yml index e4c6329..ebfc4f5 100644 --- a/roles/confluence_config/tasks/main.yml +++ b/roles/confluence_config/tasks/main.yml @@ -90,3 +90,4 @@ - bandanavalue - .* - "{{ atl_tomcat_scheme }}://{{ atl_proxy_name }}" + ignore_errors: yes # For Molecule as it has no db test framework included From 199cca264ddb9ed1e6a307458dc2bb8ec6a02545 Mon Sep 17 00:00:00 2001 From: Steve Smith Date: Mon, 2 Dec 2019 14:49:33 +1100 Subject: [PATCH 41/71] DCD-828: Initial attempt at tar-based server-to-DC transform --- .../restore_conf_server/Dockerfile.j2 | 14 ++++ .../molecule/restore_conf_server/molecule.yml | 30 ++++++++ .../molecule/restore_conf_server/playbook.yml | 74 +++++++++++++++++++ .../restore_conf_server/tests/test_default.py | 15 ++++ roles/restore_backups/tasks/home_restore.yml | 18 +++++ roles/restore_backups/tasks/main.yml | 1 + 6 files changed, 152 insertions(+) create mode 100644 roles/restore_backups/molecule/restore_conf_server/Dockerfile.j2 create mode 100644 roles/restore_backups/molecule/restore_conf_server/molecule.yml create mode 100644 roles/restore_backups/molecule/restore_conf_server/playbook.yml create mode 100644 roles/restore_backups/molecule/restore_conf_server/tests/test_default.py diff --git a/roles/restore_backups/molecule/restore_conf_server/Dockerfile.j2 b/roles/restore_backups/molecule/restore_conf_server/Dockerfile.j2 new file mode 100644 index 0000000..e6aa95d --- /dev/null +++ b/roles/restore_backups/molecule/restore_conf_server/Dockerfile.j2 @@ -0,0 +1,14 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/roles/restore_backups/molecule/restore_conf_server/molecule.yml b/roles/restore_backups/molecule/restore_conf_server/molecule.yml new file mode 100644 index 0000000..04c0973 --- /dev/null +++ b/roles/restore_backups/molecule/restore_conf_server/molecule.yml @@ -0,0 +1,30 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + - name: amazon_linux2 + image: amazonlinux:2 + groups: + - aws_node_local + ulimits: + - nofile:262144:262144 +provisioner: + name: ansible + options: + skip-tags: runtime_pkg + lint: + name: ansible-lint + options: + x: ["701"] + inventory: + links: + group_vars: ../../../../group_vars/ +verifier: + name: testinfra + lint: + name: flake8 + enabled: false diff --git a/roles/restore_backups/molecule/restore_conf_server/playbook.yml b/roles/restore_backups/molecule/restore_conf_server/playbook.yml new file mode 100644 index 0000000..d526a64 --- /dev/null +++ b/roles/restore_backups/molecule/restore_conf_server/playbook.yml @@ -0,0 +1,74 @@ +--- +- name: Converge + hosts: all + vars: + atl_backup_home_dest: "{{ test_archive }}" + atl_backup_id: 'test-backup' + atl_backup_manifest_url: 'fake_manifest' + atl_backup_home_is_server: 'true' + + atl_product_home_shared: '/media/atl/confluence/shared-home' + atl_backup_home_restore_canary_path: "{{ atl_product_home_shared }}/canary.tmp" + atl_product_edition: 'confluence' + atl_product_user: 'confluence' + atl_product_user_uid: '2001' + atl_product_version_cache: "{{ atl_product_home_shared }}/{{ atl_product_edition }}.version" + + test_archive: '/tmp/hello.tar.gz' + test_archive_file: 'hello.txt' + test_archive_source: '/tmp/hello' + + test_pre_step_prefix: '[PRE-TEST]' + test_product_version_file: "/tmp/{{ atl_product_edition }}.version" + + pre_tasks: + - name: "{{ test_pre_step_prefix }} Install tar and useradd/groupadd binaries" + package: + state: present + name: + - tar + - shadow-utils + + - name: "{{ test_pre_step_prefix }} Create application group" + group: + name: "{{ atl_product_user }}" + gid: "{{ atl_product_user_uid }}" + + - name: "{{ test_pre_step_prefix }} Create application user" + user: + name: "{{ atl_product_user }}" + uid: "{{ atl_product_user_uid }}" + group: "{{ atl_product_user }}" + + - name: "{{ test_pre_step_prefix }} Create a Conf server home directory structure" + file: + path: "{{ item }}" + state: directory + mode: 0755 + with_items: + - "{{ test_archive_source }}" + - "{{ test_archive_source }}/attachments" + - "{{ test_archive_source }}/shared-home" + + - name: "{{ test_pre_step_prefix }} Create files" + copy: + dest: "{{ item }}" + content: "content" + with_items: + - "{{ test_archive_source }}/unwanted.txt" + - "{{ test_archive_source }}/attachments/image.jpg" + - "{{ test_archive_source }}/shared-home/shared-content.txt" + + - name: "{{ test_pre_step_prefix }} Archive the shared home" + archive: + path: + - "{{ test_archive_source }}/*" + dest: "{{ test_archive }}" + owner: "{{ atl_product_user }}" + + tasks: + - name: Install distro-specific restore support packages + include_tasks: "../../tasks/{{ ansible_distribution|lower }}.yml" + + - name: Restore shared home + include_tasks: "../../tasks/home_restore.yml" diff --git a/roles/restore_backups/molecule/restore_conf_server/tests/test_default.py b/roles/restore_backups/molecule/restore_conf_server/tests/test_default.py new file mode 100644 index 0000000..ced7af8 --- /dev/null +++ b/roles/restore_backups/molecule/restore_conf_server/tests/test_default.py @@ -0,0 +1,15 @@ +import os +import pytest + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + +def test_conf_server_converted(host): + assert host.file('/media/atl/confluence/shared-home').is_directory + assert host.file('/media/atl/confluence/shared-home/shared-content.txt').is_file + assert host.file('/media/atl/confluence/shared-home/attachments').is_directory + assert host.file('/media/atl/confluence/shared-home/attachments/image.jpg').is_file + + assert not host.file('/media/atl/confluence/shared-home/unwanted.txt').is_file diff --git a/roles/restore_backups/tasks/home_restore.yml b/roles/restore_backups/tasks/home_restore.yml index 4c5f2ad..5c0b7b4 100644 --- a/roles/restore_backups/tasks/home_restore.yml +++ b/roles/restore_backups/tasks/home_restore.yml @@ -18,6 +18,24 @@ src: "{{ atl_backup_home_dest }}" remote_src: yes dest: "{{ atl_product_home_shared }}" + when: atl_backup_home_is_server is not defined or not atl_backup_home_is_server|bool + + - name: Restore a Confluence server home to share-home layout + unarchive: + src: "{{ atl_backup_home_dest }}" + remote_src: yes + dest: "{{ atl_product_home_shared }}" + # Use tar transform to convert the Confluence Server + # (unclustered) layout to shared-home version. What occurs is: + # * --transform runs first, moving attachments into the shared home. + # * --strip-components removes the top-level directory + # NOTE: Also see the `confluence_config` role, which uses + # symlinks to support server and clustered layouts + # concurrently. + extra_opts: + - "--transform=s,^attachments,shared-home/attachments," + - "--strip-components=1" + when: atl_backup_home_is_server is defined and atl_backup_home_is_server|bool - name: Set shared home owner and group to application user file: diff --git a/roles/restore_backups/tasks/main.yml b/roles/restore_backups/tasks/main.yml index 1c81430..6ad9b98 100644 --- a/roles/restore_backups/tasks/main.yml +++ b/roles/restore_backups/tasks/main.yml @@ -58,6 +58,7 @@ atl_backup_id: "{{ atl_backup_manifest.name }}" atl_backup_db_dest: "{{ atl_installer_temp }}/{{ atl_backup_manifest.artifacts.db.location.location | basename }}" atl_backup_home_dest: "{{ atl_installer_temp }}/{{ atl_backup_manifest.artifacts.sharedHome.location.location | basename }}" + atl_backup_home_is_server: "{{ atl_backup_manifest.artifacts.sharedHome.serverHome }}" # FIXME: Here we fetch the backups. However we may wish to stream # these directly from S3 to the target DB/FS to avoid requiring From 55180285415d9ca1f96caa421f47f2eb0d6242cc Mon Sep 17 00:00:00 2001 From: Steve Smith Date: Mon, 2 Dec 2019 14:57:19 +1100 Subject: [PATCH 42/71] DCD-828: Update pipelines. --- bitbucket-pipelines.yml | 80 +++++++++++-------- .../templates/bitbucket-pipelines.yml.j2 | 4 + 2 files changed, 50 insertions(+), 34 deletions(-) diff --git a/bitbucket-pipelines.yml b/bitbucket-pipelines.yml index b51f0f9..71b2462 100644 --- a/bitbucket-pipelines.yml +++ b/bitbucket-pipelines.yml @@ -1,4 +1,8 @@ --- +# This file was generated; to regnerated `cd` to `pipeline_generator` +# and run: +# +# make > ../bitbucket-pipelines.yml image: debian:buster options: @@ -14,7 +18,7 @@ pipelines: - step: name: Pre Parallelization stage script: - - echo "Running tests in 32 batches" + - echo "Running tests in 33 batches" - step: name: Check if number of batches match actual number of scenarios script: @@ -34,7 +38,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 1 - + - step: name: Molecule Test Batch - 2 services: @@ -42,7 +46,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 2 - + - step: name: Molecule Test Batch - 3 services: @@ -50,7 +54,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 3 - + - step: name: Molecule Test Batch - 4 services: @@ -58,7 +62,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 4 - + - step: name: Molecule Test Batch - 5 services: @@ -66,7 +70,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 5 - + - step: name: Molecule Test Batch - 6 services: @@ -74,7 +78,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 6 - + - step: name: Molecule Test Batch - 7 services: @@ -82,7 +86,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 7 - + - step: name: Molecule Test Batch - 8 services: @@ -90,7 +94,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 8 - + - step: name: Molecule Test Batch - 9 services: @@ -98,7 +102,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 9 - + - step: name: Molecule Test Batch - 10 services: @@ -106,7 +110,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 10 - + - step: name: Molecule Test Batch - 11 services: @@ -114,7 +118,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 11 - + - step: name: Molecule Test Batch - 12 services: @@ -122,7 +126,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 12 - + - step: name: Molecule Test Batch - 13 services: @@ -130,7 +134,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 13 - + - step: name: Molecule Test Batch - 14 services: @@ -138,7 +142,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 14 - + - step: name: Molecule Test Batch - 15 services: @@ -146,7 +150,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 15 - + - step: name: Molecule Test Batch - 16 services: @@ -154,7 +158,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 16 - + - step: name: Molecule Test Batch - 17 services: @@ -162,7 +166,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 17 - + - step: name: Molecule Test Batch - 18 services: @@ -170,7 +174,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 18 - + - step: name: Molecule Test Batch - 19 services: @@ -178,7 +182,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 19 - + - step: name: Molecule Test Batch - 20 services: @@ -186,7 +190,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 20 - + - step: name: Molecule Test Batch - 21 services: @@ -194,7 +198,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 21 - + - step: name: Molecule Test Batch - 22 services: @@ -202,7 +206,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 22 - + - step: name: Molecule Test Batch - 23 services: @@ -210,7 +214,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 23 - + - step: name: Molecule Test Batch - 24 services: @@ -218,7 +222,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 24 - + - step: name: Molecule Test Batch - 25 services: @@ -226,7 +230,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 25 - + - step: name: Molecule Test Batch - 26 services: @@ -234,7 +238,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 26 - + - step: name: Molecule Test Batch - 27 services: @@ -242,7 +246,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 27 - + - step: name: Molecule Test Batch - 28 services: @@ -250,7 +254,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 28 - + - step: name: Molecule Test Batch - 29 services: @@ -258,7 +262,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 29 - + - step: name: Molecule Test Batch - 30 services: @@ -266,7 +270,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 30 - + - step: name: Molecule Test Batch - 31 services: @@ -274,7 +278,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 31 - + - step: name: Molecule Test Batch - 32 services: @@ -282,5 +286,13 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 32 - - + + - step: + name: Molecule Test Batch - 33 + services: + - docker + script: + - apt-get update && ./bin/install-ansible --dev + - ./bin/run-tests-in-batches --batch 33 + + diff --git a/pipeline_generator/templates/bitbucket-pipelines.yml.j2 b/pipeline_generator/templates/bitbucket-pipelines.yml.j2 index 6b89e62..4f3a0b7 100644 --- a/pipeline_generator/templates/bitbucket-pipelines.yml.j2 +++ b/pipeline_generator/templates/bitbucket-pipelines.yml.j2 @@ -1,4 +1,8 @@ --- +# This file was generated; to regnerated `cd` to `pipeline_generator` +# and run: +# +# make > ../bitbucket-pipelines.yml image: debian:buster options: From dfa68eda31941675ea0e57b195eefe8b71f38da5 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Tue, 3 Dec 2019 13:12:42 +1100 Subject: [PATCH 43/71] ITOPSENG-277 fix bad focus mispaste in seraph-config.xml.j2 --- roles/confluence_config/templates/seraph-config.xml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/confluence_config/templates/seraph-config.xml.j2 b/roles/confluence_config/templates/seraph-config.xml.j2 index 5839e9a..af64485 100644 --- a/roles/confluence_config/templates/seraph-config.xml.j2 +++ b/roles/confluence_config/templates/seraph-config.xml.j2 @@ -1,4 +1,4 @@ -grep + login.url From cbe0382abe440a3cbde7d224c3fcf866d65f4dbf Mon Sep 17 00:00:00 2001 From: Steve Smith Date: Tue, 3 Dec 2019 14:57:42 +1100 Subject: [PATCH 44/71] DCD-791: Rename restore test to reflect difference and add test flag. --- roles/restore_backups/molecule/Pipfile | 11 +++++++++++ .../{restore => restore_jira_clustered}/Dockerfile.j2 | 0 .../{restore => restore_jira_clustered}/molecule.yml | 0 .../{restore => restore_jira_clustered}/playbook.yml | 1 + .../tests/test_default.py | 0 5 files changed, 12 insertions(+) create mode 100644 roles/restore_backups/molecule/Pipfile rename roles/restore_backups/molecule/{restore => restore_jira_clustered}/Dockerfile.j2 (100%) rename roles/restore_backups/molecule/{restore => restore_jira_clustered}/molecule.yml (100%) rename roles/restore_backups/molecule/{restore => restore_jira_clustered}/playbook.yml (98%) rename roles/restore_backups/molecule/{restore => restore_jira_clustered}/tests/test_default.py (100%) diff --git a/roles/restore_backups/molecule/Pipfile b/roles/restore_backups/molecule/Pipfile new file mode 100644 index 0000000..219b717 --- /dev/null +++ b/roles/restore_backups/molecule/Pipfile @@ -0,0 +1,11 @@ +[[source]] +url = "https://pypi.python.org/simple" +verify_ssl = true +name = "pypi" + +[packages] + +[dev-packages] + +[requires] +python_version = "3.7" diff --git a/roles/restore_backups/molecule/restore/Dockerfile.j2 b/roles/restore_backups/molecule/restore_jira_clustered/Dockerfile.j2 similarity index 100% rename from roles/restore_backups/molecule/restore/Dockerfile.j2 rename to roles/restore_backups/molecule/restore_jira_clustered/Dockerfile.j2 diff --git a/roles/restore_backups/molecule/restore/molecule.yml b/roles/restore_backups/molecule/restore_jira_clustered/molecule.yml similarity index 100% rename from roles/restore_backups/molecule/restore/molecule.yml rename to roles/restore_backups/molecule/restore_jira_clustered/molecule.yml diff --git a/roles/restore_backups/molecule/restore/playbook.yml b/roles/restore_backups/molecule/restore_jira_clustered/playbook.yml similarity index 98% rename from roles/restore_backups/molecule/restore/playbook.yml rename to roles/restore_backups/molecule/restore_jira_clustered/playbook.yml index 073d24b..a866f32 100644 --- a/roles/restore_backups/molecule/restore/playbook.yml +++ b/roles/restore_backups/molecule/restore_jira_clustered/playbook.yml @@ -6,6 +6,7 @@ atl_backup_home_restore_canary_path: '/tmp/canary.tmp' atl_backup_id: 'test-backup' atl_backup_manifest_url: 'fake_manifest' + atl_backup_home_is_server: 'false' atl_product_edition: 'jira-software' atl_product_home_shared: '/media/atl/jira/shared' diff --git a/roles/restore_backups/molecule/restore/tests/test_default.py b/roles/restore_backups/molecule/restore_jira_clustered/tests/test_default.py similarity index 100% rename from roles/restore_backups/molecule/restore/tests/test_default.py rename to roles/restore_backups/molecule/restore_jira_clustered/tests/test_default.py From 011225231598420036df34f26e54a39cb05d27ce Mon Sep 17 00:00:00 2001 From: Lee Goolsbee Date: Tue, 3 Dec 2019 12:13:01 -0600 Subject: [PATCH 45/71] ITOPSENG-321 install dejavu-sans-fonts for all linux hosts --- roles/linux_common/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/linux_common/tasks/main.yml b/roles/linux_common/tasks/main.yml index 825fbd7..673b90d 100644 --- a/roles/linux_common/tasks/main.yml +++ b/roles/linux_common/tasks/main.yml @@ -14,6 +14,7 @@ - unzip - fontconfig - python-psycopg2 + - dejavu-sans-fonts - name: Create product group group: From a04d3efc449ea0084072a8fc28a226d5bbae699d Mon Sep 17 00:00:00 2001 From: Lee Goolsbee Date: Tue, 3 Dec 2019 17:11:04 -0600 Subject: [PATCH 46/71] ITOPSENG-321 install OS-specific package for dejavu sans --- roles/linux_common/tasks/amazon.yml | 1 + roles/linux_common/tasks/main.yml | 1 - roles/linux_common/tasks/ubuntu.yml | 1 + 3 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/linux_common/tasks/amazon.yml b/roles/linux_common/tasks/amazon.yml index 3be04db..c77541b 100644 --- a/roles/linux_common/tasks/amazon.yml +++ b/roles/linux_common/tasks/amazon.yml @@ -6,3 +6,4 @@ - shadow-utils - libxml2 - git-{{ git_version }} + - dejavu-sans-fonts diff --git a/roles/linux_common/tasks/main.yml b/roles/linux_common/tasks/main.yml index 673b90d..825fbd7 100644 --- a/roles/linux_common/tasks/main.yml +++ b/roles/linux_common/tasks/main.yml @@ -14,7 +14,6 @@ - unzip - fontconfig - python-psycopg2 - - dejavu-sans-fonts - name: Create product group group: diff --git a/roles/linux_common/tasks/ubuntu.yml b/roles/linux_common/tasks/ubuntu.yml index b5c542c..892071d 100644 --- a/roles/linux_common/tasks/ubuntu.yml +++ b/roles/linux_common/tasks/ubuntu.yml @@ -6,3 +6,4 @@ - python3-psycopg2 - libxml2-utils - git + - fonts-dejavu-core From 48c9927c507b3aa16a8dd35564f17291f6d9cb39 Mon Sep 17 00:00:00 2001 From: Steve Smith Date: Wed, 4 Dec 2019 11:34:26 +1100 Subject: [PATCH 47/71] DCD-828: Minor cleanups. --- bitbucket-pipelines.yml | 66 +++++++++++++------------- roles/restore_backups/molecule/Pipfile | 11 ----- 2 files changed, 32 insertions(+), 45 deletions(-) delete mode 100644 roles/restore_backups/molecule/Pipfile diff --git a/bitbucket-pipelines.yml b/bitbucket-pipelines.yml index 71b2462..5e77c1b 100644 --- a/bitbucket-pipelines.yml +++ b/bitbucket-pipelines.yml @@ -38,7 +38,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 1 - + - step: name: Molecule Test Batch - 2 services: @@ -46,7 +46,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 2 - + - step: name: Molecule Test Batch - 3 services: @@ -54,7 +54,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 3 - + - step: name: Molecule Test Batch - 4 services: @@ -62,7 +62,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 4 - + - step: name: Molecule Test Batch - 5 services: @@ -70,7 +70,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 5 - + - step: name: Molecule Test Batch - 6 services: @@ -78,7 +78,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 6 - + - step: name: Molecule Test Batch - 7 services: @@ -86,7 +86,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 7 - + - step: name: Molecule Test Batch - 8 services: @@ -94,7 +94,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 8 - + - step: name: Molecule Test Batch - 9 services: @@ -102,7 +102,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 9 - + - step: name: Molecule Test Batch - 10 services: @@ -110,7 +110,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 10 - + - step: name: Molecule Test Batch - 11 services: @@ -118,7 +118,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 11 - + - step: name: Molecule Test Batch - 12 services: @@ -126,7 +126,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 12 - + - step: name: Molecule Test Batch - 13 services: @@ -134,7 +134,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 13 - + - step: name: Molecule Test Batch - 14 services: @@ -142,7 +142,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 14 - + - step: name: Molecule Test Batch - 15 services: @@ -150,7 +150,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 15 - + - step: name: Molecule Test Batch - 16 services: @@ -158,7 +158,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 16 - + - step: name: Molecule Test Batch - 17 services: @@ -166,7 +166,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 17 - + - step: name: Molecule Test Batch - 18 services: @@ -174,7 +174,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 18 - + - step: name: Molecule Test Batch - 19 services: @@ -182,7 +182,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 19 - + - step: name: Molecule Test Batch - 20 services: @@ -190,7 +190,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 20 - + - step: name: Molecule Test Batch - 21 services: @@ -198,7 +198,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 21 - + - step: name: Molecule Test Batch - 22 services: @@ -206,7 +206,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 22 - + - step: name: Molecule Test Batch - 23 services: @@ -214,7 +214,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 23 - + - step: name: Molecule Test Batch - 24 services: @@ -222,7 +222,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 24 - + - step: name: Molecule Test Batch - 25 services: @@ -230,7 +230,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 25 - + - step: name: Molecule Test Batch - 26 services: @@ -238,7 +238,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 26 - + - step: name: Molecule Test Batch - 27 services: @@ -246,7 +246,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 27 - + - step: name: Molecule Test Batch - 28 services: @@ -254,7 +254,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 28 - + - step: name: Molecule Test Batch - 29 services: @@ -262,7 +262,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 29 - + - step: name: Molecule Test Batch - 30 services: @@ -270,7 +270,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 30 - + - step: name: Molecule Test Batch - 31 services: @@ -278,7 +278,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 31 - + - step: name: Molecule Test Batch - 32 services: @@ -286,7 +286,7 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 32 - + - step: name: Molecule Test Batch - 33 services: @@ -294,5 +294,3 @@ pipelines: script: - apt-get update && ./bin/install-ansible --dev - ./bin/run-tests-in-batches --batch 33 - - diff --git a/roles/restore_backups/molecule/Pipfile b/roles/restore_backups/molecule/Pipfile deleted file mode 100644 index 219b717..0000000 --- a/roles/restore_backups/molecule/Pipfile +++ /dev/null @@ -1,11 +0,0 @@ -[[source]] -url = "https://pypi.python.org/simple" -verify_ssl = true -name = "pypi" - -[packages] - -[dev-packages] - -[requires] -python_version = "3.7" From bc0ad759ba1a493a07b7bc321f8e762476b84a79 Mon Sep 17 00:00:00 2001 From: Ben Partridge Date: Wed, 4 Dec 2019 12:51:35 +1100 Subject: [PATCH 48/71] DCD-686: Undo renaming of ald_backup_manifest_url var --- roles/restore_backups/tasks/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/restore_backups/tasks/main.yml b/roles/restore_backups/tasks/main.yml index 7b47149..1c81430 100644 --- a/roles/restore_backups/tasks/main.yml +++ b/roles/restore_backups/tasks/main.yml @@ -29,13 +29,13 @@ - name: Parse the manifest URL set_fact: - atl_backup_manifest_dict: "{{ atl_backup_manifest_url | urlsplit }}" + atl_backup_manifest_url: "{{ atl_backup_manifest_url | urlsplit }}" - name: Extract manifest file information set_fact: - atl_backup_manifest_bucket: "{{ atl_backup_manifest_dict.hostname }}" - atl_backup_manifest_path: "{{ atl_backup_manifest_dict.path }}" - atl_backup_manifest_dest: "{{ atl_installer_temp }}/{{ atl_backup_manifest_dict.path | basename }}" + atl_backup_manifest_bucket: "{{ atl_backup_manifest_url.hostname }}" + atl_backup_manifest_path: "{{ atl_backup_manifest_url.path }}" + atl_backup_manifest_dest: "{{ atl_installer_temp }}/{{ atl_backup_manifest_url.path | basename }}" - name: Fetch the manifest from S3 aws_s3: @@ -44,7 +44,7 @@ bucket: "{{ atl_backup_manifest_bucket }}" object: "{{ atl_backup_manifest_path }}" dest: "{{ atl_backup_manifest_dest }}" - when: atl_backup_manifest_dict.scheme == 's3' + when: atl_backup_manifest_url.scheme == 's3' - name: Load parameters from manifest include_vars: From b102f6b9a4f93fb1b5a943c8a4af0daa09f41b45 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Wed, 4 Dec 2019 14:53:08 +1100 Subject: [PATCH 49/71] ITOPSENG-277 ensure synchrony_service_url is a string before length count --- roles/confluence_config/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/confluence_config/defaults/main.yml b/roles/confluence_config/defaults/main.yml index 783a567..4b7f75a 100644 --- a/roles/confluence_config/defaults/main.yml +++ b/roles/confluence_config/defaults/main.yml @@ -31,7 +31,7 @@ atl_catalina_opts_extra: >- -Dsynchrony.proxy.enabled=false -Dconfluence.cluster.node.name={{ atl_local_ipv4 }} -Dconfluence.cluster.hazelcast.max.no.heartbeat.seconds=60 - {% if atl_synchrony_service_url|length %}-Dsynchrony.service.url={{ atl_synchrony_service_url }}{% endif %} + {% if atl_synchrony_service_url|string|length %}-Dsynchrony.service.url={{ atl_synchrony_service_url }}{% endif %} atl_tomcat_port: "8080" atl_tomcat_mgmt_port: "8005" From b195f2a467d42bf43618431917a23c30bce4a804 Mon Sep 17 00:00:00 2001 From: Lee Goolsbee Date: Tue, 3 Dec 2019 21:55:06 -0600 Subject: [PATCH 50/71] ITOPSENG-321 ubuntu/debian needs fontconfig instead --- roles/linux_common/tasks/ubuntu.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/linux_common/tasks/ubuntu.yml b/roles/linux_common/tasks/ubuntu.yml index 892071d..0ea8343 100644 --- a/roles/linux_common/tasks/ubuntu.yml +++ b/roles/linux_common/tasks/ubuntu.yml @@ -6,4 +6,4 @@ - python3-psycopg2 - libxml2-utils - git - - fonts-dejavu-core + - fontconfig From 72cecfe04d56869e3f563fedf7593dd1c16bd6e5 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Thu, 5 Dec 2019 11:50:14 +1100 Subject: [PATCH 51/71] ITOPSENG-101 fixed variable value case in /etc/atl_vars.yml --- bin/ansible-with-atl-env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/ansible-with-atl-env b/bin/ansible-with-atl-env index bc97f57..5c2ea21 100755 --- a/bin/ansible-with-atl-env +++ b/bin/ansible-with-atl-env @@ -11,7 +11,7 @@ ENV_FILE=${4:-"/etc/atl"} export PATH=/usr/local/bin:$PATH # get /etc/atl into usable vars which can be included in ansible playbooks -grep -v PASSWORD /etc/atl | sed -r -e 's/(^.+)(=)(.*$)/\L\1:\ \3/g' > /etc/atl_vars.yml +grep -v PASSWORD /etc/atl | sed -r -e 's/(^.+)(=)(.*$)/\L\1\E:\ \3/g' > /etc/atl_vars.yml # Set the environment with default exports set -a From fff55c54093565522c7934baea6ab837a871afe5 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Thu, 5 Dec 2019 13:43:06 +1100 Subject: [PATCH 52/71] ITOPSENG-277 added when suggested by Ben --- roles/confluence_config/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/confluence_config/tasks/main.yml b/roles/confluence_config/tasks/main.yml index ebfc4f5..307580e 100644 --- a/roles/confluence_config/tasks/main.yml +++ b/roles/confluence_config/tasks/main.yml @@ -90,4 +90,5 @@ - bandanavalue - .* - "{{ atl_tomcat_scheme }}://{{ atl_proxy_name }}" + when: atl_proxy_name is defined ignore_errors: yes # For Molecule as it has no db test framework included From 8c02ea36bbc0a2640197107eb6f35f06b6600c9c Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Thu, 5 Dec 2019 15:12:33 +1100 Subject: [PATCH 53/71] ITOPSENG-277 added fixes for tests as per discussion with Ben --- roles/confluence_config/molecule/aurora/playbook.yml | 2 -- .../confluence_config/molecule/default/tests/test_default.py | 2 -- roles/confluence_config/tasks/main.yml | 4 +++- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/roles/confluence_config/molecule/aurora/playbook.yml b/roles/confluence_config/molecule/aurora/playbook.yml index 67cc0af..d57ff60 100644 --- a/roles/confluence_config/molecule/aurora/playbook.yml +++ b/roles/confluence_config/molecule/aurora/playbook.yml @@ -14,8 +14,6 @@ atl_cluster_node_id: 'FAKEID' atl_autologin_cookie_age: "COOKIEAGE" atl_local_ipv4: "1.1.1.1" - atl_tomcat_scheme: "http" - atl_proxy_name: "localhost" roles: - role: linux_common diff --git a/roles/confluence_config/molecule/default/tests/test_default.py b/roles/confluence_config/molecule/default/tests/test_default.py index a8d3013..d74ba7b 100644 --- a/roles/confluence_config/molecule/default/tests/test_default.py +++ b/roles/confluence_config/molecule/default/tests/test_default.py @@ -38,8 +38,6 @@ def test_server_file(host): assert f.contains('acceptCount="10"') assert f.contains('secure="false"') assert f.contains('scheme="http"') - assert not f.contains('proxyName=') - assert not f.contains('proxyPort=') def test_install_permissions(host): assert host.file('/opt/atlassian/confluence/current/conf/server.xml').user == 'root' diff --git a/roles/confluence_config/tasks/main.yml b/roles/confluence_config/tasks/main.yml index 307580e..5ed6d66 100644 --- a/roles/confluence_config/tasks/main.yml +++ b/roles/confluence_config/tasks/main.yml @@ -90,5 +90,7 @@ - bandanavalue - .* - "{{ atl_tomcat_scheme }}://{{ atl_proxy_name }}" - when: atl_proxy_name is defined + when: + - atl_proxy_name is defined + - atl_tomcat_scheme is defined ignore_errors: yes # For Molecule as it has no db test framework included From bc8dd94e9c5e6db0cb9a35f93f430c98815b51a4 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Thu, 5 Dec 2019 16:14:18 +1100 Subject: [PATCH 54/71] ITOPSENG-277 removing slurping of all /etc/atl. DCD prefer explicit variable assignment --- aws_confluence_dc_node.yml | 3 --- bin/ansible-with-atl-env | 3 --- 2 files changed, 6 deletions(-) diff --git a/aws_confluence_dc_node.yml b/aws_confluence_dc_node.yml index f2f9a34..e33fe3d 100644 --- a/aws_confluence_dc_node.yml +++ b/aws_confluence_dc_node.yml @@ -10,9 +10,6 @@ atl_jdbc_encoding: 'UTF-8' atl_jdbc_collation: 'en_US.UTF-8' - vars_files: - - /etc/atl_vars.yml - roles: - role: linux_common - role: aws_common diff --git a/bin/ansible-with-atl-env b/bin/ansible-with-atl-env index 5c2ea21..072ff20 100755 --- a/bin/ansible-with-atl-env +++ b/bin/ansible-with-atl-env @@ -10,9 +10,6 @@ ENV_FILE=${4:-"/etc/atl"} export PATH=/usr/local/bin:$PATH -# get /etc/atl into usable vars which can be included in ansible playbooks -grep -v PASSWORD /etc/atl | sed -r -e 's/(^.+)(=)(.*$)/\L\1\E:\ \3/g' > /etc/atl_vars.yml - # Set the environment with default exports set -a source $ENV_FILE From 090b7a0a7461bf75d06e3ad9958411e4ba6483f7 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Thu, 5 Dec 2019 16:18:57 +1100 Subject: [PATCH 55/71] ITOPSENG-277 restored blank lines --- aws_confluence_dc_node.yml | 1 + bin/ansible-with-atl-env | 1 + 2 files changed, 2 insertions(+) diff --git a/aws_confluence_dc_node.yml b/aws_confluence_dc_node.yml index e33fe3d..979f96b 100644 --- a/aws_confluence_dc_node.yml +++ b/aws_confluence_dc_node.yml @@ -7,6 +7,7 @@ atl_product_family: "confluence" atl_product_user: "confluence" atl_product_edition: "confluence" + atl_jdbc_encoding: 'UTF-8' atl_jdbc_collation: 'en_US.UTF-8' diff --git a/bin/ansible-with-atl-env b/bin/ansible-with-atl-env index 072ff20..3685381 100755 --- a/bin/ansible-with-atl-env +++ b/bin/ansible-with-atl-env @@ -10,6 +10,7 @@ ENV_FILE=${4:-"/etc/atl"} export PATH=/usr/local/bin:$PATH + # Set the environment with default exports set -a source $ENV_FILE From 7ff68f61c72955166f228ef8b8768b06eefed1e5 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Thu, 5 Dec 2019 16:23:53 +1100 Subject: [PATCH 56/71] ITOPSENG-277 restore testing of proxy and port --- roles/confluence_config/molecule/default/playbook.yml | 1 + roles/confluence_config/molecule/default/tests/test_default.py | 2 ++ 2 files changed, 3 insertions(+) diff --git a/roles/confluence_config/molecule/default/playbook.yml b/roles/confluence_config/molecule/default/playbook.yml index d29762a..93c91ec 100644 --- a/roles/confluence_config/molecule/default/playbook.yml +++ b/roles/confluence_config/molecule/default/playbook.yml @@ -16,6 +16,7 @@ atl_local_ipv4: "1.1.1.1" atl_tomcat_scheme: "http" atl_proxy_name: "localhost" + atl_proxy_port: "80" roles: - role: linux_common diff --git a/roles/confluence_config/molecule/default/tests/test_default.py b/roles/confluence_config/molecule/default/tests/test_default.py index d74ba7b..a65ce05 100644 --- a/roles/confluence_config/molecule/default/tests/test_default.py +++ b/roles/confluence_config/molecule/default/tests/test_default.py @@ -38,6 +38,8 @@ def test_server_file(host): assert f.contains('acceptCount="10"') assert f.contains('secure="false"') assert f.contains('scheme="http"') + assert f.contains('proxyName=') + assert f.contains('proxyPort=') def test_install_permissions(host): assert host.file('/opt/atlassian/confluence/current/conf/server.xml').user == 'root' From 4d19d1d865bd35ae8fcb6615f3822c3a316a0ae6 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Thu, 5 Dec 2019 16:29:35 +1100 Subject: [PATCH 57/71] ITOPSENG-277 remove duplicate url arg --- roles/confluence_config/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/confluence_config/defaults/main.yml b/roles/confluence_config/defaults/main.yml index 4b7f75a..d0e4fa4 100644 --- a/roles/confluence_config/defaults/main.yml +++ b/roles/confluence_config/defaults/main.yml @@ -17,7 +17,6 @@ atl_hazelcast_network_aws_iam_role: "{{ lookup('env', 'ATL_HAZELCAST_NETWORK_AWS atl_hazelcast_network_aws_tag_value: "{{ lookup('env', 'ATL_HAZELCAST_NETWORK_AWS_TAG_VALUE') }}" atl_catalina_opts: "" -atl_synchrony_url: "{% if atl_synchrony_service_url|length %}-Dsynchrony.service.url={{ atl_synchrony_service_url }}{% endif %}" atl_catalina_opts_extra: >- -Datlassian.event.thread_pool_configuration.queue_size=4096 -Datlassian.plugins.enable.wait=300 From 643eb1a46e442646174eecd84822bc21eebf9a37 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Mon, 9 Dec 2019 17:23:09 +1100 Subject: [PATCH 58/71] ITOPSENG-277 do the lookups for proxy and scheme and ensure the schema perms are good --- aws_confluence_dc_node.yml | 2 ++ roles/database_init/tasks/main.yml | 24 ++++++++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/aws_confluence_dc_node.yml b/aws_confluence_dc_node.yml index 979f96b..693f7da 100644 --- a/aws_confluence_dc_node.yml +++ b/aws_confluence_dc_node.yml @@ -10,6 +10,8 @@ atl_jdbc_encoding: 'UTF-8' atl_jdbc_collation: 'en_US.UTF-8' + atl_proxy_name: "{{ lookup('env', 'ATL_PROXY_NAME') }}" + atl_tomcat_scheme: "{{ lookup('env', 'ATL_TOMCAT_SCHEME') }}" roles: - role: linux_common diff --git a/roles/database_init/tasks/main.yml b/roles/database_init/tasks/main.yml index 2df59db..1b238cb 100644 --- a/roles/database_init/tasks/main.yml +++ b/roles/database_init/tasks/main.yml @@ -10,6 +10,30 @@ password: "{{ atl_jdbc_password }}" expires: 'infinity' +- name: Assert ownership of public schema + postgresql_query: + login_host: "{{ atl_db_host }}" + login_user: "{{ atl_db_root_user }}" + login_password: "{{ atl_db_root_password }}" + db: "{{ atl_jdbc_db_name }}" + query: "ALTER SCHEMA public OWNER to {{ atl_db_root_password }};" + +- name: Grant privs to root user on public schema + postgresql_query: + login_host: "{{ atl_db_host }}" + login_user: "{{ atl_db_root_user }}" + login_password: "{{ atl_db_root_password }}" + db: "{{ atl_jdbc_db_name }}" + query: "GRANT ALL ON SCHEMA public TO {{ atl_db_root_password }};" + +- name: Grant privs to application user on public schema + postgresql_query: + login_host: "{{ atl_db_host }}" + login_user: "{{ atl_db_root_user }}" + login_password: "{{ atl_db_root_password }}" + db: "{{ atl_jdbc_db_name }}" + query: "GRANT ALL ON SCHEMA public TO {{ atl_jdbc_password }};" + - block: - name: Update root privs for new user From 0739a67b8d5c22885400b90af4a3500272688c6a Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Mon, 9 Dec 2019 17:29:37 +1100 Subject: [PATCH 59/71] ITOPSENG-277 ensure the schema perms are set witht he right vars --- roles/database_init/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/database_init/tasks/main.yml b/roles/database_init/tasks/main.yml index 1b238cb..05a27fa 100644 --- a/roles/database_init/tasks/main.yml +++ b/roles/database_init/tasks/main.yml @@ -16,7 +16,7 @@ login_user: "{{ atl_db_root_user }}" login_password: "{{ atl_db_root_password }}" db: "{{ atl_jdbc_db_name }}" - query: "ALTER SCHEMA public OWNER to {{ atl_db_root_password }};" + query: "ALTER SCHEMA public OWNER to {{ atl_db_root_user }};" - name: Grant privs to root user on public schema postgresql_query: @@ -24,7 +24,7 @@ login_user: "{{ atl_db_root_user }}" login_password: "{{ atl_db_root_password }}" db: "{{ atl_jdbc_db_name }}" - query: "GRANT ALL ON SCHEMA public TO {{ atl_db_root_password }};" + query: "GRANT ALL ON SCHEMA public TO {{ atl_db_root_user }};" - name: Grant privs to application user on public schema postgresql_query: @@ -32,7 +32,7 @@ login_user: "{{ atl_db_root_user }}" login_password: "{{ atl_db_root_password }}" db: "{{ atl_jdbc_db_name }}" - query: "GRANT ALL ON SCHEMA public TO {{ atl_jdbc_password }};" + query: "GRANT ALL ON SCHEMA public TO {{ atl_jdbc_user }};" - block: From 94c8c6a92ed44d843ae8532c338fc470f08fc5bd Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Tue, 10 Dec 2019 08:02:03 +1100 Subject: [PATCH 60/71] ITOPSENG-277 messing qith quotes --- roles/confluence_config/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/confluence_config/tasks/main.yml b/roles/confluence_config/tasks/main.yml index 5ed6d66..6d74ba4 100644 --- a/roles/confluence_config/tasks/main.yml +++ b/roles/confluence_config/tasks/main.yml @@ -88,8 +88,8 @@ query: update bandana set bandanavalue=regexp_replace(%s, %s, %s) where bandanacontext = '_GLOBAL' and bandanakey = 'atlassian.confluence.settings'; positional_args: - bandanavalue - - .* - - "{{ atl_tomcat_scheme }}://{{ atl_proxy_name }}" + - "'.*'" + - "'{{ atl_tomcat_scheme }}://{{ atl_proxy_name }}'" when: - atl_proxy_name is defined - atl_tomcat_scheme is defined From eb83a768c3ecebc6baa30aa45fe8dfaeaa0541fc Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Tue, 10 Dec 2019 09:45:24 +1100 Subject: [PATCH 61/71] ITOPSENG-277 managed to get the column name unquoted by removing it from positional args --- roles/confluence_config/tasks/main.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/confluence_config/tasks/main.yml b/roles/confluence_config/tasks/main.yml index 6d74ba4..9e890c9 100644 --- a/roles/confluence_config/tasks/main.yml +++ b/roles/confluence_config/tasks/main.yml @@ -85,11 +85,10 @@ login_user: "{{ atl_jdbc_user }}" login_password: "{{ atl_jdbc_password }}" db: "{{ atl_jdbc_db_name }}" - query: update bandana set bandanavalue=regexp_replace(%s, %s, %s) where bandanacontext = '_GLOBAL' and bandanakey = 'atlassian.confluence.settings'; + query: update bandana set bandanavalue=regexp_replace(bandanavalue, %s, %s) where bandanacontext = '_GLOBAL' and bandanakey = 'atlassian.confluence.settings'; positional_args: - - bandanavalue - - "'.*'" - - "'{{ atl_tomcat_scheme }}://{{ atl_proxy_name }}'" + - ".*" + - "{{ atl_tomcat_scheme }}://{{ atl_proxy_name }}" when: - atl_proxy_name is defined - atl_tomcat_scheme is defined From 4824fe53cb27a59b68e02c0c6fa7702b41b42851 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Tue, 10 Dec 2019 10:29:26 +1100 Subject: [PATCH 62/71] ITOPSENG-277 remove proxyname and scheme from confluence playbook as they are in group_vars --- aws_confluence_dc_node.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/aws_confluence_dc_node.yml b/aws_confluence_dc_node.yml index 693f7da..979f96b 100644 --- a/aws_confluence_dc_node.yml +++ b/aws_confluence_dc_node.yml @@ -10,8 +10,6 @@ atl_jdbc_encoding: 'UTF-8' atl_jdbc_collation: 'en_US.UTF-8' - atl_proxy_name: "{{ lookup('env', 'ATL_PROXY_NAME') }}" - atl_tomcat_scheme: "{{ lookup('env', 'ATL_TOMCAT_SCHEME') }}" roles: - role: linux_common From dff012fc8df9fb88df13db907a04d6440d6e17c2 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Tue, 10 Dec 2019 10:44:59 +1100 Subject: [PATCH 63/71] ITOPSENG-277 split base_url query over 2 lines to pass linting --- roles/confluence_config/tasks/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/confluence_config/tasks/main.yml b/roles/confluence_config/tasks/main.yml index 9e890c9..f8e366c 100644 --- a/roles/confluence_config/tasks/main.yml +++ b/roles/confluence_config/tasks/main.yml @@ -85,7 +85,9 @@ login_user: "{{ atl_jdbc_user }}" login_password: "{{ atl_jdbc_password }}" db: "{{ atl_jdbc_db_name }}" - query: update bandana set bandanavalue=regexp_replace(bandanavalue, %s, %s) where bandanacontext = '_GLOBAL' and bandanakey = 'atlassian.confluence.settings'; + query: > + update bandana set bandanavalue=regexp_replace(bandanavalue, %s, %s) + where bandanacontext = '_GLOBAL' and bandanakey = 'atlassian.confluence.settings'; positional_args: - ".