Copy upstream release-39
Bug: 195953235
Test: n/a
Change-Id: Ica7af62e14d3ddfb0cfd71df3dbeb40d3be362fc
diff --git a/tools/scripts/ansible/README.md b/tools/scripts/ansible/README.md
index dfd8eda..c7198ef 100644
--- a/tools/scripts/ansible/README.md
+++ b/tools/scripts/ansible/README.md
@@ -17,7 +17,7 @@
- Install some prereqs:
```shell
-ansible-galaxy install -r roles.yml
+ansible-galaxy install -r requirements.yml
```
- Make sure you can `ssh` into all of the needed systems. For example,
@@ -102,6 +102,14 @@
key: ssh-rsa … ( SSH key goes here)
```
+## Setup: cldrcc
+
+```shell
+mkdir -p local-vars/cldrcc
+ssh-keygen -t rsa -b 2048 -C 'CLDR Commit Checker' -f local-vars/cldrcc/id_rsa
+```
+
+
## Configure
Run the setup playbook.
@@ -131,8 +139,8 @@
- to deploy ST to this, use the following:
```shell
-(cd ../../cldr-apps ; ant war) # to build ST if not already built
-vagrant ssh -- sudo -u surveytool /usr/local/bin/deploy-to-tomcat.sh $(git rev-parse HEAD) < ../../cldr-apps/cldr-apps.war
+(cd ../.. ; mvn package) # go to the tools folder and build ST (cldr-apps.war, etc.) if not already built
+vagrant ssh -- sudo -u surveytool /usr/local/bin/deploy-to-tomcat.sh $(git rev-parse HEAD) < ../../cldr-apps/target/cldr-apps.war
```
- Now you should be able to login at <http://127.0.0.1:8880/cldr-apps/>
diff --git a/tools/scripts/ansible/Vagrantfile b/tools/scripts/ansible/Vagrantfile
index 7172fe9..d3b77ac 100644
--- a/tools/scripts/ansible/Vagrantfile
+++ b/tools/scripts/ansible/Vagrantfile
@@ -2,17 +2,23 @@
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
+ config.vm.provider "virtualbox" do |v|
+ v.memory = 1024
+ end
+ # increase the boot timeout
+ config.vm.boot_timeout = 600
config.vm.box = "ubuntu/bionic64"
config.vm.define "surveytool"
config.vm.hostname = "surveytool"
# forward http and https
config.vm.network "forwarded_port", guest: 80, host: 8880
+ config.vm.network "forwarded_port", guest: 9080, host: 9081
# Just the minimum to get ansible going
config.vm.provision "shell", inline: <<-SHELL
apt-get update
apt-get install -y python3 sudo
SHELL
config.vm.provision "ansible" do |ansible|
- ansible.playbook = "setup-playbook.yml"
+ ansible.playbook = "vagrant-playbook.yml"
end
end
diff --git a/tools/scripts/ansible/backup-db-playbook.yml b/tools/scripts/ansible/backup-db-playbook.yml
index c2d969a..f01ba0a 100644
--- a/tools/scripts/ansible/backup-db-playbook.yml
+++ b/tools/scripts/ansible/backup-db-playbook.yml
@@ -34,7 +34,7 @@
- name: set up /home/cldrbackup/.ssh/config
template:
src: templates/cldrbackup/config.j2
- dest: /home/cldrbackup/.ssh/config.j2
+ dest: /home/cldrbackup/.ssh/config
owner: cldrbackup
group: cldrbackup
mode: '0640'
@@ -45,7 +45,7 @@
dest: /home/cldrbackup/.ssh/id_rsa
owner: cldrbackup
group: cldrbackup
- mode: '0640'
+ mode: '0600'
- name: set up /home/cldrbackup/.ssh/id_rsa.pub
copy:
src: local-vars/cldrbackup/id_rsa.pub
@@ -63,13 +63,14 @@
- name: set up /home/cldrbackup/backup.sh
template:
src: templates/cldrbackup/backup_sh.j2
- dest: /home/cldrbackup/.ssh/backup.sh
+ dest: /home/cldrbackup/backup.sh
owner: cldrbackup
group: cldrbackup
mode: '0640'
- name: set up daily db backup cron job
cron:
name: "backup db"
+ user: cldrbackup
minute: "37"
hour: "7"
job: "sh /home/cldrbackup/backup.sh >/dev/null 2>&1"
diff --git a/tools/scripts/ansible/ccc-playbook.yml b/tools/scripts/ansible/ccc-playbook.yml
new file mode 100644
index 0000000..e7bfe87
--- /dev/null
+++ b/tools/scripts/ansible/ccc-playbook.yml
@@ -0,0 +1,68 @@
+# CLDR Commit Checker playbook
+- hosts: ccc
+ become: yes
+ vars_files:
+ - vars/main.yml
+ - local-vars/local.yml
+ tasks:
+ - name: ensure cldrcc group is there
+ group:
+ name: cldrcc
+ state: present
+ - name: ensure cldrcc user is there
+ user:
+ name: cldrcc
+ groups:
+ - cldrcc
+ append: yes # add to the groups, do not remove
+ state: present
+ create_home: true
+ - name: set up /home/cldrcc/.ssh/
+ file:
+ path: /home/cldrcc/.ssh/
+ owner: cldrcc
+ group: cldrcc
+ mode: '0700'
+ state: directory
+ - name: set up /home/cldrcc/.ssh/authorized_keys
+ copy:
+ src: local-vars/cldrcc/id_rsa.pub
+ dest: /home/cldrcc/.ssh/authorized_keys
+ owner: cldrcc
+ group: cldrcc
+ mode: '0600'
+ - name: set up /home/cldrcc/public_html/
+ file:
+ path: /home/cldrcc/public_html/
+ owner: cldrcc
+ group: cldrcc
+ mode: '0755'
+ state: directory
+ - name: set up github-markdown.css
+ get_url:
+ dest: /home/cldrcc/public_html/github-markdown.css
+ owner: cldrcc
+ group: cldrcc
+ mode: '0644'
+ force: no
+ url: https://cdnjs.cloudflare.com/ajax/libs/github-markdown-css/4.0.0/github-markdown.min.css
+ # from https://github.com/sindresorhus/github-markdown-css
+ - name: Setup publication and indexing
+ blockinfile:
+ path: /etc/nginx/sites-enabled/default
+ block: |
+ # commit checker
+ location ~ ^/cldrcc/(.*)$ {
+ charset utf-8;
+ source_charset utf-8;
+ alias /home/cldrcc/public_html/$1;
+ autoindex on;
+ }
+ marker: '# {mark} ANSIBLE MANAGED COMMIT CHECKER BLOCK'
+ insertafter: '^[\s]*server_name' # the LAST uncommented server block
+ notify: 'Restart Nginx Again'
+ handlers:
+ - name: Restart Nginx Again
+ service:
+ name: nginx
+ state: restarted
diff --git a/tools/scripts/ansible/certbot-playbook.yml b/tools/scripts/ansible/certbot-playbook.yml
new file mode 100644
index 0000000..4a1b274
--- /dev/null
+++ b/tools/scripts/ansible/certbot-playbook.yml
@@ -0,0 +1,17 @@
+- hosts: letsencrypt
+ become: yes
+ vars_files:
+ - vars/main.yml
+ - local-vars/local.yml
+ tasks:
+ - name: Install certbot packages
+ apt:
+ pkg:
+ - python3-certbot-nginx
+ - name: setup certbot
+ command: >
+ sudo certbot --nginx --agree-tos -m {{ certbot_admin_email }}
+ -d {{ inventory_hostname }} --non-interactive
+ --keep --redirect --uir --hsts --staple-ocsp --must-staple
+ args:
+ creates: /etc/letsencrypt/renewal/{{ inventory_hostname }}.conf
diff --git a/tools/scripts/ansible/cldr-apps-playbook.yml b/tools/scripts/ansible/cldr-apps-playbook.yml
new file mode 100644
index 0000000..97fd610
--- /dev/null
+++ b/tools/scripts/ansible/cldr-apps-playbook.yml
@@ -0,0 +1,64 @@
+- hosts: surveytool
+ become: yes
+ vars_files:
+ - vars/main.yml
+ - local-vars/local.yml
+ tasks:
+ - name: Create CLDR dir
+ file:
+ path: "{{ cldr_path }}"
+ state: directory
+ owner: "{{ cldr_openliberty_user }}"
+ group: "{{ cldr_openliberty_group }}"
+ mode: 0775
+ - name: Rotate CLDR logs
+ blockinfile:
+ path: "/etc/logrotate.d/surveytool-logs"
+ owner: root
+ mode: "0644"
+ block: |
+ {{ cldr_path }}/cldrmail.log {{ cldr_path }}/exception.log {
+ su {{ cldr_openliberty_user }} {{ cldr_openliberty_group }}
+ daily
+ rotate 14
+ compress
+ missingok
+ notifempty
+ dateext
+ create
+ }
+ create: true
+ - name: create st/README.md
+ template:
+ dest: "{{ cldr_st_path }}/README.md"
+ src: templates/st-readme.j2
+ force: yes # want this to reflect the latest
+ owner: "{{ cldr_openliberty_user }}"
+ group: "{{ cldr_openliberty_group }}"
+ mode: "0644"
+ - name: Create cldr.properties
+ template:
+ dest: "{{ cldr_path }}/cldr.properties"
+ src: templates/cldr-properties.j2
+ force: no
+ owner: "{{ cldr_openliberty_user }}"
+ group: "{{ cldr_openliberty_group }}"
+ mode: "0644"
+ notify: Restart OpenLiberty
+ - name: Checkout CLDR trunk
+ become: yes
+ become_user: "{{ cldr_surveytool_user }}"
+ git:
+ repo: https://github.com/unicode-org/cldr.git
+ dest: "{{ cldr_trunk_path }}"
+ force: no
+ update: no
+ version: master
+ # this is deep because we will need to keep updating
+ # it with history. It does not include LFS as that
+ # is not needed for the surveytool.
+ handlers:
+ - name: Restart OpenLiberty
+ service:
+ name: "{{ cldr_openliberty_service }}"
+ state: restarted
diff --git a/tools/scripts/ansible/hostname-playbook.yml b/tools/scripts/ansible/hostname-playbook.yml
new file mode 100644
index 0000000..8fdf1b1
--- /dev/null
+++ b/tools/scripts/ansible/hostname-playbook.yml
@@ -0,0 +1,7 @@
+- hosts: prod
+ become: yes
+ tasks:
+ - name: Set the hostname
+ # for sending email from st.unicode.org through corp.unicode.org
+ hostname:
+ name: "{{ inventory_hostname }}"
diff --git a/tools/scripts/ansible/hosts b/tools/scripts/ansible/hosts
index 6bbe1a4..46eec3f 100644
--- a/tools/scripts/ansible/hosts
+++ b/tools/scripts/ansible/hosts
@@ -4,6 +4,10 @@
[prod]
st.unicode.org
+# CLDR Commit Checker web hosting here
+[ccc]
+cldr-smoke.unicode.org
+
# "surveytool" includes both prod and staging
[surveytool:children]
staging
@@ -16,3 +20,7 @@
# auto-backup cldr db only for production
[backupdb:children]
prod
+
+# redact cldr db only for staging (cldr-smoke)
+[redactdb:children]
+staging
diff --git a/tools/scripts/ansible/mysql-playbook.yml b/tools/scripts/ansible/mysql-playbook.yml
new file mode 100644
index 0000000..19365cc
--- /dev/null
+++ b/tools/scripts/ansible/mysql-playbook.yml
@@ -0,0 +1,16 @@
+- hosts: surveytool
+ become: yes
+ vars_files:
+ - vars/main.yml
+ - vars/mysql.yml
+ - local-vars/local.yml
+ roles:
+ - { role: geerlingguy.mysql }
+ tasks:
+ - name: Setup /home/cldradmin/.my.cnf
+ template:
+ src: templates/mycnf.j2
+ dest: /home/cldradmin/.my.cnf
+ owner: cldradmin
+ group: cldradmin
+ mode: '0640'
diff --git a/tools/scripts/ansible/nginx-playbook.yml b/tools/scripts/ansible/nginx-playbook.yml
new file mode 100644
index 0000000..1852fc2
--- /dev/null
+++ b/tools/scripts/ansible/nginx-playbook.yml
@@ -0,0 +1,46 @@
+- hosts: surveytool
+ become: yes
+ vars_files:
+ - vars/main.yml
+ - local-vars/local.yml
+ roles:
+ - { role: geerlingguy.nginx }
+ tasks:
+ - name: Setup reverse proxy
+ blockinfile:
+ path: /etc/nginx/sites-enabled/default
+ block: |
+ # proxy /cldr-apps/ to tomcat, with generous timeouts
+ proxy_connect_timeout 60s;
+ proxy_send_timeout 500s;
+ proxy_read_timeout 500s;
+ location /cldr-apps/ {
+ rewrite ^/(.+)\._[\da-f]+_\.(js|css)$ /$1.$2 break;
+ allow all;
+ proxy_pass http://localhost:9080/cldr-apps/;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $remote_addr;
+ }
+ location /openapi/ {
+ allow all;
+ proxy_pass http://localhost:9080/openapi/;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $remote_addr;
+ }
+ marker: '# {mark} ANSIBLE MANAGED BLOCK'
+ insertafter: '^[\s]*server_name' # the LAST uncommented server block
+ notify: 'Restart Nginx'
+ - name: Setup index.html
+ copy:
+ src: templates/index.html
+ dest: /var/www/html
+ owner: root
+ group: root
+ mode: '0644'
+ handlers:
+ - name: Restart Nginx
+ service:
+ name: nginx
+ state: restarted
diff --git a/tools/scripts/ansible/openliberty-playbook.yml b/tools/scripts/ansible/openliberty-playbook.yml
new file mode 100644
index 0000000..438dbdf
--- /dev/null
+++ b/tools/scripts/ansible/openliberty-playbook.yml
@@ -0,0 +1,87 @@
+- hosts: surveytool
+ become: yes
+ gather_facts: yes
+ vars_files:
+ - vars/main.yml
+ - vars/openliberty.yml
+ - local-vars/local.yml
+ roles:
+ - role: adoptopenjdk_role
+ - role: openliberty # local version of devopstoolbox.openliberty
+ tasks:
+ # we don't want the defaultServer, we are going to install our own
+ - name: "Disable openliberty@defaultServer"
+ ansible.builtin.systemd:
+ name: openliberty@defaultServer
+ enabled: no
+ # this is to make sure openliberty@cldr can startup ok.
+ - name: setup perms on cldr/
+ file:
+ path: /var/lib/openliberty/usr/servers/{{ cldr_openliberty_server }}/
+ state: directory
+ mode: '0770'
+ owner: "{{ cldr_openliberty_user }}"
+ group: "{{ cldr_openliberty_group }}"
+ - name: "Copy defaultServer to cldr if needed"
+ ansible.builtin.copy:
+ force: no
+ remote_src: true
+ src: /var/lib/openliberty/usr/servers/defaultServer/server.xml
+ dest: /var/lib/openliberty/usr/servers/{{ cldr_openliberty_server }}/server.xml
+ owner: "{{ cldr_openliberty_user }}"
+ group: "{{ cldr_openliberty_group }}"
+ mode: '0660'
+ notify: Restart OpenLiberty
+ - name: set up cldr/server.env
+ template:
+ src: templates/server-env.j2
+ dest: "/var/lib/openliberty/usr/servers/{{ cldr_openliberty_server }}/server.env"
+ owner: "{{ cldr_openliberty_user }}"
+ group: "{{ cldr_openliberty_group }}"
+ mode: '0640'
+ notify: Restart OpenLiberty
+ - name: set up cldr/bootstrap.properties
+ template:
+ src: templates/bootstrap-properties.j2
+ dest: "/var/lib/openliberty/usr/servers/{{ cldr_openliberty_server }}/bootstrap.properties"
+ owner: "{{ cldr_openliberty_user }}"
+ group: "{{ cldr_openliberty_group }}"
+ mode: '0640'
+ notify: Restart OpenLiberty
+ - name: setup perms on cldr/jdbc
+ file:
+ path: /var/lib/openliberty/usr/servers/{{ cldr_openliberty_server }}/jdbc/
+ state: directory
+ mode: '0770'
+ owner: "{{ cldr_openliberty_user }}"
+ group: "{{ cldr_openliberty_group }}"
+ - name: setup perms on cldr/apps
+ file:
+ path: /var/lib/openliberty/usr/servers/{{ cldr_openliberty_server }}/apps/
+ state: directory
+ mode: '0770'
+ owner: "{{ cldr_openliberty_user }}"
+ group: "{{ cldr_openliberty_group }}"
+ - name: "Enable openliberty@cldr"
+ ansible.builtin.systemd:
+ name: "{{ cldr_openliberty_service }}"
+ enabled: yes # won't have SurveyTool but will be blank until first deploy
+ - name: Setup deploy-to-tomcat.sh
+ template:
+ src: templates/deploy-sh.j2
+ dest: /usr/local/bin/deploy-to-openliberty.sh
+ owner: root
+ group: root
+ mode: '0755'
+ - name: add surveytool to sudoers
+ template:
+ dest: /etc/sudoers.d/56-surveytool
+ owner: root
+ group: root
+ mode: '440'
+ src: templates/56-surveytool.j2
+ handlers:
+ - name: Restart OpenLiberty
+ service:
+ name: "{{ cldr_openliberty_service }}"
+ state: restarted
diff --git a/tools/scripts/ansible/packages-playbook.yml b/tools/scripts/ansible/packages-playbook.yml
new file mode 100644
index 0000000..4a042fa
--- /dev/null
+++ b/tools/scripts/ansible/packages-playbook.yml
@@ -0,0 +1,17 @@
+- hosts: all
+ become: yes
+ roles:
+ - role: derJD.journald
+ vars:
+ journald_options:
+ SystemMaxUse: 512M #reduce logfile use
+ tasks:
+ - name: Install some packages
+ apt:
+ pkg:
+ # these are for convenience of the user
+ - mosh
+ - emacs-nox
+ - byobu
+ # these are for monitoring
+ - prometheus-node-exporter
diff --git a/tools/scripts/ansible/redact-db-playbook.yml b/tools/scripts/ansible/redact-db-playbook.yml
new file mode 100644
index 0000000..4e1845f
--- /dev/null
+++ b/tools/scripts/ansible/redact-db-playbook.yml
@@ -0,0 +1,75 @@
+- hosts: redactdb
+ vars_files:
+ - vars/main.yml
+ - local-vars/local.yml
+ tasks:
+ - name: set up /home/cldradmin/.ssh/config to fetch db backup
+ template:
+ src: templates/cldrbackup/config.j2
+ dest: /home/cldradmin/.ssh/config
+ owner: cldradmin
+ group: cldradmin
+ mode: '0640'
+ - name: set up /home/cldradmin/.ssh/id_rsa
+ no_log: true
+ copy:
+ src: local-vars/cldrbackup/id_rsa
+ dest: /home/cldradmin/.ssh/id_rsa
+ owner: cldradmin
+ group: cldradmin
+ mode: '0600'
+ - name: set up /home/cldradmin/.ssh/id_rsa.pub
+ copy:
+ src: local-vars/cldrbackup/id_rsa.pub
+ dest: /home/cldradmin/.ssh/id_rsa.pub
+ owner: cldradmin
+ group: cldradmin
+ mode: '0640'
+ - name: set up /home/cldradmin/.ssh/known_hosts
+ copy:
+ src: local-vars/cldrbackup/known_hosts
+ dest: /home/cldradmin/.ssh/known_hosts
+ owner: cldradmin
+ group: cldradmin
+ mode: '0640'
+ - name: set up /home/cldradmin/redact-db.sql
+ copy:
+ src: templates/cldrbackup/redact-db.sql
+ dest: /home/cldradmin/redact-db.sql
+ owner: cldradmin
+ group: cldradmin
+ mode: '0640'
+ - name: set up /home/cldradmin/fetch-db.sh
+ template:
+ src: templates/cldrbackup/fetch_db_sh.j2
+ dest: /home/cldradmin/fetch-db.sh
+ owner: cldradmin
+ group: cldradmin
+ mode: '0640'
+ - name: set up /home/cldradmin/redact-db.sh
+ template:
+ src: templates/cldrbackup/redact_db_sh.j2
+ dest: /home/cldradmin/redact-db.sh
+ owner: cldradmin
+ group: cldradmin
+ mode: '0640'
+ - name: fetch and unzip db
+ # This playbook is intended to always make a change.
+ command: bash /home/cldradmin/fetch-db.sh # noqa 301
+ become: yes
+ become_user: cldradmin
+ - name: stop openliberty
+ become: true
+ service:
+ name: "{{ cldr_openliberty_service }}"
+ state: stopped
+ - name: redact db
+ # This playbook is intended to always make a change.
+ command: bash /home/cldradmin/redact-db.sh # noqa 301
+ become: yes
+ become_user: cldradmin
+ - name: restart openliberty
+ become: true
+ service:
+ name: "{{ cldr_openliberty_service }}"
+ state: restarted
diff --git a/tools/scripts/ansible/requirements.yml b/tools/scripts/ansible/requirements.yml
index c4e26ac..be70b1d 100644
--- a/tools/scripts/ansible/requirements.yml
+++ b/tools/scripts/ansible/requirements.yml
@@ -1,3 +1,16 @@
-sprylab.tomcat-ubuntu
-geerlingguy.mysql
-derjd.journald
+- src: geerlingguy.mysql
+ version: 3.3.0
+- src: geerlingguy.nginx
+ version: 2.8.0
+- src: derjd.journald
+ version: 0.0.1
+
+# for Java
+- src: sfuhrm.adoptopenjdk_role
+ version: 1.0.0
+ name: adoptopenjdk_role
+
+# does not support ubuntu yet
+#- src: https://github.com/devopstoolbox/openliberty
+# version: ccbd4d65753222d45c0c6a55e166a3417c6739a4
+# name: devopstoolbox.openliberty
diff --git a/tools/scripts/ansible/roles.yml b/tools/scripts/ansible/roles.yml
deleted file mode 100644
index b0db652..0000000
--- a/tools/scripts/ansible/roles.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-- src: geerlingguy.mysql
- version: 3.3.0
-- src: geerlingguy.nginx
- version: 2.8.0
-- src: derjd.journald
- version: 0.0.1
-# - src: geerlingguy.certbot
-# version: 3.1.0
\ No newline at end of file
diff --git a/tools/scripts/ansible/roles/openliberty/.travis.yml b/tools/scripts/ansible/roles/openliberty/.travis.yml
new file mode 100644
index 0000000..36bbf62
--- /dev/null
+++ b/tools/scripts/ansible/roles/openliberty/.travis.yml
@@ -0,0 +1,29 @@
+---
+language: python
+python: "2.7"
+
+# Use the new container infrastructure
+sudo: false
+
+# Install ansible
+addons:
+ apt:
+ packages:
+ - python-pip
+
+install:
+ # Install ansible
+ - pip install ansible
+
+ # Check ansible version
+ - ansible --version
+
+ # Create ansible.cfg with correct roles_path
+ - printf '[defaults]\nroles_path=../' >ansible.cfg
+
+script:
+ # Basic role syntax check
+ - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
+
+notifications:
+ webhooks: https://galaxy.ansible.com/api/v1/notifications/
\ No newline at end of file
diff --git a/tools/scripts/ansible/roles/openliberty/README.md b/tools/scripts/ansible/roles/openliberty/README.md
new file mode 100644
index 0000000..225dd44
--- /dev/null
+++ b/tools/scripts/ansible/roles/openliberty/README.md
@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+ - hosts: servers
+ roles:
+ - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).
diff --git a/tools/scripts/ansible/roles/openliberty/defaults/main.yml b/tools/scripts/ansible/roles/openliberty/defaults/main.yml
new file mode 100644
index 0000000..45d1d2a
--- /dev/null
+++ b/tools/scripts/ansible/roles/openliberty/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+# defaults file for openliberty
diff --git a/tools/scripts/ansible/roles/openliberty/handlers/main.yml b/tools/scripts/ansible/roles/openliberty/handlers/main.yml
new file mode 100644
index 0000000..1f61575
--- /dev/null
+++ b/tools/scripts/ansible/roles/openliberty/handlers/main.yml
@@ -0,0 +1,2 @@
+---
+# handlers file for openliberty
diff --git a/tools/scripts/ansible/roles/openliberty/meta/main.yml b/tools/scripts/ansible/roles/openliberty/meta/main.yml
new file mode 100644
index 0000000..9cead58
--- /dev/null
+++ b/tools/scripts/ansible/roles/openliberty/meta/main.yml
@@ -0,0 +1,24 @@
+galaxy_info:
+ author: Steven R. Loomis
+ description: Ubuntu installer for OpenLiberty
+
+ license: Unicode-DFS-2016
+
+ min_ansible_version: 2.1
+
+ platforms:
+ - name: Ubuntu
+ versions:
+ - all
+
+ galaxy_tags: []
+ # List tags for your role here, one per line. A tag is a keyword that describes
+ # and categorizes the role. Users find roles by searching for tags. Be sure to
+ # remove the '[]' above, if you add tags to this list.
+ #
+ # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+ # Maximum 20 tags per role.
+
+dependencies: []
+ # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+ # if you add dependencies to this list.
diff --git a/tools/scripts/ansible/roles/openliberty/tasks/main.yml b/tools/scripts/ansible/roles/openliberty/tasks/main.yml
new file mode 100644
index 0000000..9371b1b
--- /dev/null
+++ b/tools/scripts/ansible/roles/openliberty/tasks/main.yml
@@ -0,0 +1,21 @@
+---
+# tasks file for openliberty
+# Docs here: https://openliberty.io/blog/2020/04/09/microprofile-3-3-open-liberty-20004.html#yum
+- name: Install OpenLiberty GPG key
+ become: true
+ ansible.builtin.apt_key:
+ url: http://public.dhe.ibm.com/ibmdl/export/pub/software/openliberty/runtime/os-native-packages/public.key
+ state: present
+ when:
+ - ansible_distribution == "Ubuntu"
+- name: Add OpenLiberty repo
+ become: true
+ ansible.builtin.apt_repository:
+ repo: deb https://public.dhe.ibm.com/ibmdl/export/pub/software/openliberty/runtime/os-native-packages/deb/ /
+ state: present
+ filename: openliberty
+- name: Install OpenLiberty packages
+ become: true
+ ansible.builtin.apt:
+ pkg:
+ - openliberty
diff --git a/tools/scripts/ansible/roles/openliberty/tests/inventory b/tools/scripts/ansible/roles/openliberty/tests/inventory
new file mode 100644
index 0000000..878877b
--- /dev/null
+++ b/tools/scripts/ansible/roles/openliberty/tests/inventory
@@ -0,0 +1,2 @@
+localhost
+
diff --git a/tools/scripts/ansible/roles/openliberty/tests/test.yml b/tools/scripts/ansible/roles/openliberty/tests/test.yml
new file mode 100644
index 0000000..ee2ac06
--- /dev/null
+++ b/tools/scripts/ansible/roles/openliberty/tests/test.yml
@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+ remote_user: root
+ roles:
+ - openliberty
diff --git a/tools/scripts/ansible/roles/openliberty/vars/main.yml b/tools/scripts/ansible/roles/openliberty/vars/main.yml
new file mode 100644
index 0000000..96b1aa5
--- /dev/null
+++ b/tools/scripts/ansible/roles/openliberty/vars/main.yml
@@ -0,0 +1,2 @@
+---
+# vars file for openliberty
diff --git a/tools/scripts/ansible/server-playbook.yml b/tools/scripts/ansible/server-playbook.yml
new file mode 100644
index 0000000..3b39b8e
--- /dev/null
+++ b/tools/scripts/ansible/server-playbook.yml
@@ -0,0 +1,63 @@
+- hosts: surveytool
+ become: yes
+ vars_files:
+ - vars/main.yml
+ - local-vars/local.yml
+ tasks:
+ - name: Install server packages
+ apt:
+ pkg:
+ - unzip # needed for deploy
+ # for monitoring
+ - prometheus-mysqld-exporter
+ # - prometheus-nginx-exporter # (not there yet)
+ - name: Setup surveytool user for deploy
+ user:
+ name: "{{ cldr_surveytool_user }}"
+ shell: /bin/bash
+ group: "{{ cldr_surveytool_group }}"
+ - name: Give access to surveytool user
+ file:
+ path: "{{ cldr_trunk_path }}"
+ owner: surveytool
+ recurse: yes
+ - name: Setup surveytool auth
+ authorized_key:
+ user: surveytool
+ key: '{{ surveytooldeploy.key }}'
+ - name: ensure cldradmin group is there
+ group:
+ name: cldradmin
+ state: present
+ - name: ensure cldradmin user is there
+ user:
+ name: cldradmin
+ comment: CLDR Admin
+ groups:
+ - cldradmin
+ append: yes # add to the groups, do not remove
+ state: present
+ create_home: true
+ - name: make sure /home/cldradmin/.ssh/ exists
+ file:
+ path: /home/cldradmin/.ssh/
+ owner: cldradmin
+ group: cldradmin
+ mode: '0700'
+ state: directory
+ - name: make sure /home/cldradmin/.ssh/authorized_keys exists
+ file:
+ dest: /home/cldradmin/.ssh/authorized_keys
+ owner: cldradmin
+ group: cldradmin
+ mode: '0600'
+ state: touch #https://github.com/ansible/ansible/issues/7490#issuecomment-497373505
+ modification_time: preserve
+ access_time: preserve
+ - name: add cldradmin to sudoers
+ template:
+ dest: /etc/sudoers.d/55-cldradmin-users
+ owner: root
+ group: root
+ mode: '440'
+ src: templates/55-cldradmin.conf
diff --git a/tools/scripts/ansible/setup-playbook.yml b/tools/scripts/ansible/setup-playbook.yml
index 580ac0c..4964805 100644
--- a/tools/scripts/ansible/setup-playbook.yml
+++ b/tools/scripts/ansible/setup-playbook.yml
@@ -1,201 +1,11 @@
-- hosts: surveytool
- become: yes
- vars_files:
- - vars/main.yml
- - local-vars/local.yml
- roles:
- - { role: geerlingguy.mysql }
- - { role: geerlingguy.nginx }
- tasks:
- - name: Install server packages
- apt:
- pkg:
- - tomcat8
- - tomcat8-admin # needed for deploy
- - unzip # needed for deploy
- # for monitoring
- - prometheus-mysqld-exporter
- # - prometheus-nginx-exporter # (not there yet)
- - name: Setup Server Context
- template:
- src: templates/context.j2
- dest: /etc/tomcat8/context.xml
- owner: root
- group: tomcat8
- mode: '0640'
- notify: Restart Tomcat
- - name: Setup tomcat8/server.xml
- copy:
- src: templates/server.xml
- dest: /etc/tomcat8/server.xml
- owner: root
- group: tomcat8
- mode: '0640'
- notify: Restart Tomcat
- - name: Setup Server Users
- template:
- src: templates/users.j2
- dest: /etc/tomcat8/tomcat-users.xml
- owner: root
- group: tomcat8
- mode: '0640'
- notify: Restart Tomcat
- - name: Create CLDR dir
- file:
- path: /var/lib/tomcat8/cldr
- state: directory
- owner: tomcat8
- group: tomcat8
- mode: 0775
- - name: Create cldr.properties
- template:
- dest: /var/lib/tomcat8/cldr/cldr.properties
- src: templates/cldr-properties.j2
- force: no
- owner: tomcat8
- group: tomcat8
- mode: "0644"
- notify: Restart Tomcat
- - name: Checkout CLDR trunk
- git:
- repo: https://github.com/unicode-org/cldr.git
- dest: /var/lib/tomcat8/cldr/cldr-trunk
- force: no
- update: no
- version: master
- # this is deep because we will need to keep updating
- # it with history. It does not include LFS as that
- # is not needed for the surveytool.
- - name: Setup index.html
- copy:
- src: templates/index.html
- dest: /var/www/html
- owner: root
- group: root
- mode: '0644'
- - name: Setup reverse proxy
- blockinfile:
- path: /etc/nginx/sites-enabled/default
- block: |
- # proxy /cldr-apps/ to tomcat
- location /cldr-apps/ {
- rewrite ^/(.+)\._[\da-f]+_\.(js|css)$ /$1.$2 break;
- allow all;
- proxy_pass http://localhost:8080/cldr-apps/;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $remote_addr;
- }
- marker: '# {mark} ANSIBLE MANAGED BLOCK'
- insertafter: '^[\s]*server_name' # the LAST uncommented server block
- notify: 'Restart Nginx'
- - name: Setup surveytool user for deploy
- user:
- name: surveytool
- shell: /bin/bash
- - name: Give access to surveytool user
- file:
- path: /var/lib/tomcat8/cldr/cldr-trunk
- owner: surveytool
- recurse: yes
- - name: Setup surveytool auth
- authorized_key:
- user: surveytool
- key: '{{ surveytooldeploy.key }}'
- - name: Setup deploy-to-tomcat.sh
- template:
- src: templates/deploy-sh.j2
- dest: /usr/local/bin/deploy-to-tomcat.sh
- owner: root
- group: root
- mode: '0755'
- - name: ensure cldradmin group is there
- group:
- name: cldradmin
- state: present
- - name: ensure cldradmin user is there
- user:
- name: cldradmin
- comment: CLDR Admin
- groups:
- - cldradmin
- append: yes # add to the groups, do not remove
- state: present
- create_home: true
- - name: Setup /home/cldradmin/.my.cnf
- template:
- src: templates/mycnf.j2
- dest: /home/cldradmin/.my.cnf
- owner: cldradmin
- group: cldradmin
- mode: '0640'
- - name: make sure /home/cldradmin/.ssh/ exists
- file:
- path: /home/cldradmin/.ssh/
- owner: cldradmin
- group: cldradmin
- mode: '0700'
- state: directory
- - name: make sure /home/cldradmin/.ssh/authorized_keys exists
- file:
- dest: /home/cldradmin/.ssh/authorized_keys
- owner: cldradmin
- group: cldradmin
- mode: '0600'
- state: touch #https://github.com/ansible/ansible/issues/7490#issuecomment-497373505
- modification_time: preserve
- access_time: preserve
- - name: add cldradmin to sudoers
- template:
- dest: /etc/sudoers.d/55-cldradmin-users
- owner: root
- group: root
- mode: '440'
- src: templates/55-cldradmin.conf
- handlers:
- - name: Restart Tomcat
- service:
- name: tomcat8
- state: restarted
- - name: Restart Nginx
- service:
- name: nginx
- state: restarted
-
-- hosts: all
- become: yes
- roles:
- - role: derJD.journald
- vars:
- journald_options:
- SystemMaxUse: 512M #reduce logfile use
- tasks:
- - name: Install some packages
- apt:
- pkg:
- # these are for convenience of the user
- - mosh
- - emacs-nox
- - byobu
- # these are for monitoring
- - prometheus-node-exporter
-
-- hosts: letsencrypt
- become: yes
- vars_files:
- - vars/main.yml
- - local-vars/local.yml
- tasks:
- - name: Install certbot packages
- apt:
- pkg:
- - python3-certbot-nginx
- - name: setup certbot
- command: >
- sudo certbot --nginx --agree-tos -m {{ certbot_admin_email }}
- -d {{ inventory_hostname }} --non-interactive
- --keep --redirect --uir --hsts --staple-ocsp --must-staple
- args:
- creates: /etc/letsencrypt/renewal/{{ inventory_hostname }}.conf
-
+# need group openliberty to exist, so do that first
+- import_playbook: openliberty-playbook.yml
+- import_playbook: server-playbook.yml
+- import_playbook: mysql-playbook.yml
+- import_playbook: nginx-playbook.yml
+- import_playbook: cldr-apps-playbook.yml
+- import_playbook: packages-playbook.yml
+- import_playbook: certbot-playbook.yml
+- import_playbook: hostname-playbook.yml
- import_playbook: backup-db-playbook.yml
+# - import_playbook: ccc-playbook.yml
diff --git a/tools/scripts/ansible/templates/56-surveytool.j2 b/tools/scripts/ansible/templates/56-surveytool.j2
new file mode 100644
index 0000000..33c593c
--- /dev/null
+++ b/tools/scripts/ansible/templates/56-surveytool.j2
@@ -0,0 +1,5 @@
+# managed by ansible setup-playbook.yml
+{{ cldr_surveytool_user }} ALL=(root) NOPASSWD: /usr/sbin/service {{ cldr_openliberty_service }} start
+{{ cldr_surveytool_user }} ALL=(root) NOPASSWD: /usr/sbin/service {{ cldr_openliberty_service }} stop
+{{ cldr_surveytool_user }} ALL=(root) NOPASSWD: /usr/sbin/service {{ cldr_openliberty_service }} restart
+{{ cldr_surveytool_user }} ALL=(root) NOPASSWD: /usr/sbin/service {{ cldr_openliberty_service }} status
diff --git a/tools/scripts/ansible/templates/bootstrap-properties.j2 b/tools/scripts/ansible/templates/bootstrap-properties.j2
new file mode 100644
index 0000000..575ebd1
--- /dev/null
+++ b/tools/scripts/ansible/templates/bootstrap-properties.j2
@@ -0,0 +1,7 @@
+# This is set up and maintained by the Ansible script.
+# If you change this file, your changes may be replaced.
+
+# This is a "new" property which specifies
+# the full path to the config dir.
+# It requires a code update in CLDRConfigImpl.
+org.unicode.cldr.util.CLDRConfigImpl.cldrHome="{{ cldr_path }}"
diff --git a/tools/scripts/ansible/templates/cldr-properties.j2 b/tools/scripts/ansible/templates/cldr-properties.j2
index 8124458..08d3469 100644
--- a/tools/scripts/ansible/templates/cldr-properties.j2
+++ b/tools/scripts/ansible/templates/cldr-properties.j2
@@ -11,7 +11,7 @@
#CLDR_MESSAGE=
## Special message shown to users.
-CLDR_HEADER=Welcome to SurveyTool@surveytool. Please edit /var/lib/tomcat8/cldr/cldr.properties to change CLDR_HEADER (to change this message), or comment it out entirely. Also see /var/lib/tomcat8/cldr/admin.html to get to the admin panel.
+CLDR_HEADER=Welcome to SurveyTool@surveytool. Please edit {{ cldr_path }}/cldr.properties to change CLDR_HEADER (to change this message), or comment it out entirely. Also see {{ cldr_path }}/admin.html to get to the admin panel.
## Current SurveyTool phase
CLDR_PHASE=BETA
@@ -22,11 +22,8 @@
## 'new' version
CLDR_NEWVERSION={{ surveytooldeploy.newversion }}
-## Current SurveyTool phase
-CLDR_PHASE=BETA
-
## CLDR trunk. Default value shown
-CLDR_DIR=/var/lib/tomcat8/cldr/cldr-trunk
+CLDR_DIR={{ cldr_trunk_path }}
## SMTP server. Mail is disabled by default.
#CLDR_SMTP=127.0.0.1
diff --git a/tools/scripts/ansible/templates/cldrbackup/fetch_db_sh.j2 b/tools/scripts/ansible/templates/cldrbackup/fetch_db_sh.j2
new file mode 100644
index 0000000..e9ae005
--- /dev/null
+++ b/tools/scripts/ansible/templates/cldrbackup/fetch_db_sh.j2
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+DATABASE_NAME={{ cldr_database_name }}
+FNAME={{ cldr_database_name }}-DUMP-`date +%Y-%m-%d`
+RSYNC_SOURCE={{ cldr_db_backup_destination }}
+
+rsync ${RSYNC_SOURCE}/${FNAME}.sql.xz /home/cldradmin
+unxz ${FNAME}.sql.xz
diff --git a/tools/scripts/ansible/templates/cldrbackup/redact-db.sql b/tools/scripts/ansible/templates/cldrbackup/redact-db.sql
new file mode 100644
index 0000000..c73993f
--- /dev/null
+++ b/tools/scripts/ansible/templates/cldrbackup/redact-db.sql
@@ -0,0 +1,2 @@
+UPDATE cldr_users SET password=SUBSTRING(MD5(RAND()) FROM 1 FOR 6), name=CONCAT(org,'#',id),email=CONCAT('u_',id,'@',LOWER(org),'.example.com') WHERE id>1;
+UPDATE cldr_forum_posts SET text='(redacted 🆗)';
diff --git a/tools/scripts/ansible/templates/cldrbackup/redact_db_sh.j2 b/tools/scripts/ansible/templates/cldrbackup/redact_db_sh.j2
new file mode 100644
index 0000000..beca8a0
--- /dev/null
+++ b/tools/scripts/ansible/templates/cldrbackup/redact_db_sh.j2
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+DATABASE_NAME={{ cldr_database_name }}
+FNAME={{ cldr_database_name }}-DUMP-`date +%Y-%m-%d`
+
+mysql ${DATABASE_NAME} --show-warnings --default-character-set=utf8mb4 < ${FNAME}.sql
+mysql ${DATABASE_NAME} --show-warnings --default-character-set=utf8mb4 < redact-db.sql
+rm ${FNAME}.sql
diff --git a/tools/scripts/ansible/templates/context.j2 b/tools/scripts/ansible/templates/context.j2
deleted file mode 100644
index dbe5e51..0000000
--- a/tools/scripts/ansible/templates/context.j2
+++ /dev/null
@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Context>
-<WatchedResource>WEB-INF/web.xml</WatchedResource>
-<WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
-<Resource name="jdbc/SurveyTool"
- auth="Container" type="javax.sql.DataSource"
- username="surveytool"
- driverClassName="com.mysql.jdbc.Driver"
- password="{{ mysql_users[0].password }}"
- url="jdbc:mysql://localhost:3306/cldrdb?ConnectionRetryCount=5&ConnectionRetryDelay=20&useJDBCCompliantTimezoneShift=true&useLegacyDatetimeCode=false&serverTimezone=UTC"
- maxActive="8" maxIdle="4" removeAbandoned="true" removeAbandonedTimeout="60" logAbandoned="true" defaultAutoCommit="false"
- poolPreparedStatements="true" maxOpenPreparedStatements="150"
-/>
-</Context>
\ No newline at end of file
diff --git a/tools/scripts/ansible/templates/deploy-sh.j2 b/tools/scripts/ansible/templates/deploy-sh.j2
index 2881e74..0d0b1e4 100644
--- a/tools/scripts/ansible/templates/deploy-sh.j2
+++ b/tools/scripts/ansible/templates/deploy-sh.j2
@@ -1,18 +1,18 @@
#!/bin/bash
# Note: this is managed by Ansible, as deploy-sh.j2
-# Don't modify this file.
+# Don't modify this file unless its name is deploy-sh.j2
GITHUB_SHA=$1
UNLOCK=$2
WORKDIR=${TMPDIR-/tmp} # keep all random files here
-export TPASS={{ surveytooldeploy.password }} # from surveytooldeploy.password
-export TUSER=surveytooldeploy # fixed for now
+SERVICE="{{ cldr_openliberty_service }}"
+# TODO: "dogit" could be split out as a separate script
dogit() {
rm -f ${WORKDIR}/git-list.txt
if [[ ${GITHUB_SHA} = "master" ]];
then
- echo "changing 'master' to 'origin/master' to get the latest"
- GITHUB_SHA=origin/master
+ echo "changing 'master' to 'origin/master' to get the latest"
+ GITHUB_SHA=origin/master
fi
git fetch -p || exit 1
git clean -f -d || echo 'warning: err on cleanup'
@@ -23,42 +23,61 @@
git rev-parse --short "${GITHUB_SHA}" || exit 1 # fail on err
if [[ $(git rev-parse --short HEAD) = $(git rev-parse --short "${GITHUB_SHA}") ]];
then
- echo "No checkout needed. Continuing with redeploy."
+ echo "No checkout needed. Continuing with redeploy."
else
- echo "Deploy will include these new items:"
- echo "---"
- (git log --oneline HEAD..${GITHUB_SHA} | tee ${WORKDIR}/git-list.txt) || exit 1
- echo "---"
- if [[ ! -s ${WORKDIR}/git-list.txt ]]; # if empty..
- then
- echo "Note, ${GITHUB_SHA} is not ahead of HEAD" $(git rev-parse --short HEAD)
- echo "Checking for items that would be REVERTED if we proceed:"
- echo "---"
- git log --oneline ${GITHUB_SHA}..HEAD
- echo "---"
- if [[ "${UNLOCK}" = "--override" ]];
- then
- echo ".. continuing anyway! due to " "${UNLOCK}"
- else
- echo "STOP. Check the override box if you really want to do this"
- exit 1
- fi
- fi
- git checkout -f ${GITHUB_SHA}
- echo "HEAD is now at" $(git rev-parse --short HEAD) "!"
+ echo "Deploy will include these new items:"
+ echo "---"
+ (git log --oneline HEAD..${GITHUB_SHA} | tee ${WORKDIR}/git-list.txt) || exit 1
+ echo "---"
+ if [[ ! -s ${WORKDIR}/git-list.txt ]]; # if empty..
+ then
+ echo "Note, ${GITHUB_SHA} is not ahead of HEAD" $(git rev-parse --short HEAD)
+ echo "Checking for items that would be REVERTED if we proceed:"
+ echo "---"
+ git log --oneline ${GITHUB_SHA}..HEAD
+ echo "---"
+ if [[ "${UNLOCK}" = "--override" ]];
+ then
+ echo ".. continuing anyway! due to " "${UNLOCK}"
+ else
+ echo "STOP. Check the override box if you really want to do this"
+ exit 1
+ fi
+ fi
+ git checkout -f ${GITHUB_SHA}
+ echo "HEAD is now at" $(git rev-parse --short HEAD) "!"
fi
}
# Check git first, before undeploying. Want to exit early
-(cd /var/lib/tomcat8/cldr/cldr-trunk/ && dogit ) || exit 1
-# undeploy old ST
-curl -u ${TUSER}:${TPASS} 'http://localhost:8080/manager/text/undeploy?path=/cldr-apps'
-# reset last deploy status
-rm -fv ${WORKDIR}/cldr-apps.war ${WORKDIR}/deploystatus
-# copy cldr-apps.war from action runner to server
-dd bs=1024000 status=progress of=${WORKDIR}/cldr-apps.war
+(cd {{ cldr_trunk_path }} && dogit ) || exit 1
+#
+# stop server
+sudo -u root /usr/sbin/service ${SERVICE} stop
+# clear cache
+if [[ -d /srv/st/config/.cache ]];
+then
+ echo "Deleting cache /srv/config/.cache"
+ rm -rf /srv/st/config/.cache
+fi
+rm -fv ${WORKDIR}/cldr-apps.zip ${WORKDIR}/deploystatus
+# copy cldr-apps.zip from action runner to server
+dd bs=1024000 status=progress of=${WORKDIR}/cldr-apps.zip
# this counts the # of files to make sure it's not too short, but also verifies that unzip is OK
-echo ; echo -n 'Unzip check, # of files in cldr-apps.war: '
-(unzip -l ${WORKDIR}/cldr-apps.war | wc -l ) || exit 1
+echo ; echo -n 'Unzip check, # of files in cldr-apps.zip: '
+(unzip -l ${WORKDIR}/cldr-apps.zip | wc -l ) || exit 1
+cd ${WORKDIR} || exit 1
+rm -rf ./deploy || exit 1
+mkdir ./deploy
+cd ./deploy
+unzip ${WORKDIR}/cldr-apps.zip
+if [[ ! -d ./wlp ]];
+then
+ echo "Error, did not get a ./wlp dir from this zip.. stop"
+ exit 1
+fi
# Now, do the deployment!
-curl -q -u ${TUSER}:${TPASS} 'http://localhost:8080/manager/text/deploy?path=/cldr-apps&tag=cldr-apps&update=true' -T ${WORKDIR}/cldr-apps.war | tee ${WORKDIR}/deploystatus
+# exclude these two files
+rsync -r --exclude server.env --exclude workarea --exclude bootstrap.properties -v \
+ --delete ./wlp/usr/servers/cldr/* /var/lib/openliberty/usr/servers/cldr/ || exit 1
+sudo -u root /usr/sbin/service ${SERVICE} start || exit 1
\ No newline at end of file
diff --git a/tools/scripts/ansible/templates/mycnf.j2 b/tools/scripts/ansible/templates/mycnf.j2
index 3fd9c7f..b2de3c7 100644
--- a/tools/scripts/ansible/templates/mycnf.j2
+++ b/tools/scripts/ansible/templates/mycnf.j2
@@ -1,5 +1,7 @@
# managed by ansible setup-playboook.yml
[client]
user=cldradmin
-database={{ cldr_database_name }}
password={{ cldradmin_pw }}
+
+[mysql]
+database={{ cldr_database_name }}
diff --git a/tools/scripts/ansible/templates/server-env.j2 b/tools/scripts/ansible/templates/server-env.j2
new file mode 100644
index 0000000..5f7ada4
--- /dev/null
+++ b/tools/scripts/ansible/templates/server-env.j2
@@ -0,0 +1,7 @@
+# This is set up and maintained by the Ansible script.
+# If you change this file, your changes may be replaced.
+MYSQL_USER=surveytool
+MYSQL_PASSWORD={{ mysql_users[0].password }}
+MYSQL_DB=cldrdb
+WLP_SKIP_MAXPERMSIZE=true
+LOG_DIR=/var/log/openliberty/cldr
diff --git a/tools/scripts/ansible/templates/server.xml b/tools/scripts/ansible/templates/server.xml
deleted file mode 100644
index f58cdd8..0000000
--- a/tools/scripts/ansible/templates/server.xml
+++ /dev/null
@@ -1,145 +0,0 @@
-<?xml version='1.0' encoding='utf-8'?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<!-- Note: A "Server" is not itself a "Container", so you may not
- define subcomponents such as "Valves" at this level.
- Documentation at /docs/config/server.html
- -->
-<Server address="127.0.0.1" port="8005" shutdown="SHUTDOWN">
- <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
- <!-- Security listener. Documentation at /docs/config/listeners.html
- <Listener className="org.apache.catalina.security.SecurityListener" />
- -->
- <!--APR library loader. Documentation at /docs/apr.html -->
- <!--
- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
- -->
- <!-- Prevent memory leaks due to use of particular java/javax APIs-->
- <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
- <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
- <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
-
- <!-- Global JNDI resources
- Documentation at /docs/jndi-resources-howto.html
- -->
- <GlobalNamingResources>
- <!-- Editable user database that can also be used by
- UserDatabaseRealm to authenticate users
- -->
- <Resource name="UserDatabase" auth="Container"
- type="org.apache.catalina.UserDatabase"
- description="User database that can be updated and saved"
- factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
- pathname="conf/tomcat-users.xml" />
- </GlobalNamingResources>
-
- <!-- A "Service" is a collection of one or more "Connectors" that share
- a single "Container" Note: A "Service" is not itself a "Container",
- so you may not define subcomponents such as "Valves" at this level.
- Documentation at /docs/config/service.html
- -->
- <Service name="Catalina">
-
- <!--The connectors can use a shared executor, you can define one or more named thread pools-->
- <!--
- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
- maxThreads="150" minSpareThreads="4"/>
- -->
-
-
- <!-- A "Connector" represents an endpoint by which requests are received
- and responses are returned. Documentation at :
- Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
- Java AJP Connector: /docs/config/ajp.html
- APR (HTTP/AJP) Connector: /docs/apr.html
- Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
- -->
- <Connector address="127.0.0.1" port="8080" protocol="HTTP/1.1"
- connectionTimeout="20000"
- URIEncoding="UTF-8"
- redirectPort="8443" />
- <!-- A "Connector" using the shared thread pool-->
- <!--
- <Connector executor="tomcatThreadPool"
- address="127.0.0.1" port="8080" protocol="HTTP/1.1"
- connectionTimeout="20000"
- redirectPort="8443" />
- -->
- <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
- This connector uses the NIO implementation that requires the JSSE
- style configuration. When using the APR/native implementation, the
- OpenSSL style configuration is required as described in the APR/native
- documentation -->
- <!--
- <Connector address="127.0.0.1" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
- maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
- clientAuth="false" sslProtocol="TLS" />
- -->
-
- <!-- Define an AJP 1.3 Connector on port 8009 -->
- <Connector address="127.0.0.1" port="8009" protocol="AJP/1.3" redirectPort="8443" />
-
-
- <!-- An Engine represents the entry point (within Catalina) that processes
- every request. The Engine implementation for Tomcat stand alone
- analyzes the HTTP headers included with the request, and passes them
- on to the appropriate Host (virtual host).
- Documentation at /docs/config/engine.html -->
-
- <!-- You should set jvmRoute to support load-balancing via AJP ie :
- <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
- -->
- <Engine name="Catalina" defaultHost="localhost">
-
- <!--For clustering, please take a look at documentation at:
- /docs/cluster-howto.html (simple how to)
- /docs/config/cluster.html (reference documentation) -->
- <!--
- <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
- -->
-
- <!-- Use the LockOutRealm to prevent attempts to guess user passwords
- via a brute-force attack -->
- <Realm className="org.apache.catalina.realm.LockOutRealm">
- <!-- This Realm uses the UserDatabase configured in the global JNDI
- resources under the key "UserDatabase". Any edits
- that are performed against this UserDatabase are immediately
- available for use by the Realm. -->
- <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
- resourceName="UserDatabase"/>
- </Realm>
-
- <Host name="localhost" appBase="webapps"
- unpackWARs="true" autoDeploy="true">
-
- <!-- SingleSignOn valve, share authentication between web applications
- Documentation at: /docs/config/valve.html -->
- <!--
- <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
- -->
-
- <!-- Access log processes all example.
- Documentation at: /docs/config/valve.html
- Note: The pattern used is equivalent to using pattern="common" -->
- <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
- prefix="localhost_access_log" suffix=".txt"
- pattern="%h %l %u %t "%r" %s %b" />
-
- </Host>
- </Engine>
- </Service>
-</Server>
diff --git a/tools/scripts/ansible/templates/st-readme.j2 b/tools/scripts/ansible/templates/st-readme.j2
new file mode 100644
index 0000000..aa3688e
--- /dev/null
+++ b/tools/scripts/ansible/templates/st-readme.j2
@@ -0,0 +1,9 @@
+WHAT IS THIS DIRECTORY
+---
+
+This directory has the configuration data for the CLDR Survey Tool.
+
+For more on CLDR: <http://cldr.unicode.org>
+
+- {{ cldr_trunk_path }}: this is a checkout of the CLDR source repo, from <https://github.com/unicode-org/cldr.git>
+- {{ cldr_path }}: this contains configuration info for the Survey Tool.
diff --git a/tools/scripts/ansible/templates/users.j2 b/tools/scripts/ansible/templates/users.j2
deleted file mode 100644
index 11496eb..0000000
--- a/tools/scripts/ansible/templates/users.j2
+++ /dev/null
@@ -1,8 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<tomcat-users xmlns="http://tomcat.apache.org/xml"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
- version="1.0">
-<!-- user for deploying cldr-apps -->
-<user username="surveytooldeploy" password="{{ surveytooldeploy.password }}" roles="standard,manager-script" />
-</tomcat-users>
\ No newline at end of file
diff --git a/tools/scripts/ansible/vagrant-playbook.yml b/tools/scripts/ansible/vagrant-playbook.yml
new file mode 100644
index 0000000..fea832a
--- /dev/null
+++ b/tools/scripts/ansible/vagrant-playbook.yml
@@ -0,0 +1,3 @@
+# the Vagrant playbook is used for testing, see Vagrantfile
+- import_playbook: setup-playbook.yml
+# Note: any additional setup specifically for vagrant could be done here, such as adding a self-signed ssl cert
diff --git a/tools/scripts/ansible/vars/main.yml b/tools/scripts/ansible/vars/main.yml
index 2655aa3..1085c0d 100644
--- a/tools/scripts/ansible/vars/main.yml
+++ b/tools/scripts/ansible/vars/main.yml
@@ -1,11 +1,25 @@
+ansible_python_interpreter: python3
+
cldr_database_name: cldrdb
cldr_db_backup_host: corp.unicode.org
cldr_db_backup_user: cldrbackup
cldr_db_backup_destination: "{{ cldr_db_backup_host }}:/home/users/{{ cldr_db_backup_user }}"
-mysql_databases:
- - name: "{{ cldr_database_name }}"
- encoding: latin1
- collation: latin1_bin
-mysql_enabled_on_startup: true
-mysql_bind_address: localhost
-ansible_python_interpreter: python3
+
+cldr_openliberty_user: openliberty
+cldr_openliberty_group: "{{ cldr_openliberty_user }}"
+# the name of the server
+cldr_openliberty_server: cldr
+cldr_openliberty_service: openliberty@{{ cldr_openliberty_server }}
+
+cldr_surveytool_user: surveytool
+cldr_surveytool_group: "{{ cldr_openliberty_group }}"
+
+# this is the path to the server config
+cldr_st_path: /srv/st
+cldr_path: "{{ cldr_st_path }}/config"
+# this is the path to the CLDR checkout
+cldr_trunk_path: "{{ cldr_st_path }}/src/cldr"
+
+# Java
+adoptopenjdk_package: adoptopenjdk-11-openj9
+adoptopenjdk_state: present
diff --git a/tools/scripts/ansible/vars/mysql.yml b/tools/scripts/ansible/vars/mysql.yml
new file mode 100644
index 0000000..02d6279
--- /dev/null
+++ b/tools/scripts/ansible/vars/mysql.yml
@@ -0,0 +1,6 @@
+mysql_databases:
+ - name: "{{ cldr_database_name }}"
+ encoding: latin1
+ collation: latin1_bin
+mysql_enabled_on_startup: true
+mysql_bind_address: localhost
diff --git a/tools/scripts/ansible/vars/openliberty.yml b/tools/scripts/ansible/vars/openliberty.yml
new file mode 100644
index 0000000..f4c8934
--- /dev/null
+++ b/tools/scripts/ansible/vars/openliberty.yml
@@ -0,0 +1,10 @@
+# This file contains variables used by devopstoolbox.openliberty for Survey Tool
+openliberty_firewall_configure: false
+openliberty_packages_state: present
+openliberty_remove_packages: true
+openliberty_enable_service: false
+openliberty_enable_selinux: false
+openliberty_copy_templates: false
+openliberty_users:
+ - user: "{{ cldr_openliberty_user }}"
+ group: "{{ cldr_openliberty_group }}"
