first pass at incorporating mesh setup/config

2025-12-15 09:23:06 -06:00 · 2024-03-25 12:55:28 -05:00
parent 1c461004c3
commit a902044657
20 changed files with 1301 additions and 580 deletions
--- a/roles/bitbucket_mesh_config/tasks/mesh_setup.yml
+++ b/roles/bitbucket_mesh_config/tasks/mesh_setup.yml
@@ -0,0 +1,96 @@
+---
+- name: Create Bitbucket dirs if necessary
+  ansible.builtin.file:
+    path: "{{ item }}"
+    owner: "{{ atl_product_user }}"
+    group: "{{ atl_product_user }}"
+    mode: 0750
+    state: directory
+    recurse: no
+  with_items:
+    - "{{ atl_home_base }}/{{ atl_product_edition }}"
+    - "{{ mesh_install_dir }}"
+    - "{{ atl_product_home }}"
+    - "{{ atl_product_home }}/caches"
+    - "{{ atl_product_home }}/log"
+
+# - name: download the mesh distribution using maven
+#   community.general.maven_artifact:
+#     group_id: "com.atlassian.bitbucket.mesh"
+#     artifact_id: "mesh-distribution"
+#     extension: "tar.gz"
+#     version: "{{ atl_product_version }}"
+#     repository_url: "{{ bitbucket_mesh_maven_repo }}"
+#     dest: "{{ downloads_dir }}"
+#     keep_name: yes
+#     mode: "0644"
+#     owner: "{{ atl_product_user }}"
+#     group: "{{ atl_product_user }}"
+#   register: maven_download
+
+# - name: extract the downloaded artifact # noqa no-handler
+#   ansible.builtin.unarchive:
+#     src: "{{ maven_download.dest }}"
+#     dest: "/opt/atlassian/mesh/"
+#     creates: "/opt/atlassian/mesh/atlassian-bitbucket-mesh-{{ atl_product_version }}"
+#     mode: 0755
+#     owner: "{{ atl_product_user }}"
+#     group: "{{ atl_product_user }}"
+#   register: mesh_extract
+#   when:
+#     - maven_download.changed | bool
+
+# the owner/group on the unarchive above isn't thorough
+- name: adjust permissions on the extracted directory
+  ansible.builtin.file:
+    state: directory
+    path: "/opt/atlassian/mesh/atlassian-bitbucket-mesh-{{ atl_product_version }}"
+    owner: "{{ atl_product_user }}"
+    group: "{{ atl_product_user }}"
+    recurse: yes
+
+# - name: symlink to the current version # noqa no-handler
+#   ansible.builtin.file:
+#     src: "/opt/atlassian/mesh/atlassian-bitbucket-mesh-{{ atl_product_version }}"
+#     dest: "/opt/atlassian/mesh/current"
+#     state: link
+#   when:
+#     - mesh_extract.changed | bool
+
+- name: touch the jmx password file
+  ansible.builtin.file:
+    path: "{{ atl_home_base }}/{{ atl_product_edition }}/jmx.access"
+    state: touch
+    owner: "{{ atl_product_user }}"
+    group: "{{ atl_product_user }}"
+    mode: 0600
+
+- name: enforce the permissions on the pem files
+  ansible.builtin.file:
+    path: "{{ atl_home_base }}/{{ atl_product_edition }}/config/{{ item }}"
+    state: touch
+    owner: "{{ atl_product_user }}"
+    group: "{{ atl_product_user }}"
+    mode: 0600
+  with_items:
+    - signing-key.pem
+    - control-plane.pem
+  register: pem_chown
+  failed_when:
+    - pem_chown.failed | bool
+    - "'No such file or directory' not in pem_chown.msg"
+
+- name: touch mesh.properties to make sure it exists
+  ansible.builtin.file:
+    state: touch
+    path: "{{ mesh_properties_file }}"
+    owner: "{{ atl_product_user }}"
+    group: "{{ atl_product_user }}"
+    mode: 0600
+
+# check for lines starting with '!' and prefix them with #
+- name: prefix properties files bangs with hashes
+  ansible.builtin.replace:
+    path: "{{ mesh_properties_file }}"
+    regexp: '^(\!.*)$'
+    replace: '# \1'