diff --git a/group_vars/aws_node_local.yml b/group_vars/aws_node_local.yml
index bb380b9..89c158e 100644
--- a/group_vars/aws_node_local.yml
+++ b/group_vars/aws_node_local.yml
@@ -66,6 +66,7 @@ atl_aws_enable_cloudwatch_logs: "{{ lookup('env', 'ATL_AWS_ENABLE_CLOUDWATCH_LOG
atl_db_engine: "{{ lookup('env', 'ATL_DB_ENGINE') }}"
atl_db_host: "{{ lookup('env', 'ATL_DB_HOST') }}"
atl_db_port: "{{ lookup('env', 'ATL_DB_PORT') or '5432' }}"
+atl_db_root_db_name: "{{ lookup('env', 'ATL_DB_ROOT_DB_NAME') or 'postgres' }}"
atl_db_root_user: "{{ lookup('env', 'ATL_DB_ROOT_USER') or 'postgres' }}"
atl_db_root_password: "{{ lookup('env', 'ATL_DB_ROOT_PASSWORD') }}"
atl_db_driver: "{{ lookup('env', 'ATL_DB_DRIVER') or 'org.postgresql.Driver' }}"
diff --git a/roles/confluence_config/defaults/main.yml b/roles/confluence_config/defaults/main.yml
index 22ed871..d0e4fa4 100644
--- a/roles/confluence_config/defaults/main.yml
+++ b/roles/confluence_config/defaults/main.yml
@@ -28,9 +28,9 @@ atl_catalina_opts_extra: >-
-XX:+PrintGCDetails
-XX:+PrintTenuringDistribution
-Dsynchrony.proxy.enabled=false
- -Dsynchrony.service.url={{ atl_synchrony_service_url }}
-Dconfluence.cluster.node.name={{ atl_local_ipv4 }}
-Dconfluence.cluster.hazelcast.max.no.heartbeat.seconds=60
+ {% if atl_synchrony_service_url|string|length %}-Dsynchrony.service.url={{ atl_synchrony_service_url }}{% endif %}
atl_tomcat_port: "8080"
atl_tomcat_mgmt_port: "8005"
diff --git a/roles/confluence_config/molecule/default/playbook.yml b/roles/confluence_config/molecule/default/playbook.yml
index 612f584..93c91ec 100644
--- a/roles/confluence_config/molecule/default/playbook.yml
+++ b/roles/confluence_config/molecule/default/playbook.yml
@@ -14,6 +14,9 @@
atl_cluster_node_id: 'FAKEID'
atl_autologin_cookie_age: "COOKIEAGE"
atl_local_ipv4: "1.1.1.1"
+ atl_tomcat_scheme: "http"
+ atl_proxy_name: "localhost"
+ atl_proxy_port: "80"
roles:
- role: linux_common
diff --git a/roles/confluence_config/molecule/default/tests/test_default.py b/roles/confluence_config/molecule/default/tests/test_default.py
index 16c0a94..1d994ab 100644
--- a/roles/confluence_config/molecule/default/tests/test_default.py
+++ b/roles/confluence_config/molecule/default/tests/test_default.py
@@ -48,8 +48,8 @@ def test_server_file(host):
assert f.contains('acceptCount="10"')
assert f.contains('secure="false"')
assert f.contains('scheme="http"')
- assert not f.contains('proxyName=')
- assert not f.contains('proxyPort=')
+ assert f.contains('proxyName=')
+ assert f.contains('proxyPort=')
def test_install_permissions(host):
assert host.file('/opt/atlassian/confluence/current/conf/server.xml').user == 'root'
diff --git a/roles/confluence_config/tasks/main.yml b/roles/confluence_config/tasks/main.yml
index 80473c8..e086d09 100644
--- a/roles/confluence_config/tasks/main.yml
+++ b/roles/confluence_config/tasks/main.yml
@@ -70,7 +70,6 @@
owner: "{{ atl_product_user }}"
group: "{{ atl_product_user }}"
-
- name: Limit permissions on the installation directory
file:
path: "{{ atl_product_installation_versioned }}"
@@ -97,3 +96,20 @@
- "{{ atl_product_installation_versioned }}/temp"
- "{{ atl_product_installation_versioned }}/work"
changed_when: false # For Molecule idempotence check
+
+- name: Assert baseurl to same as atl_proxy_name
+ postgresql_query:
+ login_host: "{{ atl_db_host }}"
+ login_user: "{{ atl_jdbc_user }}"
+ login_password: "{{ atl_jdbc_password }}"
+ db: "{{ atl_jdbc_db_name }}"
+ query: >
+ update bandana set bandanavalue=regexp_replace(bandanavalue, %s, %s)
+ where bandanacontext = '_GLOBAL' and bandanakey = 'atlassian.confluence.settings';
+ positional_args:
+ - ".*"
+ - "{{ atl_tomcat_scheme }}://{{ atl_proxy_name }}"
+ when:
+ - atl_proxy_name is defined
+ - atl_tomcat_scheme is defined
+ ignore_errors: yes # For Molecule as it has no db test framework included
diff --git a/roles/confluence_config/templates/seraph-config.xml.j2 b/roles/confluence_config/templates/seraph-config.xml.j2
index 8c91e87..af64485 100644
--- a/roles/confluence_config/templates/seraph-config.xml.j2
+++ b/roles/confluence_config/templates/seraph-config.xml.j2
@@ -16,8 +16,8 @@
login.cookie.key
seraph.confluence
-
- {% if atl_autologin_cookie_age is defined and atl_autologin_cookie_age|length %}
+
+ {% if atl_autologin_cookie_age is defined and atl_autologin_cookie_age is not none %}
autologin.cookie.age
{{ atl_autologin_cookie_age }}
diff --git a/roles/database_init/defaults/main.yml b/roles/database_init/defaults/main.yml
index 4620228..8d4d128 100644
--- a/roles/database_init/defaults/main.yml
+++ b/roles/database_init/defaults/main.yml
@@ -1,6 +1,7 @@
---
atl_db_port: '5432'
+atl_db_root_db_name: 'postgres'
atl_db_root_user: 'postgres'
atl_jdbc_encoding: 'UTF-8'
atl_jdbc_collation: 'C'
diff --git a/roles/database_init/tasks/main.yml b/roles/database_init/tasks/main.yml
index 8827f99..10b0051 100644
--- a/roles/database_init/tasks/main.yml
+++ b/roles/database_init/tasks/main.yml
@@ -1,16 +1,40 @@
---
-- block:
+- name: Create application DB user
+ postgresql_user:
+ login_host: "{{ atl_db_host }}"
+ login_user: "{{ atl_db_root_user }}"
+ login_password: "{{ atl_db_root_password }}"
+ port: "{{ atl_db_port }}"
+ name: "{{ atl_jdbc_user }}"
+ password: "{{ atl_jdbc_password }}"
+ expires: 'infinity'
- - name: Create application DB user
- postgresql_user:
- login_host: "{{ atl_db_host }}"
- login_user: "{{ atl_db_root_user }}"
- login_password: "{{ atl_db_root_password }}"
- port: "{{ atl_db_port }}"
- name: "{{ atl_jdbc_user }}"
- password: "{{ atl_jdbc_password }}"
- expires: 'infinity'
+- name: Assert ownership of public schema
+ postgresql_query:
+ login_host: "{{ atl_db_host }}"
+ login_user: "{{ atl_db_root_user }}"
+ login_password: "{{ atl_db_root_password }}"
+ db: "{{ atl_db_root_db_name }}"
+ query: "ALTER SCHEMA public OWNER to {{ atl_db_root_user }};"
+
+- name: Grant privs to root user on public schema
+ postgresql_query:
+ login_host: "{{ atl_db_host }}"
+ login_user: "{{ atl_db_root_user }}"
+ login_password: "{{ atl_db_root_password }}"
+ db: "{{ atl_db_root_db_name }}"
+ query: "GRANT ALL ON SCHEMA public TO {{ atl_db_root_user }};"
+
+- name: Grant privs to application user on public schema
+ postgresql_query:
+ login_host: "{{ atl_db_host }}"
+ login_user: "{{ atl_db_root_user }}"
+ login_password: "{{ atl_db_root_password }}"
+ db: "{{ atl_db_root_db_name }}"
+ query: "GRANT ALL ON SCHEMA public TO {{ atl_jdbc_user }};"
+
+- block:
- name: Update root privs for new user
postgresql_privs: