Merged in feature/ITOPSENG-277-itops-required-changes-for-confluence (pull request #57)

Feature/ITOPSENG-277 itops required changes for confluence

Approved-by: Ben Partridge <bpartridge@atlassian.com>

group_vars/aws_node_local.yml

@@ -66,6 +66,7 @@ atl_aws_enable_cloudwatch_logs: "{{ lookup('env', 'ATL_AWS_ENABLE_CLOUDWATCH_LOG
 atl_db_engine: "{{ lookup('env', 'ATL_DB_ENGINE') }}"
 atl_db_host: "{{ lookup('env', 'ATL_DB_HOST') }}"
 atl_db_port: "{{ lookup('env', 'ATL_DB_PORT') or '5432' }}"
+atl_db_root_db_name: "{{ lookup('env', 'ATL_DB_ROOT_DB_NAME') or 'postgres' }}"
 atl_db_root_user: "{{ lookup('env', 'ATL_DB_ROOT_USER') or 'postgres' }}"
 atl_db_root_password: "{{ lookup('env', 'ATL_DB_ROOT_PASSWORD') }}"
 atl_db_driver: "{{ lookup('env', 'ATL_DB_DRIVER') or 'org.postgresql.Driver' }}"

roles/confluence_config/defaults/main.yml

@@ -28,9 +28,9 @@ atl_catalina_opts_extra: >-
   -XX:+PrintGCDetails
   -XX:+PrintTenuringDistribution
   -Dsynchrony.proxy.enabled=false
-  -Dsynchrony.service.url={{ atl_synchrony_service_url }}
   -Dconfluence.cluster.node.name={{ atl_local_ipv4 }}
   -Dconfluence.cluster.hazelcast.max.no.heartbeat.seconds=60
+  {% if atl_synchrony_service_url|string|length %}-Dsynchrony.service.url={{ atl_synchrony_service_url }}{% endif %}
 
 atl_tomcat_port: "8080"
 atl_tomcat_mgmt_port: "8005"

roles/confluence_config/molecule/default/playbook.yml

@@ -14,6 +14,9 @@
     atl_cluster_node_id: 'FAKEID'
     atl_autologin_cookie_age: "COOKIEAGE"
     atl_local_ipv4: "1.1.1.1"
+    atl_tomcat_scheme: "http"
+    atl_proxy_name: "localhost"
+    atl_proxy_port: "80"
 
   roles:
     - role: linux_common

roles/confluence_config/molecule/default/tests/test_default.py

@@ -48,8 +48,8 @@ def test_server_file(host):
     assert f.contains('acceptCount="10"')
     assert f.contains('secure="false"')
     assert f.contains('scheme="http"')
-    assert not f.contains('proxyName=')
-    assert not f.contains('proxyPort=')
+    assert f.contains('proxyName=')
+    assert f.contains('proxyPort=')
 
 def test_install_permissions(host):
     assert host.file('/opt/atlassian/confluence/current/conf/server.xml').user == 'root'

roles/confluence_config/tasks/main.yml

@@ -70,7 +70,6 @@
     owner: "{{ atl_product_user }}"
     group: "{{ atl_product_user }}"
 
-
 - name: Limit permissions on the installation directory
   file:
     path: "{{ atl_product_installation_versioned }}"
@@ -97,3 +96,20 @@
     - "{{ atl_product_installation_versioned }}/temp"
     - "{{ atl_product_installation_versioned }}/work"
   changed_when: false  # For Molecule idempotence check
+
+- name: Assert baseurl to same as atl_proxy_name
+  postgresql_query:
+    login_host: "{{ atl_db_host }}"
+    login_user: "{{ atl_jdbc_user }}"
+    login_password: "{{ atl_jdbc_password }}"
+    db: "{{ atl_jdbc_db_name }}"
+    query: >
+      update bandana set bandanavalue=regexp_replace(bandanavalue, %s, %s)
+      where bandanacontext = '_GLOBAL' and bandanakey = 'atlassian.confluence.settings';
+    positional_args:
+      - "<baseUrl>.*</baseUrl>"
+      - "<baseUrl>{{ atl_tomcat_scheme }}://{{ atl_proxy_name }}</baseUrl>"
+  when:
+    - atl_proxy_name is defined
+    - atl_tomcat_scheme is defined
+  ignore_errors: yes  # For Molecule as it has no db test framework included

roles/confluence_config/templates/seraph-config.xml.j2

@@ -16,8 +16,8 @@
             <param-name>login.cookie.key</param-name>
             <param-value>seraph.confluence</param-value>
         </init-param>
- 
-        {% if atl_autologin_cookie_age is defined and atl_autologin_cookie_age|length %}
+
+        {% if atl_autologin_cookie_age is defined and atl_autologin_cookie_age is not none %}
             <init-param>
                 <param-name>autologin.cookie.age</param-name>
                 <param-value>{{ atl_autologin_cookie_age }}</param-value>

roles/database_init/defaults/main.yml

@@ -1,6 +1,7 @@
 ---
 
 atl_db_port: '5432'
+atl_db_root_db_name: 'postgres'
 atl_db_root_user: 'postgres'
 atl_jdbc_encoding: 'UTF-8'
 atl_jdbc_collation: 'C'

roles/database_init/tasks/main.yml

@@ -1,16 +1,40 @@
 ---
 
-- block:
+- name: Create application DB user
+  postgresql_user:
+    login_host: "{{ atl_db_host }}"
+    login_user: "{{ atl_db_root_user }}"
+    login_password: "{{ atl_db_root_password }}"
+    port: "{{ atl_db_port }}"
+    name: "{{ atl_jdbc_user }}"
+    password: "{{ atl_jdbc_password }}"
+    expires: 'infinity'
 
-    - name: Create application DB user
-      postgresql_user:
-        login_host: "{{ atl_db_host }}"
-        login_user: "{{ atl_db_root_user }}"
-        login_password: "{{ atl_db_root_password }}"
-        port: "{{ atl_db_port }}"
-        name: "{{ atl_jdbc_user }}"
-        password: "{{ atl_jdbc_password }}"
-        expires: 'infinity'
+- name: Assert ownership of public schema
+  postgresql_query:
+    login_host: "{{ atl_db_host }}"
+    login_user: "{{ atl_db_root_user }}"
+    login_password: "{{ atl_db_root_password }}"
+    db: "{{ atl_db_root_db_name }}"
+    query: "ALTER SCHEMA public OWNER to {{ atl_db_root_user }};"
+
+- name: Grant privs to root user on public schema
+  postgresql_query:
+    login_host: "{{ atl_db_host }}"
+    login_user: "{{ atl_db_root_user }}"
+    login_password: "{{ atl_db_root_password }}"
+    db: "{{ atl_db_root_db_name }}"
+    query: "GRANT ALL ON SCHEMA public TO {{ atl_db_root_user }};"
+
+- name: Grant privs to application user on public schema
+  postgresql_query:
+    login_host: "{{ atl_db_host }}"
+    login_user: "{{ atl_db_root_user }}"
+    login_password: "{{ atl_db_root_password }}"
+    db: "{{ atl_db_root_db_name }}"
+    query: "GRANT ALL ON SCHEMA public TO {{ atl_jdbc_user }};"
+
+- block:
 
     - name: Update root privs for new user
       postgresql_privs: