diff --git a/roles/installer_download/defaults/main.yml b/roles/installer_download/defaults/main.yml index 60e2896..3024352 100644 --- a/roles/installer_download/defaults/main.yml +++ b/roles/installer_download/defaults/main.yml @@ -1,6 +1,7 @@ --- atl_product_latest_version_url: "https://marketplace.atlassian.com/rest/2/applications/{{ atl_product_family }}/versions/latest" +atl_product_version_cache_dir: "{{ atl_product_home_shared }}" atl_product_version_cache: "{{ atl_product_home_shared }}/{{ atl_product_edition }}.version" atl_release_base_url: "https://product-downloads.atlassian.com/software" diff --git a/roles/installer_download/molecule/bitbucket_latest/molecule.yml b/roles/installer_download/molecule/bitbucket_latest/molecule.yml.disabled similarity index 100% rename from roles/installer_download/molecule/bitbucket_latest/molecule.yml rename to roles/installer_download/molecule/bitbucket_latest/molecule.yml.disabled diff --git a/roles/installer_download/molecule/jira_version_from_file/tests/test_default.py b/roles/installer_download/molecule/jira_version_from_file/tests/test_default.py index 4ba5091..438dbc3 100644 --- a/roles/installer_download/molecule/jira_version_from_file/tests/test_default.py +++ b/roles/installer_download/molecule/jira_version_from_file/tests/test_default.py @@ -19,7 +19,7 @@ def test_is_downloaded(host): assert installer.user == 'root' def test_is_unpacked(host): - installer = host.file('/opt/atlassian/jira-core/7.9.0') + installer = host.file('/opt/atlassian/jira-core/7.9.0/atlassian-jira/') assert installer.exists assert installer.is_directory assert installer.user == 'jira' diff --git a/roles/installer_download/molecule/jira_version_override/tests/test_default.py b/roles/installer_download/molecule/jira_version_override/tests/test_default.py index 4c9149c..bf9d37d 100644 --- a/roles/installer_download/molecule/jira_version_override/tests/test_default.py +++ b/roles/installer_download/molecule/jira_version_override/tests/test_default.py @@ -23,4 +23,3 @@ def test_is_unpacked(host): assert installer.exists assert installer.is_directory assert installer.user == 'jira' - assert installer.mode == 0o0755 diff --git a/roles/installer_download/molecule/servicedesk3/tests/test_default.py b/roles/installer_download/molecule/servicedesk3/tests/test_default.py index 280bdee..aaa6e3a 100644 --- a/roles/installer_download/molecule/servicedesk3/tests/test_default.py +++ b/roles/installer_download/molecule/servicedesk3/tests/test_default.py @@ -11,27 +11,20 @@ def test_version_is_correct(host): verfile = host.file('/media/atl/jira/shared/jira-servicedesk.version') assert verfile.exists - assert verfile.content.decode("UTF-8").strip() == "3.0.2" + assert verfile.content.decode("UTF-8").strip() == "3.9.0" def test_is_downloaded(host): - installer = host.file('/opt/atlassian/tmp/jira-software.7.0.11.tar.gz') + installer = host.file('/opt/atlassian/tmp/servicedesk.3.9.0.bin') assert installer.exists assert installer.user == 'root' def test_is_unpacked(host): - installer = host.file('/opt/atlassian/jira-servicedesk/3.0.2') + installer = host.file('/opt/atlassian/jira-servicedesk/3.9.0') assert installer.exists assert installer.is_directory assert installer.user == 'jira' - assert installer.mode == 0o0755 -def test_sd_is_downloaded(host): - installer = host.file('/opt/atlassian/tmp/jira-servicedesk.3.0.2.obr') - assert installer.exists - assert installer.user == 'root' - -def test_is_unpacked(host): - installer = host.file('/media/atl/jira/shared/plugins/installed-plugins/jira-servicedesk-application-3.0.2.jar') +def test_plugin_is_present(host): + installer = host.file('/opt/atlassian/jira-servicedesk/current/atlassian-jira/WEB-INF/application-installation/jira-servicedesk-application/jira-servicedesk-application-3.9.0.jar') assert