*" - "{{ atl_tomcat_scheme }}://{{ atl_proxy_name }}" From cf183913baf690864d0a726de92ea08998facc7a Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Tue, 10 Dec 2019 11:20:25 +1100 Subject: [PATCH 64/71] ITOPSENG-277 have the schema fixes applied against atl_db_root_db_name --- group_vars/aws_node_local.yml | 1 + roles/database_init/defaults/main.yml | 1 + roles/database_init/tasks/main.yml | 6 +++--- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/group_vars/aws_node_local.yml b/group_vars/aws_node_local.yml index bb380b9..89c158e 100644 --- a/group_vars/aws_node_local.yml +++ b/group_vars/aws_node_local.yml @@ -66,6 +66,7 @@ atl_aws_enable_cloudwatch_logs: "{{ lookup('env', 'ATL_AWS_ENABLE_CLOUDWATCH_LOG atl_db_engine: "{{ lookup('env', 'ATL_DB_ENGINE') }}" atl_db_host: "{{ lookup('env', 'ATL_DB_HOST') }}" atl_db_port: "{{ lookup('env', 'ATL_DB_PORT') or '5432' }}" +atl_db_root_db_name: "{{ lookup('env', 'ATL_DB_ROOT_DB_NAME') or 'postgres' }}" atl_db_root_user: "{{ lookup('env', 'ATL_DB_ROOT_USER') or 'postgres' }}" atl_db_root_password: "{{ lookup('env', 'ATL_DB_ROOT_PASSWORD') }}" atl_db_driver: "{{ lookup('env', 'ATL_DB_DRIVER') or 'org.postgresql.Driver' }}" diff --git a/roles/database_init/defaults/main.yml b/roles/database_init/defaults/main.yml index 4620228..8d4d128 100644 --- a/roles/database_init/defaults/main.yml +++ b/roles/database_init/defaults/main.yml @@ -1,6 +1,7 @@ --- atl_db_port: '5432' +atl_db_root_db_name: 'postgres' atl_db_root_user: 'postgres' atl_jdbc_encoding: 'UTF-8' atl_jdbc_collation: 'C' diff --git a/roles/database_init/tasks/main.yml b/roles/database_init/tasks/main.yml index 05a27fa..10b0051 100644 --- a/roles/database_init/tasks/main.yml +++ b/roles/database_init/tasks/main.yml @@ -15,7 +15,7 @@ login_host: "{{ atl_db_host }}" login_user: "{{ atl_db_root_user }}" login_password: "{{ atl_db_root_password }}" - db: "{{ atl_jdbc_db_name }}" + db: "{{ atl_db_root_db_name }}" query: "ALTER SCHEMA public OWNER to {{ atl_db_root_user }};" - name: Grant privs to root user on public schema @@ -23,7 +23,7 @@ login_host: "{{ atl_db_host }}" login_user: "{{ atl_db_root_user }}" login_password: "{{ atl_db_root_password }}" - db: "{{ atl_jdbc_db_name }}" + db: "{{ atl_db_root_db_name }}" query: "GRANT ALL ON SCHEMA public TO {{ atl_db_root_user }};" - name: Grant privs to application user on public schema @@ -31,7 +31,7 @@ login_host: "{{ atl_db_host }}" login_user: "{{ atl_db_root_user }}" login_password: "{{ atl_db_root_password }}" - db: "{{ atl_jdbc_db_name }}" + db: "{{ atl_db_root_db_name }}" query: "GRANT ALL ON SCHEMA public TO {{ atl_jdbc_user }};" - block: From 6e20e92a76191aba7891b077654bdb0ee892071d Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Tue, 10 Dec 2019 17:40:29 +1100 Subject: [PATCH 65/71] ITOPSENG-277 fix schema owner and grant logic --- roles/database_init/tasks/main.yml | 49 +++++++++++++++--------------- 1 file changed, 25 insertions(+), 24 deletions(-) diff --git a/roles/database_init/tasks/main.yml b/roles/database_init/tasks/main.yml index 10b0051..01f308e 100644 --- a/roles/database_init/tasks/main.yml +++ b/roles/database_init/tasks/main.yml @@ -10,30 +10,6 @@ password: "{{ atl_jdbc_password }}" expires: 'infinity' -- name: Assert ownership of public schema - postgresql_query: - login_host: "{{ atl_db_host }}" - login_user: "{{ atl_db_root_user }}" - login_password: "{{ atl_db_root_password }}" - db: "{{ atl_db_root_db_name }}" - query: "ALTER SCHEMA public OWNER to {{ atl_db_root_user }};" - -- name: Grant privs to root user on public schema - postgresql_query: - login_host: "{{ atl_db_host }}" - login_user: "{{ atl_db_root_user }}" - login_password: "{{ atl_db_root_password }}" - db: "{{ atl_db_root_db_name }}" - query: "GRANT ALL ON SCHEMA public TO {{ atl_db_root_user }};" - -- name: Grant privs to application user on public schema - postgresql_query: - login_host: "{{ atl_db_host }}" - login_user: "{{ atl_db_root_user }}" - login_password: "{{ atl_db_root_password }}" - db: "{{ atl_db_root_db_name }}" - query: "GRANT ALL ON SCHEMA public TO {{ atl_jdbc_user }};" - - block: - name: Update root privs for new user @@ -62,3 +38,28 @@ tags: - new_only + +- name: Assert ownership of public schema + postgresql_query: + login_host: "{{ atl_db_host }}" + login_user: "{{ atl_db_root_user }}" + login_password: "{{ atl_db_root_password }}" + db: "{{ atl_jdbc_db_name }}" + query: "ALTER SCHEMA public OWNER to {{ atl_db_root_user }};" + +- name: Grant privs to root user on public schema + postgresql_query: + login_host: "{{ atl_db_host }}" + login_user: "{{ atl_db_root_user }}" + login_password: "{{ atl_db_root_password }}" + db: "{{ atl_jdbc_db_name }}" + query: "GRANT ALL ON SCHEMA public TO {{ atl_db_root_user }};" + +- name: Grant privs to application user on public schema + postgresql_query: + login_host: "{{ atl_db_host }}" + login_user: "{{ atl_db_root_user }}" + login_password: "{{ atl_db_root_password }}" + db: "{{ atl_jdbc_db_name }}" + query: "GRANT ALL ON SCHEMA public TO {{ atl_jdbc_user }};" + From 3ab863d55e80f938d8fb9cb1e424ed5c18a0682f Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Mon, 16 Dec 2019 09:37:39 +1100 Subject: [PATCH 66/71] ITOPSENG-333 prevent db_create if db already exists --- roles/database_init/tasks/main.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/roles/database_init/tasks/main.yml b/roles/database_init/tasks/main.yml index 01f308e..070b33d 100644 --- a/roles/database_init/tasks/main.yml +++ b/roles/database_init/tasks/main.yml @@ -10,6 +10,15 @@ password: "{{ atl_jdbc_password }}" expires: 'infinity' +- name: Collect dbcluster db_names + postgresql_query: + login_host: "{{ atl_db_host }}" + login_user: "{{ atl_db_root_user }}" + login_password: "{{ atl_db_root_password }}" + db: "{{ atl_db_root_db_name }}" + query: "SELECT datname FROM pg_database;" + register: dbcluster_db_names + - block: - name: Update root privs for new user @@ -35,6 +44,7 @@ lc_ctype: "{{ atl_jdbc_ctype }}" template: "{{ atl_jdbc_template }}" register: db_created + when: "atl_jdbc_db_name not in (dbcluster_db_names.query_result | map(attribute='datname') )" tags: - new_only @@ -62,4 +72,3 @@ login_password: "{{ atl_db_root_password }}" db: "{{ atl_jdbc_db_name }}" query: "GRANT ALL ON SCHEMA public TO {{ atl_jdbc_user }};" - From afb9527871a0160b24e9a62698c85e29d8496983 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Mon, 16 Dec 2019 14:25:24 +1100 Subject: [PATCH 67/71] ITOPSENG-333 put comment in code to explain the need for skipping db_create --- roles/database_init/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/database_init/tasks/main.yml b/roles/database_init/tasks/main.yml index 070b33d..e065a0a 100644 --- a/roles/database_init/tasks/main.yml +++ b/roles/database_init/tasks/main.yml @@ -31,6 +31,7 @@ objs: "{{ atl_jdbc_user }}" type: group +# RDS does not allow changing the collation on an existing DB, it only allows collation change on creation of db. If the db already exists, we need the “create new application database” task to be skipped, idempotence can not be relied upon as we cant be certain the collation of the existing db - name: Create new application database postgresql_db: login_host: "{{ atl_db_host }}" From b17ec2d236230c5a5b5f74d0e9b94f7d1377c791 Mon Sep 17 00:00:00 2001 From: Steve Smith Date: Tue, 17 Dec 2019 12:02:52 +1100 Subject: [PATCH 68/71] DCD-861: Use native tar rather than unarchive to avoid unnecessary idempotence checks with large archives. --- roles/restore_backups/tasks/home_restore.yml | 45 +++++++++++++------- 1 file changed, 29 insertions(+), 16 deletions(-) diff --git a/roles/restore_backups/tasks/home_restore.yml b/roles/restore_backups/tasks/home_restore.yml index 5c0b7b4..3415231 100644 --- a/roles/restore_backups/tasks/home_restore.yml +++ b/roles/restore_backups/tasks/home_restore.yml @@ -13,28 +13,41 @@ owner: "{{ atl_product_user }}" group: "{{ atl_product_user }}" + # We also need to use `tar` here as `unarchive` runs `tar` three times doing + # idempotence checks, which we can skip. - name: Restore the shared-home backup - unarchive: - src: "{{ atl_backup_home_dest }}" - remote_src: yes - dest: "{{ atl_product_home_shared }}" + command: + argv: + - "tar" + - "--extract" + - "--file" + - "{{ atl_backup_home_dest }}" + - "--directory" + - "{{ atl_product_home_shared }}" + warn: false when: atl_backup_home_is_server is not defined or not atl_backup_home_is_server|bool + # Use tar transform to convert the Confluence Server (unclustered) + # layout to shared-home version. What occurs is: + # + # * --transform runs first, moving attachments into the shared home. + # * --strip-components removes the top-level directory + # + # NOTE: Also see the `confluence_config` role, which uses + # symlinks to support server and clustered layouts + # concurrently. - name: Restore a Confluence server home to share-home layout - unarchive: - src: "{{ atl_backup_home_dest }}" - remote_src: yes - dest: "{{ atl_product_home_shared }}" - # Use tar transform to convert the Confluence Server - # (unclustered) layout to shared-home version. What occurs is: - # * --transform runs first, moving attachments into the shared home. - # * --strip-components removes the top-level directory - # NOTE: Also see the `confluence_config` role, which uses - # symlinks to support server and clustered layouts - # concurrently. - extra_opts: + command: + argv: + - "tar" + - "--extract" - "--transform=s,^attachments,shared-home/attachments," - "--strip-components=1" + - "--file" + - "{{ atl_backup_home_dest }}" + - "--directory" + - "{{ atl_product_home_shared }}" + warn: false when: atl_backup_home_is_server is defined and atl_backup_home_is_server|bool - name: Set shared home owner and group to application user From aabbc4dfed6944c8402804b178f116df276da28d Mon Sep 17 00:00:00 2001 From: Ben Partridge Date: Mon, 30 Dec 2019 15:22:11 +1100 Subject: [PATCH 69/71] DCD-879: Add default(false) for serverHome property of shared home manifest artifact --- roles/restore_backups/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/restore_backups/tasks/main.yml b/roles/restore_backups/tasks/main.yml index 6ad9b98..2cde5ab 100644 --- a/roles/restore_backups/tasks/main.yml +++ b/roles/restore_backups/tasks/main.yml @@ -58,7 +58,7 @@ atl_backup_id: "{{ atl_backup_manifest.name }}" atl_backup_db_dest: "{{ atl_installer_temp }}/{{ atl_backup_manifest.artifacts.db.location.location | basename }}" atl_backup_home_dest: "{{ atl_installer_temp }}/{{ atl_backup_manifest.artifacts.sharedHome.location.location | basename }}" - atl_backup_home_is_server: "{{ atl_backup_manifest.artifacts.sharedHome.serverHome }}" + atl_backup_home_is_server: "{{ atl_backup_manifest.artifacts.sharedHome.serverHome | default(false) }}" # FIXME: Here we fetch the backups. However we may wish to stream # these directly from S3 to the target DB/FS to avoid requiring From d3774a338e9cb945db834ed1f9f9e4ccfa516fb4 Mon Sep 17 00:00:00 2001 From: Ben Partridge Date: Tue, 31 Dec 2019 11:18:04 +1100 Subject: [PATCH 70/71] DCD-879: add "set empty" parameter to default filter for atl_backup_home_is_server and a filter to set is as a bool --- roles/restore_backups/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/restore_backups/tasks/main.yml b/roles/restore_backups/tasks/main.yml index 2cde5ab..f4e7833 100644 --- a/roles/restore_backups/tasks/main.yml +++ b/roles/restore_backups/tasks/main.yml @@ -58,7 +58,7 @@ atl_backup_id: "{{ atl_backup_manifest.name }}" atl_backup_db_dest: "{{ atl_installer_temp }}/{{ atl_backup_manifest.artifacts.db.location.location | basename }}" atl_backup_home_dest: "{{ atl_installer_temp }}/{{ atl_backup_manifest.artifacts.sharedHome.location.location | basename }}" - atl_backup_home_is_server: "{{ atl_backup_manifest.artifacts.sharedHome.serverHome | default(false) }}" + atl_backup_home_is_server: "{{ atl_backup_manifest.artifacts.sharedHome.serverHome | default(false, true) | bool }}" # FIXME: Here we fetch the backups. However we may wish to stream # these directly from S3 to the target DB/FS to avoid requiring From 20a9c089794d03c7dd360eb7645801d9fa744475 Mon Sep 17 00:00:00 2001 From: Varun Arbatti Date: Tue, 31 Dec 2019 00:37:50 +0000 Subject: [PATCH 71/71] Merged in DCD-797-restore_independent-of_db_init_role (pull request #61) DCD-797: Make restore work without requiring database_init role to be run * DCD-797: Make restore work without requiring database_init role to be run * DCD-797: Fixes error with yaml lint * DCD-797: Adds check before running restore database tasks * DCD-797: Restore a database when either db_creted.changed is true or when `atl_force_db_restore` variable is set to true * DCD-797: set default filter to return a default value when the argument is a python false-y value. Update readme to reflect name of extra var env variable Approved-by: Ben Partridge Approved-by: Steve Smith --- README.md | 4 ++-- roles/restore_backups/tasks/main.yml | 6 ++++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 29605c6..e33ea18 100644 --- a/README.md +++ b/README.md @@ -47,11 +47,11 @@ directly, the command for this would look like the following: -i inv/aws_node_local aws_jira_dc_node.yml You can also do this on a CloudFormation template where the stack details are in `/etc/atl`. -On such templates, the variable `ATL_ANSIBLE_EXTRA_PARAMS` is added to the +On such templates, the variable `ATL_DEPLOYMENT_REPOSITORY_CUSTOM_PARAMS` is added to the `ansible-playbook` parameters in `bin/ansible-with-alt-env`. In this case you need to set it to: + ATL_DEPLOYMENT_REPOSITORY_CUSTOM_PARAMS="-e atl_product_download_url=http://s3.amazon.com/atlassian/jira-9.0.0-PRE-TEST.tar.gz -e atl_use_system_jdk=true -e atl_download_format=tarball" - ATL_ANSIBLE_EXTRA_PARAMS="-e atl_product_download_url=http://s3.amazon.com/atlassian/jira-9.0.0-PRE-TEST.tar.gz -e atl_use_system_jdk=true -e atl_download_format=tarball" To set the same parameters in the AWS Quick Starts for [Jira Data Center](https://aws.amazon.com/quickstart/architecture/jira/), diff --git a/roles/restore_backups/tasks/main.yml b/roles/restore_backups/tasks/main.yml index f4e7833..f8162e0 100644 --- a/roles/restore_backups/tasks/main.yml +++ b/roles/restore_backups/tasks/main.yml @@ -85,6 +85,8 @@ include_tasks: "{{ ansible_distribution|lower }}.yml" + # Restores the application database. If a var with name `atl_force_db_restore` is set to true, the database will be restored even when the database has not been created in the same playbook run. + # This is done to accommodate running the restore role independent of the database_init role. - name: Restore application database postgresql_db: login_host: "{{ atl_db_host }}" @@ -106,8 +108,8 @@ failed_when: - result.rc != 0 - '"COMMENT ON EXTENSION" not in result.msg' - when: db_created.changed and atl_backup_db_dest is defined - + # default('false', true) filter makes the default filter return the specified default value for python False-y values (like an empty string) + when: atl_backup_db_dest is defined and (db_created.changed or (atl_force_db_restore | default('false', true) | bool)) - name: Restore shared home include_tasks: "home_restore.yml"