From 0a7e5220a2e1538c85012b29ce79bdba19608dfd Mon Sep 17 00:00:00 2001
From: Denise Unterwurzacher <dunterwurzacher@atlassian.com>
Date: Thu, 16 Jul 2020 12:20:23 -0500
Subject: [PATCH] ITOPSENG-716 Create Catalina folder in tomcat-install/conf
 ownder by product user, but leave the rest of conf owned by root. This
 reinstates catalina.out logging, as it needs that folder to exist and be
 owned by the product user/group.

---
 .../molecule/aurora/tests/test_aurora.py                 | 1 +
 .../molecule/default/tests/test_default.py               | 1 +
 roles/confluence_config/tasks/main.yml                   | 9 +++++++++
 roles/crowd_config/tasks/main.yml                        | 9 +++++++++
 roles/jira_config/molecule/aurora/tests/test_default.py  | 1 +
 roles/jira_config/molecule/default/tests/test_default.py | 2 +-
 .../molecule/jira_config_props/tests/test_default.py     | 1 +
 roles/jira_config/tasks/main.yml                         | 9 +++++++++
 8 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/roles/confluence_config/molecule/aurora/tests/test_aurora.py b/roles/confluence_config/molecule/aurora/tests/test_aurora.py
index bee0d38..66c2ed5 100644
--- a/roles/confluence_config/molecule/aurora/tests/test_aurora.py
+++ b/roles/confluence_config/molecule/aurora/tests/test_aurora.py
@@ -45,6 +45,7 @@ def test_install_permissions(host):
     assert host.file('/opt/atlassian/confluence/current/conf/server.xml').user == 'root'
     assert host.file('/opt/atlassian/confluence/current/confluence/WEB-INF/web.xml').user == 'root'
 
+    assert host.file('/opt/atlassian/confluence/current/conf/Catalina').user == 'confluence'
     assert host.file('/opt/atlassian/confluence/current/logs/').user == 'confluence'
     assert host.file('/opt/atlassian/confluence/current/work/').user == 'confluence'
     assert host.file('/opt/atlassian/confluence/current/temp/').user == 'confluence'
diff --git a/roles/confluence_config/molecule/default/tests/test_default.py b/roles/confluence_config/molecule/default/tests/test_default.py
index b574a0c..713be57 100644
--- a/roles/confluence_config/molecule/default/tests/test_default.py
+++ b/roles/confluence_config/molecule/default/tests/test_default.py
@@ -55,6 +55,7 @@ def test_install_permissions(host):
     assert host.file('/opt/atlassian/confluence/current/conf/server.xml').user == 'root'
     assert host.file('/opt/atlassian/confluence/current/confluence/WEB-INF/web.xml').user == 'root'
 
+    assert host.file('/opt/atlassian/confluence/current/conf/Catalina').user == 'confluence'
     assert host.file('/opt/atlassian/confluence/current/logs/').user == 'confluence'
     assert host.file('/opt/atlassian/confluence/current/work/').user == 'confluence'
     assert host.file('/opt/atlassian/confluence/current/temp/').user == 'confluence'
diff --git a/roles/confluence_config/tasks/main.yml b/roles/confluence_config/tasks/main.yml
index 887324e..d9c4af2 100644
--- a/roles/confluence_config/tasks/main.yml
+++ b/roles/confluence_config/tasks/main.yml
@@ -97,6 +97,15 @@
     - "{{ atl_product_installation_versioned }}/work"
   changed_when: false  # For Molecule idempotence check
 
+- name: Create conf/Catalina directory owned by product so catalina.out logging works
+  file:
+    path: "{{ atl_product_installation_versioned }}/conf/Catalina"
+    state: directory
+    mode: "u=rwX,g=rX,o-rwx"
+    owner: "{{ atl_product_user }}"
+    group: "{{ atl_product_user }}"
+  changed_when: false  # For Molecule idempotence check
+
 - name: Assert baseurl to same as atl_proxy_name
   postgresql_query:
     login_host: "{{ atl_db_host }}"
diff --git a/roles/crowd_config/tasks/main.yml b/roles/crowd_config/tasks/main.yml
index 0d3c2e4..726211a 100644
--- a/roles/crowd_config/tasks/main.yml
+++ b/roles/crowd_config/tasks/main.yml
@@ -93,6 +93,15 @@
     - "{{ atl_product_installation_versioned }}/apache-tomcat/work"
   changed_when: false  # For Molecule idempotence check
 
+- name: Create conf/Catalina directory owned by product so catalina.out logging works
+  file:
+    path: "{{ atl_product_installation_versioned }}/conf/Catalina"
+    state: directory
+    mode: "u=rwX,g=rX,o-rwx"
+    owner: "{{ atl_product_user }}"
+    group: "{{ atl_product_user }}"
+  changed_when: false  # For Molecule idempotence check
+
 - name: Symlink Crowd shared home directory
   file:
     src: "{{ atl_product_home_shared }}"
diff --git a/roles/jira_config/molecule/aurora/tests/test_default.py b/roles/jira_config/molecule/aurora/tests/test_default.py
index e684eb2..6ae2e1f 100644
--- a/roles/jira_config/molecule/aurora/tests/test_default.py
+++ b/roles/jira_config/molecule/aurora/tests/test_default.py
@@ -70,6 +70,7 @@ def test_install_permissions(host):
     assert host.file('/opt/atlassian/jira-software/current/conf/server.xml').user == 'root'
     assert host.file('/opt/atlassian/jira-software/current/atlassian-jira/WEB-INF/web.xml').user == 'root'
 
+    assert host.file('/opt/atlassian/jira-software/current/conf/Catalina').user == 'jira'
     assert host.file('/opt/atlassian/jira-software/current/logs/').user == 'jira'
     assert host.file('/opt/atlassian/jira-software/current/work/').user == 'jira'
     assert host.file('/opt/atlassian/jira-software/current/temp/').user == 'jira'
diff --git a/roles/jira_config/molecule/default/tests/test_default.py b/roles/jira_config/molecule/default/tests/test_default.py
index 5a7b961..48454e5 100644
--- a/roles/jira_config/molecule/default/tests/test_default.py
+++ b/roles/jira_config/molecule/default/tests/test_default.py
@@ -73,9 +73,9 @@ def test_server_file(host):
 
 
 def test_install_permissions(host):
-    assert host.file('/opt/atlassian/jira-software/current/conf/server.xml').user == 'root'
     assert host.file('/opt/atlassian/jira-software/current/atlassian-jira/WEB-INF/web.xml').user == 'root'
 
+    assert host.file('/opt/atlassian/jira-software/current/conf/Catalina').user == 'jira'
     assert host.file('/opt/atlassian/jira-software/current/logs/').user == 'jira'
     assert host.file('/opt/atlassian/jira-software/current/work/').user == 'jira'
     assert host.file('/opt/atlassian/jira-software/current/temp/').user == 'jira'
diff --git a/roles/jira_config/molecule/jira_config_props/tests/test_default.py b/roles/jira_config/molecule/jira_config_props/tests/test_default.py
index 4287ee6..70329f1 100644
--- a/roles/jira_config/molecule/jira_config_props/tests/test_default.py
+++ b/roles/jira_config/molecule/jira_config_props/tests/test_default.py
@@ -77,6 +77,7 @@ def test_install_permissions(host):
     assert host.file('/opt/atlassian/jira-software/current/conf/server.xml').user == 'root'
     assert host.file('/opt/atlassian/jira-software/current/atlassian-jira/WEB-INF/web.xml').user == 'root'
 
+    assert host.file('/opt/atlassian/jira-software/current/conf/Catalina').user == 'jira'
     assert host.file('/opt/atlassian/jira-software/current/logs/').user == 'jira'
     assert host.file('/opt/atlassian/jira-software/current/work/').user == 'jira'
     assert host.file('/opt/atlassian/jira-software/current/temp/').user == 'jira'
diff --git a/roles/jira_config/tasks/main.yml b/roles/jira_config/tasks/main.yml
index 5064f5d..11cf442 100644
--- a/roles/jira_config/tasks/main.yml
+++ b/roles/jira_config/tasks/main.yml
@@ -100,6 +100,15 @@
     - "{{ atl_product_installation_versioned }}/work"
   changed_when: false  # For Molecule idempotence check
 
+- name: Create conf/Catalina directory owned by product so catalina.out logging works
+  file:
+    path: "{{ atl_product_installation_versioned }}/conf/Catalina"
+    state: directory
+    mode: "u=rwX,g=rX,o-rwx"
+    owner: "{{ atl_product_user }}"
+    group: "{{ atl_product_user }}"
+  changed_when: false  # For Molecule idempotence check
+
 - name: Assert baseurl to same as atl_proxy_name
   postgresql_query:
     login_host: "{{ atl_db_host }}"