From 6df489e579e1c3d330ddd76ddf88672ff850aa9c Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Tue, 30 Aug 2022 13:16:37 +1000 Subject: [PATCH 01/44] some WIP for adding bitbucket mesh support --- aws_bitbucket_mesh_node.yml | 16 ++++++ roles/bitbucket_mesh/defaults/main.yml | 3 ++ roles/bitbucket_mesh/tasks/main.yml | 51 +++++++++++++++++++ .../bitbucket_mesh/templates/mesh.service.j2 | 26 ++++++++++ 4 files changed, 96 insertions(+) create mode 100644 aws_bitbucket_mesh_node.yml create mode 100644 roles/bitbucket_mesh/defaults/main.yml create mode 100644 roles/bitbucket_mesh/tasks/main.yml create mode 100644 roles/bitbucket_mesh/templates/mesh.service.j2 diff --git a/aws_bitbucket_mesh_node.yml b/aws_bitbucket_mesh_node.yml new file mode 100644 index 0000000..1957b1a --- /dev/null +++ b/aws_bitbucket_mesh_node.yml @@ -0,0 +1,16 @@ +--- +- hosts: aws_node_local + become: true + + vars: + # See group_vars/aws_node_local.yml, which pull vars from the environment. + atl_product_family: "stash" + atl_product_edition: "bitbucket" + atl_product_user: "bitbucket" + + + roles: + - role: linux_common + - role: aws_common + - role: product_common + - role: bitbucket_mesh diff --git a/roles/bitbucket_mesh/defaults/main.yml b/roles/bitbucket_mesh/defaults/main.yml new file mode 100644 index 0000000..cb3e292 --- /dev/null +++ b/roles/bitbucket_mesh/defaults/main.yml @@ -0,0 +1,3 @@ +mesh_install_dir: /opt/atlassian/mesh +bitbucket_mesh_maven_repo: https://packages.atlassian.com/maven-external +bitbucket_mesh_version: "1.3.1" \ No newline at end of file diff --git a/roles/bitbucket_mesh/tasks/main.yml b/roles/bitbucket_mesh/tasks/main.yml new file mode 100644 index 0000000..ce1b820 --- /dev/null +++ b/roles/bitbucket_mesh/tasks/main.yml @@ -0,0 +1,51 @@ +--- + +- name: set up the bitbucket mesh group + ansible.builtin.group: + name: "{{ atl_product_user }}" + gid: 1001 + state: present + +- name: set up the bitbucket mesh user + ansible.builtin.user: + name: "{{ atl_product_user }}" + uid: 1001 + state: present + comment: "mesh_runtime_user" + groups: "{{ atl_product_user }}" + home: "{{ mesh_install_dir }}" + +- name: Create Bitbucket dirs if necessary + ansible.builtin.file: + path: "{{ item }}" + owner: "{{ atl_product_user }}" + group: "{{ atl_product_user }}" + mode: 0750 + state: directory + with_items: + - "{{ atl_home_base }}/{{ atl_product_edition }}" + - "{{ mesh_install_dir }}" + +- name: Template out the mesh service file + ansible.builtin.template: + src: mesh.service.j2 + dest: "/usr/lib/systemd/system/mesh.service" + owner: "root" + group: "root" + mode: 0740 + +- name: download the mesh distribution using maven + community.general.maven_artifact: + group_id: "com.atlassian.bitbucket.mesh" + artifact_id: "mesh-distribution" + extension: "tar.gz" + repository_url: "{{ bitbucket_mesh_maven_repo }}" + dest: "{{ mesh_install_dir }}" + mode: "0644" + owner: "{{ atl_product_user }}" + group: "{{ atl_product_user }}" + register: maven_download + +- name: debug + debug: + var: maven_download \ No newline at end of file diff --git a/roles/bitbucket_mesh/templates/mesh.service.j2 b/roles/bitbucket_mesh/templates/mesh.service.j2 new file mode 100644 index 0000000..f95a22c --- /dev/null +++ b/roles/bitbucket_mesh/templates/mesh.service.j2 @@ -0,0 +1,26 @@ +[Unit] +Description=Atlassian bitbucket-mesh +After=syslog.target network-online.target + +[Service] +Type=forking +UMask=0027 +User={{ atl_product_user }} +Group={{ atl_product_user }} +StandardOutput=journal+console +StandardError=journal+console +LimitNOFILE=65336 +Environment=MESH_HOME={{ atl_home_base }}/{{ atl_product_edition }} +Environment=JAVA_HOME=/usr/lib/jvm/java +Environment=JRE_HOME=/usr/lib/jvm/java +Environment=JMX_REMOTE_AUTH=password +Environment=JMX_PASSWORD_FILE=/var/atlassian/application-data/jmx/jmx.access +Environment="JVM_SUPPORT_RECOMMENDED_ARGS=-Dmesh.enabled=true -Dplugin.bitbucket-git.mesh.sidecar.child-process=false -Dcom.sun.management.jmxremote.port=4444 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath={{ atl_home_base }}/{{ atl_product_edition }}/log" +Environment=JVM_MAXIMUM_MEMORY={{ atl_jvm_heap }} +PIDFile={{ atl_home_base }}/{{ atl_product_edition }}/log/mesh.pid +PassEnvironment=JMX_REMOTE_AUTH JMX_PASSWORD_FILE JAVA_HOME +ExecStart={{ mesh_install_dir }}/current/bin/start-mesh.sh +ExecStop={{ mesh_install_dir }}/current/bin/stop-mesh.sh + +[Install] +WantedBy=multi-user.target \ No newline at end of file From bb92b68bf2678f48178417aead7b0d3883af0df5 Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Wed, 31 Aug 2022 09:40:35 +1000 Subject: [PATCH 02/44] remove user/group since they're done in linux-common. making the mesh version come from product version --- roles/bitbucket_mesh/tasks/main.yml | 24 +++++------------------- 1 file changed, 5 insertions(+), 19 deletions(-) diff --git a/roles/bitbucket_mesh/tasks/main.yml b/roles/bitbucket_mesh/tasks/main.yml index ce1b820..37d8ab3 100644 --- a/roles/bitbucket_mesh/tasks/main.yml +++ b/roles/bitbucket_mesh/tasks/main.yml @@ -1,25 +1,10 @@ --- -- name: set up the bitbucket mesh group - ansible.builtin.group: - name: "{{ atl_product_user }}" - gid: 1001 - state: present - -- name: set up the bitbucket mesh user - ansible.builtin.user: - name: "{{ atl_product_user }}" - uid: 1001 - state: present - comment: "mesh_runtime_user" - groups: "{{ atl_product_user }}" - home: "{{ mesh_install_dir }}" - - name: Create Bitbucket dirs if necessary ansible.builtin.file: path: "{{ item }}" - owner: "{{ atl_product_user }}" - group: "{{ atl_product_user }}" + owner: "{{ atl_product_user_uid }}" + group: "{{ atl_product_user_uid }}" mode: 0750 state: directory with_items: @@ -39,11 +24,12 @@ group_id: "com.atlassian.bitbucket.mesh" artifact_id: "mesh-distribution" extension: "tar.gz" + version: "{{ atl_product_version }}" repository_url: "{{ bitbucket_mesh_maven_repo }}" dest: "{{ mesh_install_dir }}" mode: "0644" - owner: "{{ atl_product_user }}" - group: "{{ atl_product_user }}" + owner: "{{ atl_product_user_uid }}" + group: "{{ atl_product_user_uid }}" register: maven_download - name: debug From 73de6b7f614e439e88df21b92adfb8df0329cf29 Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Wed, 31 Aug 2022 11:22:19 +1000 Subject: [PATCH 03/44] adding startup role and moving the service template to the normal one --- aws_bitbucket_mesh_node.yml | 17 +++++++- roles/bitbucket_mesh/tasks/main.yml | 41 ++++++++++++++----- .../bitbucket_mesh/templates/mesh.service.j2 | 26 ------------ 3 files changed, 45 insertions(+), 39 deletions(-) delete mode 100644 roles/bitbucket_mesh/templates/mesh.service.j2 diff --git a/aws_bitbucket_mesh_node.yml b/aws_bitbucket_mesh_node.yml index 1957b1a..c094cec 100644 --- a/aws_bitbucket_mesh_node.yml +++ b/aws_bitbucket_mesh_node.yml @@ -5,12 +5,25 @@ vars: # See group_vars/aws_node_local.yml, which pull vars from the environment. atl_product_family: "stash" - atl_product_edition: "bitbucket" + atl_product_edition: "mesh" atl_product_user: "bitbucket" - + atl_systemd_service_name: "mesh.service" + atl_startup_systemd_params: + - 'UMask=0027' + - 'Environment=MESH_HOME={{ atl_home_base }}/{{ atl_product_edition }}' + - 'Environment=JAVA_HOME=/usr/lib/jvm/java' + - 'Environment=JRE_HOME=/usr/lib/jvm/java' + - 'Environment=JMX_REMOTE_AUTH=password' + - 'Environment=JMX_PASSWORD_FILE=/var/atlassian/application-data/jmx/jmx.access' + - 'Environment="JVM_SUPPORT_RECOMMENDED_ARGS=-Dmesh.enabled=true -Dplugin.bitbucket-git.mesh.sidecar.child-process=false -Dcom.sun.management.jmxremote.port=4444 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath={{ atl_home_base }}/{{ atl_product_edition }}/log"' + - 'Environment=JVM_MAXIMUM_MEMORY={{ atl_jvm_heap }}' + atl_startup_exec_path: "{{ mesh_install_dir }}/current/bin/start-mesh.sh" + atl_stop_exec_path: "{{ mesh_install_dir }}/current/bin/stop-mesh.sh" + atl_systemd_service_target: "multi-user.target" roles: - role: linux_common - role: aws_common - role: product_common - role: bitbucket_mesh + - role: product_startup diff --git a/roles/bitbucket_mesh/tasks/main.yml b/roles/bitbucket_mesh/tasks/main.yml index 37d8ab3..ed72725 100644 --- a/roles/bitbucket_mesh/tasks/main.yml +++ b/roles/bitbucket_mesh/tasks/main.yml @@ -11,14 +11,6 @@ - "{{ atl_home_base }}/{{ atl_product_edition }}" - "{{ mesh_install_dir }}" -- name: Template out the mesh service file - ansible.builtin.template: - src: mesh.service.j2 - dest: "/usr/lib/systemd/system/mesh.service" - owner: "root" - group: "root" - mode: 0740 - - name: download the mesh distribution using maven community.general.maven_artifact: group_id: "com.atlassian.bitbucket.mesh" @@ -27,11 +19,38 @@ version: "{{ atl_product_version }}" repository_url: "{{ bitbucket_mesh_maven_repo }}" dest: "{{ mesh_install_dir }}" + keep_name: yes mode: "0644" owner: "{{ atl_product_user_uid }}" group: "{{ atl_product_user_uid }}" register: maven_download -- name: debug - debug: - var: maven_download \ No newline at end of file +- name: extract the downloaded artifact + ansible.builtin.unarchive: + src: "{{ maven_download.dest }}" + dest: "/opt/atlassian/mesh/" + creates: "/opt/atlassian/mesh/atlassian-bitbucket-mesh-{{ atl_product_version }}" + mode: 0755 + owner: "{{ atl_product_user }}" + group: "{{ atl_product_user }}" + register: mesh_extract + when: + - maven_download.changed | bool + - not maven_download.failed + +# the owner/group on the unarchive above isn't thorough +- name: adjust permissions on the extracted directory + ansible.builtin.file: + state: directory + path: "/opt/atlassian/mesh/atlassian-bitbucket-mesh-{{ atl_product_version }}" + owner: "{{ atl_product_user }}" + group: "{{ atl_product_user }}" + recurse: yes + +- name: symlink to the current version + ansible.builtin.file: + src: "/opt/atlassian/mesh/atlassian-bitbucket-mesh-{{ atl_product_version }}" + dest: "/opt/atlassian/mesh/current" + state: link + when: + - mesh_extract.changed | bool diff --git a/roles/bitbucket_mesh/templates/mesh.service.j2 b/roles/bitbucket_mesh/templates/mesh.service.j2 deleted file mode 100644 index f95a22c..0000000 --- a/roles/bitbucket_mesh/templates/mesh.service.j2 +++ /dev/null @@ -1,26 +0,0 @@ -[Unit] -Description=Atlassian bitbucket-mesh -After=syslog.target network-online.target - -[Service] -Type=forking -UMask=0027 -User={{ atl_product_user }} -Group={{ atl_product_user }} -StandardOutput=journal+console -StandardError=journal+console -LimitNOFILE=65336 -Environment=MESH_HOME={{ atl_home_base }}/{{ atl_product_edition }} -Environment=JAVA_HOME=/usr/lib/jvm/java -Environment=JRE_HOME=/usr/lib/jvm/java -Environment=JMX_REMOTE_AUTH=password -Environment=JMX_PASSWORD_FILE=/var/atlassian/application-data/jmx/jmx.access -Environment="JVM_SUPPORT_RECOMMENDED_ARGS=-Dmesh.enabled=true -Dplugin.bitbucket-git.mesh.sidecar.child-process=false -Dcom.sun.management.jmxremote.port=4444 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath={{ atl_home_base }}/{{ atl_product_edition }}/log" -Environment=JVM_MAXIMUM_MEMORY={{ atl_jvm_heap }} -PIDFile={{ atl_home_base }}/{{ atl_product_edition }}/log/mesh.pid -PassEnvironment=JMX_REMOTE_AUTH JMX_PASSWORD_FILE JAVA_HOME -ExecStart={{ mesh_install_dir }}/current/bin/start-mesh.sh -ExecStop={{ mesh_install_dir }}/current/bin/stop-mesh.sh - -[Install] -WantedBy=multi-user.target \ No newline at end of file From 1992ab07259ab10f7a2dfd174a171225db4092da Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Wed, 31 Aug 2022 13:49:54 +1000 Subject: [PATCH 04/44] tweaking the service startup options, altering permissions and ensuring the jmx access file exists --- aws_bitbucket_mesh_node.yml | 3 +++ roles/bitbucket_mesh/tasks/main.yml | 10 ++++++++++ 2 files changed, 13 insertions(+) diff --git a/aws_bitbucket_mesh_node.yml b/aws_bitbucket_mesh_node.yml index c094cec..a88c2cf 100644 --- a/aws_bitbucket_mesh_node.yml +++ b/aws_bitbucket_mesh_node.yml @@ -17,9 +17,12 @@ - 'Environment=JMX_PASSWORD_FILE=/var/atlassian/application-data/jmx/jmx.access' - 'Environment="JVM_SUPPORT_RECOMMENDED_ARGS=-Dmesh.enabled=true -Dplugin.bitbucket-git.mesh.sidecar.child-process=false -Dcom.sun.management.jmxremote.port=4444 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath={{ atl_home_base }}/{{ atl_product_edition }}/log"' - 'Environment=JVM_MAXIMUM_MEMORY={{ atl_jvm_heap }}' + - 'PassEnvironment=JMX_REMOTE_AUTH JMX_PASSWORD_FILE JAVA_HOME' + atl_startup_exec_path: "{{ mesh_install_dir }}/current/bin/start-mesh.sh" atl_stop_exec_path: "{{ mesh_install_dir }}/current/bin/stop-mesh.sh" atl_systemd_service_target: "multi-user.target" + atl_startup_exec_options: [] roles: - role: linux_common diff --git a/roles/bitbucket_mesh/tasks/main.yml b/roles/bitbucket_mesh/tasks/main.yml index ed72725..fa3d29b 100644 --- a/roles/bitbucket_mesh/tasks/main.yml +++ b/roles/bitbucket_mesh/tasks/main.yml @@ -7,8 +7,10 @@ group: "{{ atl_product_user_uid }}" mode: 0750 state: directory + recurse: yes with_items: - "{{ atl_home_base }}/{{ atl_product_edition }}" + - "{{ atl_home_base }}/{{ atl_product_user }}" - "{{ mesh_install_dir }}" - name: download the mesh distribution using maven @@ -54,3 +56,11 @@ state: link when: - mesh_extract.changed | bool + +- name: touch the jmx password file + ansible.builtin.file: + src: '/var/atlassian/application-data/jmx/jmx.access' + state: touch + owner: "{{ atl_product_user_uid }}" + group: "{{ atl_product_user_uid }}" + mode: 0600 \ No newline at end of file From 88d9f4c4fecaa793b485b888756bde931d8bfea8 Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Wed, 31 Aug 2022 14:22:40 +1000 Subject: [PATCH 05/44] relocating the jmx access file --- aws_bitbucket_mesh_node.yml | 2 +- roles/bitbucket_mesh/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/aws_bitbucket_mesh_node.yml b/aws_bitbucket_mesh_node.yml index a88c2cf..975a04d 100644 --- a/aws_bitbucket_mesh_node.yml +++ b/aws_bitbucket_mesh_node.yml @@ -14,7 +14,7 @@ - 'Environment=JAVA_HOME=/usr/lib/jvm/java' - 'Environment=JRE_HOME=/usr/lib/jvm/java' - 'Environment=JMX_REMOTE_AUTH=password' - - 'Environment=JMX_PASSWORD_FILE=/var/atlassian/application-data/jmx/jmx.access' + - 'Environment=JMX_PASSWORD_FILE={{ atl_home_base }}/{{ atl_product_edition }}/jmx.access' - 'Environment="JVM_SUPPORT_RECOMMENDED_ARGS=-Dmesh.enabled=true -Dplugin.bitbucket-git.mesh.sidecar.child-process=false -Dcom.sun.management.jmxremote.port=4444 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath={{ atl_home_base }}/{{ atl_product_edition }}/log"' - 'Environment=JVM_MAXIMUM_MEMORY={{ atl_jvm_heap }}' - 'PassEnvironment=JMX_REMOTE_AUTH JMX_PASSWORD_FILE JAVA_HOME' diff --git a/roles/bitbucket_mesh/tasks/main.yml b/roles/bitbucket_mesh/tasks/main.yml index fa3d29b..750be97 100644 --- a/roles/bitbucket_mesh/tasks/main.yml +++ b/roles/bitbucket_mesh/tasks/main.yml @@ -59,7 +59,7 @@ - name: touch the jmx password file ansible.builtin.file: - src: '/var/atlassian/application-data/jmx/jmx.access' + path: "{{ atl_home_base }}/{{ atl_product_edition }}/jmx.access" state: touch owner: "{{ atl_product_user_uid }}" group: "{{ atl_product_user_uid }}" From b16d16a0fc24512891d6d17be11a9f1bf063197c Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Wed, 31 Aug 2022 15:07:29 +1000 Subject: [PATCH 06/44] modifying the service script to find the correct pid file for mesh nodes --- aws_bitbucket_mesh_node.yml | 1 + roles/product_startup/templates/product.service.j2 | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/aws_bitbucket_mesh_node.yml b/aws_bitbucket_mesh_node.yml index 975a04d..80ad066 100644 --- a/aws_bitbucket_mesh_node.yml +++ b/aws_bitbucket_mesh_node.yml @@ -7,6 +7,7 @@ atl_product_family: "stash" atl_product_edition: "mesh" atl_product_user: "bitbucket" + atl_product_home: "{{ atl_home_base }}/{{ atl_product_edition }}" atl_systemd_service_name: "mesh.service" atl_startup_systemd_params: - 'UMask=0027' diff --git a/roles/product_startup/templates/product.service.j2 b/roles/product_startup/templates/product.service.j2 index 9c16e66..fa6d398 100644 --- a/roles/product_startup/templates/product.service.j2 +++ b/roles/product_startup/templates/product.service.j2 @@ -17,7 +17,7 @@ StandardError=journal+console {# Bitbucket DC sets up its service start/stop logging in a different way to all our other DC offerings and so we exclude it from having the catalina.out redirect and foreground startup #} {% if (atl_product_family == "stash") %} -PIDFile={{ atl_product_home }}/log/bitbucket.pid +PIDFile={{ atl_product_home }}/log/{{ atl_product_edition }}.pid ExecStart={{ atl_startup_exec_path }}{% for c in atl_startup_exec_options %} {{ c }}{% endfor %} ExecStop={{ atl_stop_exec_path }} From c481e9dd050b98d1b63d049df4c64faa78b2afb9 Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Thu, 1 Sep 2022 09:20:12 +1000 Subject: [PATCH 07/44] removing the jmx parameters by default --- aws_bitbucket_mesh_node.yml | 4 +--- roles/bitbucket_mesh/tasks/main.yml | 9 --------- 2 files changed, 1 insertion(+), 12 deletions(-) diff --git a/aws_bitbucket_mesh_node.yml b/aws_bitbucket_mesh_node.yml index 80ad066..4192453 100644 --- a/aws_bitbucket_mesh_node.yml +++ b/aws_bitbucket_mesh_node.yml @@ -14,11 +14,9 @@ - 'Environment=MESH_HOME={{ atl_home_base }}/{{ atl_product_edition }}' - 'Environment=JAVA_HOME=/usr/lib/jvm/java' - 'Environment=JRE_HOME=/usr/lib/jvm/java' - - 'Environment=JMX_REMOTE_AUTH=password' - - 'Environment=JMX_PASSWORD_FILE={{ atl_home_base }}/{{ atl_product_edition }}/jmx.access' - 'Environment="JVM_SUPPORT_RECOMMENDED_ARGS=-Dmesh.enabled=true -Dplugin.bitbucket-git.mesh.sidecar.child-process=false -Dcom.sun.management.jmxremote.port=4444 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath={{ atl_home_base }}/{{ atl_product_edition }}/log"' - 'Environment=JVM_MAXIMUM_MEMORY={{ atl_jvm_heap }}' - - 'PassEnvironment=JMX_REMOTE_AUTH JMX_PASSWORD_FILE JAVA_HOME' + - 'PassEnvironment=JAVA_HOME' atl_startup_exec_path: "{{ mesh_install_dir }}/current/bin/start-mesh.sh" atl_stop_exec_path: "{{ mesh_install_dir }}/current/bin/stop-mesh.sh" diff --git a/roles/bitbucket_mesh/tasks/main.yml b/roles/bitbucket_mesh/tasks/main.yml index 750be97..b18fde0 100644 --- a/roles/bitbucket_mesh/tasks/main.yml +++ b/roles/bitbucket_mesh/tasks/main.yml @@ -38,7 +38,6 @@ register: mesh_extract when: - maven_download.changed | bool - - not maven_download.failed # the owner/group on the unarchive above isn't thorough - name: adjust permissions on the extracted directory @@ -56,11 +55,3 @@ state: link when: - mesh_extract.changed | bool - -- name: touch the jmx password file - ansible.builtin.file: - path: "{{ atl_home_base }}/{{ atl_product_edition }}/jmx.access" - state: touch - owner: "{{ atl_product_user_uid }}" - group: "{{ atl_product_user_uid }}" - mode: 0600 \ No newline at end of file From cfa4debc7e8cd74701fdc8fd2251e235c5a06b1b Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Thu, 1 Sep 2022 09:43:26 +1000 Subject: [PATCH 08/44] adding mesh.properties and handlers --- roles/bitbucket_mesh/handlers/main.yml | 19 +++++++++++++++++++ roles/bitbucket_mesh/tasks/main.yml | 8 ++++++++ .../templates/mesh.properties.j2 | 10 ++++++++++ 3 files changed, 37 insertions(+) create mode 100644 roles/bitbucket_mesh/handlers/main.yml create mode 100644 roles/bitbucket_mesh/templates/mesh.properties.j2 diff --git a/roles/bitbucket_mesh/handlers/main.yml b/roles/bitbucket_mesh/handlers/main.yml new file mode 100644 index 0000000..57275c9 --- /dev/null +++ b/roles/bitbucket_mesh/handlers/main.yml @@ -0,0 +1,19 @@ +--- + +- name: Restart Product + service: + name: "{{ atl_systemd_service_name }}" + state: restarted + when: + - atl_startup_restart + - molecule_yml is not defined + no_log: true + +- name: Enable Product + service: + name: "{{ atl_systemd_service_name }}" + enabled: true + when: + - atl_startup_enable + - molecule_yml is not defined + no_log: true diff --git a/roles/bitbucket_mesh/tasks/main.yml b/roles/bitbucket_mesh/tasks/main.yml index b18fde0..7857c7c 100644 --- a/roles/bitbucket_mesh/tasks/main.yml +++ b/roles/bitbucket_mesh/tasks/main.yml @@ -55,3 +55,11 @@ state: link when: - mesh_extract.changed | bool + +- name: template out mesh.properties + ansible.builtin.template: + src: bitbucket-mesh.properties.j2 + dest: "{{ atl_home_base }}/{{ atl_product_edition }}/mesh.properties" + owner: "{{ atl_product_user }}" + group: "{{ atl_product_user }}" + mode: 0600 diff --git a/roles/bitbucket_mesh/templates/mesh.properties.j2 b/roles/bitbucket_mesh/templates/mesh.properties.j2 new file mode 100644 index 0000000..d658684 --- /dev/null +++ b/roles/bitbucket_mesh/templates/mesh.properties.j2 @@ -0,0 +1,10 @@ +# Listen for gRPC requests on all interfaces by default. This allows connecting to the node remotely +grpc.server.address=0.0.0.0 + +authentication.token={{ ansible_hostname | hash('md5') }} +node.name= {{ ansible_hostname }} +node.id={{ ansible_hostname }} + +jmx.enabled={{ mesh_jmx_enabled | default(false) }} +management.metrics.export.jmx.domain={{ mesh_jmx_export_domain | default("") }} +metrics.tags.host={{ ansible_hostname }} \ No newline at end of file From 4e6a600f5663e3c8d0baea498df844100433197b Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Thu, 1 Sep 2022 09:50:59 +1000 Subject: [PATCH 09/44] renaming the mesh.properties file --- roles/bitbucket_mesh/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/bitbucket_mesh/tasks/main.yml b/roles/bitbucket_mesh/tasks/main.yml index 7857c7c..c737817 100644 --- a/roles/bitbucket_mesh/tasks/main.yml +++ b/roles/bitbucket_mesh/tasks/main.yml @@ -58,7 +58,7 @@ - name: template out mesh.properties ansible.builtin.template: - src: bitbucket-mesh.properties.j2 + src: mesh.properties.j2 dest: "{{ atl_home_base }}/{{ atl_product_edition }}/mesh.properties" owner: "{{ atl_product_user }}" group: "{{ atl_product_user }}" From 7a7d2d225943ada4a031932d7a844b84e84be4f5 Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Thu, 1 Sep 2022 10:24:44 +1000 Subject: [PATCH 10/44] adding the jmx file back as mesh is failing to start without it --- aws_bitbucket_mesh_node.yml | 4 +++- roles/bitbucket_mesh/tasks/main.yml | 10 +++++++++- roles/bitbucket_mesh/templates/mesh.properties.j2 | 2 +- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/aws_bitbucket_mesh_node.yml b/aws_bitbucket_mesh_node.yml index 4192453..80ad066 100644 --- a/aws_bitbucket_mesh_node.yml +++ b/aws_bitbucket_mesh_node.yml @@ -14,9 +14,11 @@ - 'Environment=MESH_HOME={{ atl_home_base }}/{{ atl_product_edition }}' - 'Environment=JAVA_HOME=/usr/lib/jvm/java' - 'Environment=JRE_HOME=/usr/lib/jvm/java' + - 'Environment=JMX_REMOTE_AUTH=password' + - 'Environment=JMX_PASSWORD_FILE={{ atl_home_base }}/{{ atl_product_edition }}/jmx.access' - 'Environment="JVM_SUPPORT_RECOMMENDED_ARGS=-Dmesh.enabled=true -Dplugin.bitbucket-git.mesh.sidecar.child-process=false -Dcom.sun.management.jmxremote.port=4444 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath={{ atl_home_base }}/{{ atl_product_edition }}/log"' - 'Environment=JVM_MAXIMUM_MEMORY={{ atl_jvm_heap }}' - - 'PassEnvironment=JAVA_HOME' + - 'PassEnvironment=JMX_REMOTE_AUTH JMX_PASSWORD_FILE JAVA_HOME' atl_startup_exec_path: "{{ mesh_install_dir }}/current/bin/start-mesh.sh" atl_stop_exec_path: "{{ mesh_install_dir }}/current/bin/stop-mesh.sh" diff --git a/roles/bitbucket_mesh/tasks/main.yml b/roles/bitbucket_mesh/tasks/main.yml index c737817..8934f16 100644 --- a/roles/bitbucket_mesh/tasks/main.yml +++ b/roles/bitbucket_mesh/tasks/main.yml @@ -56,10 +56,18 @@ when: - mesh_extract.changed | bool +- name: touch the jmx password file + ansible.builtin.file: + path: "{{ atl_home_base }}/{{ atl_product_edition }}/jmx.access" + state: touch + owner: "{{ atl_product_user_uid }}" + group: "{{ atl_product_user_uid }}" + mode: 0600 + - name: template out mesh.properties ansible.builtin.template: src: mesh.properties.j2 dest: "{{ atl_home_base }}/{{ atl_product_edition }}/mesh.properties" owner: "{{ atl_product_user }}" group: "{{ atl_product_user }}" - mode: 0600 + mode: 0600 \ No newline at end of file diff --git a/roles/bitbucket_mesh/templates/mesh.properties.j2 b/roles/bitbucket_mesh/templates/mesh.properties.j2 index d658684..1143ced 100644 --- a/roles/bitbucket_mesh/templates/mesh.properties.j2 +++ b/roles/bitbucket_mesh/templates/mesh.properties.j2 @@ -2,7 +2,7 @@ grpc.server.address=0.0.0.0 authentication.token={{ ansible_hostname | hash('md5') }} -node.name= {{ ansible_hostname }} +node.name={{ ansible_hostname }} node.id={{ ansible_hostname }} jmx.enabled={{ mesh_jmx_enabled | default(false) }} From 1cdfd4fd464eb25fb425a6fda21ac4c1b458ad3b Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Thu, 15 Sep 2022 13:26:08 +1000 Subject: [PATCH 11/44] removing the template of mesh.properties for now --- roles/bitbucket_mesh/tasks/main.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/roles/bitbucket_mesh/tasks/main.yml b/roles/bitbucket_mesh/tasks/main.yml index 8934f16..c9b3e77 100644 --- a/roles/bitbucket_mesh/tasks/main.yml +++ b/roles/bitbucket_mesh/tasks/main.yml @@ -64,10 +64,10 @@ group: "{{ atl_product_user_uid }}" mode: 0600 -- name: template out mesh.properties - ansible.builtin.template: - src: mesh.properties.j2 - dest: "{{ atl_home_base }}/{{ atl_product_edition }}/mesh.properties" - owner: "{{ atl_product_user }}" - group: "{{ atl_product_user }}" - mode: 0600 \ No newline at end of file +# - name: template out mesh.properties +# ansible.builtin.template: +# src: mesh.properties.j2 +# dest: "{{ atl_home_base }}/{{ atl_product_edition }}/mesh.properties" +# owner: "{{ atl_product_user }}" +# group: "{{ atl_product_user }}" +# mode: 0600 \ No newline at end of file From 392f8a0476e18cac367587736beaf14d47fc5fae Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Mon, 19 Sep 2022 13:20:57 +1000 Subject: [PATCH 12/44] adding efs to the mesh nodes to share files between them (not used for normal data storage). Also used in ansible jobs that require to only be run from one of the x nodes. --- aws_bitbucket_mesh_node.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/aws_bitbucket_mesh_node.yml b/aws_bitbucket_mesh_node.yml index 80ad066..9af397f 100644 --- a/aws_bitbucket_mesh_node.yml +++ b/aws_bitbucket_mesh_node.yml @@ -28,6 +28,7 @@ roles: - role: linux_common - role: aws_common + - role: aws_shared_fs_config - role: product_common - role: bitbucket_mesh - role: product_startup From 650bb0b916da19a6cbf1c63aa615a26164cf9d62 Mon Sep 17 00:00:00 2001 From: Lee Goolsbee Date: Mon, 26 Sep 2022 09:18:03 -0500 Subject: [PATCH 13/44] ITPLT-1857 use FQCN for bb mesh handler tasks --- roles/bitbucket_mesh/handlers/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/bitbucket_mesh/handlers/main.yml b/roles/bitbucket_mesh/handlers/main.yml index 57275c9..d0864a8 100644 --- a/roles/bitbucket_mesh/handlers/main.yml +++ b/roles/bitbucket_mesh/handlers/main.yml @@ -1,7 +1,7 @@ --- - name: Restart Product - service: + ansible.builtin.service: name: "{{ atl_systemd_service_name }}" state: restarted when: @@ -10,7 +10,7 @@ no_log: true - name: Enable Product - service: + ansible.builtin.service: name: "{{ atl_systemd_service_name }}" enabled: true when: From be1f8ba43d74ce91132c671daf8111b6bf022748 Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Fri, 14 Oct 2022 09:38:28 +1100 Subject: [PATCH 14/44] fixing up the issue with bbdc using shared home as local home --- aws_bitbucket_dc_node.yml | 2 -- roles/product_install/tasks/no_op.yml | 6 ++++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/aws_bitbucket_dc_node.yml b/aws_bitbucket_dc_node.yml index 3e75299..797197f 100644 --- a/aws_bitbucket_dc_node.yml +++ b/aws_bitbucket_dc_node.yml @@ -8,8 +8,6 @@ atl_product_edition: "bitbucket" atl_product_user: "bitbucket" - atl_product_home: "{{ atl_shared_mountpoint }}/{{ atl_product_edition }}" - atl_use_system_jdk: true java_major_version: "11" # BB 8 will drop JDK 8 support atl_download_format: "tarball" diff --git a/roles/product_install/tasks/no_op.yml b/roles/product_install/tasks/no_op.yml index ed97d53..22b9f6e 100644 --- a/roles/product_install/tasks/no_op.yml +++ b/roles/product_install/tasks/no_op.yml @@ -1 +1,7 @@ --- +- name: Symlink the the shared home + file: + src: "{{ atl_shared_mountpoint }}/{{ atl_product_edition }}/shared" + dest: "{{ atl_product_home }}/shared" + state: link + force: true \ No newline at end of file From 6f696339db83972858df16913a1c0e3eba1fd07b Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Fri, 14 Oct 2022 10:10:34 +1100 Subject: [PATCH 15/44] need to pre-create the shared folder structure --- roles/product_install/tasks/no_op.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/roles/product_install/tasks/no_op.yml b/roles/product_install/tasks/no_op.yml index 22b9f6e..6d66c6d 100644 --- a/roles/product_install/tasks/no_op.yml +++ b/roles/product_install/tasks/no_op.yml @@ -1,6 +1,14 @@ --- +- name: Create the product local home directory + ansible.builtin.file: + path: "{{ atl_product_home }}/shared" + state: directory + owner: "{{ atl_product_user }}" + group: "{{ atl_product_user }}" + mode: "0644" + - name: Symlink the the shared home - file: + ansible.builtin.file: src: "{{ atl_shared_mountpoint }}/{{ atl_product_edition }}/shared" dest: "{{ atl_product_home }}/shared" state: link From 7748939506f8026afaa33c86a7cb71491dc517d5 Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Fri, 14 Oct 2022 11:00:16 +1100 Subject: [PATCH 16/44] adjusting folder permissions to allow group read access --- roles/product_install/tasks/no_op.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/product_install/tasks/no_op.yml b/roles/product_install/tasks/no_op.yml index 6d66c6d..c14b043 100644 --- a/roles/product_install/tasks/no_op.yml +++ b/roles/product_install/tasks/no_op.yml @@ -5,7 +5,7 @@ state: directory owner: "{{ atl_product_user }}" group: "{{ atl_product_user }}" - mode: "0644" + mode: "0754" - name: Symlink the the shared home ansible.builtin.file: From 4b8126779a6ab9c8737b1acb094b5a01633f1c71 Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Tue, 8 Nov 2022 10:56:26 +1100 Subject: [PATCH 17/44] tagging the database_init role so it can be targetting with a skip-tags --- aws_bitbucket_dc_node.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws_bitbucket_dc_node.yml b/aws_bitbucket_dc_node.yml index 797197f..b67743d 100644 --- a/aws_bitbucket_dc_node.yml +++ b/aws_bitbucket_dc_node.yml @@ -36,7 +36,7 @@ - { role: nfs_mount, when : (atl_fileserver_host is defined) and (atl_fileserver_host|length > 0) } - role: product_common - role: product_install - - role: database_init + - { role: database_init, tags: [database] } - role: bitbucket_config - role: product_startup - role: bitbucket_dataset_restore From 97f7776b1a67df815ec957290a721c6b74a73ccb Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Tue, 8 Nov 2022 13:11:19 +1100 Subject: [PATCH 18/44] defaulting bitbucket home to product default --- aws_bitbucket_dc_node.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/aws_bitbucket_dc_node.yml b/aws_bitbucket_dc_node.yml index c8fddb3..7420513 100644 --- a/aws_bitbucket_dc_node.yml +++ b/aws_bitbucket_dc_node.yml @@ -12,10 +12,12 @@ java_major_version: "11" # BB 8 will drop JDK 8 support atl_download_format: "tarball" + atl_product_home: "/var/atlassian/application-data/bitbucket" atl_nfs_mountpoint: "{{ atl_shared_mountpoint }}/bitbucket/shared" atl_nfs_target: "{{ atl_shared_mountpoint }}/bitbucket/shared" atl_nfs_version: "3" + atl_startup_systemd_params: - "UMask=0027" - "LimitNOFILE=4096" From 80074ada771562225b7906694c3ddc038636b8a8 Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Wed, 9 Nov 2022 07:01:46 +1100 Subject: [PATCH 19/44] add a conditional around symlinking shared home --- roles/product_install/defaults/main.yml | 1 + roles/product_install/tasks/no_op.yml | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/product_install/defaults/main.yml b/roles/product_install/defaults/main.yml index d768e62..05d6262 100644 --- a/roles/product_install/defaults/main.yml +++ b/roles/product_install/defaults/main.yml @@ -41,3 +41,4 @@ atl_source_obr_from_marketplace: true atl_servicedesk_download_file: "{{ atl_installer_temp }}/jira-servicedesk.{{ atl_product_version }}.obr" force_version_update: false +skip_shared_home_symlink: false \ No newline at end of file diff --git a/roles/product_install/tasks/no_op.yml b/roles/product_install/tasks/no_op.yml index c14b043..f15c70e 100644 --- a/roles/product_install/tasks/no_op.yml +++ b/roles/product_install/tasks/no_op.yml @@ -12,4 +12,5 @@ src: "{{ atl_shared_mountpoint }}/{{ atl_product_edition }}/shared" dest: "{{ atl_product_home }}/shared" state: link - force: true \ No newline at end of file + force: true + when: not skip_shared_home_symlink | bool \ No newline at end of file From 5d16eade63fe667bf166784043329e4677f01e8b Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Mon, 13 Feb 2023 12:36:10 +1100 Subject: [PATCH 20/44] changing search keys as per docs --- roles/bitbucket_config/templates/bitbucket.properties.j2 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/bitbucket_config/templates/bitbucket.properties.j2 b/roles/bitbucket_config/templates/bitbucket.properties.j2 index 1a5ef04..b8b62db 100644 --- a/roles/bitbucket_config/templates/bitbucket.properties.j2 +++ b/roles/bitbucket_config/templates/bitbucket.properties.j2 @@ -12,12 +12,12 @@ hazelcast.network.aws.region={{ atl_aws_region }} hazelcast.network.aws.tag.value={{ atl_aws_stack_name }} hazelcast.group.name={{ atl_aws_stack_name }} hazelcast.group.password={{ atl_aws_stack_name }} -plugin.search.elasticsearch.baseurl={{ atl_elasticsearch_endpoint }} +plugin.search.config.baseurl={{ atl_elasticsearch_endpoint }} {% if elasticsearch_should_auth_with_iam | bool %} -plugin.search.elasticsearch.aws.region={{ atl_aws_region }} +plugin.search.config.aws.region={{ atl_aws_region }} {% else %} -plugin.search.elasticsearch.username={{ atl_elasticsearch_username }} -plugin.search.elasticsearch.password={{ atl_elasticsearch_password }} +plugin.search.config.username={{ atl_elasticsearch_username }} +plugin.search.config.password={{ atl_elasticsearch_password }} {% endif %} setup.displayName=Bitbucket setup.baseUrl = {{ atl_bitbucket_baseurl }} From 6ec70eb49caa7e2832c741bae945a49db7ae9bae Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Mon, 13 Feb 2023 13:01:53 +1100 Subject: [PATCH 21/44] change the keys in the tests too --- .../bitbucket_config/molecule/default/tests/test_default.py | 6 +++--- .../molecule/iam_elasticsearch/tests/test_default.py | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/bitbucket_config/molecule/default/tests/test_default.py b/roles/bitbucket_config/molecule/default/tests/test_default.py index 024095f..cd7a94a 100644 --- a/roles/bitbucket_config/molecule/default/tests/test_default.py +++ b/roles/bitbucket_config/molecule/default/tests/test_default.py @@ -15,9 +15,9 @@ def test_config_file(host): assert f.contains("jdbc.user=bb_db_user") assert f.contains("jdbc.password=molecule_password") - assert f.contains("plugin.search.elasticsearch.username=bitbucket") - assert f.contains("plugin.search.elasticsearch.password=password") - assert not f.contains("plugin.search.elasticsearch.aws.region") + assert f.contains("plugin.search.config.username=bitbucket") + assert f.contains("plugin.search.config.password=password") + assert not f.contains("plugin.search.config.aws.region") assert f.contains("^key1=val1$") assert f.contains("^key2=val2$") diff --git a/roles/bitbucket_config/molecule/iam_elasticsearch/tests/test_default.py b/roles/bitbucket_config/molecule/iam_elasticsearch/tests/test_default.py index 1c541f5..a40578c 100644 --- a/roles/bitbucket_config/molecule/iam_elasticsearch/tests/test_default.py +++ b/roles/bitbucket_config/molecule/iam_elasticsearch/tests/test_default.py @@ -10,6 +10,6 @@ def test_config_file(host): f = host.file('/media/atl/bitbucket/shared/bitbucket.properties') assert f.exists - assert not f.contains("plugin.search.elasticsearch.username") - assert not f.contains("plugin.search.elasticsearch.password") - assert f.contains("plugin.search.elasticsearch.aws.region=us-east-2") + assert not f.contains("plugin.search.config.username") + assert not f.contains("plugin.search.config.password") + assert f.contains("plugin.search.config.aws.region=us-east-2") From 622edfb8a9b0a9c65debaf17aeadffb4f1dbbdba Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Wed, 26 Apr 2023 15:36:17 +1000 Subject: [PATCH 22/44] breaking the symlink from bitbucket_extra_tasks.yml to no_op.yml which was contributing to broken builds --- .../tasks/bitbucket_extra_tasks.yml | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) mode change 120000 => 100644 roles/product_install/tasks/bitbucket_extra_tasks.yml diff --git a/roles/product_install/tasks/bitbucket_extra_tasks.yml b/roles/product_install/tasks/bitbucket_extra_tasks.yml deleted file mode 120000 index 55832eb..0000000 --- a/roles/product_install/tasks/bitbucket_extra_tasks.yml +++ /dev/null @@ -1 +0,0 @@ -no_op.yml \ No newline at end of file diff --git a/roles/product_install/tasks/bitbucket_extra_tasks.yml b/roles/product_install/tasks/bitbucket_extra_tasks.yml new file mode 100644 index 0000000..3990b37 --- /dev/null +++ b/roles/product_install/tasks/bitbucket_extra_tasks.yml @@ -0,0 +1,16 @@ +--- +- name: Create the product local home directory + ansible.builtin.file: + path: "{{ atl_product_home }}/shared" + state: directory + owner: "{{ atl_product_user }}" + group: "{{ atl_product_user }}" + mode: "0754" + +- name: Symlink the the shared home + ansible.builtin.file: + src: "{{ atl_shared_mountpoint }}/{{ atl_product_edition }}/shared" + dest: "{{ atl_product_home }}/shared" + state: link + force: true + when: not skip_shared_home_symlink | bool From 73d2fd32d984c8bcf723e1f8d459d2cf7e6f671b Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Wed, 26 Apr 2023 15:37:57 +1000 Subject: [PATCH 23/44] also resetting no_op.yml to be it's empty placeholder file for other symlinks --- roles/product_install/tasks/no_op.yml | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/roles/product_install/tasks/no_op.yml b/roles/product_install/tasks/no_op.yml index f15c70e..ed97d53 100644 --- a/roles/product_install/tasks/no_op.yml +++ b/roles/product_install/tasks/no_op.yml @@ -1,16 +1 @@ --- -- name: Create the product local home directory - ansible.builtin.file: - path: "{{ atl_product_home }}/shared" - state: directory - owner: "{{ atl_product_user }}" - group: "{{ atl_product_user }}" - mode: "0754" - -- name: Symlink the the shared home - ansible.builtin.file: - src: "{{ atl_shared_mountpoint }}/{{ atl_product_edition }}/shared" - dest: "{{ atl_product_home }}/shared" - state: link - force: true - when: not skip_shared_home_symlink | bool \ No newline at end of file From 31cd3e4d5729ba3fae7b001e92d99f5cdfa912cc Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Wed, 26 Apr 2023 15:52:30 +1000 Subject: [PATCH 24/44] ansible doesn't seem to like updating an empty folder to a symlink, removing --- roles/product_install/tasks/bitbucket_extra_tasks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/product_install/tasks/bitbucket_extra_tasks.yml b/roles/product_install/tasks/bitbucket_extra_tasks.yml index 3990b37..f10ce08 100644 --- a/roles/product_install/tasks/bitbucket_extra_tasks.yml +++ b/roles/product_install/tasks/bitbucket_extra_tasks.yml @@ -1,7 +1,7 @@ --- - name: Create the product local home directory ansible.builtin.file: - path: "{{ atl_product_home }}/shared" + path: "{{ atl_product_home }}" state: directory owner: "{{ atl_product_user }}" group: "{{ atl_product_user }}" From f268e2e30b66de65a7bbf6eb406ceb64c5e8dd33 Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Fri, 28 Apr 2023 07:28:56 +1000 Subject: [PATCH 25/44] removing extra spaces around setup.baseUrl --- roles/bitbucket_config/templates/bitbucket.properties.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/bitbucket_config/templates/bitbucket.properties.j2 b/roles/bitbucket_config/templates/bitbucket.properties.j2 index b8b62db..7b0a2b7 100644 --- a/roles/bitbucket_config/templates/bitbucket.properties.j2 +++ b/roles/bitbucket_config/templates/bitbucket.properties.j2 @@ -20,7 +20,7 @@ plugin.search.config.username={{ atl_elasticsearch_username }} plugin.search.config.password={{ atl_elasticsearch_password }} {% endif %} setup.displayName=Bitbucket -setup.baseUrl = {{ atl_bitbucket_baseurl }} +setup.baseUrl={{ atl_bitbucket_baseurl }} setup.license={{ atl_bitbucket_license_key }} setup.sysadmin.username=admin setup.sysadmin.password={{ atl_bitbucket_admin_password }} From fd0feb68c10443faa8d44c6f5475418ffcfbd021 Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Mon, 29 May 2023 10:00:44 +1000 Subject: [PATCH 26/44] updating the default java version to 17 for bitbucket dc --- aws_bitbucket_dc_node.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws_bitbucket_dc_node.yml b/aws_bitbucket_dc_node.yml index 7420513..dcebc8f 100644 --- a/aws_bitbucket_dc_node.yml +++ b/aws_bitbucket_dc_node.yml @@ -9,7 +9,7 @@ atl_product_user: "bitbucket" atl_use_system_jdk: true - java_major_version: "11" # BB 8 will drop JDK 8 support + java_major_version: "17" atl_download_format: "tarball" atl_product_home: "/var/atlassian/application-data/bitbucket" From 34a742a18612a53c45f3974989c74c142fb1f211 Mon Sep 17 00:00:00 2001 From: bmeehan Date: Mon, 29 May 2023 16:05:26 +1000 Subject: [PATCH 27/44] explicit reading of the download secret name from env --- group_vars/aws_node_local.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/group_vars/aws_node_local.yml b/group_vars/aws_node_local.yml index fca7c2b..c4de8fb 100644 --- a/group_vars/aws_node_local.yml +++ b/group_vars/aws_node_local.yml @@ -107,6 +107,8 @@ atl_db_engine_to_db_type_map: rds_postgres: "postgres72" atl_db_type: "{{ atl_db_engine_to_db_type_map[atl_db_engine] | default('postgres72') }}" +atl_download_secret_name: "{{ lookup('env', 'ATL_DOWNLOAD_SECRET_NAME') or '' }}" + atl_jdbc_db_name: "{{ lookup('env', 'ATL_JDBC_DB_NAME') }}" atl_jdbc_user: "{{ lookup('env', 'ATL_JDBC_USER') }}" atl_jdbc_password: "{{ lookup('env', 'ATL_JDBC_PASSWORD') }}" From 2806939739a1507e266539ddcad561439e51e32f Mon Sep 17 00:00:00 2001 From: bmeehan Date: Tue, 30 May 2023 07:49:12 +1000 Subject: [PATCH 28/44] use ATL_PRODUCT_DOWNLOAD_URL if exists else use the default --- roles/product_install/defaults/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/product_install/defaults/main.yml b/roles/product_install/defaults/main.yml index 017f1c4..d86c346 100644 --- a/roles/product_install/defaults/main.yml +++ b/roles/product_install/defaults/main.yml @@ -19,7 +19,8 @@ atl_download_suffix: "{{ atl_download_format_suffix_map[atl_download_format] }}" atl_release_base_url: "https://product-downloads.atlassian.com/software" atl_product_base_url: "{{ atl_release_base_url }}/{{ atl_product_family }}/downloads" -atl_product_download_url: "{{ atl_product_base_url }}/atlassian-{{ atl_download_edition | default(atl_product_edition) }}-{{ atl_product_version }}{{ atl_download_suffix }}" +atl_product_download_default_url: "{{ atl_product_base_url }}/atlassian-{{ atl_download_edition | default(atl_product_edition) }}-{{ atl_product_version }}{{ atl_download_suffix }}" +atl_product_download_url: "{{ lookup('env', 'ATL_PRODUCT_DOWNLOAD_URL') or atl_product_download_default_url }}" atl_product_download_filename: "{{ atl_download_edition | default(atl_product_edition) }}.{{ atl_product_version }}{{ atl_download_suffix }}" atl_product_temp_download: "{{ atl_installer_temp }}/{{ atl_product_download_filename }}" From d673628367364b70f8b94e53b0ea2c6c8a29f662 Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Thu, 22 Jun 2023 13:33:48 +1000 Subject: [PATCH 29/44] adding a failed_when condition --- roles/bitbucket_config/tasks/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/bitbucket_config/tasks/main.yml b/roles/bitbucket_config/tasks/main.yml index 7ee24cd..4bdccd2 100644 --- a/roles/bitbucket_config/tasks/main.yml +++ b/roles/bitbucket_config/tasks/main.yml @@ -7,6 +7,10 @@ group: "{{ atl_product_user }}" mode: 0750 state: directory + register: create_shared_home_dir + failed_when: + - create_shared_home_dir.rc != 0 + - "'already exists as a link' not in create_shared_home_dir.msg" - name: Create Bitbucket config file ansible.builtin.template: From 31a354ea35be4ed19cdeebf0da1832fd9f543a49 Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Thu, 22 Jun 2023 14:54:42 +1000 Subject: [PATCH 30/44] fixing some broken molecule tests --- roles/bitbucket_config/molecule/default/converge.yml | 1 + roles/bitbucket_config/tasks/main.yml | 4 ---- roles/product_install/tasks/main.yml | 2 -- 3 files changed, 1 insertion(+), 6 deletions(-) diff --git a/roles/bitbucket_config/molecule/default/converge.yml b/roles/bitbucket_config/molecule/default/converge.yml index 64dcf3f..e8b146a 100644 --- a/roles/bitbucket_config/molecule/default/converge.yml +++ b/roles/bitbucket_config/molecule/default/converge.yml @@ -16,6 +16,7 @@ atl_elasticsearch_password: password atl_bitbucket_properties_raw: "key1=val1 key2=val2 key3=val3" + skip_shared_home_symlink: true roles: - role: linux_common diff --git a/roles/bitbucket_config/tasks/main.yml b/roles/bitbucket_config/tasks/main.yml index 4bdccd2..7ee24cd 100644 --- a/roles/bitbucket_config/tasks/main.yml +++ b/roles/bitbucket_config/tasks/main.yml @@ -7,10 +7,6 @@ group: "{{ atl_product_user }}" mode: 0750 state: directory - register: create_shared_home_dir - failed_when: - - create_shared_home_dir.rc != 0 - - "'already exists as a link' not in create_shared_home_dir.msg" - name: Create Bitbucket config file ansible.builtin.template: diff --git a/roles/product_install/tasks/main.yml b/roles/product_install/tasks/main.yml index 1c9600a..53ba471 100644 --- a/roles/product_install/tasks/main.yml +++ b/roles/product_install/tasks/main.yml @@ -1,6 +1,4 @@ --- - - - name: Check for existing version cache file ansible.builtin.stat: path: "{{ atl_product_version_cache }}" From 5f47bae07b3da089dace5ae3146cc00e3fe808d1 Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Thu, 22 Jun 2023 15:12:28 +1000 Subject: [PATCH 31/44] adding a changed_when for molecule idempotence check --- roles/product_install/tasks/bitbucket_extra_tasks.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/product_install/tasks/bitbucket_extra_tasks.yml b/roles/product_install/tasks/bitbucket_extra_tasks.yml index f10ce08..cd47126 100644 --- a/roles/product_install/tasks/bitbucket_extra_tasks.yml +++ b/roles/product_install/tasks/bitbucket_extra_tasks.yml @@ -6,6 +6,7 @@ owner: "{{ atl_product_user }}" group: "{{ atl_product_user }}" mode: "0754" + changed_when: false # For Molecule idempotence check - name: Symlink the the shared home ansible.builtin.file: From a202b9bace0119896f90286fb59c463007494416 Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Thu, 22 Jun 2023 15:13:58 +1000 Subject: [PATCH 32/44] adding more vars in various molecule scenarios --- roles/bitbucket_config/molecule/iam_elasticsearch/converge.yml | 2 +- roles/product_install/molecule/bitbucket_latest/converge.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/bitbucket_config/molecule/iam_elasticsearch/converge.yml b/roles/bitbucket_config/molecule/iam_elasticsearch/converge.yml index 596fbfc..9b782f2 100644 --- a/roles/bitbucket_config/molecule/iam_elasticsearch/converge.yml +++ b/roles/bitbucket_config/molecule/iam_elasticsearch/converge.yml @@ -13,7 +13,7 @@ atl_jdbc_password: 'molecule_password' atl_aws_region: us-east-2 - + skip_shared_home_symlink: true roles: - role: linux_common - role: product_common diff --git a/roles/product_install/molecule/bitbucket_latest/converge.yml b/roles/product_install/molecule/bitbucket_latest/converge.yml index 55ad545..63cd939 100644 --- a/roles/product_install/molecule/bitbucket_latest/converge.yml +++ b/roles/product_install/molecule/bitbucket_latest/converge.yml @@ -7,6 +7,7 @@ atl_product_user: "bitbucket" atl_product_home: "{{ atl_shared_mountpoint }}/{{ atl_product_edition }}" + skip_shared_home_symlink: true roles: - role: linux_common - role: product_common From c29e05abdd8857515d9e11b45411ef038bdf3220 Mon Sep 17 00:00:00 2001 From: Alan Cheng Date: Fri, 25 Aug 2023 12:14:11 +1000 Subject: [PATCH 33/44] ITPLT-3227 avoid ansible hanging attempting to chown mesh application files --- roles/bitbucket_mesh/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/bitbucket_mesh/tasks/main.yml b/roles/bitbucket_mesh/tasks/main.yml index c9b3e77..5de31ba 100644 --- a/roles/bitbucket_mesh/tasks/main.yml +++ b/roles/bitbucket_mesh/tasks/main.yml @@ -7,7 +7,7 @@ group: "{{ atl_product_user_uid }}" mode: 0750 state: directory - recurse: yes + recurse: no with_items: - "{{ atl_home_base }}/{{ atl_product_edition }}" - "{{ atl_home_base }}/{{ atl_product_user }}" From 1d98b913a5eea283a915e532c2d99b35fb3b6abe Mon Sep 17 00:00:00 2001 From: Alan Cheng Date: Tue, 7 Nov 2023 15:36:31 +1100 Subject: [PATCH 34/44] ITPLT-3328 add packages.a.c alternate adoptium repo --- roles/product_common/tasks/amazon-2.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/roles/product_common/tasks/amazon-2.yml b/roles/product_common/tasks/amazon-2.yml index 7538d97..8e22aa4 100644 --- a/roles/product_common/tasks/amazon-2.yml +++ b/roles/product_common/tasks/amazon-2.yml @@ -13,6 +13,17 @@ gpgcheck: yes state: present + - name: Add Alternate Adoptium yum repository + ansible.builtin.yum_repository: + name: alternate-adoptium + file: alternate-adoptium + description: Alternate Adoptium Repo + baseurl: "https://packages.atlassian.com/artifactory/adoptium-rpm/amazonlinux/{{ ansible_distribution_version }}/{{ ansible_architecture }}" + gpgkey: https://packages.atlassian.com/artifactory/adoptium-rpm/amazonlinux/{{ ansible_distribution_version }}/{{ ansible_architecture }}/repodata/repomd.xml + gpgcheck: true + state: present + ignore_errors: true + - name: Install Eclipse Temurin JDK ansible.builtin.yum: name: "temurin-{{ java_major_version }}-jdk" From f92484502900d20133688190f886bb49afa2f0d8 Mon Sep 17 00:00:00 2001 From: Alan Cheng Date: Wed, 8 Nov 2023 11:03:05 +1100 Subject: [PATCH 35/44] ITPLT-3328 remove hardcoded package.a.c repo, add vars for alt adoptium urls --- roles/product_common/tasks/amazon-2.yml | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/roles/product_common/tasks/amazon-2.yml b/roles/product_common/tasks/amazon-2.yml index 8e22aa4..a384c41 100644 --- a/roles/product_common/tasks/amazon-2.yml +++ b/roles/product_common/tasks/amazon-2.yml @@ -8,22 +8,15 @@ name: Adoptium file: adoptium description: Adoptium Repo - baseurl: "https://packages.adoptium.net/artifactory/rpm/amazonlinux/{{ ansible_distribution_version }}/{{ ansible_architecture }}" - gpgkey: https://packages.adoptium.net/artifactory/api/gpg/key/public + baseurl: + - "https://packages.adoptium.net/artifactory/rpm/amazonlinux/{{ ansible_distribution_version }}/{{ ansible_architecture }}" + - "{{ atl_adoptium_alternate_url is defined | ternary(atl_adoptium_alternate_url, None) }}" + gpgkey: + - https://packages.adoptium.net/artifactory/api/gpg/key/public + - "{{ atl_adoptium_gpgkey_alternate_url is defined | ternary(atl_adoptium_gpgkey_alternate_url, None) }}" gpgcheck: yes state: present - - name: Add Alternate Adoptium yum repository - ansible.builtin.yum_repository: - name: alternate-adoptium - file: alternate-adoptium - description: Alternate Adoptium Repo - baseurl: "https://packages.atlassian.com/artifactory/adoptium-rpm/amazonlinux/{{ ansible_distribution_version }}/{{ ansible_architecture }}" - gpgkey: https://packages.atlassian.com/artifactory/adoptium-rpm/amazonlinux/{{ ansible_distribution_version }}/{{ ansible_architecture }}/repodata/repomd.xml - gpgcheck: true - state: present - ignore_errors: true - - name: Install Eclipse Temurin JDK ansible.builtin.yum: name: "temurin-{{ java_major_version }}-jdk" From 33bd02b06057e0ab3dc59a6303c72ef299576d5c Mon Sep 17 00:00:00 2001 From: Alan Cheng Date: Wed, 8 Nov 2023 11:22:15 +1100 Subject: [PATCH 36/44] ITPLT-3328 pipeline test --- roles/product_common/tasks/amazon-2.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/product_common/tasks/amazon-2.yml b/roles/product_common/tasks/amazon-2.yml index a384c41..1eee479 100644 --- a/roles/product_common/tasks/amazon-2.yml +++ b/roles/product_common/tasks/amazon-2.yml @@ -10,10 +10,10 @@ description: Adoptium Repo baseurl: - "https://packages.adoptium.net/artifactory/rpm/amazonlinux/{{ ansible_distribution_version }}/{{ ansible_architecture }}" - - "{{ atl_adoptium_alternate_url is defined | ternary(atl_adoptium_alternate_url, None) }}" + - "https://packages.atlassian.com/artifactory/adoptium-rpm/amazonlinux/2/x86_64" gpgkey: - https://packages.adoptium.net/artifactory/api/gpg/key/public - - "{{ atl_adoptium_gpgkey_alternate_url is defined | ternary(atl_adoptium_gpgkey_alternate_url, None) }}" + - "https://packages.atlassian.com/artifactory/adoptium-rpm/amazonlinux/2/x86_64/repodata/repomd.xml.key" gpgcheck: yes state: present From bf479353afbc4e300cef4c115ba4ce64952ed332 Mon Sep 17 00:00:00 2001 From: Alan Cheng Date: Wed, 8 Nov 2023 11:38:10 +1100 Subject: [PATCH 37/44] Revert "ITPLT-3328 pipeline test" This reverts commit 33bd02b06057e0ab3dc59a6303c72ef299576d5c. --- roles/product_common/tasks/amazon-2.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/product_common/tasks/amazon-2.yml b/roles/product_common/tasks/amazon-2.yml index 1eee479..a384c41 100644 --- a/roles/product_common/tasks/amazon-2.yml +++ b/roles/product_common/tasks/amazon-2.yml @@ -10,10 +10,10 @@ description: Adoptium Repo baseurl: - "https://packages.adoptium.net/artifactory/rpm/amazonlinux/{{ ansible_distribution_version }}/{{ ansible_architecture }}" - - "https://packages.atlassian.com/artifactory/adoptium-rpm/amazonlinux/2/x86_64" + - "{{ atl_adoptium_alternate_url is defined | ternary(atl_adoptium_alternate_url, None) }}" gpgkey: - https://packages.adoptium.net/artifactory/api/gpg/key/public - - "https://packages.atlassian.com/artifactory/adoptium-rpm/amazonlinux/2/x86_64/repodata/repomd.xml.key" + - "{{ atl_adoptium_gpgkey_alternate_url is defined | ternary(atl_adoptium_gpgkey_alternate_url, None) }}" gpgcheck: yes state: present From 1647b70ca842c5f5887a6e1ab1fe7f33216cb16f Mon Sep 17 00:00:00 2001 From: Alan Cheng Date: Wed, 8 Nov 2023 11:47:27 +1100 Subject: [PATCH 38/44] ITPLT-3328 try pass idempotence test --- roles/product_common/tasks/amazon-2.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/product_common/tasks/amazon-2.yml b/roles/product_common/tasks/amazon-2.yml index a384c41..4cf0472 100644 --- a/roles/product_common/tasks/amazon-2.yml +++ b/roles/product_common/tasks/amazon-2.yml @@ -10,10 +10,10 @@ description: Adoptium Repo baseurl: - "https://packages.adoptium.net/artifactory/rpm/amazonlinux/{{ ansible_distribution_version }}/{{ ansible_architecture }}" - - "{{ atl_adoptium_alternate_url is defined | ternary(atl_adoptium_alternate_url, None) }}" + - "{{ atl_adoptium_alternate_url is defined | ternary(atl_adoptium_alternate_url, '') }}" gpgkey: - https://packages.adoptium.net/artifactory/api/gpg/key/public - - "{{ atl_adoptium_gpgkey_alternate_url is defined | ternary(atl_adoptium_gpgkey_alternate_url, None) }}" + - "{{ atl_adoptium_gpgkey_alternate_url is defined | ternary(atl_adoptium_gpgkey_alternate_url, '') }}" gpgcheck: yes state: present From 036a8e69b4c5526fc60fc12c04d05d06acca3853 Mon Sep 17 00:00:00 2001 From: Lee Goolsbee Date: Wed, 15 Nov 2023 18:47:50 -0600 Subject: [PATCH 39/44] ITPLT-3328 skip idempotence test when installing JDK --- roles/product_common/tasks/amazon-2.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/product_common/tasks/amazon-2.yml b/roles/product_common/tasks/amazon-2.yml index 4cf0472..240bfdb 100644 --- a/roles/product_common/tasks/amazon-2.yml +++ b/roles/product_common/tasks/amazon-2.yml @@ -16,6 +16,8 @@ - "{{ atl_adoptium_gpgkey_alternate_url is defined | ternary(atl_adoptium_gpgkey_alternate_url, '') }}" gpgcheck: yes state: present + tags: + - molecule-idempotence-notest - name: Install Eclipse Temurin JDK ansible.builtin.yum: From a44d3f81453598e7d66b6025e46078667da69344 Mon Sep 17 00:00:00 2001 From: bmeehan Date: Wed, 13 Mar 2024 09:11:19 +1100 Subject: [PATCH 40/44] ITPLT-3591 allow basic_auth creds from secrets_manager --- roles/bitbucket_mesh/defaults/main.yml | 6 +++++- roles/bitbucket_mesh/tasks/main.yml | 24 ++++++++++++++++++++---- 2 files changed, 25 insertions(+), 5 deletions(-) diff --git a/roles/bitbucket_mesh/defaults/main.yml b/roles/bitbucket_mesh/defaults/main.yml index cb3e292..555d898 100644 --- a/roles/bitbucket_mesh/defaults/main.yml +++ b/roles/bitbucket_mesh/defaults/main.yml @@ -1,3 +1,7 @@ mesh_install_dir: /opt/atlassian/mesh bitbucket_mesh_maven_repo: https://packages.atlassian.com/maven-external -bitbucket_mesh_version: "1.3.1" \ No newline at end of file +bitbucket_mesh_version: "1.3.1" + +# if basic_auth is required for download of atlassian installable artifact, provide the name of an AWS Secrets Manager secret +# with values for both password and username +atl_download_secret_name: '' \ No newline at end of file diff --git a/roles/bitbucket_mesh/tasks/main.yml b/roles/bitbucket_mesh/tasks/main.yml index 5de31ba..0105214 100644 --- a/roles/bitbucket_mesh/tasks/main.yml +++ b/roles/bitbucket_mesh/tasks/main.yml @@ -13,15 +13,31 @@ - "{{ atl_home_base }}/{{ atl_product_user }}" - "{{ mesh_install_dir }}" +# optionally grab basic_auth creds from secrets_manager secret called 'download_atlassian' +- name: set basic_auth facts if the secret exists + ansible.builtin.set_fact: + download_atlassian_password: "{{ lookup('amazon.aws.aws_secret', atl_download_secret_name + '.password', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" + download_atlassian_username: "{{ lookup('amazon.aws.aws_secret', atl_download_secret_name + '.username', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" + failed_when: false + ignore_errors: yes + no_log: true + when: + - ansible_ec2_placement_region is defined + - atl_download_secret_name is defined + tags: + - runtime_pkg + - name: download the mesh distribution using maven community.general.maven_artifact: - group_id: "com.atlassian.bitbucket.mesh" artifact_id: "mesh-distribution" - extension: "tar.gz" - version: "{{ atl_product_version }}" - repository_url: "{{ bitbucket_mesh_maven_repo }}" dest: "{{ mesh_install_dir }}" + extension: "tar.gz" + group_id: "com.atlassian.bitbucket.mesh" keep_name: yes + password: "{{ download_atlassian_password | default(omit) }}" + repository_url: "{{ bitbucket_mesh_maven_repo }}" + username: "{{ download_atlassian_username | default(omit) }}" + version: "{{ atl_product_version }}" mode: "0644" owner: "{{ atl_product_user_uid }}" group: "{{ atl_product_user_uid }}" From 5af606f7be44faa09a2730923557c7626725bb7c Mon Sep 17 00:00:00 2001 From: bmeehan Date: Wed, 13 Mar 2024 09:18:46 +1100 Subject: [PATCH 41/44] ITPLT-3591 fix indent --- roles/bitbucket_mesh/tasks/main.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/bitbucket_mesh/tasks/main.yml b/roles/bitbucket_mesh/tasks/main.yml index 0105214..814a038 100644 --- a/roles/bitbucket_mesh/tasks/main.yml +++ b/roles/bitbucket_mesh/tasks/main.yml @@ -15,16 +15,16 @@ # optionally grab basic_auth creds from secrets_manager secret called 'download_atlassian' - name: set basic_auth facts if the secret exists - ansible.builtin.set_fact: + ansible.builtin.set_fact: download_atlassian_password: "{{ lookup('amazon.aws.aws_secret', atl_download_secret_name + '.password', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" download_atlassian_username: "{{ lookup('amazon.aws.aws_secret', atl_download_secret_name + '.username', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" - failed_when: false - ignore_errors: yes - no_log: true - when: + failed_when: false + ignore_errors: yes + no_log: true + when: - ansible_ec2_placement_region is defined - atl_download_secret_name is defined - tags: + tags: - runtime_pkg - name: download the mesh distribution using maven From 89773b68f37511ecd9a37b121c34c11df3bb76ef Mon Sep 17 00:00:00 2001 From: bmeehan Date: Wed, 13 Mar 2024 09:19:32 +1100 Subject: [PATCH 42/44] ITPLT-3591 fix indent --- roles/bitbucket_mesh/tasks/main.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/roles/bitbucket_mesh/tasks/main.yml b/roles/bitbucket_mesh/tasks/main.yml index 814a038..e7b2f2b 100644 --- a/roles/bitbucket_mesh/tasks/main.yml +++ b/roles/bitbucket_mesh/tasks/main.yml @@ -15,17 +15,17 @@ # optionally grab basic_auth creds from secrets_manager secret called 'download_atlassian' - name: set basic_auth facts if the secret exists - ansible.builtin.set_fact: - download_atlassian_password: "{{ lookup('amazon.aws.aws_secret', atl_download_secret_name + '.password', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" - download_atlassian_username: "{{ lookup('amazon.aws.aws_secret', atl_download_secret_name + '.username', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" - failed_when: false - ignore_errors: yes - no_log: true - when: - - ansible_ec2_placement_region is defined - - atl_download_secret_name is defined - tags: - - runtime_pkg + ansible.builtin.set_fact: + download_atlassian_password: "{{ lookup('amazon.aws.aws_secret', atl_download_secret_name + '.password', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" + download_atlassian_username: "{{ lookup('amazon.aws.aws_secret', atl_download_secret_name + '.username', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}" + failed_when: false + ignore_errors: yes + no_log: true + when: + - ansible_ec2_placement_region is defined + - atl_download_secret_name is defined + tags: + - runtime_pkg - name: download the mesh distribution using maven community.general.maven_artifact: From 79ae9dc5df8b0d191661c300df7f0f50a2cb9e7a Mon Sep 17 00:00:00 2001 From: bmeehan Date: Wed, 13 Mar 2024 09:31:29 +1100 Subject: [PATCH 43/44] ITPLT-3591 switch to using the get_url module --- roles/bitbucket_mesh/tasks/main.yml | 42 +++++++++++++++++++---------- 1 file changed, 28 insertions(+), 14 deletions(-) diff --git a/roles/bitbucket_mesh/tasks/main.yml b/roles/bitbucket_mesh/tasks/main.yml index e7b2f2b..823a4dd 100644 --- a/roles/bitbucket_mesh/tasks/main.yml +++ b/roles/bitbucket_mesh/tasks/main.yml @@ -27,21 +27,35 @@ tags: - runtime_pkg -- name: download the mesh distribution using maven - community.general.maven_artifact: - artifact_id: "mesh-distribution" +# Fetch binary and copy to temp +# optionally use basic_auth creds from secrets_manager +- name: Fetch binary + ansible.builtin.get_url: + url: "{{ atl_product_download_url }}" dest: "{{ mesh_install_dir }}" - extension: "tar.gz" - group_id: "com.atlassian.bitbucket.mesh" - keep_name: yes - password: "{{ download_atlassian_password | default(omit) }}" - repository_url: "{{ bitbucket_mesh_maven_repo }}" - username: "{{ download_atlassian_username | default(omit) }}" - version: "{{ atl_product_version }}" - mode: "0644" - owner: "{{ atl_product_user_uid }}" - group: "{{ atl_product_user_uid }}" - register: maven_download + url_password: "{{ download_atlassian_password | default(omit) }}" + url_username: "{{ download_atlassian_username | default(omit) }}" + owner: "{{ atl_product_user }}" + group: "{{ atl_product_user }}" + mode: 0644 + force: false + register: atl_product_completed + +# - name: download the mesh distribution using maven +# community.general.maven_artifact: +# artifact_id: "mesh-distribution" +# dest: "{{ mesh_install_dir }}" +# extension: "tar.gz" +# group_id: "com.atlassian.bitbucket.mesh" +# keep_name: yes +# password: "{{ download_atlassian_password | default(omit) }}" +# repository_url: "{{ bitbucket_mesh_maven_repo }}" +# username: "{{ download_atlassian_username | default(omit) }}" +# version: "{{ atl_product_version }}" +# mode: "0644" +# owner: "{{ atl_product_user_uid }}" +# group: "{{ atl_product_user_uid }}" +# register: maven_download - name: extract the downloaded artifact ansible.builtin.unarchive: From 2d4e58b73ad1621a95a0f057cdbc55e3404ac217 Mon Sep 17 00:00:00 2001 From: bmeehan Date: Wed, 13 Mar 2024 09:54:41 +1100 Subject: [PATCH 44/44] ITPLT-3591 correct the registered output var --- roles/bitbucket_mesh/tasks/main.yml | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) diff --git a/roles/bitbucket_mesh/tasks/main.yml b/roles/bitbucket_mesh/tasks/main.yml index 823a4dd..44f72aa 100644 --- a/roles/bitbucket_mesh/tasks/main.yml +++ b/roles/bitbucket_mesh/tasks/main.yml @@ -13,6 +13,7 @@ - "{{ atl_home_base }}/{{ atl_product_user }}" - "{{ mesh_install_dir }}" + # optionally grab basic_auth creds from secrets_manager secret called 'download_atlassian' - name: set basic_auth facts if the secret exists ansible.builtin.set_fact: @@ -39,23 +40,7 @@ group: "{{ atl_product_user }}" mode: 0644 force: false - register: atl_product_completed - -# - name: download the mesh distribution using maven -# community.general.maven_artifact: -# artifact_id: "mesh-distribution" -# dest: "{{ mesh_install_dir }}" -# extension: "tar.gz" -# group_id: "com.atlassian.bitbucket.mesh" -# keep_name: yes -# password: "{{ download_atlassian_password | default(omit) }}" -# repository_url: "{{ bitbucket_mesh_maven_repo }}" -# username: "{{ download_atlassian_username | default(omit) }}" -# version: "{{ atl_product_version }}" -# mode: "0644" -# owner: "{{ atl_product_user_uid }}" -# group: "{{ atl_product_user_uid }}" -# register: maven_download + register: maven_download - name: extract the downloaded artifact ansible.builtin.unarchive: