From ceba8d47ba59f6f39484ac8115391825129744fe Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Wed, 21 Aug 2019 11:25:24 +1000 Subject: [PATCH 1/6] ITOPS-2059 adding tags to tasks which only apply to new stacks so they can be skipped by clones --- roles/database_init/tasks/main.yml | 6 ++++++ roles/nfs_server/defaults/main.yml | 4 ++-- roles/nfs_server/tasks/main.yml | 10 ++++++++-- roles/nfs_server/templates/media-atl.exports.j2 | 2 +- 4 files changed, 17 insertions(+), 5 deletions(-) diff --git a/roles/database_init/tasks/main.yml b/roles/database_init/tasks/main.yml index b291ea5..99638f7 100644 --- a/roles/database_init/tasks/main.yml +++ b/roles/database_init/tasks/main.yml @@ -9,6 +9,8 @@ name: "{{ atl_jdbc_user }}" password: "{{ atl_jdbc_password }}" expires: 'infinity' + tags: + - new_only - name: Update root privs for new user postgresql_privs: @@ -19,6 +21,8 @@ roles: "{{ atl_db_root_user }}" objs: "{{ atl_jdbc_user }}" type: group + tags: + - new_only - name: Create application database postgresql_db: @@ -32,3 +36,5 @@ lc_collate: "{{ atl_jdbc_collation }}" lc_ctype: "{{ atl_jdbc_ctype }}" template: "{{ atl_jdbc_template }}" + tags: + - new_only diff --git a/roles/nfs_server/defaults/main.yml b/roles/nfs_server/defaults/main.yml index 4ac6f45..b66b23e 100644 --- a/roles/nfs_server/defaults/main.yml +++ b/roles/nfs_server/defaults/main.yml @@ -1,5 +1,5 @@ --- atl_nfs_server_device: "{{ lookup('env', 'ATL_NFS_SERVER_DEVICE') }}" -atl_nfs_fs_type: "xfs" -atl_nfs_fs_label: "BB-Shared" +atl_nfs_fs_type: "{{ lookup('env', 'ATL_NFS_FS_TYPE') or 'xfs' }}" +atl_nfs_fs_label: "{{ lookup('env', 'ATL_NFS_FS_LABEL') or 'BB-Shared' }}" diff --git a/roles/nfs_server/tasks/main.yml b/roles/nfs_server/tasks/main.yml index d032589..6cd4aff 100644 --- a/roles/nfs_server/tasks/main.yml +++ b/roles/nfs_server/tasks/main.yml @@ -17,6 +17,8 @@ number: 1 flags: - "{{ atl_nfs_fs_type }}" + tags: + - new_only - name: Create the filesystem @@ -24,6 +26,8 @@ dev: "{{ atl_nfs_server_device }}" fstype: "{{ atl_nfs_fs_type }}" opts: "-L {{ atl_nfs_fs_label }}" + tags: + - new_only - name: Setup fstab and mount the filesystem mount: @@ -33,13 +37,15 @@ state: mounted -- name: Create the shared home as BB mounts this directly +- name: Create the shared home file: - path: "{{ atl_shared_mountpoint }}/bitbucket/shared" + path: "{{ atl_shared_mountpoint }}/{{ atl_product_user }}/shared" state: directory owner: "{{ atl_product_user }}" group: "{{ atl_product_user }}" mode: 0750 + tags: + - new_only - name: Create the NFS export file diff --git a/roles/nfs_server/templates/media-atl.exports.j2 b/roles/nfs_server/templates/media-atl.exports.j2 index d4580e3..3a40c66 100644 --- a/roles/nfs_server/templates/media-atl.exports.j2 +++ b/roles/nfs_server/templates/media-atl.exports.j2 @@ -1,2 +1,2 @@ # Created by Ansible -/media/atl *(rw,no_root_squash) +/media/atl *(rw,no_root_squash,no_subtree_check,sync) From aa62a02b6d0b2adab60a758339ce3aebb8873e17 Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Wed, 21 Aug 2019 12:00:23 +1000 Subject: [PATCH 2/6] ITOPS-2059 using more lookups, which I may not need to be using if we're already using ansible-with-atl-env --- roles/aws_efs_config/defaults/main.yml | 3 +++ roles/aws_efs_config/tasks/main.yml | 6 +++--- roles/crowd_config/tasks/main.yml | 2 +- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/roles/aws_efs_config/defaults/main.yml b/roles/aws_efs_config/defaults/main.yml index 26c397f..06c8177 100644 --- a/roles/aws_efs_config/defaults/main.yml +++ b/roles/aws_efs_config/defaults/main.yml @@ -1,2 +1,5 @@ --- efs_target: "{{ atl_efs_id }}" +efs_type: "{{ lookup('env', 'ATL_EFS_TYPE') or 'efs' }}" +efs_src_dir: "{{ lookup('env', 'ATL_EFS_SRC_DIR') or '/' }}" +efs_mount_options: "{{ lookup('env', 'ATL_EFS_MOUNT_OPTIONS') or 'defaults,_netdev' }}" \ No newline at end of file diff --git a/roles/aws_efs_config/tasks/main.yml b/roles/aws_efs_config/tasks/main.yml index df8ca09..589383c 100644 --- a/roles/aws_efs_config/tasks/main.yml +++ b/roles/aws_efs_config/tasks/main.yml @@ -9,7 +9,7 @@ - name: Enable mountpoint in fstab mount: path: "{{ atl_shared_mountpoint }}" - src: "{{ efs_target }}:/" - fstype: efs - opts: "defaults,_netdev" + src: "{{ efs_target }}:{{ efs_src_dir }}" + fstype: "{{ efs_type }}" + opts: "{{ efs_mount_options }}" state: mounted diff --git a/roles/crowd_config/tasks/main.yml b/roles/crowd_config/tasks/main.yml index cd59fb6..fc21565 100644 --- a/roles/crowd_config/tasks/main.yml +++ b/roles/crowd_config/tasks/main.yml @@ -27,7 +27,7 @@ insertafter: "EOF" line: 'export CATALINA_OPTS="${CATALINA_OPTS} {{ atl_catalina_opts }} {{ atl_catalina_opts_extra }}"' -- name: Set JAVA_HOME +- name: Set JAVA_HOME #FIXME lineinfile: path: "{{ atl_product_installation_versioned }}/apache-tomcat/bin/setenv.sh" insertafter: "EOF" From 931113c83c7082b0e5652f23d761e65567f3d3fb Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Wed, 21 Aug 2019 14:29:03 +1000 Subject: [PATCH 3/6] ITOPS-2059 adding a playbook to set up the clone nfs server --- aws_clone_nfs.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 aws_clone_nfs.yml diff --git a/aws_clone_nfs.yml b/aws_clone_nfs.yml new file mode 100644 index 0000000..0d299c4 --- /dev/null +++ b/aws_clone_nfs.yml @@ -0,0 +1,17 @@ +--- +- hosts: aws_node_local + become: true + + vars: + # See group_vars/aws_node_local.yml, which pull vars from the environment. + atl_product_family: "nfs_server" + atl_product_edition: "nfs_server" + atl_product_user: "atlassian" + + atl_nfs_mountpoint: "{{ atl_shared_mountpoint }}/{{ atl_product_user }}/shared" + atl_nfs_target: "{{ atl_shared_mountpoint }}/{{ atl_product_user }}/shared" + + roles: + - role: linux_common + - role: aws_common + - role: nfs_server \ No newline at end of file From 7da4fab7b456428c6730f4a51a4013a999c54133 Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Thu, 22 Aug 2019 12:55:06 +1000 Subject: [PATCH 4/6] ITOPS-2059 we want the ability to pick our uid so backups don't need to be chowned --- group_vars/aws_node_local.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/aws_node_local.yml b/group_vars/aws_node_local.yml index ab854c1..93cf012 100644 --- a/group_vars/aws_node_local.yml +++ b/group_vars/aws_node_local.yml @@ -15,7 +15,7 @@ git_version: "2.14.4" atl_shared_mountpoint: "/media/atl" # Simplify NFS mapping by using a fixed UID -atl_product_user_uid: '2001' +atl_product_user_uid: "{{ lookup('env', 'ATL_PRODUCT_USER_UID') or '2001' }}" # FIXME: Some of these should be overridden from the environment? atl_home_base: "/var/atlassian/application-data" From 324dfb12e21c9e83ed07113a1319860c4727b460 Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Thu, 22 Aug 2019 13:08:20 +1000 Subject: [PATCH 5/6] ITOPS-2059 specifying to manually create the group as well so that gids can be predictable if uid is <=1000 --- roles/linux_common/tasks/main.