From cd9173287df15da489a5da8aa8aec8b636537938 Mon Sep 17 00:00:00 2001 From: KourokiTakuto Date: Fri, 29 Mar 2019 18:09:34 +0900 Subject: [PATCH 01/15] Middleware version upgrade(nginx,nginx_hm,memcache,activemq,logback) Remove unused logback.sh --- 1-server_unit/Ansible_Settings_Instruction.md | 12 +++++--- 1-server_unit/group_vars/ap.yml | 3 +- 1-server_unit/group_vars/nfs.yml | 4 ++- 1-server_unit/group_vars/web.yml | 4 +-- .../ap/etc/systemd/system/tomcat.service | 2 +- .../systemd/system/memcached_cache.service | 2 +- .../etc/systemd/system/memcached_lock.service | 2 +- .../tasks/ap/init_activemq_install.yml | 14 ++++----- 1-server_unit/tasks/nfs/init_logback.yml | 12 ++++---- 3-server_unit/Ansible_Settings_Instruction.md | 10 +++++-- 3-server_unit/group_vars/ap.yml | 1 + 3-server_unit/group_vars/nfs.yml | 4 ++- 3-server_unit/group_vars/web.yml | 4 +-- .../ap/etc/systemd/system/tomcat.service | 2 +- .../systemd/system/memcached_cache.service | 2 +- .../etc/systemd/system/memcached_lock.service | 2 +- .../resource/nfs/opt/logback/logback.sh | 29 ------------------- .../tasks/ap/init_activemq_install.yml | 14 ++++----- 3-server_unit/tasks/nfs/init_logback.yml | 12 ++++---- README.md | 9 +++--- 20 files changed, 65 insertions(+), 79 deletions(-) delete mode 100644 3-server_unit/resource/nfs/opt/logback/logback.sh diff --git a/1-server_unit/Ansible_Settings_Instruction.md b/1-server_unit/Ansible_Settings_Instruction.md index 8e14577..3a7f878 100644 --- a/1-server_unit/Ansible_Settings_Instruction.md +++ b/1-server_unit/Ansible_Settings_Instruction.md @@ -87,9 +87,9 @@ Below are the files where modification is required. ```yaml tag_ServerType: web - nginx_version: 1.14.0 + nginx_version: 1.14.2 - nginx_hm_version: 0.32 + nginx_hm_version: 0.33 ``` #### AP server (file destination : /group_vars/ap.yml) @@ -116,8 +116,10 @@ Below are the files where modification is required. cache_manager: memcached tomcat_version: 9.0.10 - + commons_daemon_version : 1.1.0 + + activemq_version: 5.15.8 ``` #### ES server (file destination : /group_vars/es.yml) @@ -135,7 +137,7 @@ Below are the files where modification is required. ```yaml tag_ServerType: nfs - memcached_version: 1.4.21 + memcached_version: 1.5.12 memcached_lock_maxconn: 256 @@ -152,6 +154,8 @@ Below are the files where modification is required. memcached_lock_cachesize: 512 memcached_cache_cachesize: 512 + + logback_version: 1.2.3 ``` #### Bastion server (file destination : /group_vars/bastion.yml) diff --git a/1-server_unit/group_vars/ap.yml b/1-server_unit/group_vars/ap.yml index 0b85fda..dce5fd3 100644 --- a/1-server_unit/group_vars/ap.yml +++ b/1-server_unit/group_vars/ap.yml @@ -18,4 +18,5 @@ cache_manager: memcached tomcat_version: 9.0.10 -commons_daemon_version : 1.1.0 \ No newline at end of file +commons_daemon_version : 1.1.0 +activemq_version: 5.15.8 \ No newline at end of file diff --git a/1-server_unit/group_vars/nfs.yml b/1-server_unit/group_vars/nfs.yml index ba45ec4..77d5ee5 100644 --- a/1-server_unit/group_vars/nfs.yml +++ b/1-server_unit/group_vars/nfs.yml @@ -2,7 +2,7 @@ tag_ServerType: nfs -memcached_version: 1.4.21 +memcached_version: 1.5.12 memcached_lock_maxconn: 256 memcached_cache_maxconn: 256 @@ -15,3 +15,5 @@ cache_port: 11212 # memcached cachesize memcached_lock_cachesize: 512 memcached_cache_cachesize: 512 + +logback_version: 1.2.3 \ No newline at end of file diff --git a/1-server_unit/group_vars/web.yml b/1-server_unit/group_vars/web.yml index 23fa262..adee228 100644 --- a/1-server_unit/group_vars/web.yml +++ b/1-server_unit/group_vars/web.yml @@ -2,5 +2,5 @@ tag_ServerType: web -nginx_version: 1.14.0 -nginx_hm_version: 0.32 +nginx_version: 1.14.2 +nginx_hm_version: 0.33 diff --git a/1-server_unit/resource/ap/etc/systemd/system/tomcat.service b/1-server_unit/resource/ap/etc/systemd/system/tomcat.service index c8ff983..c2e7d6a 100644 --- a/1-server_unit/resource/ap/etc/systemd/system/tomcat.service +++ b/1-server_unit/resource/ap/etc/systemd/system/tomcat.service @@ -1,5 +1,5 @@ [Unit] -Description=Apache Tomcat 8 +Description=Apache Tomcat 9 After=network.target activemq.service [Service] diff --git a/1-server_unit/resource/nfs/etc/systemd/system/memcached_cache.service b/1-server_unit/resource/nfs/etc/systemd/system/memcached_cache.service index 53a15b8..2e956a2 100644 --- a/1-server_unit/resource/nfs/etc/systemd/system/memcached_cache.service +++ b/1-server_unit/resource/nfs/etc/systemd/system/memcached_cache.service @@ -6,7 +6,7 @@ After=network.target [Service] Type=simple EnvironmentFile=-/etc/sysconfig/memcached_cache -ExecStart=/opt/memcached-1.4.21/bin/memcached -u $USER -p $PORT -m $CACHESIZE -c $MAXCONN $OPTIONS +ExecStart=/opt/memcached-{{ memcached_version }}/bin/memcached -u $USER -p $PORT -m $CACHESIZE -c $MAXCONN $OPTIONS [Install] WantedBy=multi-user.target diff --git a/1-server_unit/resource/nfs/etc/systemd/system/memcached_lock.service b/1-server_unit/resource/nfs/etc/systemd/system/memcached_lock.service index 8a691d0..396d559 100644 --- a/1-server_unit/resource/nfs/etc/systemd/system/memcached_lock.service +++ b/1-server_unit/resource/nfs/etc/systemd/system/memcached_lock.service @@ -6,7 +6,7 @@ After=network.target [Service] Type=simple EnvironmentFile=-/etc/sysconfig/memcached_lock -ExecStart=/opt/memcached-1.4.21/bin/memcached -u $USER -p $PORT -m $CACHESIZE -c $MAXCONN $OPTIONS +ExecStart=/opt/memcached-{{ memcached_version }}/bin/memcached -u $USER -p $PORT -m $CACHESIZE -c $MAXCONN $OPTIONS [Install] WantedBy=multi-user.target diff --git a/1-server_unit/tasks/ap/init_activemq_install.yml b/1-server_unit/tasks/ap/init_activemq_install.yml index e5a7c4c..99fa977 100644 --- a/1-server_unit/tasks/ap/init_activemq_install.yml +++ b/1-server_unit/tasks/ap/init_activemq_install.yml @@ -3,20 +3,20 @@ - name: Create download directory file: "state=directory path=/usr/local/src/activemq owner=root group=root" -- name: Download apache-activemq-5.15.2-bin.tar.gz - command: wget -q -O apache-activemq-5.15.2-bin.tar.gz --no-check-certificate http://archive.apache.org/dist/activemq/5.15.2/apache-activemq-5.15.2-bin.tar.gz +- name: Download apache-activemq-{{ activemq_version }}-bin.tar.gz + command: wget -q -O apache-activemq-{{ activemq_version }}-bin.tar.gz --no-check-certificate http://archive.apache.org/dist/activemq/{{ activemq_version }}/apache-activemq-{{ activemq_version }}-bin.tar.gz args: chdir: /usr/local/src/activemq - creates: /usr/local/src/activemq/apache-activemq-5.15.2-bin.tar.gz + creates: /usr/local/src/activemq/apache-activemq-{{ activemq_version }}-bin.tar.gz -- name: Expand apache-activemq-5.15.2-bin.tar.gz - unarchive: src=/usr/local/src/activemq/apache-activemq-5.15.2-bin.tar.gz dest=/usr/local/src/activemq copy=no +- name: Expand apache-activemq-{{ activemq_version }}-bin.tar.gz + unarchive: src=/usr/local/src/activemq/apache-activemq-{{ activemq_version }}-bin.tar.gz dest=/usr/local/src/activemq copy=no - name: Deploy activemq - command: mv /usr/local/src/activemq/apache-activemq-5.15.2 /opt/apache-activemq-5.15.2 creates="/opt/apache-activemq-5.15.2" + command: mv /usr/local/src/activemq/apache-activemq-{{ activemq_version }} /opt/apache-activemq-{{ activemq_version }} creates="/opt/apache-activemq-{{ activemq_version }}" - name: Create symlink /opt/activemq - file: state=link src=/opt/apache-activemq-5.15.2 dest=/opt/activemq owner=root group=root mode=0777 + file: state=link src=/opt/apache-activemq-{{ activemq_version }} dest=/opt/activemq owner=root group=root mode=0777 - name: Deploy /etc/systemd/system/activemq.service copy: src=./resource/ap/etc/systemd/system/activemq.service dest=/etc/systemd/system/activemq.service owner=root group=root mode=0755 diff --git a/1-server_unit/tasks/nfs/init_logback.yml b/1-server_unit/tasks/nfs/init_logback.yml index bd79ef5..8eed251 100644 --- a/1-server_unit/tasks/nfs/init_logback.yml +++ b/1-server_unit/tasks/nfs/init_logback.yml @@ -1,10 +1,10 @@ # Copyright FUJITSU LIMITED 2015-2017. - name: Download logback - command: wget -q -O logback-1.0.3.tar.gz --no-check-certificate http://logback.qos.ch/dist/logback-1.0.3.tar.gz + command: wget -q -O logback-{{ logback_version }}.tar.gz --no-check-certificate http://logback.qos.ch/dist/logback-{{ logback_version }}.tar.gz args: chdir: /usr/local/src - creates: /usr/local/src/logback-1.0.3.tar.gz + creates: /usr/local/src/logback-{{ logback_version }}.tar.gz - name: Download slf4j command: wget -q -O slf4j-1.6.4.tar.gz --no-check-certificate http://www.slf4j.org/dist/slf4j-1.6.4.tar.gz @@ -19,10 +19,10 @@ file: path=/personium/logback/log/logback.log state=touch owner=personium group=personium mode=644 - name: Expand logback - command: tar xzf /usr/local/src/logback-1.0.3.tar.gz + command: tar xzf /usr/local/src/logback-{{ logback_version }}.tar.gz args: chdir: /opt/logback - creates: /opt/logback/logback-1.0.3 + creates: /opt/logback/logback-{{ logback_version }} - name: Expand slf4j command: tar xzf /usr/local/src/slf4j-1.6.4.tar.gz @@ -30,8 +30,8 @@ chdir: /opt/logback creates: /opt/logback/slf4j-1.6.4 -- name: Change owner /opt/logback/logback-1.0.3 directory - file: state=directory path=/opt/logback/logback-1.0.3 owner=personium group=personium recurse=yes +- name: Change owner /opt/logback/logback-{{ logback_version }} directory + file: state=directory path=/opt/logback/logback-{{ logback_version }} owner=personium group=personium recurse=yes - name: Change owner /opt/logback/slf4j-1.6.4 directory file: state=directory path=/opt/logback/slf4j-1.6.4 owner=personium group=personium recurse=yes diff --git a/3-server_unit/Ansible_Settings_Instruction.md b/3-server_unit/Ansible_Settings_Instruction.md index 169ca1b..8bad964 100644 --- a/3-server_unit/Ansible_Settings_Instruction.md +++ b/3-server_unit/Ansible_Settings_Instruction.md @@ -154,9 +154,9 @@ Below are the files where modification is required. ```yaml tag_ServerType: web - nginx_version: 1.14.0 + nginx_version: 1.14.2 - nginx_hm_version: 0.32 + nginx_hm_version: 0.33 ``` #### AP server (file destination : /group_vars/ap.yml) @@ -185,6 +185,8 @@ Below are the files where modification is required. tomcat_version: 9.0.10 commons_daemon_version : 1.1.0 + + activemq_version: 5.15.8 ``` #### ES server (file destination : /group_vars/es.yml) @@ -202,7 +204,7 @@ Below are the files where modification is required. ```yaml tag_ServerType: nfs - memcached_version: 1.4.21 + memcached_version: 1.5.12 memcached_lock_maxconn: 1024 @@ -219,6 +221,8 @@ Below are the files where modification is required. memcached_lock_cachesize: 512 memcached_cache_cachesize: 512 + + logback_version: 1.2.3 ``` #### bastion server (file destination : /group_vars/bastion.yml) diff --git a/3-server_unit/group_vars/ap.yml b/3-server_unit/group_vars/ap.yml index 17cadaf..dca36be 100644 --- a/3-server_unit/group_vars/ap.yml +++ b/3-server_unit/group_vars/ap.yml @@ -19,3 +19,4 @@ cache_manager: memcached tomcat_version: 9.0.10 commons_daemon_version : 1.1.0 +activemq_version: 5.15.8 \ No newline at end of file diff --git a/3-server_unit/group_vars/nfs.yml b/3-server_unit/group_vars/nfs.yml index cc7b795..8d377a1 100644 --- a/3-server_unit/group_vars/nfs.yml +++ b/3-server_unit/group_vars/nfs.yml @@ -2,7 +2,7 @@ tag_ServerType: nfs -memcached_version: 1.4.21 +memcached_version: 1.5.12 memcached_lock_maxconn: 1024 memcached_cache_maxconn: 1024 @@ -15,3 +15,5 @@ cache_port: 11212 # memcached cachesize memcached_lock_cachesize: 512 memcached_cache_cachesize: 512 + +logback_version: 1.2.3 \ No newline at end of file diff --git a/3-server_unit/group_vars/web.yml b/3-server_unit/group_vars/web.yml index 23fa262..adee228 100644 --- a/3-server_unit/group_vars/web.yml +++ b/3-server_unit/group_vars/web.yml @@ -2,5 +2,5 @@ tag_ServerType: web -nginx_version: 1.14.0 -nginx_hm_version: 0.32 +nginx_version: 1.14.2 +nginx_hm_version: 0.33 diff --git a/3-server_unit/resource/ap/etc/systemd/system/tomcat.service b/3-server_unit/resource/ap/etc/systemd/system/tomcat.service index c8ff983..c2e7d6a 100644 --- a/3-server_unit/resource/ap/etc/systemd/system/tomcat.service +++ b/3-server_unit/resource/ap/etc/systemd/system/tomcat.service @@ -1,5 +1,5 @@ [Unit] -Description=Apache Tomcat 8 +Description=Apache Tomcat 9 After=network.target activemq.service [Service] diff --git a/3-server_unit/resource/nfs/etc/systemd/system/memcached_cache.service b/3-server_unit/resource/nfs/etc/systemd/system/memcached_cache.service index 53a15b8..2e956a2 100644 --- a/3-server_unit/resource/nfs/etc/systemd/system/memcached_cache.service +++ b/3-server_unit/resource/nfs/etc/systemd/system/memcached_cache.service @@ -6,7 +6,7 @@ After=network.target [Service] Type=simple EnvironmentFile=-/etc/sysconfig/memcached_cache -ExecStart=/opt/memcached-1.4.21/bin/memcached -u $USER -p $PORT -m $CACHESIZE -c $MAXCONN $OPTIONS +ExecStart=/opt/memcached-{{ memcached_version }}/bin/memcached -u $USER -p $PORT -m $CACHESIZE -c $MAXCONN $OPTIONS [Install] WantedBy=multi-user.target diff --git a/3-server_unit/resource/nfs/etc/systemd/system/memcached_lock.service b/3-server_unit/resource/nfs/etc/systemd/system/memcached_lock.service index 8a691d0..396d559 100644 --- a/3-server_unit/resource/nfs/etc/systemd/system/memcached_lock.service +++ b/3-server_unit/resource/nfs/etc/systemd/system/memcached_lock.service @@ -6,7 +6,7 @@ After=network.target [Service] Type=simple EnvironmentFile=-/etc/sysconfig/memcached_lock -ExecStart=/opt/memcached-1.4.21/bin/memcached -u $USER -p $PORT -m $CACHESIZE -c $MAXCONN $OPTIONS +ExecStart=/opt/memcached-{{ memcached_version }}/bin/memcached -u $USER -p $PORT -m $CACHESIZE -c $MAXCONN $OPTIONS [Install] WantedBy=multi-user.target diff --git a/3-server_unit/resource/nfs/opt/logback/logback.sh b/3-server_unit/resource/nfs/opt/logback/logback.sh deleted file mode 100644 index 4a98a4b..0000000 --- a/3-server_unit/resource/nfs/opt/logback/logback.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh -# -# personium -# Copyright 2014 FUJITSU LIMITED -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - - -JAVA_HOME=/opt/jdk -export JAVA_HOME -PATH=$JAVA_HOME/bin:$PATH -export PATH -LOGBACK_HOME=/opt/logback/logback-1.0.3 - -java -Dfile.encoding=UTF-8 -cp $LOGBACK_HOME/logback-core-1.0.3.jar:$LOGBACK_HOME/logback-classic-1.0.3.jar:$LOGBACK_HOME/logback-access-1.0.3.jar:/opt/logback/slf4j-1.6.4/slf4j-api-1.6.4.jar ch.qos.logback.classic.net.SimpleSocketServer 6000 /opt/logback/logback.xml & -echo $! > /var/run/logback/logback.pid - -exit 0 diff --git a/3-server_unit/tasks/ap/init_activemq_install.yml b/3-server_unit/tasks/ap/init_activemq_install.yml index e5a7c4c..99fa977 100644 --- a/3-server_unit/tasks/ap/init_activemq_install.yml +++ b/3-server_unit/tasks/ap/init_activemq_install.yml @@ -3,20 +3,20 @@ - name: Create download directory file: "state=directory path=/usr/local/src/activemq owner=root group=root" -- name: Download apache-activemq-5.15.2-bin.tar.gz - command: wget -q -O apache-activemq-5.15.2-bin.tar.gz --no-check-certificate http://archive.apache.org/dist/activemq/5.15.2/apache-activemq-5.15.2-bin.tar.gz +- name: Download apache-activemq-{{ activemq_version }}-bin.tar.gz + command: wget -q -O apache-activemq-{{ activemq_version }}-bin.tar.gz --no-check-certificate http://archive.apache.org/dist/activemq/{{ activemq_version }}/apache-activemq-{{ activemq_version }}-bin.tar.gz args: chdir: /usr/local/src/activemq - creates: /usr/local/src/activemq/apache-activemq-5.15.2-bin.tar.gz + creates: /usr/local/src/activemq/apache-activemq-{{ activemq_version }}-bin.tar.gz -- name: Expand apache-activemq-5.15.2-bin.tar.gz - unarchive: src=/usr/local/src/activemq/apache-activemq-5.15.2-bin.tar.gz dest=/usr/local/src/activemq copy=no +- name: Expand apache-activemq-{{ activemq_version }}-bin.tar.gz + unarchive: src=/usr/local/src/activemq/apache-activemq-{{ activemq_version }}-bin.tar.gz dest=/usr/local/src/activemq copy=no - name: Deploy activemq - command: mv /usr/local/src/activemq/apache-activemq-5.15.2 /opt/apache-activemq-5.15.2 creates="/opt/apache-activemq-5.15.2" + command: mv /usr/local/src/activemq/apache-activemq-{{ activemq_version }} /opt/apache-activemq-{{ activemq_version }} creates="/opt/apache-activemq-{{ activemq_version }}" - name: Create symlink /opt/activemq - file: state=link src=/opt/apache-activemq-5.15.2 dest=/opt/activemq owner=root group=root mode=0777 + file: state=link src=/opt/apache-activemq-{{ activemq_version }} dest=/opt/activemq owner=root group=root mode=0777 - name: Deploy /etc/systemd/system/activemq.service copy: src=./resource/ap/etc/systemd/system/activemq.service dest=/etc/systemd/system/activemq.service owner=root group=root mode=0755 diff --git a/3-server_unit/tasks/nfs/init_logback.yml b/3-server_unit/tasks/nfs/init_logback.yml index bd79ef5..8eed251 100644 --- a/3-server_unit/tasks/nfs/init_logback.yml +++ b/3-server_unit/tasks/nfs/init_logback.yml @@ -1,10 +1,10 @@ # Copyright FUJITSU LIMITED 2015-2017. - name: Download logback - command: wget -q -O logback-1.0.3.tar.gz --no-check-certificate http://logback.qos.ch/dist/logback-1.0.3.tar.gz + command: wget -q -O logback-{{ logback_version }}.tar.gz --no-check-certificate http://logback.qos.ch/dist/logback-{{ logback_version }}.tar.gz args: chdir: /usr/local/src - creates: /usr/local/src/logback-1.0.3.tar.gz + creates: /usr/local/src/logback-{{ logback_version }}.tar.gz - name: Download slf4j command: wget -q -O slf4j-1.6.4.tar.gz --no-check-certificate http://www.slf4j.org/dist/slf4j-1.6.4.tar.gz @@ -19,10 +19,10 @@ file: path=/personium/logback/log/logback.log state=touch owner=personium group=personium mode=644 - name: Expand logback - command: tar xzf /usr/local/src/logback-1.0.3.tar.gz + command: tar xzf /usr/local/src/logback-{{ logback_version }}.tar.gz args: chdir: /opt/logback - creates: /opt/logback/logback-1.0.3 + creates: /opt/logback/logback-{{ logback_version }} - name: Expand slf4j command: tar xzf /usr/local/src/slf4j-1.6.4.tar.gz @@ -30,8 +30,8 @@ chdir: /opt/logback creates: /opt/logback/slf4j-1.6.4 -- name: Change owner /opt/logback/logback-1.0.3 directory - file: state=directory path=/opt/logback/logback-1.0.3 owner=personium group=personium recurse=yes +- name: Change owner /opt/logback/logback-{{ logback_version }} directory + file: state=directory path=/opt/logback/logback-{{ logback_version }} owner=personium group=personium recurse=yes - name: Change owner /opt/logback/slf4j-1.6.4 directory file: state=directory path=/opt/logback/slf4j-1.6.4 owner=personium group=personium recurse=yes diff --git a/README.md b/README.md index b069c7d..e791c0d 100644 --- a/README.md +++ b/README.md @@ -64,11 +64,12 @@ For the setting procedure, please refer to [setup-vagrant](https://github.com/pe | java | AdoptOpenJDK | 8u192 | -- | | tomcat | tomcat | 9.0.10 | web | | | commons-daemon | 1.1.0 | -- | - | nginx | nginx | 1.14.0 | proxy | - | | Headers More | 0.32 | -- | - | logback | logback | 1.0.3 | -- | + | activemq | activemq | 5.15.8 | -- | + | nginx | nginx | 1.14.2 | proxy | + | | Headers More | 0.33 | -- | + | logback | logback | 1.2.3 | -- | | | slf4j | 1.6.4 | -- | - | memcached | memcached | 1.4.21 | cache | + | memcached | memcached | 1.5.12 | cache | | elasticsearch | elasticsearch | 6.6.1 | db & search engine| This document introduced pattern based initial requirements to construct the Personium unit. Please choose the right pattern that suits your purpose. From ad2e48e0acbb3a35f4780a5cb6c17c500292fc16 Mon Sep 17 00:00:00 2001 From: KourokiTakuto Date: Wed, 3 Apr 2019 11:45:28 +0900 Subject: [PATCH 02/15] Change tomcat start timing Wait for Elasticsearch 6 to launch --- 1-server_unit/resource/ap/etc/systemd/system/activemq.service | 2 +- 1-server_unit/resource/ap/etc/systemd/system/tomcat.service | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/1-server_unit/resource/ap/etc/systemd/system/activemq.service b/1-server_unit/resource/ap/etc/systemd/system/activemq.service index e3825cc..8483ff1 100644 --- a/1-server_unit/resource/ap/etc/systemd/system/activemq.service +++ b/1-server_unit/resource/ap/etc/systemd/system/activemq.service @@ -1,6 +1,6 @@ [Unit] Description=activemq message queue -After=network.target +After=network.target elasticsearch.service [Service] PIDFile=/opt/activemq/data/activemq.pid diff --git a/1-server_unit/resource/ap/etc/systemd/system/tomcat.service b/1-server_unit/resource/ap/etc/systemd/system/tomcat.service index c2e7d6a..07b115c 100644 --- a/1-server_unit/resource/ap/etc/systemd/system/tomcat.service +++ b/1-server_unit/resource/ap/etc/systemd/system/tomcat.service @@ -12,6 +12,7 @@ Environment=JRE_HOME=/opt/jre Environment=CATALINA_BASE=/opt/tomcat Environment=TOMCAT_USER=personium +ExecStartPre=/bin/sleep 20 ExecStart=/opt/tomcat/bin/daemon.sh --java-home /opt/jdk --catalina-home /opt/tomcat --catalina-base /opt/tomcat --catalina-pid /opt/tomcat/tomcat.pid --tomcat-user personium start ExecStop=/opt/tomcat/bin/daemon.sh --java-home /opt/jdk --catalina-home /opt/tomcat --catalina-base /opt/tomcat --catalina-pid /opt/tomcat/tomcat.pid stop [Install] From a767e61889ac52588b5b6f1753488324cc134681 Mon Sep 17 00:00:00 2001 From: "Tochiori, Yasufumi" Date: Tue, 16 Jul 2019 13:13:05 +0900 Subject: [PATCH 03/15] X-Personium-RequestKey header output in nginx logs Closes #89 --- 1-server_unit/resource/web/opt/nginx/conf/nginx.conf | 1 + 3-server_unit/resource/web/opt/nginx/conf/nginx.conf | 1 + 2 files changed, 2 insertions(+) diff --git a/1-server_unit/resource/web/opt/nginx/conf/nginx.conf b/1-server_unit/resource/web/opt/nginx/conf/nginx.conf index 1007df8..3ef5d34 100644 --- a/1-server_unit/resource/web/opt/nginx/conf/nginx.conf +++ b/1-server_unit/resource/web/opt/nginx/conf/nginx.conf @@ -39,6 +39,7 @@ http { log_format combined2 '$remote_addr - $remote_user [$time_local] ' '[$http_x_personium_version] ' + '[$http_x_personium_requestkey] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" ' '"$ssl_cipher" "$ssl_protocol" ' diff --git a/3-server_unit/resource/web/opt/nginx/conf/nginx.conf b/3-server_unit/resource/web/opt/nginx/conf/nginx.conf index 9fbaae9..713baf2 100644 --- a/3-server_unit/resource/web/opt/nginx/conf/nginx.conf +++ b/3-server_unit/resource/web/opt/nginx/conf/nginx.conf @@ -39,6 +39,7 @@ http { log_format combined2 '$remote_addr - $remote_user [$time_local] ' '[$http_x_personium_version] ' + '[$http_x_personium_requestkey] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" ' '"$ssl_cipher" "$ssl_protocol" ' From 5f74f356a4bb35888a1abdf2bd5c70b5f0d21f25 Mon Sep 17 00:00:00 2001 From: "Tochiori, Yasufumi" Date: Tue, 23 Jul 2019 11:43:31 +0900 Subject: [PATCH 04/15] Add space to error message --- 1-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 | 2 +- 3-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/1-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 b/1-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 index a369634..5b48309 100644 --- a/1-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 +++ b/1-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 @@ -49,7 +49,7 @@ function check_response() { OPERATION=${2} RESPONSE_CODE=`echo "${CURL_RESULT}" | /bin/grep 'status:'` if [ "${RESPONSE_CODE}" != "status:${STATUS}" ]; then - echo "${OPERATION}faild." + echo "${OPERATION} faild." exit 2 fi } diff --git a/3-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 b/3-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 index a369634..5b48309 100644 --- a/3-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 +++ b/3-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 @@ -49,7 +49,7 @@ function check_response() { OPERATION=${2} RESPONSE_CODE=`echo "${CURL_RESULT}" | /bin/grep 'status:'` if [ "${RESPONSE_CODE}" != "status:${STATUS}" ]; then - echo "${OPERATION}faild." + echo "${OPERATION} faild." exit 2 fi } From d4ec2f9059f409485b3e6304d5e52b87748f8f5e Mon Sep 17 00:00:00 2001 From: "Tochiori, Yasufumi" Date: Thu, 12 Sep 2019 04:14:07 +0000 Subject: [PATCH 05/15] Fix host variables --- 3-server_unit/static_inventory/hosts | 144 +++++++-------------------- 1 file changed, 38 insertions(+), 106 deletions(-) diff --git a/3-server_unit/static_inventory/hosts b/3-server_unit/static_inventory/hosts index f1c03d3..29b444d 100644 --- a/3-server_unit/static_inventory/hosts +++ b/3-server_unit/static_inventory/hosts @@ -3,40 +3,28 @@ #Fill in the Private IP Address of Bastion server {Bastion_Private_IP} - ############ Private IP Address of Web server ############ [tag_ServerType_web] #Fill in the Private IP Address of Web server {Web_Private_IP} - ############ Private IP Address of AP server ############ [tag_ServerType_ap] #Fill in the Private IP Address of AP server {AP_Private_IP} - ############ Private IP Address of ES server ############ [tag_ServerType_es] #Fill in the Private IP Address of ES server {ES_Private_IP} - ############ Private IP Address of NFS server ############ [tag_ServerType_nfs] #Fill in the Private IP Address of NFS server {NFS_Private_IP} - -############ Setting items of Web server ############ -[tag_ServerType_web:vars] - -## Hostname -tag_Name={Web_Tag_Name} - -## Private IP Address of NFS server set in /etc/hosts -personium_nfs={NFS_Private_IP} - +############ Setting items of All servers ############ +[all:vars] ## User who runs ansible ansible_ssh_user={Ansible_Execution_User} @@ -46,84 +34,69 @@ ansible_ssh_private_key_file={SSH_PrivateKey} ## Global IP Address of Web server web_global_ip={Web_Global_IP} +## Web server FQDN +base_url={Web_FQDN} + ## Private IP Address of AP server ap_private_ip={AP_Private_IP} -#### for firewalld setting #### -## network address of the bastion server that allows ssh connection -bastion_network_sep={Bastion_Network_Separation} -#### for firewalld setting #### - - -############ Setting items of AP server ############ -[tag_ServerType_ap:vars] - -## Hostname -tag_Name={AP_Tag_Name} +## Private IP Address of ES server +es_private_ip={ES_Private_IP} -## Disk name for Personium log -pio_logvol={PIO_LOGVOL} +## DNS of ElastciSearch +es_elb={ES_Private_IP} ## Private IP Address of NFS server set in /etc/hosts personium_nfs={NFS_Private_IP} -## User who runs ansible -ansible_ssh_user={Ansible_Execution_User} - -## Secret key for executing ansible(Absolute path) -ansible_ssh_private_key_file={SSH_PrivateKey} - -## Master Token of Personium -master_token={Master_Token} - -## Web server FQDN -base_url={Web_FQDN} +#### for firewalld setting #### +## network address of the bastion server that allows ssh connection +bastion_network_sep={Bastion_Network_Separation} -## DNS of ElastciSearch -es_elb={ES_Private_IP} +## Network address of AP server +ap_network_sep={AP_Network_Separation} +#### for firewalld setting #### ## enable master token ## enable_mastertoken=false -#### for firewalld setting #### -## Network address of the bastion server that allows ssh connection -bastion_network_sep={Bastion_Network_Separation} - -## Network address of AP server to access elasticsearch -ap_network_sep={AP_Network_Separation} +## Master Token of Personium +master_token={Master_Token} ## URL format to access cell ## true:path based cell url ## false:per cell fqdn url path_based_cell_url_enabled={Path_Based_Cell_Url_Enabled} -############ Setting items of ES server ############ -[tag_ServerType_es:vars] +############ Setting items of bastion server ############ +[tag_ServerType_bastion:vars] -## hostname -tag_Name={ES_Tag_Name} +## Hostname +tag_Name={Bastion_Tag_Name} -## Disk name for ES Data Log -es_data_vol={ES_DATA_VOL} +############ Setting items of Web server ############ +[tag_ServerType_web:vars] -## Private IP Address of NFS server set in /etc/hosts -personium_nfs={NFS_Private_IP} +## Hostname +tag_Name={Web_Tag_Name} -## Private IP Address of ES server -es_private_ip={ES_Private_IP} +############ Setting items of AP server ############ +[tag_ServerType_ap:vars] -## User who runs ansible -ansible_ssh_user={Ansible_Execution_User} +## Hostname +tag_Name={AP_Tag_Name} -## Secret key for executing ansible(Absolute path) -ansible_ssh_private_key_file={SSH_PrivateKey} +## Disk name for Personium log +pio_logvol={PIO_LOGVOL} -#### for iptables setting #### -## Network address of the bastion server that allows ssh connection -bastion_network_sep={Bastion_Network_Separation} +############ Setting items of ES server ############ +[tag_ServerType_es:vars] -## Network address of AP server to access elasticsearch -ap_network_sep={AP_Network_Separation} +## hostname +tag_Name={ES_Tag_Name} + +## Disk name for ES Data Log +es_data_vol={ES_DATA_VOL} ############ Setting items of NFS server ############ [tag_ServerType_nfs:vars] @@ -134,47 +107,6 @@ tag_Name={nfs_Tag_Name} ## Disk name for NFS_WEBDAV nfs_webdav_vol={NFS_WEBDAV_VOL} -## Private IP Address of NFS server set in /etc/hosts -personium_nfs={NFS_Private_IP} - -## User who runs ansible -ansible_ssh_user={Ansible_Execution_User} - -## Secret key for executing ansible(Absolute path) -ansible_ssh_private_key_file={SSH_PrivateKey} - #### for iptables setting #### -## Network address of the bastion server that allows ssh connection -bastion_network_sep={Bastion_Network_Separation} - -## Network address of AP server to access nfs -ap_network_sep={AP_Network_Separation} - -#### for iptables setting #### - -############ Setting items of bastion server ############ -[tag_ServerType_bastion:vars] - -## Hostname -tag_Name={Bastion_Tag_Name} - -## Private IP Address of NFS server set in /etc/hosts -personium_nfs={NFS_Private_IP} -## User who runs ansible -ansible_ssh_user={Ansible_Execution_User} - -## Secret key for executing ansible(Absolute path) -ansible_ssh_private_key_file={SSH_PrivateKey} - -## Master Token of Personium -master_token={Master_Token} - -## Web server FQDN -base_url={Web_FQDN} - -## URL format to access cell -## true:path based cell url -## false:per cell fqdn url -path_based_cell_url_enabled={Path_Based_Cell_Url_Enabled} From e3eff9a6bc2ad7c83f23377564dc4f49596ff64b Mon Sep 17 00:00:00 2001 From: "Tochiori, Yasufumi" Date: Thu, 12 Sep 2019 04:30:11 +0000 Subject: [PATCH 06/15] Fix bastion resourses --- 3-server_unit/bastion.yml | 2 ++ 3-server_unit/init_personium.yml | 2 +- .../resource/{web => bastion}/personium_regression.sh.j2 | 0 3-server_unit/tasks/bastion/init_personium_regression.yml | 4 ++++ 3-server_unit/tasks/web/init_personium_regression.yml | 4 ---- 5 files changed, 7 insertions(+), 5 deletions(-) rename 3-server_unit/resource/{web => bastion}/personium_regression.sh.j2 (100%) create mode 100644 3-server_unit/tasks/bastion/init_personium_regression.yml delete mode 100644 3-server_unit/tasks/web/init_personium_regression.yml diff --git a/3-server_unit/bastion.yml b/3-server_unit/bastion.yml index 52da77c..c4907a9 100644 --- a/3-server_unit/bastion.yml +++ b/3-server_unit/bastion.yml @@ -9,3 +9,5 @@ - include: ./tasks/bastion/mvn_package.yml vars: build_mod: engine +- include: ./tasks/bastion/init_personium_regression.yml + diff --git a/3-server_unit/init_personium.yml b/3-server_unit/init_personium.yml index 599f89c..8db1a59 100644 --- a/3-server_unit/init_personium.yml +++ b/3-server_unit/init_personium.yml @@ -50,7 +50,6 @@ - ./group_vars/web.yml tasks: - include: ./web.yml - - include: ./tasks/web/init_personium_regression.yml handlers: - include: ./handlers/common/restart_iptables.yml - include: ./handlers/web/reload_nginx.yml @@ -63,3 +62,4 @@ - ./group_vars/bastion.yml tasks: - include: ./tasks/bastion/init_servicemanager.yml + diff --git a/3-server_unit/resource/web/personium_regression.sh.j2 b/3-server_unit/resource/bastion/personium_regression.sh.j2 similarity index 100% rename from 3-server_unit/resource/web/personium_regression.sh.j2 rename to 3-server_unit/resource/bastion/personium_regression.sh.j2 diff --git a/3-server_unit/tasks/bastion/init_personium_regression.yml b/3-server_unit/tasks/bastion/init_personium_regression.yml new file mode 100644 index 0000000..008f3b8 --- /dev/null +++ b/3-server_unit/tasks/bastion/init_personium_regression.yml @@ -0,0 +1,4 @@ +# Copyright FUJITSU LIMITED 2019. + +- name: Deploy personium_regression.sh + template: src=./resource/bastion/personium_regression.sh.j2 dest=/root/ansible/personium_regression.sh mode=744 diff --git a/3-server_unit/tasks/web/init_personium_regression.yml b/3-server_unit/tasks/web/init_personium_regression.yml deleted file mode 100644 index 36c3927..0000000 --- a/3-server_unit/tasks/web/init_personium_regression.yml +++ /dev/null @@ -1,4 +0,0 @@ -# Copyright FUJITSU LIMITED 2019. - -- name: Deploy personium_regression.sh - template: src=./resource/web/personium_regression.sh.j2 dest=/root/ansible/personium_regression.sh mode=744 From 123bb36bd5ce58a2b138b26b918767b1e2521431 Mon Sep 17 00:00:00 2001 From: "Tochiori, Yasufumi" Date: Thu, 12 Sep 2019 04:33:03 +0000 Subject: [PATCH 07/15] Fix ap firewalld settings --- .../ap/etc/firewalld/zones/personium-zone.xml.j2 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/3-server_unit/resource/ap/etc/firewalld/zones/personium-zone.xml.j2 b/3-server_unit/resource/ap/etc/firewalld/zones/personium-zone.xml.j2 index 4030c3d..6b5f714 100644 --- a/3-server_unit/resource/ap/etc/firewalld/zones/personium-zone.xml.j2 +++ b/3-server_unit/resource/ap/etc/firewalld/zones/personium-zone.xml.j2 @@ -6,27 +6,27 @@ - + - + - + - + - + From d9664d49ba1d73b98deb856d79a2d2fa946e7f21 Mon Sep 17 00:00:00 2001 From: "Tochiori, Yasufumi" Date: Thu, 12 Sep 2019 04:37:00 +0000 Subject: [PATCH 08/15] Fix web private ip --- 3-server_unit/resource/bastion/personium_regression.sh.j2 | 2 +- 3-server_unit/static_inventory/hosts | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/3-server_unit/resource/bastion/personium_regression.sh.j2 b/3-server_unit/resource/bastion/personium_regression.sh.j2 index 42f852c..38f6350 100644 --- a/3-server_unit/resource/bastion/personium_regression.sh.j2 +++ b/3-server_unit/resource/bastion/personium_regression.sh.j2 @@ -22,7 +22,7 @@ if [ "false" == "${PATH_BASED_CELL_URL}" ]; then grep ${CELL_NAME}.${FQDN} /etc/hosts > /dev/null if [ $? -eq 1 ]; then - echo "127.0.0.1" ${CELL_NAME}.${FQDN} >> /etc/hosts + echo "{{ web_private_ip }}" ${CELL_NAME}.${FQDN} >> /etc/hosts fi CELL_URL=https://${CELL_NAME}.${FQDN} diff --git a/3-server_unit/static_inventory/hosts b/3-server_unit/static_inventory/hosts index 29b444d..2df8f11 100644 --- a/3-server_unit/static_inventory/hosts +++ b/3-server_unit/static_inventory/hosts @@ -37,6 +37,9 @@ web_global_ip={Web_Global_IP} ## Web server FQDN base_url={Web_FQDN} +## Private IP Address of WEB server +web_private_ip={WEB_Private_IP} + ## Private IP Address of AP server ap_private_ip={AP_Private_IP} From 72b75a48fc00b4958d1316388ca83573bae3afdc Mon Sep 17 00:00:00 2001 From: "Tochiori, Yasufumi" Date: Thu, 12 Sep 2019 04:42:55 +0000 Subject: [PATCH 09/15] Fix hard-coded ssh user --- 3-server_unit/resource/bastion/personium_regression.sh.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/3-server_unit/resource/bastion/personium_regression.sh.j2 b/3-server_unit/resource/bastion/personium_regression.sh.j2 index 38f6350..7372063 100644 --- a/3-server_unit/resource/bastion/personium_regression.sh.j2 +++ b/3-server_unit/resource/bastion/personium_regression.sh.j2 @@ -16,7 +16,7 @@ fi FQDN=${1} CELL_NAME=startuptest URL_DOMAIN=https://${FQDN} -PATH_BASED_CELL_URL=`ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i {{ ansible_ssh_private_key_file }} root@{{ ap_private_ip }} grep "pathBasedCellUrl" /personium/personium-core/conf/18888/personium-unit-config.properties | sed -e "s/io.personium.core.pathBasedCellUrl.enabled=//"` +PATH_BASED_CELL_URL=`ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i {{ ansible_ssh_private_key_file }} {{ ansible_ssh_user }}@{{ ap_private_ip }} grep "pathBasedCellUrl" /personium/personium-core/conf/18888/personium-unit-config.properties | sed -e "s/io.personium.core.pathBasedCellUrl.enabled=//"` if [ "false" == "${PATH_BASED_CELL_URL}" ]; then grep ${CELL_NAME}.${FQDN} /etc/hosts > /dev/null @@ -30,7 +30,7 @@ else CELL_URL=https://${FQDN}/${CELL_NAME} fi -SPECIFIED_ACCESS_TOKEN=`ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i {{ ansible_ssh_private_key_file }} root@{{ ap_private_ip }} grep "core.masterToken" /personium/personium-core/conf/18888/personium-unit-config.properties | sed -e "s/io.personium.core.masterToken=//"` +SPECIFIED_ACCESS_TOKEN=`ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i {{ ansible_ssh_private_key_file }} {{ ansible_ssh_user }}@{{ ap_private_ip }} grep "core.masterToken" /personium/personium-core/conf/18888/personium-unit-config.properties | sed -e "s/io.personium.core.masterToken=//"` XDCVERSION=default CURL_LOG=/tmp/rt_curl_${XDCVERSION}.txt From feb12871a396a831ede7dcc3ffe754aa2fb71cec Mon Sep 17 00:00:00 2001 From: "Tochiori, Yasufumi" Date: Wed, 18 Sep 2019 12:17:59 +0900 Subject: [PATCH 10/15] Add web_network_sep to hosts file --- 3-server_unit/static_inventory/hosts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/3-server_unit/static_inventory/hosts b/3-server_unit/static_inventory/hosts index 2df8f11..638e950 100644 --- a/3-server_unit/static_inventory/hosts +++ b/3-server_unit/static_inventory/hosts @@ -56,6 +56,9 @@ personium_nfs={NFS_Private_IP} ## network address of the bastion server that allows ssh connection bastion_network_sep={Bastion_Network_Separation} +## Network address of WEB server +web_network_sep={WEB_Network_Separation} + ## Network address of AP server ap_network_sep={AP_Network_Separation} #### for firewalld setting #### From e661837b1cfe65e9c9b630783de056ab0a78c6ee Mon Sep 17 00:00:00 2001 From: "Tochiori, Yasufumi" Date: Wed, 18 Sep 2019 12:19:54 +0900 Subject: [PATCH 11/15] fix typo --- Create_Server_Certificate_for_Letsencript.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Create_Server_Certificate_for_Letsencript.md b/Create_Server_Certificate_for_Letsencript.md index 3c67113..1aaf57f 100644 --- a/Create_Server_Certificate_for_Letsencript.md +++ b/Create_Server_Certificate_for_Letsencript.md @@ -33,7 +33,7 @@ Create a server certificate using certbot. 1. Execute the following command to start certificate creation processing by certbot. ```console - # certbot certonly --domain {FQDN} --manual --prefered-challenges dns + # certbot certonly --domain {FQDN} --manual --preferred-challenges dns ``` 1. Register your email address in Let's Encrypt. From ff0931fcb7232d18161a19d48bb854d292209b07 Mon Sep 17 00:00:00 2001 From: "Tochiori, Yasufumi" Date: Wed, 18 Sep 2019 12:24:21 +0900 Subject: [PATCH 12/15] Modify Let's Encrypt process --- Create_Server_Certificate_for_Letsencript.md | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/Create_Server_Certificate_for_Letsencript.md b/Create_Server_Certificate_for_Letsencript.md index 1aaf57f..8ab83ba 100644 --- a/Create_Server_Certificate_for_Letsencript.md +++ b/Create_Server_Certificate_for_Letsencript.md @@ -33,7 +33,7 @@ Create a server certificate using certbot. 1. Execute the following command to start certificate creation processing by certbot. ```console - # certbot certonly --domain {FQDN} --manual --preferred-challenges dns + # certbot certonly --domain {FQDN} --domain "*.{FQDN}" --manual --preferred-challenges dns ``` 1. Register your email address in Let's Encrypt. @@ -102,6 +102,23 @@ Create a server certificate using certbot. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ``` +1. Follow the instructions and register the TXT record in the DNS server that manages the domain, again. + + ```console + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + Please deploy a DNS TXT record under the name + _acme-challenge.{FQDN} with the following value: + + 8pDJZ1pCXmhh-OHSaV2IM_dLztGk31AnQytk1MJhx9E + + Before continuing, verify the record is deployed. + (This must be set up in addition to the previous challenges; do not remove, + replace, or undo the previous challenge tasks yet. Note that you might be + asked to create multiple distinct TXT records with the same name. This is + permitted by DNS standards.) + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + ``` + 1. When registration of TXT record is completed and you can refer to it from the Internet, press "Enter" key. \* It may take time depending on DNS service specification until TXT record can be registered correctly and it can be referred from the Internet. From ec23e2e3b10958d96206b215a0c276750ef92a3e Mon Sep 17 00:00:00 2001 From: "Tochiori, Yasufumi" Date: Wed, 18 Sep 2019 12:39:05 +0900 Subject: [PATCH 13/15] Modify ansible settings instruction --- 3-server_unit/Ansible_Settings_Instruction.md | 99 +++++++++---------- 1 file changed, 49 insertions(+), 50 deletions(-) diff --git a/3-server_unit/Ansible_Settings_Instruction.md b/3-server_unit/Ansible_Settings_Instruction.md index 8bad964..3530b22 100644 --- a/3-server_unit/Ansible_Settings_Instruction.md +++ b/3-server_unit/Ansible_Settings_Instruction.md @@ -20,7 +20,7 @@ Below are the files where modification is required. # should be changed to - ansible_ssh_user=root + ansible_ssh_user=ec2-user ``` * Modify the hosts file as per instruction below @@ -28,6 +28,26 @@ Below are the files where modification is required. #### Common Server Setting ```yaml +{Bastion_Private_IP} +# -> Specify the private IP of Bastion server +# EX: {Bastion_Private_IP}->172.31.10.248 + +{Web_Private_IP} +# -> Specify the private IP of Web server +# EX: {Web_Private_IP}->172.31.10.248 + +{AP_Private_IP} +# -> Specify the private IP of AP server +# EX: {AP_Private_IP}->172.31.13.38 + +{ES_Private_IP} +# -> Set the private IP for ES server +# EX: {ES_Private_IP}->172.31.3.80 + +{NFS_Private_IP} +# -> Set the private IP for NFS server +# EX: {NFS_Private_IP}->172.31.13.38 + {Ansible_Execution_User} # -> Specify a user ansible execution # EX: {Ansible_Execution_User}->root @@ -35,62 +55,60 @@ Below are the files where modification is required. {SSH_PrivateKey} # -> Set the secret key in the absolute path for ansible user ssh public key authentication # EX: {SSH_PrivateKey}->/root/.ssh/id_rsa -``` - -#### Bastion server -```yaml -{Bastion_Private_IP} -# -> Specify the private IP of Bastion server -# EX: {Bastion_Private_IP}->172.31.10.248 +{Web_Global_IP} +# -> Specify the global IP for Web server +# EX: {Web_Global_IP}->54.65.33.203 -{Bastion_Tag_Name} -# -> Specify the host name for Bastion server -# EX: {Bastion_Tag_Name}->bastion-web +{Web_FQDN} +# -> Specify the FQDN for Web server(same as unit FQDN) +# EX: {Web_FQDN}->ec2-54-65-33-203.ap-northeast-1.compute.amazonaws.com {Bastion_Network_Separation} # -> Specify the network catagory for Bastion server # EX: {Bastion_Network_Separation}->172.31.10.0/24 +{WEB_Network_Separation} +# -> Specify the network catagory for WEB server +# EX: {WEB_Network_Separation}->172.31.10.0/24 + +{AP_Network_Separation} +# -> Specify the network catagory for AP server +# EX: {AP_Network_Separation}->172.31.13.0/24 + +{Master_Token} +# -> To authorize all kind of operation, set the master token (Strictly managed) +# EX: enable_mastertoken=true +# {Master_Token}->abc123 + {Path_Based_Cell_Url_Enabled} # -> URL format to access cell*1 # -> true:path based cell url # -> false:per cell fqdn url # EX: {Path_Based_Cell_Url_Enabled}->false ``` + *1.For explanation about URL format to access cell, please confirm [here](https://personium.io/docs/ja/server-operator/setup_percell.html). -#### Web server +#### Bastion server ```yaml -{Web_Private_IP} -# -> Specify the private IP of Web server -# EX: {Web_Private_IP}->172.31.10.248 +{Bastion_Tag_Name} +# -> Specify the host name for Bastion server +# EX: {Bastion_Tag_Name}->bastion-web +``` + +#### Web server +```yaml {Web_Tag_Name} # -> Specify the host name for Web server # EX: {Web_Tag_Name}->bastion-web - -{Web_Global_IP} -# -> Specify the global IP for Web server -# EX: {Web_Global_IP}->54.65.33.203 - -{Web_FQDN} -# -> Specify the FQDN for Web server(same as unit FQDN) -# EX: {Web_FQDN}->ec2-54-65-33-203.ap-northeast-1.compute.amazonaws.com ``` #### AP server ```yaml -{AP_Private_IP} -# -> Specify the private IP of AP server -# EX: {AP_Private_IP}->172.31.13.38 - -{AP_Network_Separation} -# -> Specify the network catagory for AP server -# EX: {AP_Network_Separation}->172.31.13.0/24 - {AP_Tag_Name} # -> Specify the host name for AP server # EX: {AP_Tag_Name}->test-ap @@ -98,26 +116,11 @@ Below are the files where modification is required. {PIO_LOGVOL} # -> Specify the disk name for Personium log # EX: {PIO_LOGVOL}->vdb - -{Master_Token} -# -> To authorize all kind of operation, set the master token (Strictly managed) -# EX: {Master_Token}->abc123 - -{Path_Based_Cell_Url_Enabled} -# -> URL format to access cell*1 -# -> true:path based cell url -# -> false:per cell fqdn url -# EX: {Path_Based_Cell_Url_Enabled}->false ``` -*1.For explanation about URL format to access cell, please confirm [here](https://personium.io/docs/ja/server-operator/setup_percell.html). #### ES server ```yaml -{ES_Private_IP} -# -> Set the private IP for ES server -# EX: {ES_Private_IP}->172.31.3.80 - {ES_Tag_Name} # -> Specify the host name for ES server # EX: {ES_Tag_Name}->test-ES @@ -130,10 +133,6 @@ Below are the files where modification is required. #### NFS server ```yaml -{NFS_Private_IP} -# -> Set the private IP for NFS server -# EX: {NFS_Private_IP}->172.31.13.38 - {nfs_Tag_Name} # -> Specify the host name for nfs server # EX: {nfs_Tag_Name}->test-NFS From 0409bb9d6f03b1cd450037466938d7095326f42d Mon Sep 17 00:00:00 2001 From: "Tochiori, Yasufumi" Date: Wed, 18 Sep 2019 12:56:04 +0900 Subject: [PATCH 14/15] Fix machine environment support --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index e791c0d..44ec305 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ There are different patterns of setup tools to construct the Personium unit. Ple #### Pattern-1 : 1 server -* Machine environment : **Linux** +* Machine environment : **CentOS 7** * The number of Personium unit servers : **1 Server** * Server-1 elements : Bastion, Web, AP, ES * Setup time : 1 hour @@ -44,7 +44,7 @@ For the setting procedure, please refer to [setup-vagrant](https://github.com/pe #### Pattern-2 : 3 server -* Machine environment : **Linux** +* Machine environment : **CentOS 7** * The number of Personium unit servers : **3 Servers** * Server-1 elements : Bastion,Web * Server-2 elements : AP,NFS From 446a83881c5f6cb3dec488809d531305e3eec04e Mon Sep 17 00:00:00 2001 From: "Tochiori, Yasufumi" Date: Wed, 18 Sep 2019 17:54:47 +0900 Subject: [PATCH 15/15] Fix typo --- 3-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/3-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 b/3-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 index 5b48309..a86beaa 100644 --- a/3-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 +++ b/3-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 @@ -49,7 +49,7 @@ function check_response() { OPERATION=${2} RESPONSE_CODE=`echo "${CURL_RESULT}" | /bin/grep 'status:'` if [ "${RESPONSE_CODE}" != "status:${STATUS}" ]; then - echo "${OPERATION} faild." + echo "${OPERATION} failed." exit 2 fi }