diff --git a/aws_clone_nfs.yml b/aws_clone_nfs.yml new file mode 100644 index 0000000..0d299c4 --- /dev/null +++ b/aws_clone_nfs.yml @@ -0,0 +1,17 @@ +--- +- hosts: aws_node_local + become: true + + vars: + # See group_vars/aws_node_local.yml, which pull vars from the environment. + atl_product_family: "nfs_server" + atl_product_edition: "nfs_server" + atl_product_user: "atlassian" + + atl_nfs_mountpoint: "{{ atl_shared_mountpoint }}/{{ atl_product_user }}/shared" + atl_nfs_target: "{{ atl_shared_mountpoint }}/{{ atl_product_user }}/shared" + + roles: + - role: linux_common + - role: aws_common + - role: nfs_server \ No newline at end of file diff --git a/aws_confluence_dc_node.yml b/aws_confluence_dc_node.yml index ca0e9f9..979f96b 100644 --- a/aws_confluence_dc_node.yml +++ b/aws_confluence_dc_node.yml @@ -14,7 +14,7 @@ roles: - role: linux_common - role: aws_common - - role: aws_efs_config + - role: aws_shared_fs_config - role: product_common - role: product_install - role: database_init diff --git a/aws_confluence_synchrony_node.yml b/aws_confluence_synchrony_node.yml index 1fb6834..ed05766 100644 --- a/aws_confluence_synchrony_node.yml +++ b/aws_confluence_synchrony_node.yml @@ -20,7 +20,7 @@ roles: - role: linux_common - role: aws_common - - role: aws_efs_config + - role: aws_shared_fs_config - role: product_common - role: product_install - role: confluence_common diff --git a/aws_crowd_dc_node.yml b/aws_crowd_dc_node.yml index f2755e0..9259979 100644 --- a/aws_crowd_dc_node.yml +++ b/aws_crowd_dc_node.yml @@ -13,7 +13,7 @@ roles: - role: linux_common - role: aws_common - - role: aws_efs_config + - role: aws_shared_fs_config - role: product_common - role: product_install - role: database_init diff --git a/aws_jira_dc_node.yml b/aws_jira_dc_node.yml index 790a881..29f1333 100644 --- a/aws_jira_dc_node.yml +++ b/aws_jira_dc_node.yml @@ -11,7 +11,7 @@ roles: - role: linux_common - role: aws_common - - role: aws_efs_config + - role: aws_shared_fs_config - role: product_common - role: product_install - role: database_init diff --git a/group_vars/aws_node_local.yml b/group_vars/aws_node_local.yml index ed82c17..6cb28f4 100644 --- a/group_vars/aws_node_local.yml +++ b/group_vars/aws_node_local.yml @@ -15,7 +15,7 @@ git_version: "2.14.4" atl_shared_mountpoint: "/media/atl" # Simplify NFS mapping by using a fixed UID -atl_product_user_uid: '2001' +atl_product_user_uid: "{{ lookup('env', 'ATL_PRODUCT_USER_UID') or '2001' }}" # FIXME: Some of these should be overridden from the environment? atl_home_base: "/var/atlassian/application-data" diff --git a/roles/aws_efs_config/defaults/main.yml b/roles/aws_efs_config/defaults/main.yml deleted file mode 100644 index 26c397f..0000000 --- a/roles/aws_efs_config/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -efs_target: "{{ atl_efs_id }}" diff --git a/roles/aws_shared_fs_config/defaults/main.yml b/roles/aws_shared_fs_config/defaults/main.yml new file mode 100644 index 0000000..06c8177 --- /dev/null +++ b/roles/aws_shared_fs_config/defaults/main.yml @@ -0,0 +1,5 @@ +--- +efs_target: "{{ atl_efs_id }}" +efs_type: "{{ lookup('env', 'ATL_EFS_TYPE') or 'efs' }}" +efs_src_dir: "{{ lookup('env', 'ATL_EFS_SRC_DIR') or '/' }}" +efs_mount_options: "{{ lookup('env', 'ATL_EFS_MOUNT_OPTIONS') or 'defaults,_netdev' }}" \ No newline at end of file diff --git a/roles/aws_efs_config/meta/main.yml b/roles/aws_shared_fs_config/meta/main.yml similarity index 100% rename from roles/aws_efs_config/meta/main.yml rename to roles/aws_shared_fs_config/meta/main.yml diff --git a/roles/aws_efs_config/tasks/main.yml b/roles/aws_shared_fs_config/tasks/main.yml similarity index 66% rename from roles/aws_efs_config/tasks/main.yml rename to roles/aws_shared_fs_config/tasks/main.yml index df8ca09..589383c 100644 --- a/roles/aws_efs_config/tasks/main.yml +++ b/roles/aws_shared_fs_config/tasks/main.yml @@ -9,7 +9,7 @@ - name: Enable mountpoint in fstab mount: path: "{{ atl_shared_mountpoint }}" - src: "{{ efs_target }}:/" - fstype: efs - opts: "defaults,_netdev" + src: "{{ efs_target }}:{{ efs_src_dir }}" + fstype: "{{ efs_type }}" + opts: "{{ efs_mount_options }}" state: mounted diff --git a/roles/crowd_config/tasks/main.yml b/roles/crowd_config/tasks/main.yml index cd59fb6..fc21565 100644 --- a/roles/crowd_config/tasks/main.yml +++ b/roles/crowd_config/tasks/main.yml @@ -27,7 +27,7 @@ insertafter: "EOF" line: 'export CATALINA_OPTS="${CATALINA_OPTS} {{ atl_catalina_opts }} {{ atl_catalina_opts_extra }}"' -- name: Set JAVA_HOME +- name: Set JAVA_HOME #FIXME lineinfile: path: "{{ atl_product_installation_versioned }}/apache-tomcat/bin/setenv.sh" insertafter: "EOF" diff --git a/roles/database_init/tasks/main.yml b/roles/database_init/tasks/main.yml index b291ea5..99638f7 100644 --- a/roles/database_init/tasks/main.yml +++ b/roles/database_init/tasks/main.yml @@ -9,6 +9,8 @@ name: "{{ atl_jdbc_user }}" password: "{{ atl_jdbc_password }}" expires: 'infinity' + tags: + - new_only - name: Update root privs for new user postgresql_privs: @@ -19,6 +21,8 @@ roles: "{{ atl_db_root_user }}" objs: "{{ atl_jdbc_user }}" type: group + tags: + - new_only - name: Create application database postgresql_db: @@ -32,3 +36,5 @@ lc_collate: "{{ atl_jdbc_collation }}" lc_ctype: "{{ atl_jdbc_ctype }}" template: "{{ atl_jdbc_template }}" + tags: + - new_only diff --git a/roles/linux_common/tasks/main.yml b/roles/linux_common/tasks/main.yml index 8ea4b52..bfd899f 100644 --- a/roles/linux_common/tasks/main.yml +++ b/roles/linux_common/tasks/main.yml @@ -15,8 +15,14 @@ - fontconfig - python-psycopg2 +- name: Create product group + group: + name: "{{ atl_product_user }}" + gid: "{{ atl_product_user_uid }}" + - name: Create product user user: name: "{{ atl_product_user }}" uid: "{{ atl_product_user_uid }}" - comment: "Product runtime user" + group: "{{ atl_product_user }}" + comment: "Product runtime user" \ No newline at end of file diff --git a/roles/nfs_server/defaults/main.yml b/roles/nfs_server/defaults/main.yml index 4ac6f45..b66b23e 100644 --- a/roles/nfs_server/defaults/main.yml +++ b/roles/nfs_server/defaults/main.yml @@ -1,5 +1,5 @@ --- atl_nfs_server_device: "{{ lookup('env', 'ATL_NFS_SERVER_DEVICE') }}" -atl_nfs_fs_type: "xfs" -atl_nfs_fs_label: "BB-Shared" +atl_nfs_fs_type: "{{ lookup('env', 'ATL_NFS_FS_TYPE') or 'xfs' }}" +atl_nfs_fs_label: "{{ lookup('env', 'ATL_NFS_FS_LABEL') or 'BB-Shared' }}" diff --git a/roles/nfs_server/tasks/main.yml b/roles/nfs_server/tasks/main.yml index d032589..6cd4aff 100644 --- a/roles/nfs_server/tasks/main.yml +++ b/roles/nfs_server/tasks/main.yml @@ -17,6 +17,8 @@ number: 1 flags: - "{{ atl_nfs_fs_type }}" + tags: + - new_only - name: Create the filesystem @@ -24,6 +26,8 @@ dev: "{{ atl_nfs_server_device }}" fstype: "{{ atl_nfs_fs_type }}" opts: "-L {{ atl_nfs_fs_label }}" + tags: + - new_only - name: Setup fstab and mount the filesystem mount: @@ -33,13 +37,15 @@ state: mounted -- name: Create the shared home as BB mounts this directly +- name: Create the shared home file: - path: "{{ atl_shared_mountpoint }}/bitbucket/shared" + path: "{{ atl_shared_mountpoint }}/{{ atl_product_user }}/shared" state: directory owner: "{{ atl_product_user }}" group: "{{ atl_product_user }}" mode: 0750 + tags: + - new_only - name: Create the NFS export file diff --git a/roles/nfs_server/templates/media-atl.exports.j2 b/roles/nfs_server/templates/media-atl.exports.j2 index d4580e3..3a40c66 100644 --- a/roles/nfs_server/templates/media-atl.exports.j2 +++ b/roles/nfs_server/templates/media-atl.exports.j2 @@ -1,2 +1,2 @@ # Created by Ansible -/media/atl *(rw,no_root_squash) +/media/atl *(rw,no_root_squash,no_subtree_check,sync)