diff --git a/aws_confluence_dc_node.yml b/aws_confluence_dc_node.yml
new file mode 100644
index 0000000..74b239b
--- /dev/null
+++ b/aws_confluence_dc_node.yml
@@ -0,0 +1,18 @@
+---
+- hosts: aws_node_local
+ become: true
+
+ vars:
+ # See group_vars/aws_node_local.yml, which pull vars from the environment.
+ atl_product_family: "confluence"
+ atl_product_user: "confluence"
+ atl_product_edition: "confluence"
+
+ roles:
+ - role: linux_common
+ - role: aws_common
+ - role: aws_efs_config
+ - role: product_common
+ - role: product_install
+ - role: database_init
+ - role: confluence_config
diff --git a/roles/confluence_config/.yamllint b/roles/confluence_config/.yamllint
new file mode 100644
index 0000000..a87f8ff
--- /dev/null
+++ b/roles/confluence_config/.yamllint
@@ -0,0 +1,12 @@
+extends: default
+
+rules:
+ braces:
+ max-spaces-inside: 1
+ level: error
+ brackets:
+ max-spaces-inside: 1
+ level: error
+ line-length: disable
+ truthy: disable
+ trailing-spaces: false
diff --git a/roles/confluence_config/defaults/atl.sh b/roles/confluence_config/defaults/atl.sh
new file mode 100644
index 0000000..aeb571d
--- /dev/null
+++ b/roles/confluence_config/defaults/atl.sh
@@ -0,0 +1,56 @@
+ATL_APP_DATA_MOUNT_ENABLED=false
+ATL_AUTOLOGIN_COOKIE_AGE=
+ATL_AWS_STACK_NAME=Confluence
+ATL_CATALINA_OPTS=" "
+ATL_CONFLUENCE_DATA_CENTER=true
+ATL_CONFLUENCE_INSTALLER_DOWNLOAD_URL=
+ATL_CONFLUENCE_VERSION=6.13.2
+ATL_DB_ACQUIREINCREMENT=1
+ATL_DB_HOST=confluence.cvuoodawotyo.ap-southeast-2.rds.amazonaws.com
+ATL_DB_IDLETESTPERIOD=100
+ATL_DB_MAXSTATEMENTS=0
+ATL_DB_NAME=confluence
+ATL_DB_PASSWORD=base1name
+ATL_DB_POOLMAXSIZE=60
+ATL_DB_POOLMINSIZE=20
+ATL_DB_PORT=5432
+ATL_DB_PREFERREDTESTQUERY="select version();"
+ATL_DB_TIMEOUT=30
+ATL_DB_VALIDATE=false
+ATL_ENABLED_PRODUCTS=Confluence
+ATL_ENABLED_SHARED_HOMES=
+ATL_ENVIRONMENT=prod
+ATL_HAZELCAST_NETWORK_AWS_HOST_HEADER=ec2.amazonaws.com
+ATL_HAZELCAST_NETWORK_AWS_IAM_REGION=ap-southeast-2
+ATL_HAZELCAST_NETWORK_AWS_IAM_ROLE=Confluence-ConfluenceClusterNodeRole-ZFINZTEGMH6G
+ATL_HAZELCAST_NETWORK_AWS_TAG_KEY=Cluster
+ATL_HAZELCAST_NETWORK_AWS_TAG_VALUE=Confluence
+ATL_HOSTEDZONE=
+ATL_JDBC_DRIVER=org.postgresql.Driver
+ATL_JDBC_PASSWORD=base1name
+ATL_JDBC_URL=jdbc:postgresql://confluence.cvuoodawotyo.ap-southeast-2.rds.amazonaws.com:5432/confluence
+ATL_JDBC_USER=atlconfluence
+ATL_JVM_HEAP=2048m
+ATL_LOCALANSIBLE_REPO=
+ATL_LOCALANSIBLE_SSHKEYNAME=
+ATL_NGINX_ENABLED=false
+ATL_POSTGRES_ENABLED=false
+ATL_PROXY_NAME=ssmith-conf-old.deplops.com
+ATL_RELEASE_S3_BUCKET=atlassian-software
+ATL_RELEASE_S3_PATH=releases/confluence
+ATL_SSL_PROXY=true
+ATL_SSL_SELF_CERT_ENABLED=false
+ATL_STARTCOLLECTD=false
+ATL_SYNCHRONY_SERVICE_URL=https://ssmith-conf-old.deplops.com/synchrony/v1
+ATL_TOMCAT_ACCEPTCOUNT=10
+ATL_TOMCAT_CONNECTIONTIMEOUT=20000
+ATL_TOMCAT_CONTEXTPATH=
+ATL_TOMCAT_DEFAULTCONNECTORPORT=8080
+ATL_TOMCAT_ENABLELOOKUPS=false
+ATL_TOMCAT_MAXTHREADS=48
+ATL_TOMCAT_MINSPARETHREADS=10
+ATL_TOMCAT_PROTOCOL=HTTP/1.1
+ATL_TOMCAT_PROXYPORT=443
+ATL_TOMCAT_REDIRECTPORT=8443
+ATL_TOMCAT_SCHEME=https
+ATL_TOMCAT_SECURE=true
diff --git a/roles/confluence_config/defaults/main.yml b/roles/confluence_config/defaults/main.yml
new file mode 100644
index 0000000..7c812f1
--- /dev/null
+++ b/roles/confluence_config/defaults/main.yml
@@ -0,0 +1,34 @@
+---
+
+atl_jvm_heap: "2048m"
+
+atl_catalina_opts: ""
+atl_catalina_opts_extra: >-
+ -Datlassian.event.thread_pool_configuration.queue_size=4096
+ -Datlassian.plugins.enable.wait=300
+ -Dconfluence.upgrade.recovery.file.enabled=false
+ -Dfile.encoding=UTF-8
+ -Djava.net.preferIPv4Stack=true
+ -Dshare.group.email.mapping=atlassian-all:atlassian-all@atlassian.com,atlassian-staff:atlassian-staff@atlassian.com
+ -XX:+PrintAdaptiveSizePolicy
+ -XX:+PrintGCDetails
+ -XX:+PrintTenuringDistribution
+ -Dsynchrony.proxy.enabled=false
+ -Dsynchrony.service.url=${ATL_SYNCHRONY_SERVICE_URL}
+ -Dconfluence.cluster.node.name=${_ATL_PRIVATE_IPV4}
+ -Dconfluence.cluster.hazelcast.max.no.heartbeat.seconds=60
+
+atl_tomcat_port: "8080"
+atl_tomcat_mgmt_port: "8005"
+atl_tomcat_acceptcount: "10"
+atl_tomcat_connectiontimeout: "20000"
+atl_tomcat_contextpath: ""
+atl_tomcat_maxthreads: "200"
+atl_tomcat_minsparethreads: "10"
+atl_tomcat_protocol: "HTTP/1.1"
+atl_tomcat_redirectport: ""
+atl_tomcat_scheme: "http"
+atl_tomcat_secure: "false"
+
+atl_autologin_cookie_age: "{{ lookup('env', 'ATL_AUTOLOGIN_COOKIE_AGE') }}"
+atl_synchrony_service_url: "{{ lookup('env', 'ATL_SYNCHRONY_SERVICE_URL') }}"
diff --git a/roles/confluence_config/molecule/default/Dockerfile.j2 b/roles/confluence_config/molecule/default/Dockerfile.j2
new file mode 100644
index 0000000..e6aa95d
--- /dev/null
+++ b/roles/confluence_config/molecule/default/Dockerfile.j2
@@ -0,0 +1,14 @@
+# Molecule managed
+
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
+ elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \
+ elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
+ elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \
+ elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
+ elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi
diff --git a/roles/confluence_config/molecule/default/molecule.yml b/roles/confluence_config/molecule/default/molecule.yml
new file mode 100644
index 0000000..33c377c
--- /dev/null
+++ b/roles/confluence_config/molecule/default/molecule.yml
@@ -0,0 +1,32 @@
+---
+dependency:
+ name: galaxy
+driver:
+ name: docker
+lint:
+ name: yamllint
+platforms:
+ - name: amazon_linux2
+ image: amazonlinux:2
+ groups:
+ - aws_node_local
+ - name: ubuntu_lts
+ image: ubuntu:bionic
+ groups:
+ - aws_node_local
+provisioner:
+ name: ansible
+ options:
+ skip-tags: runtime_pkg
+ lint:
+ name: ansible-lint
+ options:
+ x: ["701"]
+ inventory:
+ links:
+ group_vars: ../../../../group_vars/
+verifier:
+ name: testinfra
+ lint:
+ name: flake8
+ enabled: false
diff --git a/roles/confluence_config/molecule/default/playbook.yml b/roles/confluence_config/molecule/default/playbook.yml
new file mode 100644
index 0000000..68f6c4b
--- /dev/null
+++ b/roles/confluence_config/molecule/default/playbook.yml
@@ -0,0 +1,18 @@
+---
+- name: Converge
+ hosts: all
+ vars:
+ atl_product_family: "confluence"
+ atl_product_edition: "confluence"
+ atl_product_user: "confluence"
+ atl_product_version: "latest"
+ atl_jdbc_user: 'confluence'
+ atl_jvm_heap: 'PLACEHOLDER'
+ atl_cluster_node_id: 'FAKEID'
+ atl_autologin_cookie_age: "COOKIEAGE"
+
+ roles:
+ - role: linux_common
+ - role: product_common
+ - role: product_install
+ - role: confluence_config
diff --git a/roles/confluence_config/molecule/default/tests/test_default.py b/roles/confluence_config/molecule/default/tests/test_default.py
new file mode 100644
index 0000000..9a939d0
--- /dev/null
+++ b/roles/confluence_config/molecule/default/tests/test_default.py
@@ -0,0 +1,58 @@
+import os
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+ os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+def test_seraph_file(host):
+ f = host.file('/opt/atlassian/confluence/current/confluence/WEB-INF/classes/seraph-config.xml')
+ assert f.exists
+ assert f.contains('COOKIEAGE')
+
+def test_setenv_file(host):
+ f = host.file('/opt/atlassian/confluence/current/bin/setenv.sh')
+ assert f.exists
+ assert f.contains('-XmsPLACEHOLDER')
+ assert f.contains('-XmxPLACEHOLDER')
+
+def test_server_file(host):
+ f = host.file('/opt/atlassian/confluence/current/conf/server.xml')
+ assert f.exists
+ assert f.contains('Connector port="8080"')
+ assert f.contains('Server port="8005"')
+ assert f.contains('org.postgresql.Driver")
+# assert f.contains("atljira")
+# assert f.contains("20")
+
+
+# def test_cluster_file(host):
+# f = host.file('/var/atlassian/application-data/jira/cluster.properties')
+# assert f.exists
+# assert f.contains('jira.node.id = FAKEID')
+# assert f.contains('jira.shared.home = /media/atl/jira/shared')
diff --git a/roles/confluence_config/tasks/main.yml b/roles/confluence_config/tasks/main.yml
new file mode 100644
index 0000000..c680c37
--- /dev/null
+++ b/roles/confluence_config/tasks/main.yml
@@ -0,0 +1,63 @@
+---
+
+- name: Configure login properties
+ template:
+ src: seraph-config.xml.j2
+ dest: "{{ atl_product_installation_versioned }}/confluence/WEB-INF/classes/seraph-config.xml"
+
+- name: Override JVM memory settings.
+ replace:
+ path: "{{ atl_product_installation_versioned }}/bin/setenv.sh"
+ regexp: "-{{ item }}\\d+m "
+ replace: "-{{ item }}{{ atl_jvm_heap }} "
+ with_items:
+ - 'Xmx'
+ - 'Xms'
+
+- name: Create server config
+ template:
+ src: server.xml.j2
+ dest: "{{ atl_product_installation_versioned }}/conf/server.xml"
+
+
+
+- name: Create application directories
+ file:
+ path: "{{ item }}"
+ state: directory
+ mode: 0750
+ owner: "{{ atl_product_user }}"
+ group: "{{ atl_product_user }}"
+ with_items:
+ - "{{ atl_product_home }}"
+ - "{{ atl_product_home_shared }}"
+ - "{{ atl_product_shared_plugins }}"
+ changed_when: false # For Molecule idempotence check
+
+
+- name: Limit permissions on the installation directory
+ file:
+ path: "{{ atl_product_installation_versioned }}"
+ owner: "root"
+ group: "root"
+ mode: "u=rwX,g=rX,o=rX"
+ recurse: true
+ with_items:
+ - "{{ atl_installer_temp }}"
+ - "{{ atl_product_installation_versioned }}"
+ - "{{ atl_product_version_cache_dir }}"
+ changed_when: false # For Molecule idempotence check
+
+- name: Grant access to the product working directories
+ file:
+ path: "{{ item }}"
+ state: directory
+ mode: "u=rwX,g=rX,o-rwx"
+ owner: "{{ atl_product_user }}"
+ group: "{{ atl_product_user }}"
+ recurse: true
+ with_items:
+ - "{{ atl_product_installation_versioned }}/logs"
+ - "{{ atl_product_installation_versioned }}/temp"
+ - "{{ atl_product_installation_versioned }}/work"
+ changed_when: false # For Molecule idempotence check
diff --git a/roles/confluence_config/templates/seraph-config.xml.j2 b/roles/confluence_config/templates/seraph-config.xml.j2
new file mode 100644
index 0000000..8c91e87
--- /dev/null
+++ b/roles/confluence_config/templates/seraph-config.xml.j2
@@ -0,0 +1,71 @@
+
+
+
+ login.url
+ /login.action?os_destination=${originalurl}&permissionViolation=true
+
+
+ link.login.url
+ /login.action
+
+
+ cookie.encoding
+ cNf
+
+
+ login.cookie.key
+ seraph.confluence
+
+
+ {% if atl_autologin_cookie_age is defined and atl_autologin_cookie_age|length %}
+
+ autologin.cookie.age
+ {{ atl_autologin_cookie_age }}
+
+ {% endif %}
+
+
+
+ authentication.type
+ os_authType
+
+
+
+
+ invalidate.session.on.login
+ true
+
+
+
+ invalidate.session.exclude.list
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ config.file
+ seraph-paths.xml
+
+
+
+
+
+
+
diff --git a/roles/confluence_config/templates/server.xml.j2 b/roles/confluence_config/templates/server.xml.j2
new file mode 100644
index 0000000..664bc83
--- /dev/null
+++ b/roles/confluence_config/templates/server.xml.j2
@@ -0,0 +1,67 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+