From e8489678a544f6c20d151c80e9e0323d1687b485 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Thu, 24 Oct 2019 12:34:42 +1100 Subject: [PATCH 01/25] ITOPSENG-277 fixed bad path for synchrony wrapper script --- roles/synchrony_config/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/synchrony_config/tasks/main.yml b/roles/synchrony_config/tasks/main.yml index 966e84f..f3cf3f2 100644 --- a/roles/synchrony_config/tasks/main.yml +++ b/roles/synchrony_config/tasks/main.yml @@ -3,7 +3,7 @@ - name: Install the startup wrapper script copy: src: start-synchrony - dest: "{{ atl_installation_base }}/bin/start-synchrony" + dest: "{{ atl_product_installation_current }}/bin/start-synchrony" group: "{{ atl_product_user }}" mode: "0750" From 4e5bd0b16d372f7ae3cfa61c54ca3bebb361d325 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Thu, 24 Oct 2019 14:44:32 +1100 Subject: [PATCH 02/25] ITOPSENG-277 fixed startup exec path for synchrony service --- aws_confluence_synchrony_node.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws_confluence_synchrony_node.yml b/aws_confluence_synchrony_node.yml index ed05766..3d13d85 100644 --- a/aws_confluence_synchrony_node.yml +++ b/aws_confluence_synchrony_node.yml @@ -14,7 +14,7 @@ - "EnvironmentFile=/etc/atl.synchrony" - "WorkingDirectory={{ atl_product_installation_current }}/logs/" atl_startup_exec_options: [] - atl_startup_exec_path: "{{ atl_installation_base }}/bin/start-synchrony" + atl_startup_exec_path: "{{ atl_product_installation_current }}/bin/start-synchrony" atl_systemd_service_name: "synchrony.service" roles: From c0d2eb2674ae4c87bb987c744f7a4dd47613e47f Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Thu, 21 Nov 2019 15:43:43 +1100 Subject: [PATCH 03/25] ITOPSENG-277 allow cloned to update the jdbc_user password --- roles/database_init/tasks/main.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/database_init/tasks/main.yml b/roles/database_init/tasks/main.yml index 8827f99..2df59db 100644 --- a/roles/database_init/tasks/main.yml +++ b/roles/database_init/tasks/main.yml @@ -1,16 +1,16 @@ --- -- block: +- name: Create application DB user + postgresql_user: + login_host: "{{ atl_db_host }}" + login_user: "{{ atl_db_root_user }}" + login_password: "{{ atl_db_root_password }}" + port: "{{ atl_db_port }}" + name: "{{ atl_jdbc_user }}" + password: "{{ atl_jdbc_password }}" + expires: 'infinity' - - name: Create application DB user - postgresql_user: - login_host: "{{ atl_db_host }}" - login_user: "{{ atl_db_root_user }}" - login_password: "{{ atl_db_root_password }}" - port: "{{ atl_db_port }}" - name: "{{ atl_jdbc_user }}" - password: "{{ atl_jdbc_password }}" - expires: 'infinity' +- block: - name: Update root privs for new user postgresql_privs: From 3feeec1185dabfe2a3c6a111ef275bce40e1dd51 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Mon, 25 Nov 2019 15:37:43 +1100 Subject: [PATCH 04/25] ITOPSENG-277 only write synchrony.service.url if it has a value --- roles/synchrony_config/templates/atl.synchrony.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/synchrony_config/templates/atl.synchrony.j2 b/roles/synchrony_config/templates/atl.synchrony.j2 index e340fa3..6a90f7d 100644 --- a/roles/synchrony_config/templates/atl.synchrony.j2 +++ b/roles/synchrony_config/templates/atl.synchrony.j2 @@ -19,7 +19,9 @@ ATL_SYNCHRONY_JVM_PROPERTIES="{{ atl_synchrony_stack_space }} {{ atl_synchrony_m -Dsynchrony.cluster.bind={{ atl_local_ipv4 }} \ -Dcluster.interfaces={{ atl_local_ipv4 }} \ -Dsynchrony.cluster.base.port=25500 \ + {% if atl_synchrony_service_url|length %} -Dsynchrony.service.url={{ atl_synchrony_service_url }} \ + {% endif %} -Dsynchrony.context.path=/synchrony \ -Dsynchrony.port=8091 \ -Dcluster.name=Synchrony-Cluster \ From 49066285a80db3de6b211d7b01bbc249b654d0a7 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Tue, 26 Nov 2019 09:20:06 +1100 Subject: [PATCH 05/25] ITOPSENG-277 only write synchrony.service.url if it has a value(in the right place this time) --- roles/confluence_config/defaults/main.yml | 3 ++- roles/synchrony_config/templates/atl.synchrony.j2 | 2 -- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/confluence_config/defaults/main.yml b/roles/confluence_config/defaults/main.yml index 22ed871..783a567 100644 --- a/roles/confluence_config/defaults/main.yml +++ b/roles/confluence_config/defaults/main.yml @@ -17,6 +17,7 @@ atl_hazelcast_network_aws_iam_role: "{{ lookup('env', 'ATL_HAZELCAST_NETWORK_AWS atl_hazelcast_network_aws_tag_value: "{{ lookup('env', 'ATL_HAZELCAST_NETWORK_AWS_TAG_VALUE') }}" atl_catalina_opts: "" +atl_synchrony_url: "{% if atl_synchrony_service_url|length %}-Dsynchrony.service.url={{ atl_synchrony_service_url }}{% endif %}" atl_catalina_opts_extra: >- -Datlassian.event.thread_pool_configuration.queue_size=4096 -Datlassian.plugins.enable.wait=300 @@ -28,9 +29,9 @@ atl_catalina_opts_extra: >- -XX:+PrintGCDetails -XX:+PrintTenuringDistribution -Dsynchrony.proxy.enabled=false - -Dsynchrony.service.url={{ atl_synchrony_service_url }} -Dconfluence.cluster.node.name={{ atl_local_ipv4 }} -Dconfluence.cluster.hazelcast.max.no.heartbeat.seconds=60 + {% if atl_synchrony_service_url|length %}-Dsynchrony.service.url={{ atl_synchrony_service_url }}{% endif %} atl_tomcat_port: "8080" atl_tomcat_mgmt_port: "8005" diff --git a/roles/synchrony_config/templates/atl.synchrony.j2 b/roles/synchrony_config/templates/atl.synchrony.j2 index 6a90f7d..e340fa3 100644 --- a/roles/synchrony_config/templates/atl.synchrony.j2 +++ b/roles/synchrony_config/templates/atl.synchrony.j2 @@ -19,9 +19,7 @@ ATL_SYNCHRONY_JVM_PROPERTIES="{{ atl_synchrony_stack_space }} {{ atl_synchrony_m -Dsynchrony.cluster.bind={{ atl_local_ipv4 }} \ -Dcluster.interfaces={{ atl_local_ipv4 }} \ -Dsynchrony.cluster.base.port=25500 \ - {% if atl_synchrony_service_url|length %} -Dsynchrony.service.url={{ atl_synchrony_service_url }} \ - {% endif %} -Dsynchrony.context.path=/synchrony \ -Dsynchrony.port=8091 \ -Dcluster.name=Synchrony-Cluster \ From c3fd34b134c15fe8030328543e4b978c370f9fb4 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Thu, 28 Nov 2019 14:35:41 +1100 Subject: [PATCH 06/25] ITOPSENG-277 handle updating base_url --- aws_confluence_dc_node.yml | 4 +++- bin/ansible-with-atl-env | 2 ++ roles/confluence_config/tasks/main.yml | 13 ++++++++++++- .../templates/seraph-config.xml.j2 | 6 +++--- 4 files changed, 20 insertions(+), 5 deletions(-) diff --git a/aws_confluence_dc_node.yml b/aws_confluence_dc_node.yml index 979f96b..f2f9a34 100644 --- a/aws_confluence_dc_node.yml +++ b/aws_confluence_dc_node.yml @@ -7,10 +7,12 @@ atl_product_family: "confluence" atl_product_user: "confluence" atl_product_edition: "confluence" - atl_jdbc_encoding: 'UTF-8' atl_jdbc_collation: 'en_US.UTF-8' + vars_files: + - /etc/atl_vars.yml + roles: - role: linux_common - role: aws_common diff --git a/bin/ansible-with-atl-env b/bin/ansible-with-atl-env index 3685381..bc97f57 100755 --- a/bin/ansible-with-atl-env +++ b/bin/ansible-with-atl-env @@ -10,6 +10,8 @@ ENV_FILE=${4:-"/etc/atl"} export PATH=/usr/local/bin:$PATH +# get /etc/atl into usable vars which can be included in ansible playbooks +grep -v PASSWORD /etc/atl | sed -r -e 's/(^.+)(=)(.*$)/\L\1:\ \3/g' > /etc/atl_vars.yml # Set the environment with default exports set -a diff --git a/roles/confluence_config/tasks/main.yml b/roles/confluence_config/tasks/main.yml index f1e69fc..b8b5131 100644 --- a/roles/confluence_config/tasks/main.yml +++ b/roles/confluence_config/tasks/main.yml @@ -52,7 +52,6 @@ owner: "{{ atl_product_user }}" group: "{{ atl_product_user }}" - - name: Limit permissions on the installation directory file: path: "{{ atl_product_installation_versioned }}" @@ -79,3 +78,15 @@ - "{{ atl_product_installation_versioned }}/temp" - "{{ atl_product_installation_versioned }}/work" changed_when: false # For Molecule idempotence check + +- name: Assert baseurl to same as atl_proxy_name + postgresql_query: + login_host: "{{ atl_db_host }}" + login_user: "{{ atl_jdbc_user }}" + login_password: "{{ atl_jdbc_password }}" + db: "{{ atl_jdbc_db_name }}" + query: update bandana set bandanavalue=regexp_replace(%s, %s, %s) where bandanacontext = '_GLOBAL' and bandanakey = 'atlassian.confluence.settings'; + positional_args: + - bandanavalue + - .* + - "{{ atl_tomcat_scheme }}://{{ atl_proxy_name }}" diff --git a/roles/confluence_config/templates/seraph-config.xml.j2 b/roles/confluence_config/templates/seraph-config.xml.j2 index 8c91e87..5839e9a 100644 --- a/roles/confluence_config/templates/seraph-config.xml.j2 +++ b/roles/confluence_config/templates/seraph-config.xml.j2 @@ -1,4 +1,4 @@ - +grep login.url @@ -16,8 +16,8 @@ login.cookie.key seraph.confluence - - {% if atl_autologin_cookie_age is defined and atl_autologin_cookie_age|length %} + + {% if atl_autologin_cookie_age is defined and atl_autologin_cookie_age is not none %} autologin.cookie.age {{ atl_autologin_cookie_age }} From 078eb1ed7ffe172fdd46ee0fb980d15613a02b06 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Thu, 28 Nov 2019 15:09:57 +1100 Subject: [PATCH 07/25] ITOPSENG-277 fix indent for baseurl task --- roles/confluence_config/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/confluence_config/tasks/main.yml b/roles/confluence_config/tasks/main.yml index b8b5131..e4c6329 100644 --- a/roles/confluence_config/tasks/main.yml +++ b/roles/confluence_config/tasks/main.yml @@ -87,6 +87,6 @@ db: "{{ atl_jdbc_db_name }}" query: update bandana set bandanavalue=regexp_replace(%s, %s, %s) where bandanacontext = '_GLOBAL' and bandanakey = 'atlassian.confluence.settings'; positional_args: - - bandanavalue - - .* - - "{{ atl_tomcat_scheme }}://{{ atl_proxy_name }}" + - bandanavalue + - .* + - "{{ atl_tomcat_scheme }}://{{ atl_proxy_name }}" From f48ad28f633554a2e96fea2f8d2d1c45b03e3151 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Thu, 28 Nov 2019 17:07:14 +1100 Subject: [PATCH 08/25] ITOPSENG-277 add the atl vars for the tests --- roles/confluence_config/molecule/aurora/playbook.yml | 2 ++ roles/confluence_config/molecule/default/playbook.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/roles/confluence_config/molecule/aurora/playbook.yml b/roles/confluence_config/molecule/aurora/playbook.yml index d57ff60..b16dc17 100644 --- a/roles/confluence_config/molecule/aurora/playbook.yml +++ b/roles/confluence_config/molecule/aurora/playbook.yml @@ -14,6 +14,8 @@ atl_cluster_node_id: 'FAKEID' atl_autologin_cookie_age: "COOKIEAGE" atl_local_ipv4: "1.1.1.1" + atl_tomcat_scheme: "http" + atl_proxy_name: "localhost." roles: - role: linux_common diff --git a/roles/confluence_config/molecule/default/playbook.yml b/roles/confluence_config/molecule/default/playbook.yml index 612f584..d29762a 100644 --- a/roles/confluence_config/molecule/default/playbook.yml +++ b/roles/confluence_config/molecule/default/playbook.yml @@ -14,6 +14,8 @@ atl_cluster_node_id: 'FAKEID' atl_autologin_cookie_age: "COOKIEAGE" atl_local_ipv4: "1.1.1.1" + atl_tomcat_scheme: "http" + atl_proxy_name: "localhost" roles: - role: linux_common From 3c4beba750360d9b4eb3aa1b359662831fc30a76 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Mon, 2 Dec 2019 13:05:42 +1100 Subject: [PATCH 09/25] ITOPSENG-277 make tests pass --- roles/confluence_config/molecule/aurora/playbook.yml | 2 +- roles/confluence_config/tasks/main.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/confluence_config/molecule/aurora/playbook.yml b/roles/confluence_config/molecule/aurora/playbook.yml index b16dc17..67cc0af 100644 --- a/roles/confluence_config/molecule/aurora/playbook.yml +++ b/roles/confluence_config/molecule/aurora/playbook.yml @@ -15,7 +15,7 @@ atl_autologin_cookie_age: "COOKIEAGE" atl_local_ipv4: "1.1.1.1" atl_tomcat_scheme: "http" - atl_proxy_name: "localhost." + atl_proxy_name: "localhost" roles: - role: linux_common diff --git a/roles/confluence_config/tasks/main.yml b/roles/confluence_config/tasks/main.yml index e4c6329..ebfc4f5 100644 --- a/roles/confluence_config/tasks/main.yml +++ b/roles/confluence_config/tasks/main.yml @@ -90,3 +90,4 @@ - bandanavalue - .* - "{{ atl_tomcat_scheme }}://{{ atl_proxy_name }}" + ignore_errors: yes # For Molecule as it has no db test framework included From dfa68eda31941675ea0e57b195eefe8b71f38da5 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Tue, 3 Dec 2019 13:12:42 +1100 Subject: [PATCH 10/25] ITOPSENG-277 fix bad focus mispaste in seraph-config.xml.j2 --- roles/confluence_config/templates/seraph-config.xml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/confluence_config/templates/seraph-config.xml.j2 b/roles/confluence_config/templates/seraph-config.xml.j2 index 5839e9a..af64485 100644 --- a/roles/confluence_config/templates/seraph-config.xml.j2 +++ b/roles/confluence_config/templates/seraph-config.xml.j2 @@ -1,4 +1,4 @@ -grep + login.url From b102f6b9a4f93fb1b5a943c8a4af0daa09f41b45 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Wed, 4 Dec 2019 14:53:08 +1100 Subject: [PATCH 11/25] ITOPSENG-277 ensure synchrony_service_url is a string before length count --- roles/confluence_config/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/confluence_config/defaults/main.yml b/roles/confluence_config/defaults/main.yml index 783a567..4b7f75a 100644 --- a/roles/confluence_config/defaults/main.yml +++ b/roles/confluence_config/defaults/main.yml @@ -31,7 +31,7 @@ atl_catalina_opts_extra: >- -Dsynchrony.proxy.enabled=false -Dconfluence.cluster.node.name={{ atl_local_ipv4 }} -Dconfluence.cluster.hazelcast.max.no.heartbeat.seconds=60 - {% if atl_synchrony_service_url|length %}-Dsynchrony.service.url={{ atl_synchrony_service_url }}{% endif %} + {% if atl_synchrony_service_url|string|length %}-Dsynchrony.service.url={{ atl_synchrony_service_url }}{% endif %} atl_tomcat_port: "8080" atl_tomcat_mgmt_port: "8005" From 72cecfe04d56869e3f563fedf7593dd1c16bd6e5 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Thu, 5 Dec 2019 11:50:14 +1100 Subject: [PATCH 12/25] ITOPSENG-101 fixed variable value case in /etc/atl_vars.yml --- bin/ansible-with-atl-env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/ansible-with-atl-env b/bin/ansible-with-atl-env index bc97f57..5c2ea21 100755 --- a/bin/ansible-with-atl-env +++ b/bin/ansible-with-atl-env @@ -11,7 +11,7 @@ ENV_FILE=${4:-"/etc/atl"} export PATH=/usr/local/bin:$PATH # get /etc/atl into usable vars which can be included in ansible playbooks -grep -v PASSWORD /etc/atl | sed -r -e 's/(^.+)(=)(.*$)/\L\1:\ \3/g' > /etc/atl_vars.yml +grep -v PASSWORD /etc/atl | sed -r -e 's/(^.+)(=)(.*$)/\L\1\E:\ \3/g' > /etc/atl_vars.yml # Set the environment with default exports set -a From fff55c54093565522c7934baea6ab837a871afe5 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Thu, 5 Dec 2019 13:43:06 +1100 Subject: [PATCH 13/25] ITOPSENG-277 added when suggested by Ben --- roles/confluence_config/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/confluence_config/tasks/main.yml b/roles/confluence_config/tasks/main.yml index ebfc4f5..307580e 100644 --- a/roles/confluence_config/tasks/main.yml +++ b/roles/confluence_config/tasks/main.yml @@ -90,4 +90,5 @@ - bandanavalue - .* - "{{ atl_tomcat_scheme }}://{{ atl_proxy_name }}" + when: atl_proxy_name is defined ignore_errors: yes # For Molecule as it has no db test framework included From 8c02ea36bbc0a2640197107eb6f35f06b6600c9c Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Thu, 5 Dec 2019 15:12:33 +1100 Subject: [PATCH 14/25] ITOPSENG-277 added fixes for tests as per discussion with Ben --- roles/confluence_config/molecule/aurora/playbook.yml | 2 -- .../confluence_config/molecule/default/tests/test_default.py | 2 -- roles/confluence_config/tasks/main.yml | 4 +++- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/roles/confluence_config/molecule/aurora/playbook.yml b/roles/confluence_config/molecule/aurora/playbook.yml index 67cc0af..d57ff60 100644 --- a/roles/confluence_config/molecule/aurora/playbook.yml +++ b/roles/confluence_config/molecule/aurora/playbook.yml @@ -14,8 +14,6 @@ atl_cluster_node_id: 'FAKEID' atl_autologin_cookie_age: "COOKIEAGE" atl_local_ipv4: "1.1.1.1" - atl_tomcat_scheme: "http" - atl_proxy_name: "localhost" roles: - role: linux_common diff --git a/roles/confluence_config/molecule/default/tests/test_default.py b/roles/confluence_config/molecule/default/tests/test_default.py index a8d3013..d74ba7b 100644 --- a/roles/confluence_config/molecule/default/tests/test_default.py +++ b/roles/confluence_config/molecule/default/tests/test_default.py @@ -38,8 +38,6 @@ def test_server_file(host): assert f.contains('acceptCount="10"') assert f.contains('secure="false"') assert f.contains('scheme="http"') - assert not f.contains('proxyName=') - assert not f.contains('proxyPort=') def test_install_permissions(host): assert host.file('/opt/atlassian/confluence/current/conf/server.xml').user == 'root' diff --git a/roles/confluence_config/tasks/main.yml b/roles/confluence_config/tasks/main.yml index 307580e..5ed6d66 100644 --- a/roles/confluence_config/tasks/main.yml +++ b/roles/confluence_config/tasks/main.yml @@ -90,5 +90,7 @@ - bandanavalue - .* - "{{ atl_tomcat_scheme }}://{{ atl_proxy_name }}" - when: atl_proxy_name is defined + when: + - atl_proxy_name is defined + - atl_tomcat_scheme is defined ignore_errors: yes # For Molecule as it has no db test framework included From bc8dd94e9c5e6db0cb9a35f93f430c98815b51a4 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Thu, 5 Dec 2019 16:14:18 +1100 Subject: [PATCH 15/25] ITOPSENG-277 removing slurping of all /etc/atl. DCD prefer explicit variable assignment --- aws_confluence_dc_node.yml | 3 --- bin/ansible-with-atl-env | 3 --- 2 files changed, 6 deletions(-) diff --git a/aws_confluence_dc_node.yml b/aws_confluence_dc_node.yml index f2f9a34..e33fe3d 100644 --- a/aws_confluence_dc_node.yml +++ b/aws_confluence_dc_node.yml @@ -10,9 +10,6 @@ atl_jdbc_encoding: 'UTF-8' atl_jdbc_collation: 'en_US.UTF-8' - vars_files: - - /etc/atl_vars.yml - roles: - role: linux_common - role: aws_common diff --git a/bin/ansible-with-atl-env b/bin/ansible-with-atl-env index 5c2ea21..072ff20 100755 --- a/bin/ansible-with-atl-env +++ b/bin/ansible-with-atl-env @@ -10,9 +10,6 @@ ENV_FILE=${4:-"/etc/atl"} export PATH=/usr/local/bin:$PATH -# get /etc/atl into usable vars which can be included in ansible playbooks -grep -v PASSWORD /etc/atl | sed -r -e 's/(^.+)(=)(.*$)/\L\1\E:\ \3/g' > /etc/atl_vars.yml - # Set the environment with default exports set -a source $ENV_FILE From 090b7a0a7461bf75d06e3ad9958411e4ba6483f7 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Thu, 5 Dec 2019 16:18:57 +1100 Subject: [PATCH 16/25] ITOPSENG-277 restored blank lines --- aws_confluence_dc_node.yml | 1 + bin/ansible-with-atl-env | 1 + 2 files changed, 2 insertions(+) diff --git a/aws_confluence_dc_node.yml b/aws_confluence_dc_node.yml index e33fe3d..979f96b 100644 --- a/aws_confluence_dc_node.yml +++ b/aws_confluence_dc_node.yml @@ -7,6 +7,7 @@ atl_product_family: "confluence" atl_product_user: "confluence" atl_product_edition: "confluence" + atl_jdbc_encoding: 'UTF-8' atl_jdbc_collation: 'en_US.UTF-8' diff --git a/bin/ansible-with-atl-env b/bin/ansible-with-atl-env index 072ff20..3685381 100755 --- a/bin/ansible-with-atl-env +++ b/bin/ansible-with-atl-env @@ -10,6 +10,7 @@ ENV_FILE=${4:-"/etc/atl"} export PATH=/usr/local/bin:$PATH + # Set the environment with default exports set -a source $ENV_FILE From 7ff68f61c72955166f228ef8b8768b06eefed1e5 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Thu, 5 Dec 2019 16:23:53 +1100 Subject: [PATCH 17/25] ITOPSENG-277 restore testing of proxy and port --- roles/confluence_config/molecule/default/playbook.yml | 1 + roles/confluence_config/molecule/default/tests/test_default.py | 2 ++ 2 files changed, 3 insertions(+) diff --git a/roles/confluence_config/molecule/default/playbook.yml b/roles/confluence_config/molecule/default/playbook.yml index d29762a..93c91ec 100644 --- a/roles/confluence_config/molecule/default/playbook.yml +++ b/roles/confluence_config/molecule/default/playbook.yml @@ -16,6 +16,7 @@ atl_local_ipv4: "1.1.1.1" atl_tomcat_scheme: "http" atl_proxy_name: "localhost" + atl_proxy_port: "80" roles: - role: linux_common diff --git a/roles/confluence_config/molecule/default/tests/test_default.py b/roles/confluence_config/molecule/default/tests/test_default.py index d74ba7b..a65ce05 100644 --- a/roles/confluence_config/molecule/default/tests/test_default.py +++ b/roles/confluence_config/molecule/default/tests/test_default.py @@ -38,6 +38,8 @@ def test_server_file(host): assert f.contains('acceptCount="10"') assert f.contains('secure="false"') assert f.contains('scheme="http"') + assert f.contains('proxyName=') + assert f.contains('proxyPort=') def test_install_permissions(host): assert host.file('/opt/atlassian/confluence/current/conf/server.xml').user == 'root' From 4d19d1d865bd35ae8fcb6615f3822c3a316a0ae6 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Thu, 5 Dec 2019 16:29:35 +1100 Subject: [PATCH 18/25] ITOPSENG-277 remove duplicate url arg --- roles/confluence_config/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/confluence_config/defaults/main.yml b/roles/confluence_config/defaults/main.yml index 4b7f75a..d0e4fa4 100644 --- a/roles/confluence_config/defaults/main.yml +++ b/roles/confluence_config/defaults/main.yml @@ -17,7 +17,6 @@ atl_hazelcast_network_aws_iam_role: "{{ lookup('env', 'ATL_HAZELCAST_NETWORK_AWS atl_hazelcast_network_aws_tag_value: "{{ lookup('env', 'ATL_HAZELCAST_NETWORK_AWS_TAG_VALUE') }}" atl_catalina_opts: "" -atl_synchrony_url: "{% if atl_synchrony_service_url|length %}-Dsynchrony.service.url={{ atl_synchrony_service_url }}{% endif %}" atl_catalina_opts_extra: >- -Datlassian.event.thread_pool_configuration.queue_size=4096 -Datlassian.plugins.enable.wait=300 From 643eb1a46e442646174eecd84822bc21eebf9a37 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Mon, 9 Dec 2019 17:23:09 +1100 Subject: [PATCH 19/25] ITOPSENG-277 do the lookups for proxy and scheme and ensure the schema perms are good --- aws_confluence_dc_node.yml | 2 ++ roles/database_init/tasks/main.yml | 24 ++++++++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/aws_confluence_dc_node.yml b/aws_confluence_dc_node.yml index 979f96b..693f7da 100644 --- a/aws_confluence_dc_node.yml +++ b/aws_confluence_dc_node.yml @@ -10,6 +10,8 @@ atl_jdbc_encoding: 'UTF-8' atl_jdbc_collation: 'en_US.UTF-8' + atl_proxy_name: "{{ lookup('env', 'ATL_PROXY_NAME') }}" + atl_tomcat_scheme: "{{ lookup('env', 'ATL_TOMCAT_SCHEME') }}" roles: - role: linux_common diff --git a/roles/database_init/tasks/main.yml b/roles/database_init/tasks/main.yml index 2df59db..1b238cb 100644 --- a/roles/database_init/tasks/main.yml +++ b/roles/database_init/tasks/main.yml @@ -10,6 +10,30 @@ password: "{{ atl_jdbc_password }}" expires: 'infinity' +- name: Assert ownership of public schema + postgresql_query: + login_host: "{{ atl_db_host }}" + login_user: "{{ atl_db_root_user }}" + login_password: "{{ atl_db_root_password }}" + db: "{{ atl_jdbc_db_name }}" + query: "ALTER SCHEMA public OWNER to {{ atl_db_root_password }};" + +- name: Grant privs to root user on public schema + postgresql_query: + login_host: "{{ atl_db_host }}" + login_user: "{{ atl_db_root_user }}" + login_password: "{{ atl_db_root_password }}" + db: "{{ atl_jdbc_db_name }}" + query: "GRANT ALL ON SCHEMA public TO {{ atl_db_root_password }};" + +- name: Grant privs to application user on public schema + postgresql_query: + login_host: "{{ atl_db_host }}" + login_user: "{{ atl_db_root_user }}" + login_password: "{{ atl_db_root_password }}" + db: "{{ atl_jdbc_db_name }}" + query: "GRANT ALL ON SCHEMA public TO {{ atl_jdbc_password }};" + - block: - name: Update root privs for new user From 0739a67b8d5c22885400b90af4a3500272688c6a Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Mon, 9 Dec 2019 17:29:37 +1100 Subject: [PATCH 20/25] ITOPSENG-277 ensure the schema perms are set witht he right vars --- roles/database_init/tasks/main.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/database_init/tasks/main.yml b/roles/database_init/tasks/main.yml index 1b238cb..05a27fa 100644 --- a/roles/database_init/tasks/main.yml +++ b/roles/database_init/tasks/main.yml @@ -16,7 +16,7 @@ login_user: "{{ atl_db_root_user }}" login_password: "{{ atl_db_root_password }}" db: "{{ atl_jdbc_db_name }}" - query: "ALTER SCHEMA public OWNER to {{ atl_db_root_password }};" + query: "ALTER SCHEMA public OWNER to {{ atl_db_root_user }};" - name: Grant privs to root user on public schema postgresql_query: @@ -24,7 +24,7 @@ login_user: "{{ atl_db_root_user }}" login_password: "{{ atl_db_root_password }}" db: "{{ atl_jdbc_db_name }}" - query: "GRANT ALL ON SCHEMA public TO {{ atl_db_root_password }};" + query: "GRANT ALL ON SCHEMA public TO {{ atl_db_root_user }};" - name: Grant privs to application user on public schema postgresql_query: @@ -32,7 +32,7 @@ login_user: "{{ atl_db_root_user }}" login_password: "{{ atl_db_root_password }}" db: "{{ atl_jdbc_db_name }}" - query: "GRANT ALL ON SCHEMA public TO {{ atl_jdbc_password }};" + query: "GRANT ALL ON SCHEMA public TO {{ atl_jdbc_user }};" - block: From 94c8c6a92ed44d843ae8532c338fc470f08fc5bd Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Tue, 10 Dec 2019 08:02:03 +1100 Subject: [PATCH 21/25] ITOPSENG-277 messing qith quotes --- roles/confluence_config/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/confluence_config/tasks/main.yml b/roles/confluence_config/tasks/main.yml index 5ed6d66..6d74ba4 100644 --- a/roles/confluence_config/tasks/main.yml +++ b/roles/confluence_config/tasks/main.yml @@ -88,8 +88,8 @@ query: update bandana set bandanavalue=regexp_replace(%s, %s, %s) where bandanacontext = '_GLOBAL' and bandanakey = 'atlassian.confluence.settings'; positional_args: - bandanavalue - - .* - - "{{ atl_tomcat_scheme }}://{{ atl_proxy_name }}" + - "'.*'" + - "'{{ atl_tomcat_scheme }}://{{ atl_proxy_name }}'" when: - atl_proxy_name is defined - atl_tomcat_scheme is defined From eb83a768c3ecebc6baa30aa45fe8dfaeaa0541fc Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Tue, 10 Dec 2019 09:45:24 +1100 Subject: [PATCH 22/25] ITOPSENG-277 managed to get the column name unquoted by removing it from positional args --- roles/confluence_config/tasks/main.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/roles/confluence_config/tasks/main.yml b/roles/confluence_config/tasks/main.yml index 6d74ba4..9e890c9 100644 --- a/roles/confluence_config/tasks/main.yml +++ b/roles/confluence_config/tasks/main.yml @@ -85,11 +85,10 @@ login_user: "{{ atl_jdbc_user }}" login_password: "{{ atl_jdbc_password }}" db: "{{ atl_jdbc_db_name }}" - query: update bandana set bandanavalue=regexp_replace(%s, %s, %s) where bandanacontext = '_GLOBAL' and bandanakey = 'atlassian.confluence.settings'; + query: update bandana set bandanavalue=regexp_replace(bandanavalue, %s, %s) where bandanacontext = '_GLOBAL' and bandanakey = 'atlassian.confluence.settings'; positional_args: - - bandanavalue - - "'.*'" - - "'{{ atl_tomcat_scheme }}://{{ atl_proxy_name }}'" + - ".*" + - "{{ atl_tomcat_scheme }}://{{ atl_proxy_name }}" when: - atl_proxy_name is defined - atl_tomcat_scheme is defined From 4824fe53cb27a59b68e02c0c6fa7702b41b42851 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Tue, 10 Dec 2019 10:29:26 +1100 Subject: [PATCH 23/25] ITOPSENG-277 remove proxyname and scheme from confluence playbook as they are in group_vars --- aws_confluence_dc_node.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/aws_confluence_dc_node.yml b/aws_confluence_dc_node.yml index 693f7da..979f96b 100644 --- a/aws_confluence_dc_node.yml +++ b/aws_confluence_dc_node.yml @@ -10,8 +10,6 @@ atl_jdbc_encoding: 'UTF-8' atl_jdbc_collation: 'en_US.UTF-8' - atl_proxy_name: "{{ lookup('env', 'ATL_PROXY_NAME') }}" - atl_tomcat_scheme: "{{ lookup('env', 'ATL_TOMCAT_SCHEME') }}" roles: - role: linux_common From dff012fc8df9fb88df13db907a04d6440d6e17c2 Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Tue, 10 Dec 2019 10:44:59 +1100 Subject: [PATCH 24/25] ITOPSENG-277 split base_url query over 2 lines to pass linting --- roles/confluence_config/tasks/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/confluence_config/tasks/main.yml b/roles/confluence_config/tasks/main.yml index 9e890c9..f8e366c 100644 --- a/roles/confluence_config/tasks/main.yml +++ b/roles/confluence_config/tasks/main.yml @@ -85,7 +85,9 @@ login_user: "{{ atl_jdbc_user }}" login_password: "{{ atl_jdbc_password }}" db: "{{ atl_jdbc_db_name }}" - query: update bandana set bandanavalue=regexp_replace(bandanavalue, %s, %s) where bandanacontext = '_GLOBAL' and bandanakey = 'atlassian.confluence.settings'; + query: > + update bandana set bandanavalue=regexp_replace(bandanavalue, %s, %s) + where bandanacontext = '_GLOBAL' and bandanakey = 'atlassian.confluence.settings'; positional_args: - ".*" - "{{ atl_tomcat_scheme }}://{{ atl_proxy_name }}" From cf183913baf690864d0a726de92ea08998facc7a Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Tue, 10 Dec 2019 11:20:25 +1100 Subject: [PATCH 25/25] ITOPSENG-277 have the schema fixes applied against atl_db_root_db_name --- group_vars/aws_node_local.yml | 1 + roles/database_init/defaults/main.yml | 1 + roles/database_init/tasks/main.yml | 6 +++--- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/group_vars/aws_node_local.yml b/group_vars/aws_node_local.yml index bb380b9..89c158e 100644 --- a/group_vars/aws_node_local.yml +++ b/group_vars/aws_node_local.yml @@ -66,6 +66,7 @@ atl_aws_enable_cloudwatch_logs: "{{ lookup('env', 'ATL_AWS_ENABLE_CLOUDWATCH_LOG atl_db_engine: "{{ lookup('env', 'ATL_DB_ENGINE') }}" atl_db_host: "{{ lookup('env', 'ATL_DB_HOST') }}" atl_db_port: "{{ lookup('env', 'ATL_DB_PORT') or '5432' }}" +atl_db_root_db_name: "{{ lookup('env', 'ATL_DB_ROOT_DB_NAME') or 'postgres' }}" atl_db_root_user: "{{ lookup('env', 'ATL_DB_ROOT_USER') or 'postgres' }}" atl_db_root_password: "{{ lookup('env', 'ATL_DB_ROOT_PASSWORD') }}" atl_db_driver: "{{ lookup('env', 'ATL_DB_DRIVER') or 'org.postgresql.Driver' }}" diff --git a/roles/database_init/defaults/main.yml b/roles/database_init/defaults/main.yml index 4620228..8d4d128 100644 --- a/roles/database_init/defaults/main.yml +++ b/roles/database_init/defaults/main.yml @@ -1,6 +1,7 @@ --- atl_db_port: '5432' +atl_db_root_db_name: 'postgres' atl_db_root_user: 'postgres' atl_jdbc_encoding: 'UTF-8' atl_jdbc_collation: 'C' diff --git a/roles/database_init/tasks/main.yml b/roles/database_init/tasks/main.yml index 05a27fa..10b0051 100644 --- a/roles/database_init/tasks/main.yml +++ b/roles/database_init/tasks/main.yml @@ -15,7 +15,7 @@ login_host: "{{ atl_db_host }}" login_user: "{{ atl_db_root_user }}" login_password: "{{ atl_db_root_password }}" - db: "{{ atl_jdbc_db_name }}" + db: "{{ atl_db_root_db_name }}" query: "ALTER SCHEMA public OWNER to {{ atl_db_root_user }};" - name: Grant privs to root user on public schema @@ -23,7 +23,7 @@ login_host: "{{ atl_db_host }}" login_user: "{{ atl_db_root_user }}" login_password: "{{ atl_db_root_password }}" - db: "{{ atl_jdbc_db_name }}" + db: "{{ atl_db_root_db_name }}" query: "GRANT ALL ON SCHEMA public TO {{ atl_db_root_user }};" - name: Grant privs to application user on public schema @@ -31,7 +31,7 @@ login_host: "{{ atl_db_host }}" login_user: "{{ atl_db_root_user }}" login_password: "{{ atl_db_root_password }}" - db: "{{ atl_jdbc_db_name }}" + db: "{{ atl_db_root_db_name }}" query: "GRANT ALL ON SCHEMA public TO {{ atl_jdbc_user }};" - block: