From 7b9e9e23289271ac507c70148ad46ed21fc3ad2d Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Thu, 21 May 2020 10:17:22 +1000 Subject: [PATCH 1/7] ITOPSENG-647 put product service file in the default path to allow systemctl mask and other linking operations to work properly --- DEVELOPMENT.md | 10 +++++----- .../molecule/bitbucket/tests/test_default.py | 2 +- .../molecule/default/tests/test_default.py | 2 +- .../molecule/synchrony/tests/test_default.py | 2 +- roles/product_startup/tasks/main.yml | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md index c113f55..2f75c73 100644 --- a/DEVELOPMENT.md +++ b/DEVELOPMENT.md @@ -24,7 +24,7 @@ ways to do this; either directly if packaged, or via pip... # Ubuntu 19.04+, Debian 10+ sudo apt-get install pipenv python-dev - + # Older versions & RHEL/Amazon Linux, etc. sudo apt-get install -y python-pip python-dev # Or... @@ -129,7 +129,7 @@ Some notable files and locations: /var/log/ansible-bootstrap.log. * The Jira installation is under /opt/atlassian/jira/and symlinked to /opt/atlassian/jira/current. -* The systemd service is configured in /etc/systemd/system/jira.service. Its +* The systemd service is configured in /usr/lib/systemd/system/jira.service. Its stdout can be viewed with systemctl status jira.service and journalctl -u jira.service. * Other Tomcat logs can be located under /opt/atlassian/jira/current/logs/... @@ -138,11 +138,11 @@ Some notable files and locations: * This repository is configured to run tests on [bitbucket pipelines](https://bitbucket.org/atlassian/dc-deployments-automation/addon/pipelines/home). * Pipeline definition is located in the [root of the repository](https://bitbucket.org/atlassian/dc-deployments-automation/src/master/bitbucket-pipelines.yml) * Pipeline configuration is generated using Jinja2 and a simple python script. Pipeline generator is located [here](https://bitbucket.org/atlassian/dc-deployments-automation/src/master/pipeline_generator/) - * A pipeline configuration is generated by running the following make command + * A pipeline configuration is generated by running the following make command ``` make generate-pipeline > ../bitbucket-pipelines.yml - ``` - + ``` + * [Molecule](https://molecule.readthedocs.io/en/stable/) tests are run in batches. A single test is run per batch to optimize for a faster dev feedback loop * If you create a new role or add a new molecule scenario, then please ensure that you generate a new pipeline configuration by running the make command described above. If a new pipeline configuration is not generated, then the CI may not run any tests as it would fail at a pre-test validate stage. \ No newline at end of file diff --git a/roles/product_startup/molecule/bitbucket/tests/test_default.py b/roles/product_startup/molecule/bitbucket/tests/test_default.py index 14feb7c..8bec4b7 100644 --- a/roles/product_startup/molecule/bitbucket/tests/test_default.py +++ b/roles/product_startup/molecule/bitbucket/tests/test_default.py @@ -7,7 +7,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def test_service_file(host): - f = host.file('/etc/systemd/system/bitbucket.service') + f = host.file('/usr/lib/systemd/system/bitbucket.service') assert f.contains("^ExecStart=/opt/atlassian/bitbucket/current/bin/start-bitbucket.sh -fg --no-search$") assert f.contains("^UMask=0027$") assert f.contains("^LimitNOFILE=4096$") diff --git a/roles/product_startup/molecule/default/tests/test_default.py b/roles/product_startup/molecule/default/tests/test_default.py index 8210664..3ef51d9 100644 --- a/roles/product_startup/molecule/default/tests/test_default.py +++ b/roles/product_startup/molecule/default/tests/test_default.py @@ -7,7 +7,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def test_service_file(host): - f = host.file('/etc/systemd/system/jira-software.service') + f = host.file('/usr/lib/systemd/system/jira-software.service') assert f.contains("^ExecStart=/opt/atlassian/jira-software/current/bin/start-jira.sh -fg$") assert f.user == 'root' assert f.group == 'root' diff --git a/roles/product_startup/molecule/synchrony/tests/test_default.py b/roles/product_startup/molecule/synchrony/tests/test_default.py index 447af2e..5451915 100644 --- a/roles/product_startup/molecule/synchrony/tests/test_default.py +++ b/roles/product_startup/molecule/synchrony/tests/test_default.py @@ -7,7 +7,7 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( def test_service_file(host): - f = host.file('/etc/systemd/system/synchrony.service') + f = host.file('/usr/lib/systemd/system/synchrony.service') assert f.contains("^ExecStart=/opt/atlassian/bin/start-synchrony$") assert f.contains("^EnvironmentFile=/etc/atl$") assert f.contains("^EnvironmentFile=/etc/atl.synchrony$") diff --git a/roles/product_startup/tasks/main.yml b/roles/product_startup/tasks/main.yml index 706bee3..c604379 100644 --- a/roles/product_startup/tasks/main.yml +++ b/roles/product_startup/tasks/main.yml @@ -3,7 +3,7 @@ - name: "Install systemd service file" template: src: "product.service.j2" - dest: "/etc/systemd/system/{{ atl_systemd_service_name }}" + dest: "/usr/lib/systemd/system/{{ atl_systemd_service_name }}" owner: root group: root mode: 0640 From ef0a41af98dab4906ad81d0ee1347edc4f8efeaa Mon Sep 17 00:00:00 2001 From: Brett Meehan Date: Thu, 21 May 2020 11:43:17 +1000 Subject: [PATCH 2/7] ITOPSENG-647 adjust hard-coded defaults to allow molecule tests to pass --- roles/product_startup/molecule/bitbucket/playbook.yml | 2 +- roles/product_startup/molecule/default/playbook.yml | 2 +- roles/product_startup/molecule/synchrony/playbook.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/product_startup/molecule/bitbucket/playbook.yml b/roles/product_startup/molecule/bitbucket/playbook.yml index 0542b3a..bc50920 100644 --- a/roles/product_startup/molecule/bitbucket/playbook.yml +++ b/roles/product_startup/molecule/bitbucket/playbook.yml @@ -29,7 +29,7 @@ pre_tasks: - name: Create systemd dir if necessary file: - path: '/etc/systemd/system/' + path: '/usr/lib/systemd/system/' state: directory roles: diff --git a/roles/product_startup/molecule/default/playbook.yml b/roles/product_startup/molecule/default/playbook.yml index ba24ddc..71e2f53 100644 --- a/roles/product_startup/molecule/default/playbook.yml +++ b/roles/product_startup/molecule/default/playbook.yml @@ -12,7 +12,7 @@ pre_tasks: - name: Create systemd dir if necessary file: - path: '/etc/systemd/system/' + path: '/usr/lib/systemd/system/' state: directory roles: diff --git a/roles/product_startup/molecule/synchrony/playbook.yml b/roles/product_startup/molecule/synchrony/playbook.yml index 0e19553..0ee7b71 100644 --- a/roles/product_startup/molecule/synchrony/playbook.yml +++ b/roles/product_startup/molecule/synchrony/playbook.yml @@ -20,7 +20,7 @@ pre_tasks: - name: Create systemd dir if necessary file: - path: '/etc/systemd/system/' + path: '/usr/lib/systemd/system/' state: directory roles: From d428624ac20e61f6805ad2dfd05a6f3ca3983df6 Mon Sep 17 00:00:00 2001 From: Denise Unterwurzacher Date: Wed, 17 Jun 2020 12:10:22 -0500 Subject: [PATCH 3/7] ITOPSENG-703 Added open file descriptors to the systemd config to allow for the applications to open more files. This avoids the 'too many open files' problem that can cause outages. --- roles/product_startup/templates/product.service.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/product_startup/templates/product.service.j2 b/roles/product_startup/templates/product.service.j2 index 8310e88..a99636a 100644 --- a/roles/product_startup/templates/product.service.j2 +++ b/roles/product_startup/templates/product.service.j2 @@ -14,5 +14,7 @@ ExecStart={{ atl_startup_exec_path }}{% for c in atl_startup_exec_options %} {{ Restart=on-failure +LimitNOFILE=65536 + [Install] WantedBy={{ atl_systemd_service_target }} From 0a7e5220a2e1538c85012b29ce79bdba19608dfd Mon Sep 17 00:00:00 2001 From: Denise Unterwurzacher Date: Thu, 16 Jul 2020 12:20:23 -0500 Subject: [PATCH 4/7] ITOPSENG-716 Create Catalina folder in tomcat-install/conf ownder by product user, but leave the rest of conf owned by root. This reinstates catalina.out logging, as it needs that folder to exist and be owned by the product user/group. --- .../molecule/aurora/tests/test_aurora.py | 1 + .../molecule/default/tests/test_default.py | 1 + roles/confluence_config/tasks/main.yml | 9 +++++++++ roles/crowd_config/tasks/main.yml | 9 +++++++++ roles/jira_config/molecule/aurora/tests/test_default.py | 1 + roles/jira_config/molecule/default/tests/test_default.py | 2 +- .../molecule/jira_config_props/tests/test_default.py | 1 + roles/jira_config/tasks/main.yml | 9 +++++++++ 8 files changed, 32 insertions(+), 1 deletion(-) diff --git a/roles/confluence_config/molecule/aurora/tests/test_aurora.py b/roles/confluence_config/molecule/aurora/tests/test_aurora.py index bee0d38..66c2ed5 100644 --- a/roles/confluence_config/molecule/aurora/tests/test_aurora.py +++ b/roles/confluence_config/molecule/aurora/tests/test_aurora.py @@ -45,6 +45,7 @@ def test_install_permissions(host): assert host.file('/opt/atlassian/confluence/current/conf/server.xml').user == 'root' assert host.file('/opt/atlassian/confluence/current/confluence/WEB-INF/web.xml').user == 'root' + assert host.file('/opt/atlassian/confluence/current/conf/Catalina').user == 'confluence' assert host.file('/opt/atlassian/confluence/current/logs/').user == 'confluence' assert host.file('/opt/atlassian/confluence/current/work/').user == 'confluence' assert host.file('/opt/atlassian/confluence/current/temp/').user == 'confluence' diff --git a/roles/confluence_config/molecule/default/tests/test_default.py b/roles/confluence_config/molecule/default/tests/test_default.py index b574a0c..713be57 100644 --- a/roles/confluence_config/molecule/default/tests/test_default.py +++ b/roles/confluence_config/molecule/default/tests/test_default.py @@ -55,6 +55,7 @@ def test_install_permissions(host): assert host.file('/opt/atlassian/confluence/current/conf/server.xml').user == 'root' assert host.file('/opt/atlassian/confluence/current/confluence/WEB-INF/web.xml').user == 'root' + assert host.file('/opt/atlassian/confluence/current/conf/Catalina').user == 'confluence' assert host.file('/opt/atlassian/confluence/current/logs/').user == 'confluence' assert host.file('/opt/atlassian/confluence/current/work/').user == 'confluence' assert host.file('/opt/atlassian/confluence/current/temp/').user == 'confluence' diff --git a/roles/confluence_config/tasks/main.yml b/roles/confluence_config/tasks/main.yml index 887324e..d9c4af2 100644 --- a/roles/confluence_config/tasks/main.yml +++ b/roles/confluence_config/tasks/main.yml @@ -97,6 +97,15 @@ - "{{ atl_product_installation_versioned }}/work" changed_when: false # For Molecule idempotence check +- name: Create conf/Catalina directory owned by product so catalina.out logging works + file: + path: "{{ atl_product_installation_versioned }}/conf/Catalina" + state: directory + mode: "u=rwX,g=rX,o-rwx" + owner: "{{ atl_product_user }}" + group: "{{ atl_product_user }}" + changed_when: false # For Molecule idempotence check + - name: Assert baseurl to same as atl_proxy_name postgresql_query: login_host: "{{ atl_db_host }}" diff --git a/roles/crowd_config/tasks/main.yml b/roles/crowd_config/tasks/main.yml index 0d3c2e4..726211a 100644 --- a/roles/crowd_config/tasks/main.yml +++ b/roles/crowd_config/tasks/main.yml @@ -93,6 +93,15 @@ - "{{ atl_product_installation_versioned }}/apache-tomcat/work" changed_when: false # For Molecule idempotence check +- name: Create conf/Catalina directory owned by product so catalina.out logging works + file: + path: "{{ atl_product_installation_versioned }}/conf/Catalina" + state: directory + mode: "u=rwX,g=rX,o-rwx" + owner: "{{ atl_product_user }}" + group: "{{ atl_product_user }}" + changed_when: false # For Molecule idempotence check + - name: Symlink Crowd shared home directory file: src: "{{ atl_product_home_shared }}" diff --git a/roles/jira_config/molecule/aurora/tests/test_default.py b/roles/jira_config/molecule/aurora/tests/test_default.py index e684eb2..6ae2e1f 100644 --- a/roles/jira_config/molecule/aurora/tests/test_default.py +++ b/roles/jira_config/molecule/aurora/tests/test_default.py @@ -70,6 +70,7 @@ def test_install_permissions(host): assert host.file('/opt/atlassian/jira-software/current/conf/server.xml').user == 'root' assert host.file('/opt/atlassian/jira-software/current/atlassian-jira/WEB-INF/web.xml').user == 'root' + assert host.file('/opt/atlassian/jira-software/current/conf/Catalina').user == 'jira' assert host.file('/opt/atlassian/jira-software/current/logs/').user == 'jira' assert host.file('/opt/atlassian/jira-software/current/work/').user == 'jira' assert host.file('/opt/atlassian/jira-software/current/temp/').user == 'jira' diff --git a/roles/jira_config/molecule/default/tests/test_default.py b/roles/jira_config/molecule/default/tests/test_default.py index 5a7b961..48454e5 100644 --- a/roles/jira_config/molecule/default/tests/test_default.py +++ b/roles/jira_config/molecule/default/tests/test_default.py @@ -73,9 +73,9 @@ def test_server_file(host): def test_install_permissions(host): - assert host.file('/opt/atlassian/jira-software/current/conf/server.xml').user == 'root' assert host.file('/opt/atlassian/jira-software/current/atlassian-jira/WEB-INF/web.xml').user == 'root' + assert host.file('/opt/atlassian/jira-software/current/conf/Catalina').user == 'jira' assert host.file('/opt/atlassian/jira-software/current/logs/').user == 'jira' assert host.file('/opt/atlassian/jira-software/current/work/').user == 'jira' assert host.file('/opt/atlassian/jira-software/current/temp/').user == 'jira' diff --git a/roles/jira_config/molecule/jira_config_props/tests/test_default.py b/roles/jira_config/molecule/jira_config_props/tests/test_default.py index 4287ee6..70329f1 100644 --- a/roles/jira_config/molecule/jira_config_props/tests/test_default.py +++ b/roles/jira_config/molecule/jira_config_props/tests/test_default.py @@ -77,6 +77,7 @@ def test_install_permissions(host): assert host.file('/opt/atlassian/jira-software/current/conf/server.xml').user == 'root' assert host.file('/opt/atlassian/jira-software/current/atlassian-jira/WEB-INF/web.xml').user == 'root' + assert host.file('/opt/atlassian/jira-software/current/conf/Catalina').user == 'jira' assert host.file('/opt/atlassian/jira-software/current/logs/').user == 'jira' assert host.file('/opt/atlassian/jira-software/current/work/').user == 'jira' assert host.file('/opt/atlassian/jira-software/current/temp/').user == 'jira' diff --git a/roles/jira_config/tasks/main.yml b/roles/jira_config/tasks/main.yml index 5064f5d..11cf442 100644 --- a/roles/jira_config/tasks/main.yml +++ b/roles/jira_config/tasks/main.yml @@ -100,6 +100,15 @@ - "{{ atl_product_installation_versioned }}/work" changed_when: false # For Molecule idempotence check +- name: Create conf/Catalina directory owned by product so catalina.out logging works + file: + path: "{{ atl_product_installation_versioned }}/conf/Catalina" + state: directory + mode: "u=rwX,g=rX,o-rwx" + owner: "{{ atl_product_user }}" + group: "{{ atl_product_user }}" + changed_when: false # For Molecule idempotence check + - name: Assert baseurl to same as atl_proxy_name postgresql_query: login_host: "{{ atl_db_host }}" From df43298c15032ae620d41b2de9d616a8e429ddfd Mon Sep 17 00:00:00 2001 From: Denise Unterwurzacher Date: Thu, 16 Jul 2020 13:49:39 -0500 Subject: [PATCH 5/7] ITOPSENG-716 Readding accidental deletion --- roles/jira_config/molecule/default/tests/test_default.py | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/jira_config/molecule/default/tests/test_default.py b/roles/jira_config/molecule/default/tests/test_default.py index 48454e5..77508f0 100644 --- a/roles/jira_config/molecule/default/tests/test_default.py +++ b/roles/jira_config/molecule/default/tests/test_default.py @@ -73,6 +73,7 @@ def test_server_file(host): def test_install_permissions(host): + assert host.file('/opt/atlassian/jira-software/current/conf/server.xml').user == 'root' assert host.file('/opt/atlassian/jira-software/current/atlassian-jira/WEB-INF/web.xml').user == 'root' assert host.file('/opt/atlassian/jira-software/current/conf/Catalina').user == 'jira' From eedcd1682fb1165c3dc12226119fd5442115b069 Mon Sep 17 00:00:00 2001 From: Denise Unterwurzacher Date: Fri, 17 Jul 2020 13:32:04 -0500 Subject: [PATCH 6/7] ITOPSENG-716 Added Catalina folder for Bitbucket too (so catalina.out logging works) --- roles/bitbucket_config/tasks/main.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/bitbucket_config/tasks/main.yml b/roles/bitbucket_config/tasks/main.yml index 4857761..dd2ae69 100644 --- a/roles/bitbucket_config/tasks/main.yml +++ b/roles/bitbucket_config/tasks/main.yml @@ -23,3 +23,12 @@ mode: "u=rwX,g=rX,o=rX" recurse: true changed_when: false # For Molecule idempotence check + +- name: Create conf/Catalina directory owned by product so catalina.out logging works + file: + path: "{{ atl_product_installation_versioned }}/conf/Catalina" + state: directory + mode: "u=rwX,g=rX,o-rwx" + owner: "{{ atl_product_user }}" + group: "{{ atl_product_user }}" + changed_when: false # For Molecule idempotence check From 02dd1e6873479fc1506d2e520e875b30d42901bc Mon Sep 17 00:00:00 2001 From: Denise Unterwurzacher Date: Fri, 17 Jul 2020 14:52:15 -0500 Subject: [PATCH 7/7] ITOPSENG-716 Line length :eyeroll: --- roles/bitbucket_config/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/bitbucket_config/tasks/main.yml b/roles/bitbucket_config/tasks/main.yml index dd2ae69..4de771b 100644 --- a/roles/bitbucket_config/tasks/main.yml +++ b/roles/bitbucket_config/tasks/main.yml @@ -24,7 +24,7 @@ recurse: true changed_when: false # For Molecule idempotence check -- name: Create conf/Catalina directory owned by product so catalina.out logging works +- name: Create conf/Catalina directory so catalina.out logging works file: path: "{{ atl_product_installation_versioned }}/conf/Catalina" state: directory