Merge remote-tracking branch 'origin/ITPLT-1857-stash-related-changes' into fix-bb-home

aws_bitbucket_mesh_node.yml

@@ -0,0 +1,34 @@
+---
+- hosts: aws_node_local
+  become: true
+
+  vars:
+    # See group_vars/aws_node_local.yml, which pull vars from the environment.
+    atl_product_family: "stash"
+    atl_product_edition: "mesh"
+    atl_product_user: "bitbucket"
+    atl_product_home: "{{ atl_home_base }}/{{ atl_product_edition }}"
+    atl_systemd_service_name: "mesh.service"
+    atl_startup_systemd_params:
+      - 'UMask=0027'
+      - 'Environment=MESH_HOME={{ atl_home_base }}/{{ atl_product_edition }}'
+      - 'Environment=JAVA_HOME=/usr/lib/jvm/java'
+      - 'Environment=JRE_HOME=/usr/lib/jvm/java'
+      - 'Environment=JMX_REMOTE_AUTH=password'
+      - 'Environment=JMX_PASSWORD_FILE={{ atl_home_base }}/{{ atl_product_edition }}/jmx.access'
+      - 'Environment="JVM_SUPPORT_RECOMMENDED_ARGS=-Dmesh.enabled=true -Dplugin.bitbucket-git.mesh.sidecar.child-process=false -Dcom.sun.management.jmxremote.port=4444 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath={{ atl_home_base }}/{{ atl_product_edition }}/log"'
+      - 'Environment=JVM_MAXIMUM_MEMORY={{ atl_jvm_heap }}'
+      - 'PassEnvironment=JMX_REMOTE_AUTH JMX_PASSWORD_FILE JAVA_HOME'
+
+    atl_startup_exec_path: "{{ mesh_install_dir }}/current/bin/start-mesh.sh"
+    atl_stop_exec_path: "{{ mesh_install_dir }}/current/bin/stop-mesh.sh"
+    atl_systemd_service_target: "multi-user.target"
+    atl_startup_exec_options: []
+
+  roles:
+    - role: linux_common
+    - role: aws_common
+    - role: aws_shared_fs_config
+    - role: product_common
+    - role: bitbucket_mesh
+    - role: product_startup

roles/bitbucket_mesh/defaults/main.yml

@@ -0,0 +1,3 @@
+mesh_install_dir: /opt/atlassian/mesh
+bitbucket_mesh_maven_repo: https://packages.atlassian.com/maven-external
+bitbucket_mesh_version: "1.3.1"

roles/bitbucket_mesh/handlers/main.yml

@@ -0,0 +1,19 @@
+---
+
+- name: Restart Product
+  ansible.builtin.service:
+    name: "{{ atl_systemd_service_name }}"
+    state: restarted
+  when:
+    - atl_startup_restart
+    - molecule_yml is not defined
+  no_log: true
+
+- name: Enable Product
+  ansible.builtin.service:
+    name: "{{ atl_systemd_service_name }}"
+    enabled: true
+  when:
+    - atl_startup_enable
+    - molecule_yml is not defined
+  no_log: true

roles/bitbucket_mesh/tasks/main.yml

@@ -0,0 +1,73 @@
+---
+
+- name: Create Bitbucket dirs if necessary
+  ansible.builtin.file:
+    path: "{{ item }}"
+    owner: "{{ atl_product_user_uid }}"
+    group: "{{ atl_product_user_uid }}"
+    mode: 0750
+    state: directory
+    recurse: yes
+  with_items:
+    - "{{ atl_home_base }}/{{ atl_product_edition }}"
+    - "{{ atl_home_base }}/{{ atl_product_user }}"
+    - "{{ mesh_install_dir }}"
+
+- name: download the mesh distribution using maven
+  community.general.maven_artifact:
+    group_id: "com.atlassian.bitbucket.mesh"
+    artifact_id: "mesh-distribution"
+    extension: "tar.gz"
+    version: "{{ atl_product_version }}"
+    repository_url: "{{ bitbucket_mesh_maven_repo }}"
+    dest: "{{ mesh_install_dir }}"
+    keep_name: yes
+    mode: "0644"
+    owner: "{{ atl_product_user_uid }}"
+    group: "{{ atl_product_user_uid }}"
+  register: maven_download
+
+- name: extract the downloaded artifact
+  ansible.builtin.unarchive:
+    src: "{{ maven_download.dest }}"
+    dest: "/opt/atlassian/mesh/"
+    creates: "/opt/atlassian/mesh/atlassian-bitbucket-mesh-{{ atl_product_version }}"
+    mode: 0755
+    owner: "{{ atl_product_user }}"
+    group: "{{ atl_product_user }}"
+  register: mesh_extract
+  when:
+    - maven_download.changed | bool
+
+# the owner/group on the unarchive above isn't thorough
+- name: adjust permissions on the extracted directory
+  ansible.builtin.file:
+    state: directory
+    path: "/opt/atlassian/mesh/atlassian-bitbucket-mesh-{{ atl_product_version }}"
+    owner: "{{ atl_product_user }}"
+    group: "{{ atl_product_user }}"
+    recurse: yes
+
+- name: symlink to the current version
+  ansible.builtin.file:
+    src: "/opt/atlassian/mesh/atlassian-bitbucket-mesh-{{ atl_product_version }}"
+    dest: "/opt/atlassian/mesh/current"
+    state: link
+  when:
+    - mesh_extract.changed | bool
+
+- name: touch the jmx password file
+  ansible.builtin.file:
+    path: "{{ atl_home_base }}/{{ atl_product_edition }}/jmx.access"
+    state: touch
+    owner: "{{ atl_product_user_uid }}"
+    group: "{{ atl_product_user_uid }}"
+    mode: 0600
+
+# - name: template out mesh.properties
+#   ansible.builtin.template:
+#     src: mesh.properties.j2
+#     dest: "{{ atl_home_base }}/{{ atl_product_edition }}/mesh.properties"
+#     owner: "{{ atl_product_user }}"
+#     group: "{{ atl_product_user }}"
+#     mode: 0600

roles/bitbucket_mesh/templates/mesh.properties.j2

@@ -0,0 +1,10 @@
+# Listen for gRPC requests on all interfaces by default. This allows connecting to the node remotely
+grpc.server.address=0.0.0.0
+
+authentication.token={{ ansible_hostname | hash('md5') }}
+node.name={{ ansible_hostname }}
+node.id={{ ansible_hostname }}
+
+jmx.enabled={{ mesh_jmx_enabled | default(false) }}
+management.metrics.export.jmx.domain={{ mesh_jmx_export_domain | default("") }}
+metrics.tags.host={{ ansible_hostname }}

roles/product_startup/templates/product.service.j2

@@ -17,7 +17,7 @@ StandardError=journal+console
 
 {# Bitbucket DC sets up its service start/stop logging in a different way to all our other DC offerings and so we exclude it from having the catalina.out redirect and foreground startup #}
 {% if (atl_product_family == "stash") %}
-PIDFile={{ atl_product_home }}/log/bitbucket.pid
+PIDFile={{ atl_product_home }}/log/{{ atl_product_edition }}.pid
 ExecStart={{ atl_startup_exec_path }}{% for c in atl_startup_exec_options %} {{ c }}{% endfor %}
 
 ExecStop={{ atl_stop_exec_path }}