diff --git a/1-server_unit/Ansible_Settings_Instruction.md b/1-server_unit/Ansible_Settings_Instruction.md
index 8e14577..3a7f878 100644
--- a/1-server_unit/Ansible_Settings_Instruction.md
+++ b/1-server_unit/Ansible_Settings_Instruction.md
@@ -87,9 +87,9 @@ Below are the files where modification is required.
```yaml
tag_ServerType: web
- nginx_version: 1.14.0
+ nginx_version: 1.14.2
- nginx_hm_version: 0.32
+ nginx_hm_version: 0.33
```
#### AP server (file destination : /group_vars/ap.yml)
@@ -116,8 +116,10 @@ Below are the files where modification is required.
cache_manager: memcached
tomcat_version: 9.0.10
-
+
commons_daemon_version : 1.1.0
+
+ activemq_version: 5.15.8
```
#### ES server (file destination : /group_vars/es.yml)
@@ -135,7 +137,7 @@ Below are the files where modification is required.
```yaml
tag_ServerType: nfs
- memcached_version: 1.4.21
+ memcached_version: 1.5.12
memcached_lock_maxconn: 256
@@ -152,6 +154,8 @@ Below are the files where modification is required.
memcached_lock_cachesize: 512
memcached_cache_cachesize: 512
+
+ logback_version: 1.2.3
```
#### Bastion server (file destination : /group_vars/bastion.yml)
diff --git a/1-server_unit/group_vars/ap.yml b/1-server_unit/group_vars/ap.yml
index d1e8760..b239c6b 100644
--- a/1-server_unit/group_vars/ap.yml
+++ b/1-server_unit/group_vars/ap.yml
@@ -19,4 +19,4 @@ cache_manager: memcached
tomcat_version: 9.0.10
commons_daemon_version : 1.1.0
-activemq_version: 5.15.2
+activemq_version: 5.15.8
diff --git a/1-server_unit/group_vars/nfs.yml b/1-server_unit/group_vars/nfs.yml
index ba45ec4..77d5ee5 100644
--- a/1-server_unit/group_vars/nfs.yml
+++ b/1-server_unit/group_vars/nfs.yml
@@ -2,7 +2,7 @@
tag_ServerType: nfs
-memcached_version: 1.4.21
+memcached_version: 1.5.12
memcached_lock_maxconn: 256
memcached_cache_maxconn: 256
@@ -15,3 +15,5 @@ cache_port: 11212
# memcached cachesize
memcached_lock_cachesize: 512
memcached_cache_cachesize: 512
+
+logback_version: 1.2.3
\ No newline at end of file
diff --git a/1-server_unit/group_vars/web.yml b/1-server_unit/group_vars/web.yml
index 23fa262..adee228 100644
--- a/1-server_unit/group_vars/web.yml
+++ b/1-server_unit/group_vars/web.yml
@@ -2,5 +2,5 @@
tag_ServerType: web
-nginx_version: 1.14.0
-nginx_hm_version: 0.32
+nginx_version: 1.14.2
+nginx_hm_version: 0.33
diff --git a/1-server_unit/resource/ap/etc/systemd/system/activemq.service b/1-server_unit/resource/ap/etc/systemd/system/activemq.service
index e3825cc..8483ff1 100644
--- a/1-server_unit/resource/ap/etc/systemd/system/activemq.service
+++ b/1-server_unit/resource/ap/etc/systemd/system/activemq.service
@@ -1,6 +1,6 @@
[Unit]
Description=activemq message queue
-After=network.target
+After=network.target elasticsearch.service
[Service]
PIDFile=/opt/activemq/data/activemq.pid
diff --git a/1-server_unit/resource/ap/etc/systemd/system/tomcat.service b/1-server_unit/resource/ap/etc/systemd/system/tomcat.service
index c8ff983..07b115c 100644
--- a/1-server_unit/resource/ap/etc/systemd/system/tomcat.service
+++ b/1-server_unit/resource/ap/etc/systemd/system/tomcat.service
@@ -1,5 +1,5 @@
[Unit]
-Description=Apache Tomcat 8
+Description=Apache Tomcat 9
After=network.target activemq.service
[Service]
@@ -12,6 +12,7 @@ Environment=JRE_HOME=/opt/jre
Environment=CATALINA_BASE=/opt/tomcat
Environment=TOMCAT_USER=personium
+ExecStartPre=/bin/sleep 20
ExecStart=/opt/tomcat/bin/daemon.sh --java-home /opt/jdk --catalina-home /opt/tomcat --catalina-base /opt/tomcat --catalina-pid /opt/tomcat/tomcat.pid --tomcat-user personium start
ExecStop=/opt/tomcat/bin/daemon.sh --java-home /opt/jdk --catalina-home /opt/tomcat --catalina-base /opt/tomcat --catalina-pid /opt/tomcat/tomcat.pid stop
[Install]
diff --git a/1-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 b/1-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2
index a369634..5b48309 100644
--- a/1-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2
+++ b/1-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2
@@ -49,7 +49,7 @@ function check_response() {
OPERATION=${2}
RESPONSE_CODE=`echo "${CURL_RESULT}" | /bin/grep 'status:'`
if [ "${RESPONSE_CODE}" != "status:${STATUS}" ]; then
- echo "${OPERATION}faild."
+ echo "${OPERATION} faild."
exit 2
fi
}
diff --git a/1-server_unit/resource/nfs/etc/systemd/system/memcached_cache.service b/1-server_unit/resource/nfs/etc/systemd/system/memcached_cache.service
index 53a15b8..2e956a2 100644
--- a/1-server_unit/resource/nfs/etc/systemd/system/memcached_cache.service
+++ b/1-server_unit/resource/nfs/etc/systemd/system/memcached_cache.service
@@ -6,7 +6,7 @@ After=network.target
[Service]
Type=simple
EnvironmentFile=-/etc/sysconfig/memcached_cache
-ExecStart=/opt/memcached-1.4.21/bin/memcached -u $USER -p $PORT -m $CACHESIZE -c $MAXCONN $OPTIONS
+ExecStart=/opt/memcached-{{ memcached_version }}/bin/memcached -u $USER -p $PORT -m $CACHESIZE -c $MAXCONN $OPTIONS
[Install]
WantedBy=multi-user.target
diff --git a/1-server_unit/resource/nfs/etc/systemd/system/memcached_lock.service b/1-server_unit/resource/nfs/etc/systemd/system/memcached_lock.service
index 8a691d0..396d559 100644
--- a/1-server_unit/resource/nfs/etc/systemd/system/memcached_lock.service
+++ b/1-server_unit/resource/nfs/etc/systemd/system/memcached_lock.service
@@ -6,7 +6,7 @@ After=network.target
[Service]
Type=simple
EnvironmentFile=-/etc/sysconfig/memcached_lock
-ExecStart=/opt/memcached-1.4.21/bin/memcached -u $USER -p $PORT -m $CACHESIZE -c $MAXCONN $OPTIONS
+ExecStart=/opt/memcached-{{ memcached_version }}/bin/memcached -u $USER -p $PORT -m $CACHESIZE -c $MAXCONN $OPTIONS
[Install]
WantedBy=multi-user.target
diff --git a/1-server_unit/resource/web/opt/nginx/conf/nginx.conf b/1-server_unit/resource/web/opt/nginx/conf/nginx.conf
index 1007df8..3ef5d34 100644
--- a/1-server_unit/resource/web/opt/nginx/conf/nginx.conf
+++ b/1-server_unit/resource/web/opt/nginx/conf/nginx.conf
@@ -39,6 +39,7 @@ http {
log_format combined2 '$remote_addr - $remote_user [$time_local] '
'[$http_x_personium_version] '
+ '[$http_x_personium_requestkey] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$ssl_cipher" "$ssl_protocol" '
diff --git a/1-server_unit/tasks/nfs/init_logback.yml b/1-server_unit/tasks/nfs/init_logback.yml
index bd79ef5..8eed251 100644
--- a/1-server_unit/tasks/nfs/init_logback.yml
+++ b/1-server_unit/tasks/nfs/init_logback.yml
@@ -1,10 +1,10 @@
# Copyright FUJITSU LIMITED 2015-2017.
- name: Download logback
- command: wget -q -O logback-1.0.3.tar.gz --no-check-certificate http://logback.qos.ch/dist/logback-1.0.3.tar.gz
+ command: wget -q -O logback-{{ logback_version }}.tar.gz --no-check-certificate http://logback.qos.ch/dist/logback-{{ logback_version }}.tar.gz
args:
chdir: /usr/local/src
- creates: /usr/local/src/logback-1.0.3.tar.gz
+ creates: /usr/local/src/logback-{{ logback_version }}.tar.gz
- name: Download slf4j
command: wget -q -O slf4j-1.6.4.tar.gz --no-check-certificate http://www.slf4j.org/dist/slf4j-1.6.4.tar.gz
@@ -19,10 +19,10 @@
file: path=/personium/logback/log/logback.log state=touch owner=personium group=personium mode=644
- name: Expand logback
- command: tar xzf /usr/local/src/logback-1.0.3.tar.gz
+ command: tar xzf /usr/local/src/logback-{{ logback_version }}.tar.gz
args:
chdir: /opt/logback
- creates: /opt/logback/logback-1.0.3
+ creates: /opt/logback/logback-{{ logback_version }}
- name: Expand slf4j
command: tar xzf /usr/local/src/slf4j-1.6.4.tar.gz
@@ -30,8 +30,8 @@
chdir: /opt/logback
creates: /opt/logback/slf4j-1.6.4
-- name: Change owner /opt/logback/logback-1.0.3 directory
- file: state=directory path=/opt/logback/logback-1.0.3 owner=personium group=personium recurse=yes
+- name: Change owner /opt/logback/logback-{{ logback_version }} directory
+ file: state=directory path=/opt/logback/logback-{{ logback_version }} owner=personium group=personium recurse=yes
- name: Change owner /opt/logback/slf4j-1.6.4 directory
file: state=directory path=/opt/logback/slf4j-1.6.4 owner=personium group=personium recurse=yes
diff --git a/3-server_unit/Ansible_Settings_Instruction.md b/3-server_unit/Ansible_Settings_Instruction.md
index 169ca1b..3530b22 100644
--- a/3-server_unit/Ansible_Settings_Instruction.md
+++ b/3-server_unit/Ansible_Settings_Instruction.md
@@ -20,7 +20,7 @@ Below are the files where modification is required.
# should be changed to
- ansible_ssh_user=root
+ ansible_ssh_user=ec2-user
```
* Modify the hosts file as per instruction below
@@ -28,6 +28,26 @@ Below are the files where modification is required.
#### Common Server Setting
```yaml
+{Bastion_Private_IP}
+# -> Specify the private IP of Bastion server
+# EX: {Bastion_Private_IP}->172.31.10.248
+
+{Web_Private_IP}
+# -> Specify the private IP of Web server
+# EX: {Web_Private_IP}->172.31.10.248
+
+{AP_Private_IP}
+# -> Specify the private IP of AP server
+# EX: {AP_Private_IP}->172.31.13.38
+
+{ES_Private_IP}
+# -> Set the private IP for ES server
+# EX: {ES_Private_IP}->172.31.3.80
+
+{NFS_Private_IP}
+# -> Set the private IP for NFS server
+# EX: {NFS_Private_IP}->172.31.13.38
+
{Ansible_Execution_User}
# -> Specify a user ansible execution
# EX: {Ansible_Execution_User}->root
@@ -35,62 +55,60 @@ Below are the files where modification is required.
{SSH_PrivateKey}
# -> Set the secret key in the absolute path for ansible user ssh public key authentication
# EX: {SSH_PrivateKey}->/root/.ssh/id_rsa
-```
-#### Bastion server
-
-```yaml
-{Bastion_Private_IP}
-# -> Specify the private IP of Bastion server
-# EX: {Bastion_Private_IP}->172.31.10.248
+{Web_Global_IP}
+# -> Specify the global IP for Web server
+# EX: {Web_Global_IP}->54.65.33.203
-{Bastion_Tag_Name}
-# -> Specify the host name for Bastion server
-# EX: {Bastion_Tag_Name}->bastion-web
+{Web_FQDN}
+# -> Specify the FQDN for Web server(same as unit FQDN)
+# EX: {Web_FQDN}->ec2-54-65-33-203.ap-northeast-1.compute.amazonaws.com
{Bastion_Network_Separation}
# -> Specify the network catagory for Bastion server
# EX: {Bastion_Network_Separation}->172.31.10.0/24
+{WEB_Network_Separation}
+# -> Specify the network catagory for WEB server
+# EX: {WEB_Network_Separation}->172.31.10.0/24
+
+{AP_Network_Separation}
+# -> Specify the network catagory for AP server
+# EX: {AP_Network_Separation}->172.31.13.0/24
+
+{Master_Token}
+# -> To authorize all kind of operation, set the master token (Strictly managed)
+# EX: enable_mastertoken=true
+# {Master_Token}->abc123
+
{Path_Based_Cell_Url_Enabled}
# -> URL format to access cell*1
# -> true:path based cell url
# -> false:per cell fqdn url
# EX: {Path_Based_Cell_Url_Enabled}->false
```
+
*1.For explanation about URL format to access cell, please confirm [here](https://personium.io/docs/ja/server-operator/setup_percell.html).
-#### Web server
+#### Bastion server
```yaml
-{Web_Private_IP}
-# -> Specify the private IP of Web server
-# EX: {Web_Private_IP}->172.31.10.248
+{Bastion_Tag_Name}
+# -> Specify the host name for Bastion server
+# EX: {Bastion_Tag_Name}->bastion-web
+```
+
+#### Web server
+```yaml
{Web_Tag_Name}
# -> Specify the host name for Web server
# EX: {Web_Tag_Name}->bastion-web
-
-{Web_Global_IP}
-# -> Specify the global IP for Web server
-# EX: {Web_Global_IP}->54.65.33.203
-
-{Web_FQDN}
-# -> Specify the FQDN for Web server(same as unit FQDN)
-# EX: {Web_FQDN}->ec2-54-65-33-203.ap-northeast-1.compute.amazonaws.com
```
#### AP server
```yaml
-{AP_Private_IP}
-# -> Specify the private IP of AP server
-# EX: {AP_Private_IP}->172.31.13.38
-
-{AP_Network_Separation}
-# -> Specify the network catagory for AP server
-# EX: {AP_Network_Separation}->172.31.13.0/24
-
{AP_Tag_Name}
# -> Specify the host name for AP server
# EX: {AP_Tag_Name}->test-ap
@@ -98,26 +116,11 @@ Below are the files where modification is required.
{PIO_LOGVOL}
# -> Specify the disk name for Personium log
# EX: {PIO_LOGVOL}->vdb
-
-{Master_Token}
-# -> To authorize all kind of operation, set the master token (Strictly managed)
-# EX: {Master_Token}->abc123
-
-{Path_Based_Cell_Url_Enabled}
-# -> URL format to access cell*1
-# -> true:path based cell url
-# -> false:per cell fqdn url
-# EX: {Path_Based_Cell_Url_Enabled}->false
```
-*1.For explanation about URL format to access cell, please confirm [here](https://personium.io/docs/ja/server-operator/setup_percell.html).
#### ES server
```yaml
-{ES_Private_IP}
-# -> Set the private IP for ES server
-# EX: {ES_Private_IP}->172.31.3.80
-
{ES_Tag_Name}
# -> Specify the host name for ES server
# EX: {ES_Tag_Name}->test-ES
@@ -130,10 +133,6 @@ Below are the files where modification is required.
#### NFS server
```yaml
-{NFS_Private_IP}
-# -> Set the private IP for NFS server
-# EX: {NFS_Private_IP}->172.31.13.38
-
{nfs_Tag_Name}
# -> Specify the host name for nfs server
# EX: {nfs_Tag_Name}->test-NFS
@@ -154,9 +153,9 @@ Below are the files where modification is required.
```yaml
tag_ServerType: web
- nginx_version: 1.14.0
+ nginx_version: 1.14.2
- nginx_hm_version: 0.32
+ nginx_hm_version: 0.33
```
#### AP server (file destination : /group_vars/ap.yml)
@@ -185,6 +184,8 @@ Below are the files where modification is required.
tomcat_version: 9.0.10
commons_daemon_version : 1.1.0
+
+ activemq_version: 5.15.8
```
#### ES server (file destination : /group_vars/es.yml)
@@ -202,7 +203,7 @@ Below are the files where modification is required.
```yaml
tag_ServerType: nfs
- memcached_version: 1.4.21
+ memcached_version: 1.5.12
memcached_lock_maxconn: 1024
@@ -219,6 +220,8 @@ Below are the files where modification is required.
memcached_lock_cachesize: 512
memcached_cache_cachesize: 512
+
+ logback_version: 1.2.3
```
#### bastion server (file destination : /group_vars/bastion.yml)
diff --git a/3-server_unit/bastion.yml b/3-server_unit/bastion.yml
index 52da77c..c4907a9 100644
--- a/3-server_unit/bastion.yml
+++ b/3-server_unit/bastion.yml
@@ -9,3 +9,5 @@
- include: ./tasks/bastion/mvn_package.yml
vars:
build_mod: engine
+- include: ./tasks/bastion/init_personium_regression.yml
+
diff --git a/3-server_unit/group_vars/ap.yml b/3-server_unit/group_vars/ap.yml
index 028e6d6..faf839c 100644
--- a/3-server_unit/group_vars/ap.yml
+++ b/3-server_unit/group_vars/ap.yml
@@ -19,4 +19,4 @@ cache_manager: memcached
tomcat_version: 9.0.10
commons_daemon_version : 1.1.0
-activemq_version: 5.15.2
+activemq_version: 5.15.8
diff --git a/3-server_unit/group_vars/nfs.yml b/3-server_unit/group_vars/nfs.yml
index cc7b795..8d377a1 100644
--- a/3-server_unit/group_vars/nfs.yml
+++ b/3-server_unit/group_vars/nfs.yml
@@ -2,7 +2,7 @@
tag_ServerType: nfs
-memcached_version: 1.4.21
+memcached_version: 1.5.12
memcached_lock_maxconn: 1024
memcached_cache_maxconn: 1024
@@ -15,3 +15,5 @@ cache_port: 11212
# memcached cachesize
memcached_lock_cachesize: 512
memcached_cache_cachesize: 512
+
+logback_version: 1.2.3
\ No newline at end of file
diff --git a/3-server_unit/group_vars/web.yml b/3-server_unit/group_vars/web.yml
index 23fa262..adee228 100644
--- a/3-server_unit/group_vars/web.yml
+++ b/3-server_unit/group_vars/web.yml
@@ -2,5 +2,5 @@
tag_ServerType: web
-nginx_version: 1.14.0
-nginx_hm_version: 0.32
+nginx_version: 1.14.2
+nginx_hm_version: 0.33
diff --git a/3-server_unit/init_personium.yml b/3-server_unit/init_personium.yml
index 599f89c..8db1a59 100644
--- a/3-server_unit/init_personium.yml
+++ b/3-server_unit/init_personium.yml
@@ -50,7 +50,6 @@
- ./group_vars/web.yml
tasks:
- include: ./web.yml
- - include: ./tasks/web/init_personium_regression.yml
handlers:
- include: ./handlers/common/restart_iptables.yml
- include: ./handlers/web/reload_nginx.yml
@@ -63,3 +62,4 @@
- ./group_vars/bastion.yml
tasks:
- include: ./tasks/bastion/init_servicemanager.yml
+
diff --git a/3-server_unit/resource/ap/etc/firewalld/zones/personium-zone.xml.j2 b/3-server_unit/resource/ap/etc/firewalld/zones/personium-zone.xml.j2
index 4030c3d..6b5f714 100644
--- a/3-server_unit/resource/ap/etc/firewalld/zones/personium-zone.xml.j2
+++ b/3-server_unit/resource/ap/etc/firewalld/zones/personium-zone.xml.j2
@@ -6,27 +6,27 @@
-
+
-
+
-
+
-
+
-
+
diff --git a/3-server_unit/resource/ap/etc/systemd/system/tomcat.service b/3-server_unit/resource/ap/etc/systemd/system/tomcat.service
index c8ff983..c2e7d6a 100644
--- a/3-server_unit/resource/ap/etc/systemd/system/tomcat.service
+++ b/3-server_unit/resource/ap/etc/systemd/system/tomcat.service
@@ -1,5 +1,5 @@
[Unit]
-Description=Apache Tomcat 8
+Description=Apache Tomcat 9
After=network.target activemq.service
[Service]
diff --git a/3-server_unit/resource/web/personium_regression.sh.j2 b/3-server_unit/resource/bastion/personium_regression.sh.j2
similarity index 93%
rename from 3-server_unit/resource/web/personium_regression.sh.j2
rename to 3-server_unit/resource/bastion/personium_regression.sh.j2
index 42f852c..7372063 100644
--- a/3-server_unit/resource/web/personium_regression.sh.j2
+++ b/3-server_unit/resource/bastion/personium_regression.sh.j2
@@ -16,13 +16,13 @@ fi
FQDN=${1}
CELL_NAME=startuptest
URL_DOMAIN=https://${FQDN}
-PATH_BASED_CELL_URL=`ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i {{ ansible_ssh_private_key_file }} root@{{ ap_private_ip }} grep "pathBasedCellUrl" /personium/personium-core/conf/18888/personium-unit-config.properties | sed -e "s/io.personium.core.pathBasedCellUrl.enabled=//"`
+PATH_BASED_CELL_URL=`ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i {{ ansible_ssh_private_key_file }} {{ ansible_ssh_user }}@{{ ap_private_ip }} grep "pathBasedCellUrl" /personium/personium-core/conf/18888/personium-unit-config.properties | sed -e "s/io.personium.core.pathBasedCellUrl.enabled=//"`
if [ "false" == "${PATH_BASED_CELL_URL}" ]; then
grep ${CELL_NAME}.${FQDN} /etc/hosts > /dev/null
if [ $? -eq 1 ]; then
- echo "127.0.0.1" ${CELL_NAME}.${FQDN} >> /etc/hosts
+ echo "{{ web_private_ip }}" ${CELL_NAME}.${FQDN} >> /etc/hosts
fi
CELL_URL=https://${CELL_NAME}.${FQDN}
@@ -30,7 +30,7 @@ else
CELL_URL=https://${FQDN}/${CELL_NAME}
fi
-SPECIFIED_ACCESS_TOKEN=`ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i {{ ansible_ssh_private_key_file }} root@{{ ap_private_ip }} grep "core.masterToken" /personium/personium-core/conf/18888/personium-unit-config.properties | sed -e "s/io.personium.core.masterToken=//"`
+SPECIFIED_ACCESS_TOKEN=`ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i {{ ansible_ssh_private_key_file }} {{ ansible_ssh_user }}@{{ ap_private_ip }} grep "core.masterToken" /personium/personium-core/conf/18888/personium-unit-config.properties | sed -e "s/io.personium.core.masterToken=//"`
XDCVERSION=default
CURL_LOG=/tmp/rt_curl_${XDCVERSION}.txt
diff --git a/3-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 b/3-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2
index a369634..a86beaa 100644
--- a/3-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2
+++ b/3-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2
@@ -49,7 +49,7 @@ function check_response() {
OPERATION=${2}
RESPONSE_CODE=`echo "${CURL_RESULT}" | /bin/grep 'status:'`
if [ "${RESPONSE_CODE}" != "status:${STATUS}" ]; then
- echo "${OPERATION}faild."
+ echo "${OPERATION} failed."
exit 2
fi
}
diff --git a/3-server_unit/resource/nfs/etc/systemd/system/memcached_cache.service b/3-server_unit/resource/nfs/etc/systemd/system/memcached_cache.service
index 53a15b8..2e956a2 100644
--- a/3-server_unit/resource/nfs/etc/systemd/system/memcached_cache.service
+++ b/3-server_unit/resource/nfs/etc/systemd/system/memcached_cache.service
@@ -6,7 +6,7 @@ After=network.target
[Service]
Type=simple
EnvironmentFile=-/etc/sysconfig/memcached_cache
-ExecStart=/opt/memcached-1.4.21/bin/memcached -u $USER -p $PORT -m $CACHESIZE -c $MAXCONN $OPTIONS
+ExecStart=/opt/memcached-{{ memcached_version }}/bin/memcached -u $USER -p $PORT -m $CACHESIZE -c $MAXCONN $OPTIONS
[Install]
WantedBy=multi-user.target
diff --git a/3-server_unit/resource/nfs/etc/systemd/system/memcached_lock.service b/3-server_unit/resource/nfs/etc/systemd/system/memcached_lock.service
index 8a691d0..396d559 100644
--- a/3-server_unit/resource/nfs/etc/systemd/system/memcached_lock.service
+++ b/3-server_unit/resource/nfs/etc/systemd/system/memcached_lock.service
@@ -6,7 +6,7 @@ After=network.target
[Service]
Type=simple
EnvironmentFile=-/etc/sysconfig/memcached_lock
-ExecStart=/opt/memcached-1.4.21/bin/memcached -u $USER -p $PORT -m $CACHESIZE -c $MAXCONN $OPTIONS
+ExecStart=/opt/memcached-{{ memcached_version }}/bin/memcached -u $USER -p $PORT -m $CACHESIZE -c $MAXCONN $OPTIONS
[Install]
WantedBy=multi-user.target
diff --git a/3-server_unit/resource/nfs/opt/logback/logback.sh b/3-server_unit/resource/nfs/opt/logback/logback.sh
deleted file mode 100644
index 4a98a4b..0000000
--- a/3-server_unit/resource/nfs/opt/logback/logback.sh
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/bin/sh
-#
-# personium
-# Copyright 2014 FUJITSU LIMITED
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-
-JAVA_HOME=/opt/jdk
-export JAVA_HOME
-PATH=$JAVA_HOME/bin:$PATH
-export PATH
-LOGBACK_HOME=/opt/logback/logback-1.0.3
-
-java -Dfile.encoding=UTF-8 -cp $LOGBACK_HOME/logback-core-1.0.3.jar:$LOGBACK_HOME/logback-classic-1.0.3.jar:$LOGBACK_HOME/logback-access-1.0.3.jar:/opt/logback/slf4j-1.6.4/slf4j-api-1.6.4.jar ch.qos.logback.classic.net.SimpleSocketServer 6000 /opt/logback/logback.xml &
-echo $! > /var/run/logback/logback.pid
-
-exit 0
diff --git a/3-server_unit/resource/web/opt/nginx/conf/nginx.conf b/3-server_unit/resource/web/opt/nginx/conf/nginx.conf
index 9fbaae9..713baf2 100644
--- a/3-server_unit/resource/web/opt/nginx/conf/nginx.conf
+++ b/3-server_unit/resource/web/opt/nginx/conf/nginx.conf
@@ -39,6 +39,7 @@ http {
log_format combined2 '$remote_addr - $remote_user [$time_local] '
'[$http_x_personium_version] '
+ '[$http_x_personium_requestkey] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$ssl_cipher" "$ssl_protocol" '
diff --git a/3-server_unit/static_inventory/hosts b/3-server_unit/static_inventory/hosts
index f1c03d3..638e950 100644
--- a/3-server_unit/static_inventory/hosts
+++ b/3-server_unit/static_inventory/hosts
@@ -3,40 +3,28 @@
#Fill in the Private IP Address of Bastion server
{Bastion_Private_IP}
-
############ Private IP Address of Web server ############
[tag_ServerType_web]
#Fill in the Private IP Address of Web server
{Web_Private_IP}
-
############ Private IP Address of AP server ############
[tag_ServerType_ap]
#Fill in the Private IP Address of AP server
{AP_Private_IP}
-
############ Private IP Address of ES server ############
[tag_ServerType_es]
#Fill in the Private IP Address of ES server
{ES_Private_IP}
-
############ Private IP Address of NFS server ############
[tag_ServerType_nfs]
#Fill in the Private IP Address of NFS server
{NFS_Private_IP}
-
-############ Setting items of Web server ############
-[tag_ServerType_web:vars]
-
-## Hostname
-tag_Name={Web_Tag_Name}
-
-## Private IP Address of NFS server set in /etc/hosts
-personium_nfs={NFS_Private_IP}
-
+############ Setting items of All servers ############
+[all:vars]
## User who runs ansible
ansible_ssh_user={Ansible_Execution_User}
@@ -46,84 +34,75 @@ ansible_ssh_private_key_file={SSH_PrivateKey}
## Global IP Address of Web server
web_global_ip={Web_Global_IP}
-## Private IP Address of AP server
-ap_private_ip={AP_Private_IP}
-
-#### for firewalld setting ####
-## network address of the bastion server that allows ssh connection
-bastion_network_sep={Bastion_Network_Separation}
-#### for firewalld setting ####
+## Web server FQDN
+base_url={Web_FQDN}
+## Private IP Address of WEB server
+web_private_ip={WEB_Private_IP}
-############ Setting items of AP server ############
-[tag_ServerType_ap:vars]
+## Private IP Address of AP server
+ap_private_ip={AP_Private_IP}
-## Hostname
-tag_Name={AP_Tag_Name}
+## Private IP Address of ES server
+es_private_ip={ES_Private_IP}
-## Disk name for Personium log
-pio_logvol={PIO_LOGVOL}
+## DNS of ElastciSearch
+es_elb={ES_Private_IP}
## Private IP Address of NFS server set in /etc/hosts
personium_nfs={NFS_Private_IP}
-## User who runs ansible
-ansible_ssh_user={Ansible_Execution_User}
-
-## Secret key for executing ansible(Absolute path)
-ansible_ssh_private_key_file={SSH_PrivateKey}
-
-## Master Token of Personium
-master_token={Master_Token}
+#### for firewalld setting ####
+## network address of the bastion server that allows ssh connection
+bastion_network_sep={Bastion_Network_Separation}
-## Web server FQDN
-base_url={Web_FQDN}
+## Network address of WEB server
+web_network_sep={WEB_Network_Separation}
-## DNS of ElastciSearch
-es_elb={ES_Private_IP}
+## Network address of AP server
+ap_network_sep={AP_Network_Separation}
+#### for firewalld setting ####
## enable master token ##
enable_mastertoken=false
-#### for firewalld setting ####
-## Network address of the bastion server that allows ssh connection
-bastion_network_sep={Bastion_Network_Separation}
-
-## Network address of AP server to access elasticsearch
-ap_network_sep={AP_Network_Separation}
+## Master Token of Personium
+master_token={Master_Token}
## URL format to access cell
## true:path based cell url
## false:per cell fqdn url
path_based_cell_url_enabled={Path_Based_Cell_Url_Enabled}
-############ Setting items of ES server ############
-[tag_ServerType_es:vars]
+############ Setting items of bastion server ############
+[tag_ServerType_bastion:vars]
-## hostname
-tag_Name={ES_Tag_Name}
+## Hostname
+tag_Name={Bastion_Tag_Name}
-## Disk name for ES Data Log
-es_data_vol={ES_DATA_VOL}
+############ Setting items of Web server ############
+[tag_ServerType_web:vars]
-## Private IP Address of NFS server set in /etc/hosts
-personium_nfs={NFS_Private_IP}
+## Hostname
+tag_Name={Web_Tag_Name}
-## Private IP Address of ES server
-es_private_ip={ES_Private_IP}
+############ Setting items of AP server ############
+[tag_ServerType_ap:vars]
-## User who runs ansible
-ansible_ssh_user={Ansible_Execution_User}
+## Hostname
+tag_Name={AP_Tag_Name}
-## Secret key for executing ansible(Absolute path)
-ansible_ssh_private_key_file={SSH_PrivateKey}
+## Disk name for Personium log
+pio_logvol={PIO_LOGVOL}
-#### for iptables setting ####
-## Network address of the bastion server that allows ssh connection
-bastion_network_sep={Bastion_Network_Separation}
+############ Setting items of ES server ############
+[tag_ServerType_es:vars]
-## Network address of AP server to access elasticsearch
-ap_network_sep={AP_Network_Separation}
+## hostname
+tag_Name={ES_Tag_Name}
+
+## Disk name for ES Data Log
+es_data_vol={ES_DATA_VOL}
############ Setting items of NFS server ############
[tag_ServerType_nfs:vars]
@@ -134,47 +113,6 @@ tag_Name={nfs_Tag_Name}
## Disk name for NFS_WEBDAV
nfs_webdav_vol={NFS_WEBDAV_VOL}
-## Private IP Address of NFS server set in /etc/hosts
-personium_nfs={NFS_Private_IP}
-
-## User who runs ansible
-ansible_ssh_user={Ansible_Execution_User}
-
-## Secret key for executing ansible(Absolute path)
-ansible_ssh_private_key_file={SSH_PrivateKey}
-
#### for iptables setting ####
-## Network address of the bastion server that allows ssh connection
-bastion_network_sep={Bastion_Network_Separation}
-
-## Network address of AP server to access nfs
-ap_network_sep={AP_Network_Separation}
-
-#### for iptables setting ####
-
-############ Setting items of bastion server ############
-[tag_ServerType_bastion:vars]
-
-## Hostname
-tag_Name={Bastion_Tag_Name}
-
-## Private IP Address of NFS server set in /etc/hosts
-personium_nfs={NFS_Private_IP}
-## User who runs ansible
-ansible_ssh_user={Ansible_Execution_User}
-
-## Secret key for executing ansible(Absolute path)
-ansible_ssh_private_key_file={SSH_PrivateKey}
-
-## Master Token of Personium
-master_token={Master_Token}
-
-## Web server FQDN
-base_url={Web_FQDN}
-
-## URL format to access cell
-## true:path based cell url
-## false:per cell fqdn url
-path_based_cell_url_enabled={Path_Based_Cell_Url_Enabled}
diff --git a/3-server_unit/tasks/bastion/init_personium_regression.yml b/3-server_unit/tasks/bastion/init_personium_regression.yml
new file mode 100644
index 0000000..008f3b8
--- /dev/null
+++ b/3-server_unit/tasks/bastion/init_personium_regression.yml
@@ -0,0 +1,4 @@
+# Copyright FUJITSU LIMITED 2019.
+
+- name: Deploy personium_regression.sh
+ template: src=./resource/bastion/personium_regression.sh.j2 dest=/root/ansible/personium_regression.sh mode=744
diff --git a/3-server_unit/tasks/nfs/init_logback.yml b/3-server_unit/tasks/nfs/init_logback.yml
index bd79ef5..8eed251 100644
--- a/3-server_unit/tasks/nfs/init_logback.yml
+++ b/3-server_unit/tasks/nfs/init_logback.yml
@@ -1,10 +1,10 @@
# Copyright FUJITSU LIMITED 2015-2017.
- name: Download logback
- command: wget -q -O logback-1.0.3.tar.gz --no-check-certificate http://logback.qos.ch/dist/logback-1.0.3.tar.gz
+ command: wget -q -O logback-{{ logback_version }}.tar.gz --no-check-certificate http://logback.qos.ch/dist/logback-{{ logback_version }}.tar.gz
args:
chdir: /usr/local/src
- creates: /usr/local/src/logback-1.0.3.tar.gz
+ creates: /usr/local/src/logback-{{ logback_version }}.tar.gz
- name: Download slf4j
command: wget -q -O slf4j-1.6.4.tar.gz --no-check-certificate http://www.slf4j.org/dist/slf4j-1.6.4.tar.gz
@@ -19,10 +19,10 @@
file: path=/personium/logback/log/logback.log state=touch owner=personium group=personium mode=644
- name: Expand logback
- command: tar xzf /usr/local/src/logback-1.0.3.tar.gz
+ command: tar xzf /usr/local/src/logback-{{ logback_version }}.tar.gz
args:
chdir: /opt/logback
- creates: /opt/logback/logback-1.0.3
+ creates: /opt/logback/logback-{{ logback_version }}
- name: Expand slf4j
command: tar xzf /usr/local/src/slf4j-1.6.4.tar.gz
@@ -30,8 +30,8 @@
chdir: /opt/logback
creates: /opt/logback/slf4j-1.6.4
-- name: Change owner /opt/logback/logback-1.0.3 directory
- file: state=directory path=/opt/logback/logback-1.0.3 owner=personium group=personium recurse=yes
+- name: Change owner /opt/logback/logback-{{ logback_version }} directory
+ file: state=directory path=/opt/logback/logback-{{ logback_version }} owner=personium group=personium recurse=yes
- name: Change owner /opt/logback/slf4j-1.6.4 directory
file: state=directory path=/opt/logback/slf4j-1.6.4 owner=personium group=personium recurse=yes
diff --git a/3-server_unit/tasks/web/init_personium_regression.yml b/3-server_unit/tasks/web/init_personium_regression.yml
deleted file mode 100644
index 36c3927..0000000
--- a/3-server_unit/tasks/web/init_personium_regression.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-# Copyright FUJITSU LIMITED 2019.
-
-- name: Deploy personium_regression.sh
- template: src=./resource/web/personium_regression.sh.j2 dest=/root/ansible/personium_regression.sh mode=744
diff --git a/Create_Server_Certificate_for_Letsencript.md b/Create_Server_Certificate_for_Letsencript.md
index 3c67113..8ab83ba 100644
--- a/Create_Server_Certificate_for_Letsencript.md
+++ b/Create_Server_Certificate_for_Letsencript.md
@@ -33,7 +33,7 @@ Create a server certificate using certbot.
1. Execute the following command to start certificate creation processing by certbot.
```console
- # certbot certonly --domain {FQDN} --manual --prefered-challenges dns
+ # certbot certonly --domain {FQDN} --domain "*.{FQDN}" --manual --preferred-challenges dns
```
1. Register your email address in Let's Encrypt.
@@ -102,6 +102,23 @@ Create a server certificate using certbot.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
```
+1. Follow the instructions and register the TXT record in the DNS server that manages the domain, again.
+
+ ```console
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ Please deploy a DNS TXT record under the name
+ _acme-challenge.{FQDN} with the following value:
+
+ 8pDJZ1pCXmhh-OHSaV2IM_dLztGk31AnQytk1MJhx9E
+
+ Before continuing, verify the record is deployed.
+ (This must be set up in addition to the previous challenges; do not remove,
+ replace, or undo the previous challenge tasks yet. Note that you might be
+ asked to create multiple distinct TXT records with the same name. This is
+ permitted by DNS standards.)
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ ```
+
1. When registration of TXT record is completed and you can refer to it from the Internet, press "Enter" key.
\* It may take time depending on DNS service specification until TXT record can be registered correctly and it can be referred from the Internet.
diff --git a/README.md b/README.md
index b069c7d..44ec305 100644
--- a/README.md
+++ b/README.md
@@ -31,7 +31,7 @@ There are different patterns of setup tools to construct the Personium unit. Ple
#### Pattern-1 : 1 server
-* Machine environment : **Linux**
+* Machine environment : **CentOS 7**
* The number of Personium unit servers : **1 Server**
* Server-1 elements : Bastion, Web, AP, ES
* Setup time : 1 hour
@@ -44,7 +44,7 @@ For the setting procedure, please refer to [setup-vagrant](https://github.com/pe
#### Pattern-2 : 3 server
-* Machine environment : **Linux**
+* Machine environment : **CentOS 7**
* The number of Personium unit servers : **3 Servers**
* Server-1 elements : Bastion,Web
* Server-2 elements : AP,NFS
@@ -64,11 +64,12 @@ For the setting procedure, please refer to [setup-vagrant](https://github.com/pe
| java | AdoptOpenJDK | 8u192 | -- |
| tomcat | tomcat | 9.0.10 | web |
| | commons-daemon | 1.1.0 | -- |
- | nginx | nginx | 1.14.0 | proxy |
- | | Headers More | 0.32 | -- |
- | logback | logback | 1.0.3 | -- |
+ | activemq | activemq | 5.15.8 | -- |
+ | nginx | nginx | 1.14.2 | proxy |
+ | | Headers More | 0.33 | -- |
+ | logback | logback | 1.2.3 | -- |
| | slf4j | 1.6.4 | -- |
- | memcached | memcached | 1.4.21 | cache |
+ | memcached | memcached | 1.5.12 | cache |
| elasticsearch | elasticsearch | 6.6.1 | db & search engine|
This document introduced pattern based initial requirements to construct the Personium unit. Please choose the right pattern that suits your purpose.