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/roles/linux_common/tasks/main.yml b/roles/linux_common/tasks/main.yml index 8ea4b52..bfd899f 100644 --- a/roles/linux_common/tasks/main.yml +++ b/roles/linux_common/tasks/main.yml @@ -15,8 +15,14 @@ - fontconfig - python-psycopg2 +- name: Create product group + group: + name: "{{ atl_product_user }}" + gid: "{{ atl_product_user_uid }}" + - name: Create product user user: name: "{{ atl_product_user }}" uid: "{{ atl_product_user_uid }}" - comment: "Product runtime user" + group: "{{ atl_product_user }}" + comment: "Product runtime user" \ No newline at end of file From ccde4dfc1f12908652134d253e4c6a648f260320 Mon Sep 17 00:00:00 2001 From: Geoff Jacobs Date: Mon, 26 Aug 2019 14:20:12 +1000 Subject: [PATCH 6/6] ITOPS-2059 renaming aws_efs_config to aws_shared_fs_config as per PR feedback --- aws_confluence_dc_node.yml | 2 +- aws_confluence_synchrony_node.yml | 2 +- aws_crowd_dc_node.yml | 2 +- aws_jira_dc_node.yml | 2 +- .../{aws_efs_config => aws_shared_fs_config}/defaults/main.yml | 0 roles/{aws_efs_config => aws_shared_fs_config}/meta/main.yml | 0 roles/{aws_efs_config => aws_shared_fs_config}/tasks/main.yml | 0 7 files changed, 4 insertions(+), 4 deletions(-) rename roles/{aws_efs_config => aws_shared_fs_config}/defaults/main.yml (100%) rename roles/{aws_efs_config => aws_shared_fs_config}/meta/main.yml (100%) rename roles/{aws_efs_config => aws_shared_fs_config}/tasks/main.yml (100%) diff --git a/aws_confluence_dc_node.yml b/aws_confluence_dc_node.yml index ca0e9f9..979f96b 100644 --- a/aws_confluence_dc_node.yml +++ b/aws_confluence_dc_node.yml @@ -14,7 +14,7 @@ roles: - role: linux_common - role: aws_common - - role: aws_efs_config + - role: aws_shared_fs_config - role: product_common - role: product_install - role: database_init diff --git a/aws_confluence_synchrony_node.yml b/aws_confluence_synchrony_node.yml index 1fb6834..ed05766 100644 --- a/aws_confluence_synchrony_node.yml +++ b/aws_confluence_synchrony_node.yml @@ -20,7 +20,7 @@ roles: - role: linux_common - role: aws_common - - role: aws_efs_config + - role: aws_shared_fs_config - role: product_common - role: product_install - role: confluence_common diff --git a/aws_crowd_dc_node.yml b/aws_crowd_dc_node.yml index f2755e0..9259979 100644 --- a/aws_crowd_dc_node.yml +++ b/aws_crowd_dc_node.yml @@ -13,7 +13,7 @@ roles: - role: linux_common - role: aws_common - - role: aws_efs_config + - role: aws_shared_fs_config - role: product_common - role: product_install - role: database_init diff --git a/aws_jira_dc_node.yml b/aws_jira_dc_node.yml index 790a881..29f1333 100644 --- a/aws_jira_dc_node.yml +++ b/aws_jira_dc_node.yml @@ -11,7 +11,7 @@ roles: - role: linux_common - role: aws_common - - role: aws_efs_config + - role: aws_shared_fs_config - role: product_common - role: product_install - role: database_init diff --git a/roles/aws_efs_config/defaults/main.yml b/roles/aws_shared_fs_config/defaults/main.yml similarity index 100% rename from roles/aws_efs_config/defaults/main.yml rename to roles/aws_shared_fs_config/defaults/main.yml diff --git a/roles/aws_efs_config/meta/main.yml b/roles/aws_shared_fs_config/meta/main.yml similarity index 100% rename from roles/aws_efs_config/meta/main.yml rename to roles/aws_shared_fs_config/meta/main.yml diff --git a/roles/aws_efs_config/tasks/main.yml b/roles/aws_shared_fs_config/tasks/main.yml similarity index 100% rename from roles/aws_efs_config/tasks/main.yml rename to roles/aws_shared_fs_config/tasks/main.yml