Merge pull request #119 from personium/develop

Release v2.0.9
personium · Oct 23, 2019 · 91e26e3 · 91e26e3
2 parents 8786a76 + 10163eb
commit 91e26e3
Show file tree

Hide file tree

Showing 27 changed files with 194 additions and 528 deletions.
diff --git a/1-server_unit/Ansible_Settings_Instruction.md b/1-server_unit/Ansible_Settings_Instruction.md
@@ -115,9 +115,9 @@ Below are the files where modification is required.
 
   cache_manager: memcached
 
-  tomcat_version: 9.0.10
+  tomcat_version: 9.0.27
 
-  commons_daemon_version : 1.1.0
+  commons_daemon_version : 1.2.2
 
   activemq_version: 5.15.8
 ```
@@ -154,8 +154,6 @@ Below are the files where modification is required.
   memcached_lock_cachesize: 512
 
   memcached_cache_cachesize: 512
-
-  logback_version: 1.2.3
 ```
 
 #### Bastion server (file destination : /group_vars/bastion.yml)

diff --git a/1-server_unit/README.md b/1-server_unit/README.md
@@ -2,7 +2,7 @@
 ---------------------------------------
 
 ## Overview
-The purpose of this document is to explain explecitely how to construct Personium unit on 1 server using Ansible.
+The purpose of this document is to explain explicitly how to construct Personium unit on 1 server using Ansible.
 This ansible is checking the operation with Personium version 1.5.2 later and CentOS 7.2.
 
 ## Server setup :white_check_mark:
@@ -55,27 +55,32 @@ The following key file will be generated automatically during the Ansible execut
 ## Initial setup for Ansible :white_check_mark:
 
 * Prerequisite:
-  * User account: root
+  * All infrastructure is created
+  * User account: sudo user
   * Ansible execution user account: root
-  * Ansible execution environment : Web/Bastion server
-  * DNS registered fixed global IP address
+  * Ansible execution environment : Bastion server
+  * Fixed global IP address is attached to the Web server
   * Fixed private IP of all the remote servers.
 
-#### 1: Git clone Ansible
+#### 1: Configure DNS setting
+
+See [DNS Setup for per-cell URL](../DNS_Setup_for_per-cell_url.md).
+
+#### 2: Git clone Ansible
 
 * Using git client, clone the `ansible` repository (https://github.com/personium/ansible) to your local environment.  
 \* Please clone or download the zip file from the release branch.  
-\* Since the master branch may contain new features which are under testing and development, errorneous behavior may be expected.  
+\* Since the master branch may contain new features which are under testing and development, erroneous behavior may be expected.  
 \* From now on, we describe `1-server_unit` under cloned folder as `$ansible`.
 
-#### 2: Setup Ansible parameters
+#### 3: Setup Ansible parameters
 
 * Edit the following files
   * Edit `$ansible/static_inventory/hosts` file and set the value of each parameter.
   * Check `$ansible/group_vars/[group name].yml` file. Re-set the parameter value, if server tuning is necessary.  
 \* Please refer to [Ansible Settings Instruction](Ansible_Settings_Instruction.md "") file, for more details about each parameter.
 
-#### 3: Deploy Ansible (server destination : Bastion server)
+#### 4: Deploy Ansible (server destination : Bastion server)
 
 * Connect to the Bastion server using WinSCP or other related tools  
 \* WinSCP : https://winscp.net/eng/download.php
@@ -84,59 +89,26 @@ The following key file will be generated automatically during the Ansible execut
  For example, `hosts` file which changed on [2: Setup Ansible parameters] is located on /root/ansible/static_inventory/hosts.
 
 
-#### 4: Prepare Self-signed unit certificate and secret key
+#### 5: Prepare Self-signed unit certificate and secret key
 
 * Please refer to [How to generate Self-signed Unit Certificate](../How_to_generate_Self-signed_Unit_Certificate.md ""), for self-signed unit certificate creation procedure.
 
-#### 5: Configure the self-signed unit certificate and private key
+#### 6: Configure the self-signed unit certificate and private key
 
 * Arrange certificate
   * Deploy the **self-signed unit certificate** and **private key** under `/root/ansible/resource/ap/opt/x509/` folder with the following file names.
     - unit-self-sign.crt(self-signed unit certificate)
     - unit.key(private key)  
 \* You may escape the procedure above, if the self-signed unit certificate is created based on the [How to generate Self-signed Unit Certificate](../How_to_generate_Self-signed_Unit_Certificate.md "").
 
-#### 6: Prepare SSL certificate / private key
+#### 7: Prepare SSL certificate / private key
 
 * Prepare the SSL certificate and private key separately  
-If you have a domain and can set it to DNS, you can use an official SSL certificate. [Example of using Let's Encrypt.](../Create_Server_Certificate_for_Letsencript.md)  
-\* Create and use self-signed SSL certificate when the official SSL certificate is not available.
-Following is the self-signed ssl certificate creation procedure.
-Common Name value should be the unit domain name.
-
-```console
-    # cd /root/ansible/resource/web/opt/nginx/conf
-    # openssl genrsa -des3 -out server.key 1024
-           Enter pass phrase for server.key:                            \* Required (Characters length: is 4 - 8191)
-    # openssl req -new -key server.key -out server.csr
-           Enter pass phrase for server.key:                            \* enter the value of `server.key`
-           Country Name (2 letter code) [XX]:                           \* Optional ( entered value will be visible in the certificate)
-           State or Province Name (full name) []:                       \* Optional ( entered value will be visible in the certificate)
-           Locality Name (eg, city) [Default City]:                     \* Optional ( entered value will be visible in the certificate)
-           Organization Name (eg, company) [Default Company Ltd]:       \* Optional ( entered value will be visible in the certificate)
-           Organizational Unit Name (eg, section) []:                   \* Optional ( entered value will be visible in the certificate)
-           Common Name (eg, your name or your server's hostname) []:    \* Required ( entered value will be visible in the certificate)
-           Email Address []:                                            \* Optional ( entered value will be visible in the certificate)
-
-           Please enter the following 'extra' attributes
-           to be sent with your certificate request
-           A challenge password []:
-           An optional company name []:
-
-    # cp server.key server.key.org
-    # openssl rsa -in server.key.org -out server.key
-           Enter pass phrase for server.key.org:     \* enter the value of `server.key`
-    # openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
-    # ls -l server.*
-```
-
-  - Check if the following files are created
-    - server.key.org
-    - server.crt
-    - server.csr
-    - server.key  
+If you have a domain and can set it to DNS, you can use an official SSL certificate. [Example of using Let's Encrypt.](../Create_Server_Certificate_for_Letsencrypt.md)  
+* Create and use self-signed SSL certificate when the official SSL certificate is not available.
+[Example of using Self-sign.](../Create_Server_Certificate_for_Self-sign.md)
 
-#### 7: Deploy SSL certificate / private key
+#### 8: Deploy SSL certificate / private key
 
 * Certificate deployment
    * Deploy the certificate under `/root/ansible/resource/web/opt/nginx/conf/` folder
@@ -148,7 +120,7 @@ Common Name value should be the unit domain name.
 
 \* In the case of Self-signed SSL certificate, the above process is not required to follow.
 
-#### 8: Generate SSH key
+#### 9: Generate SSH key
 
 * Setup the ssh keys (RSA key pair) to access other servers from bastion server as root user. Follow the steps below:
 
@@ -335,7 +307,7 @@ The `private key` (identification) will be placed in `/root/.ssh/id_rsa`
 
 \* reachability testing is done, if it shows the same
 
- For the developers conveniency this document introduced the procedure to construct Personium unit using Ansible.
+ For the developers convenience this document introduced the procedure to construct Personium unit using Ansible.
 Hope developers will enjoy deploying Personium unit on any of their suitable environment. Please try Personium and let us know your feedback or comments for further betterment of Personium. Your feedback and comments will be highly appreciated.
 
 --------------------------------------------------------------------
diff --git a/1-server_unit/group_vars/ap.yml b/1-server_unit/group_vars/ap.yml
@@ -17,6 +17,6 @@ cache_port: 11212
 cache_manager: memcached
 
 
-tomcat_version: 9.0.10
-commons_daemon_version : 1.1.0
+tomcat_version: 9.0.27
+commons_daemon_version : 1.2.2
 activemq_version: 5.15.8
diff --git a/1-server_unit/group_vars/nfs.yml b/1-server_unit/group_vars/nfs.yml
@@ -14,6 +14,4 @@ cache_port: 11212
 
 # memcached cachesize
 memcached_lock_cachesize: 512
-memcached_cache_cachesize: 512
-
-logback_version: 1.2.3
+memcached_cache_cachesize: 512
diff --git a/1-server_unit/nfs.yml b/1-server_unit/nfs.yml
@@ -2,7 +2,6 @@
 
 - include: ./tasks/common/init_process_account_personium.yml
 - include: ./tasks/nfs/init_personium-dir.yml
-- include: ./tasks/nfs/init_logback.yml
 
 - include: ./tasks/nfs/init_memcached_env_os.yml
   when: cache_in_nfs

diff --git a/...ce/nfs/etc/logrotate.d/personium-core-log → ...rce/ap/etc/logrotate.d/personium-core-log b/...ce/nfs/etc/logrotate.d/personium-core-log → ...rce/ap/etc/logrotate.d/personium-core-log
diff --git a/1-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 b/1-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2
@@ -24,7 +24,6 @@ MASTER_TOKEN={{ master_token }}
 CELL_NAME=unitadmin
 ROLE_UA_NAME=UnitAdmin
 ROLE_CCA_NAME=CellContentsAdmin
-CELL_OWNER=personium-localunit:/$CELL_NAME/#unitadmin
 UNITADMIN_ACCOUNT_FILE=/root/ansible/unitadmin_account
 PATH_BASED_CELL_URL={{ path_based_cell_url_enabled }}
 
@@ -35,11 +34,13 @@ if [ "false" == "${PATH_BASED_CELL_URL}" ]; then
       echo "127.0.0.1" ${CELL_NAME}.${DOMAIN} >> /etc/hosts
     fi
 
-    CELL_URL=https://${CELL_NAME}.${DOMAIN}
+    CELL_URL=https://${CELL_NAME}.${DOMAIN}/
 else
-    CELL_URL=https://${DOMAIN}/${CELL_NAME}
+    CELL_URL=https://${DOMAIN}/${CELL_NAME}/
 fi
 
+CELL_OWNER=${CELL_URL}#unitadmin
+
 # Account and password to create
 UU_NAME=(unitadmin)
 UU_PASS=()
@@ -70,41 +71,41 @@ UU_PASS+=(`perl -le 'print map { ("a".."z","A".."Z", 0..9)[rand 36] } 1..16'`)
 
 echo "   creating account ["${UU_NAME}"]"
 echo "            passwd  ["${UU_PASS}"]"
-CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" $CELL_URL/__ctl/Account -X POST -H "Authorization: Bearer $MASTER_TOKEN" -H "X-Personium-Credential: ${UU_PASS}" -d "{\"Name\":\"${UU_NAME}\"}" -k -i -s`
+CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" ${CELL_URL}__ctl/Account -X POST -H "Authorization: Bearer $MASTER_TOKEN" -H "X-Personium-Credential: ${UU_PASS}" -d "{\"Name\":\"${UU_NAME}\"}" -k -i -s`
 echo "$CURL_RESULT"
 check_response 201 "Account created"
 
 echo "   -- Account check"
 echo "checking account["${UU_NAME}"]"
-CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" $CELL_URL/__token -X POST -d "grant_type=password&username=${UU_NAME}&password=${UU_PASS}" -k -i -s`
+CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" ${CELL_URL}__token -X POST -d "grant_type=password&username=${UU_NAME}&password=${UU_PASS}" -k -i -s`
 echo "$CURL_RESULT"
 check_response 200 "Check Account Created"
 
 # Create UnitAdmin role
 echo "######  Create UnitAdmin role  ######"
-CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" $CELL_URL/__ctl/Role -X POST -H "Authorization: Bearer $MASTER_TOKEN" -d "{\"Name\":\"$ROLE_UA_NAME\"}" -k -i -s`
+CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" ${CELL_URL}__ctl/Role -X POST -H "Authorization: Bearer $MASTER_TOKEN" -d "{\"Name\":\"$ROLE_UA_NAME\"}" -k -i -s`
 echo "$CURL_RESULT"
 check_response 201 "UnitAdmin Role created"
 
 echo "-- UnitAdmin Role check"
-CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" "$CELL_URL/__ctl/Role(%27$ROLE_UA_NAME%27)" -X GET -H "Authorization: Bearer $MASTER_TOKEN" -k -i -s`
+CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" "${CELL_URL}__ctl/Role(%27$ROLE_UA_NAME%27)" -X GET -H "Authorization: Bearer $MASTER_TOKEN" -k -i -s`
 echo "$CURL_RESULT"
 check_response 200 "Check UnitAdmin Role Created"
 
 # Create CellContentsAdmin role
 echo "######  Create CellContentsAdmin role  ######"
-CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" $CELL_URL/__ctl/Role -X POST -H "Authorization: Bearer $MASTER_TOKEN" -d "{\"Name\":\"$ROLE_CCA_NAME\"}" -k -i -s`
+CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" ${CELL_URL}__ctl/Role -X POST -H "Authorization: Bearer $MASTER_TOKEN" -d "{\"Name\":\"$ROLE_CCA_NAME\"}" -k -i -s`
 echo "$CURL_RESULT"
 check_response 201 "CellContentsAdmin Role created"
 
 echo "-- CellContentsAdmin Role check"
-CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" "$CELL_URL/__ctl/Role(%27$ROLE_CCA_NAME%27)" -X GET -H "Authorization: Bearer $MASTER_TOKEN" -k -i -s`
+CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" "${CELL_URL}__ctl/Role(%27$ROLE_CCA_NAME%27)" -X GET -H "Authorization: Bearer $MASTER_TOKEN" -k -i -s`
 echo "$CURL_RESULT"
 check_response 200 "Check CellContentsAdmin Role Created"
 
 # Link unitadmin - CellContentsAdmin
 echo "######  Link unitadmin - CellContentsAdmin  ######"
-CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" "$CELL_URL/__ctl/Role(%27$ROLE_CCA_NAME%27)/\\$links/_Account" -X POST -H "Authorization: Bearer $MASTER_TOKEN" -d "{\"uri\":\"$CELL_URL/__ctl/Account('${UU_NAME}')\"}" -k -i -s`
+CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" "${CELL_URL}__ctl/Role(%27$ROLE_CCA_NAME%27)/\\$links/_Account" -X POST -H "Authorization: Bearer $MASTER_TOKEN" -d "{\"uri\":\"${CELL_URL}__ctl/Account('${UU_NAME}')\"}" -k -i -s`
 echo "$CURL_RESULT"
 check_response 204 "Link unitadmin - CellContentsAdmin"