installer.exists assert installer.user == 'jira' - assert installer.mode == 0o0750 diff --git a/roles/installer_download/molecule/servicedesk4/tests/test_default.py b/roles/installer_download/molecule/servicedesk4/tests/test_default.py index 4b86875..a052f2d 100644 --- a/roles/installer_download/molecule/servicedesk4/tests/test_default.py +++ b/roles/installer_download/molecule/servicedesk4/tests/test_default.py @@ -14,7 +14,7 @@ def test_version_is_correct(host): assert verfile.content.decode("UTF-8").strip() == "4.1.0" def test_is_downloaded(host): - installer = host.file('/opt/atlassian/tmp/jira-software.8.1.0.tar.gz') + installer = host.file('/opt/atlassian/tmp/servicedesk.4.1.0.bin') assert installer.exists assert installer.user == 'root' @@ -23,15 +23,8 @@ def test_is_unpacked(host): assert installer.exists assert installer.is_directory assert installer.user == 'jira' - assert installer.mode == 0o0755 -def test_sd_is_downloaded(host): - installer = host.file('/opt/atlassian/tmp/jira-servicedesk.4.1.0.obr') - assert installer.exists - assert installer.user == 'root' - -def test_is_unpacked(host): - installer = host.file('/media/atl/jira/shared/plugins/installed-plugins/jira-servicedesk-application-4.1.0.jar') +def test_plugin_is_present(host): + installer = host.file('/opt/atlassian/jira-servicedesk/current/atlassian-jira/WEB-INF/application-installation/jira-servicedesk-application/jira-servicedesk-application-4.1.0.jar') assert installer.exists assert installer.user == 'jira' - assert installer.mode == 0o0750 diff --git a/roles/installer_download/molecule/servicedesk_latest/tests/test_default.py b/roles/installer_download/molecule/servicedesk_latest/tests/test_default.py index 6ff8e80..b595161 100644 --- a/roles/installer_download/molecule/servicedesk_latest/tests/test_default.py +++ b/roles/installer_download/molecule/servicedesk_latest/tests/test_default.py @@ -23,24 +23,17 @@ def test_version_is_correct(host): assert verfile.content.decode("UTF-8").strip() == sd def test_is_downloaded(host): - installer = host.file('/opt/atlassian/tmp/jira-software.'+jira+'.tar.gz') + installer = host.file('/opt/atlassian/tmp/servicedesk.'+sd+'.bin') assert installer.exists assert installer.user == 'root' def test_is_unpacked(host): - installer = host.file('/opt/atlassian/jira-servicedesk/'+jira) + installer = host.file('/opt/atlassian/jira-servicedesk/'+sd) assert installer.exists assert installer.is_directory assert installer.user == 'jira' - assert installer.mode == 0o0755 -def test_sd_is_downloaded(host): - installer = host.file('/opt/atlassian/tmp/jira-servicedesk.'+sd+'.obr') - assert installer.exists - assert installer.user == 'root' - -def test_is_unpacked(host): - installer = host.file('/media/atl/jira/shared/plugins/installed-plugins/jira-servicedesk-application-'+sd+'.jar') +def test_plugin_is_present(host): + installer = host.file('/opt/atlassian/jira-servicedesk/current/atlassian-jira/WEB-INF/application-installation/jira-servicedesk-application/jira-servicedesk-application-'+sd+'.jar') assert installer.exists assert installer.user == 'jira' - assert installer.mode == 0o0750 diff --git a/roles/installer_download/tasks/create_dirs.yml b/roles/installer_download/tasks/create_dirs.yml new file mode 100644 index 0000000..890c42e --- /dev/null +++ b/roles/installer_download/tasks/create_dirs.yml @@ -0,0 +1,15 @@ +--- + +- name: Create installation directories + file: + path: "{{ item }}" + state: directory + mode: 0750 + owner: "{{ atl_product_user }}" + group: "{{ atl_product_user }}" + with_items: + - "{{ atl_installer_temp }}" + - "{{ atl_product_home }}" + - "{{ atl_product_installation_versioned }}" + - "{{ atl_product_version_cache_dir }}" + changed_when: false # For Molecule idempotence check diff --git a/roles/installer_download/tasks/fetch_product.yml b/roles/installer_download/tasks/fetch_product.yml index b26a395..d10fc3c 100644 --- a/roles/installer_download/tasks/fetch_product.yml +++ b/roles/installer_download/tasks/fetch_product.yml @@ -15,11 +15,18 @@ template: src: "{{ atl_product_family }}.varfile.j2" dest: "{{ atl_product_varfile }}" + mode: 0755 +# NOTE: We run the installer as the user rather than root to limit its +# actions. For example, if root and the 'jira' user exists then it +# will create 'jira1'; this potentially creates idempotency/upgrade +# issues down the line. - name: Run the installer command: /bin/sh "{{ atl_product_download }}" -q -varfile "{{ atl_product_varfile }}" args: creates: "{{ atl_product_installation_versioned }}/.install4j/" + become: true + become_user: "{{ atl_product_user }}" - name: Symlink the installed version to current file: diff --git a/roles/installer_download/tasks/main.yml b/roles/installer_download/tasks/main.yml index f3a5392..1d33097 100644 --- a/roles/installer_download/tasks/main.yml +++ b/roles/installer_download/tasks/main.yml @@ -1,15 +1,5 @@ --- -- name: Create installation directories - file: - path: "{{ item }}" - state: directory - mode: 0755 - with_items: - - "{{ atl_installer_temp }}" - - "{{ atl_product_home_shared }}" - - # Common case for most products and Jira editions. - name: Fetch ServiceDesk metadata if necessary include_tasks: "servicedesk_download.yml" @@ -17,7 +7,8 @@ # Differences for ServiceDesk become fiddly enough that it's better to # just split them out and move common functionality into individual -# task files. +# task files. This gives us some flexibility in the future if +# necessary. - name: Fetch product metadata if necessary include_tasks: "product_download.yml" when: atl_product_edition != "jira-servicedesk" diff --git a/roles/installer_download/tasks/product_download.yml b/roles/installer_download/tasks/product_download.yml index 87ce301..ea73d3b 100644 --- a/roles/installer_download/tasks/product_download.yml +++ b/roles/installer_download/tasks/product_download.yml @@ -1,5 +1,8 @@ --- +- name: Create installation directories if necesary + include_tasks: "create_dirs.yml" + - name: Check for and load cached version include_tasks: "cached_version_fetch.yml" diff --git a/roles/installer_download/tasks/servicedesk_download.yml b/roles/installer_download/tasks/servicedesk_download.yml index 3572297..7acf981 100644 --- a/roles/installer_download/tasks/servicedesk_download.yml +++ b/roles/installer_download/tasks/servicedesk_download.yml @@ -1,5 +1,8 @@ --- +- name: Create installation directories if necesary + include_tasks: "create_dirs.yml" + - name: Check for and load cached version include_tasks: "cached_version_fetch.yml" @@ -12,7 +15,7 @@ set_fact: atl_servicedesk_version_json: "{{ lookup('url', '{{ atl_servicedesk_latest_url }}') }}" - - name: Set the Jira version for ServiceDesk + - name: Set the version for ServiceDesk set_fact: atl_product_version: "{{ atl_servicedesk_version_json.name }}" @@ -31,4 +34,4 @@ atl_download_edition: "servicedesk" - name: Fetch and unpack the product distribution - include_tasks: "fetch_product.yml" + include_tasks: "fetch_product.yml" diff --git a/roles/jira_config/molecule/default/playbook.yml b/roles/jira_config/molecule/default/playbook.yml index 6795f76..8365acf 100644 --- a/roles/jira_config/molecule/default/playbook.yml +++ b/roles/jira_config/molecule/default/playbook.yml @@ -12,5 +12,5 @@ roles: - role: linux_common - role: product_common - - role: tgz_download + - role: installer_download - role: jira_config diff --git a/roles/jira_config/molecule/default/tests/test_default.py b/roles/jira_config/molecule/default/tests/test_default.py index d11a2e4..85e3a74 100644 --- a/roles/jira_config/molecule/default/tests/test_default.py +++ b/roles/jira_config/molecule/default/tests/test_default.py @@ -43,3 +43,11 @@ def test_server_file(host): assert f.contains('scheme="http"') assert not f.contains('proxyName=') assert not f.contains('proxyPort=') + +def test_install_permissions(host): + assert host.file('/opt/atlassian/jira-software/current/conf/server.xml').user == 'root' + assert host.file('/opt/atlassian/jira-software/current/atlassian-jira/WEB-INF/web.xml').user == 'root' + + assert host.file('/opt/atlassian/jira-software/current/logs/').user == 'root' + assert host.file('/opt/atlassian/jira-software/current/work/').user == 'root' + assert host.file('/opt/atlassian/jira-software/current/temp/').user == 'root' diff --git a/roles/jira_config/tasks/main.yml b/roles/jira_config/tasks/main.yml index 40b76f4..e6aca45 100644 --- a/roles/jira_config/tasks/main.yml +++ b/roles/jira_config/tasks/main.yml @@ -29,7 +29,6 @@ - 'JVM_MINIMUM_MEMORY' - 'JVM_MAXIMUM_MEMORY' - - name: Create application directories file: path: "{{ item }}" @@ -38,5 +37,35 @@ owner: "{{ atl_product_user }}" group: "{{ atl_product_user }}" with_items: + - "{{ atl_product_home }}" - "{{ atl_product_home_shared }}" - "{{ atl_product_shared_plugins }}" + changed_when: false # For Molecule idempotence check + + +- name: Limit permissions on the installation directory + file: + path: "{{ atl_product_installation_versioned }}" + owner: "root" + group: "root" + mode: "u=rwX,g=rX,o-rwx" + recurse: true + with_items: + - "{{ atl_installer_temp }}" + - "{{ atl_product_installation_versioned }}" + - "{{ atl_product_version_cache_dir }}" + changed_when: false # For Molecule idempotence check + +- name: Grant access to the product working directories + file: + path: "{{ item }}" + state: directory + mode: 0750 + owner: "root" + group: "root" + recurse: true + with_items: + - "{{ atl_product_installation_versioned }}/logs" + - "{{ atl_product_installation_versioned }}/temp" + - "{{ atl_product_installation_versioned }}/work" + changed_when: false # For Molecule idempotence check diff --git a/roles/product_common/defaults/main.yml b/roles/product_common/defaults/main.yml index d6c8b17..70c4ee2 100644 --- a/roles/product_common/defaults/main.yml +++ b/roles/product_common/defaults/main.yml @@ -7,4 +7,3 @@ git_version: "2.14.4" # Disable these when using the product installer, otherwise we end up # fighting with it. use_system_jdk: false -create_product_user: false diff --git a/roles/product_common/molecule/default/tests/test_default.py b/roles/product_common/molecule/default/tests/test_default.py index 7f748b3..26bdc54 100644 --- a/roles/product_common/molecule/default/tests/test_default.py +++ b/roles/product_common/molecule/default/tests/test_default.py @@ -12,22 +12,9 @@ def test_user_created(host): assert user.exists -@pytest.mark.parametrize('target', [ - '/opt/atlassian/product', - '/opt/atlassian/temp', - '/media/atl/jira/shared' -]) -def test_dirs_created(host, target): - d = host.file(target) - assert d.exists - assert d.is_directory - assert d.user == 'testuser' - - @pytest.mark.parametrize('exe', [ '/usr/bin/git', - '/usr/bin/psql', - '/usr/bin/javac' + '/usr/bin/psql' ]) def test_package_exes(host, exe): assert host.file(exe).exists diff --git a/roles/product_common/tasks/main.yml b/roles/product_common/tasks/main.yml index 1a4b5e1..2dbc0e0 100644 --- a/roles/product_common/tasks/main.yml +++ b/roles/product_common/tasks/main.yml @@ -7,4 +7,3 @@ user: name: "{{ atl_product_user }}" comment: "Product runtime user" - when: create_product_user diff --git a/roles/product_common/tasks/ubuntu.yml b/roles/product_common/tasks/ubuntu.yml index be6c16a..9fb1bf6 100644 --- a/roles/product_common/tasks/ubuntu.yml +++ b/roles/product_common/tasks/ubuntu.yml @@ -14,5 +14,3 @@ - postgresql-client - fonts-dejavu-core - git - tags: - - runtime_pkg