From 5f5f5a3b43e1c9753bc52ff245e4598eaee9eb27 Mon Sep 17 00:00:00 2001 From: "Tochiori, Yasufumi" Date: Tue, 15 Oct 2019 18:50:15 +0900 Subject: [PATCH 01/12] Add DNS settings document. --- 1-server_unit/README.md | 7 ++++++- 3-server_unit/README.md | 7 ++++++- DNS_Setup_for_per-cell_url.md | 38 +++++++++++++++++++++++++++++++++++ 3 files changed, 50 insertions(+), 2 deletions(-) create mode 100644 DNS_Setup_for_per-cell_url.md diff --git a/1-server_unit/README.md b/1-server_unit/README.md index 52dcad4..8a74ad2 100644 --- a/1-server_unit/README.md +++ b/1-server_unit/README.md @@ -55,12 +55,17 @@ The following key file will be generated automatically during the Ansible execut ## Initial setup for Ansible :white_check_mark: * Prerequisite: + * All infrastructure is created * User account: root * Ansible execution user account: root * Ansible execution environment : Web/Bastion server - * DNS registered fixed global IP address + * Fixed global IP address is attached to the Web server * Fixed private IP of all the remote servers. +#### 0: Configure DNS setting + +See [DNS Setup for per-cell URL](../DNS_Setup_for_per-cell_url.md). + #### 1: Git clone Ansible * Using git client, clone the `ansible` repository (https://github.com/personium/ansible) to your local environment. diff --git a/3-server_unit/README.md b/3-server_unit/README.md index 2cd8f6b..c617107 100644 --- a/3-server_unit/README.md +++ b/3-server_unit/README.md @@ -60,12 +60,17 @@ The following key file will be generated automatically during the Ansible execut ## Initial setup for Ansible :white_check_mark: * Prerequisite: + * All infrastructure is created * User account: root * Ansible execution user account: root * Ansible execution environment : Web/Bastion server - * DNS registered fixed global IP address + * Fixed global IP address is attached to the Web server * Fixed private IP of all the remote servers. +#### 0: Configure DNS setting + +See [DNS Setup for per-cell URL](../DNS_Setup_for_per-cell_url.md) + #### 1: Git clone Ansible * Using git client, clone the `ansible` repository (https://github.com/personium/ansible) to your local environment. diff --git a/DNS_Setup_for_per-cell_url.md b/DNS_Setup_for_per-cell_url.md new file mode 100644 index 0000000..7a9f6b1 --- /dev/null +++ b/DNS_Setup_for_per-cell_url.md @@ -0,0 +1,38 @@ +# DNS setup for per-cell URL + +------------------------------------------------- + +## Introduction + +Before executing Personium ansible playbook, you need to configure DNS setting +since per-cell URL introduced in personium-core v1.7.6 requires it. + +### Per-cell URL + +Per-cell URL is represented as: + +``` +https://{CellName}.{UnitFQDN}/ +``` + +So cell URLs are different per cell and wild card DNS record (like `*.{UnitFQDN}`) +is required in DNS setting. Per-cell URL is configured by setting configuration value of +`pathBasedCellUrl.enabled` to false in `personium-unit-config.properties` and basically +the value is required to set false for security reason. + +## DNS setup + +You need to configure following DNS setting if you use per-cell URL. + +|FQDN|Record type|IP address| +|---|---|---| +|{Personium unit FQDN}|A|{Personium unit global IP address}| +|*.{Personium unit FQDN}|A|{Personium unit global IP address}| + +For example, if you use `192.0.2.0` as Personium unit global IP address +and `personium.example` as Personium unit FQDN, DNS records are as followings: + +|FQDN|Record type|IP address| +|---|---|---| +|personium.example|A|192.0.2.0| +|*.personium.example|A|192.0.2.0| From 796067a43569cfe4acf7b5eaee37f013f3cf3376 Mon Sep 17 00:00:00 2001 From: "Tochiori, Yasufumi" Date: Tue, 15 Oct 2019 18:55:04 +0900 Subject: [PATCH 02/12] Modify numbering --- 1-server_unit/README.md | 18 +++++++++--------- 3-server_unit/README.md | 20 ++++++++++---------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/1-server_unit/README.md b/1-server_unit/README.md index 8a74ad2..8e5c54b 100644 --- a/1-server_unit/README.md +++ b/1-server_unit/README.md @@ -62,25 +62,25 @@ The following key file will be generated automatically during the Ansible execut * Fixed global IP address is attached to the Web server * Fixed private IP of all the remote servers. -#### 0: Configure DNS setting +#### 1: Configure DNS setting See [DNS Setup for per-cell URL](../DNS_Setup_for_per-cell_url.md). -#### 1: Git clone Ansible +#### 2: Git clone Ansible * Using git client, clone the `ansible` repository (https://github.com/personium/ansible) to your local environment. \* Please clone or download the zip file from the release branch. \* Since the master branch may contain new features which are under testing and development, errorneous behavior may be expected. \* From now on, we describe `1-server_unit` under cloned folder as `$ansible`. -#### 2: Setup Ansible parameters +#### 3: Setup Ansible parameters * Edit the following files * Edit `$ansible/static_inventory/hosts` file and set the value of each parameter. * Check `$ansible/group_vars/[group name].yml` file. Re-set the parameter value, if server tuning is necessary. \* Please refer to [Ansible Settings Instruction](Ansible_Settings_Instruction.md "") file, for more details about each parameter. -#### 3: Deploy Ansible (server destination : Bastion server) +#### 4: Deploy Ansible (server destination : Bastion server) * Connect to the Bastion server using WinSCP or other related tools \* WinSCP : https://winscp.net/eng/download.php @@ -89,11 +89,11 @@ See [DNS Setup for per-cell URL](../DNS_Setup_for_per-cell_url.md). For example, `hosts` file which changed on [2: Setup Ansible parameters] is located on /root/ansible/static_inventory/hosts. -#### 4: Prepare Self-signed unit certificate and secret key +#### 5: Prepare Self-signed unit certificate and secret key * Please refer to [How to generate Self-signed Unit Certificate](../How_to_generate_Self-signed_Unit_Certificate.md ""), for self-signed unit certificate creation procedure. -#### 5: Configure the self-signed unit certificate and private key +#### 6: Configure the self-signed unit certificate and private key * Arrange certificate * Deploy the **self-signed unit certificate** and **private key** under `/root/ansible/resource/ap/opt/x509/` folder with the following file names. @@ -101,7 +101,7 @@ See [DNS Setup for per-cell URL](../DNS_Setup_for_per-cell_url.md). - unit.key(private key) \* You may escape the procedure above, if the self-signed unit certificate is created based on the [How to generate Self-signed Unit Certificate](../How_to_generate_Self-signed_Unit_Certificate.md ""). -#### 6: Prepare SSL certificate / private key +#### 7: Prepare SSL certificate / private key * Prepare the SSL certificate and private key separately If you have a domain and can set it to DNS, you can use an official SSL certificate. [Example of using Let's Encrypt.](../Create_Server_Certificate_for_Letsencript.md) @@ -141,7 +141,7 @@ Common Name value should be the unit domain name. - server.csr - server.key -#### 7: Deploy SSL certificate / private key +#### 8: Deploy SSL certificate / private key * Certificate deployment * Deploy the certificate under `/root/ansible/resource/web/opt/nginx/conf/` folder @@ -153,7 +153,7 @@ Common Name value should be the unit domain name. \* In the case of Self-signed SSL certificate, the above process is not required to follow. -#### 8: Generate SSH key +#### 9: Generate SSH key * Setup the ssh keys (RSA key pair) to access other servers from bastion server as root user. Follow the steps below: diff --git a/3-server_unit/README.md b/3-server_unit/README.md index c617107..5367159 100644 --- a/3-server_unit/README.md +++ b/3-server_unit/README.md @@ -67,25 +67,25 @@ The following key file will be generated automatically during the Ansible execut * Fixed global IP address is attached to the Web server * Fixed private IP of all the remote servers. -#### 0: Configure DNS setting +#### 1: Configure DNS setting See [DNS Setup for per-cell URL](../DNS_Setup_for_per-cell_url.md) -#### 1: Git clone Ansible +#### 2: Git clone Ansible * Using git client, clone the `ansible` repository (https://github.com/personium/ansible) to your local environment. \* Please clone or download the zip file from the release branch. \* Since the master branch may contain new features which are under testing and development, errorneous behavior may be expected. \* From now on, we describe this `3-server_unit` folder as `$ansible`. -#### 2: Setup Ansible parameters +#### 3: Setup Ansible parameters * Edit the following files * Edit `$ansible/static_inventory/hosts` file and set the value of each parameter. * Check `$ansible/group_vars/[group name].yml` file. Re-set the parameter value, if server tuning is necessary. \* Please refer to [Ansible Settings Instruction](Ansible_Settings_Instruction.md "") file, for more details about each parameter. -#### 3: Deploy Ansible (server destination : Bastion server) +#### 4: Deploy Ansible (server destination : Bastion server) * Connect to the Bastion server using WinSCP or other related tools \* WinSCP : https://winscp.net/eng/download.php @@ -93,12 +93,12 @@ See [DNS Setup for per-cell URL](../DNS_Setup_for_per-cell_url.md) * Rename the `3-server_unit` folder to `ansible`. For example, `hosts` file which changed on [2: Setup Ansible parameters] is located on /root/ansible/static_inventory/hosts. -#### 4: Prepare Self-signed unit certificate and secret key +#### 5: Prepare Self-signed unit certificate and secret key * Please refer to [How to generate Self-signed Unit Certificate](../How_to_generate_Self-signed_Unit_Certificate.md ""), for self-signed unit certificate creation procedure. -#### 5: Configure the self-signed unit certificate and private key +#### 6: Configure the self-signed unit certificate and private key * Arrange certificate * Deploy the **self-signed unit certificate** and **private key** under `/root/ansible/resource/ap/opt/x509/` folder with the following file names. @@ -106,7 +106,7 @@ See [DNS Setup for per-cell URL](../DNS_Setup_for_per-cell_url.md) - unit.key(private key) \* You may escape the procedure above, if the self-signed unit certificate is created based on the [How to generate Self-signed Unit Certificate](../How_to_generate_Self-signed_Unit_Certificate.md ""). -#### 6: Prepare SSL certificate / private key +#### 7: Prepare SSL certificate / private key * Prepare the SSL certificate and private key separately If you have a domain and can set it to DNS, you can use an official SSL certificate. [Example of using Let's Encrypt.](../Create_Server_Certificate_for_Letsencript.md) @@ -146,7 +146,7 @@ Common Name value should be the unit domain name. - server.csr - server.key -#### 7: Deploy SSL certificate / private key +#### 8: Deploy SSL certificate / private key * Certificate deployment * Deploy the certificate under `/root/ansible/resource/web/opt/nginx/conf/` folder @@ -158,7 +158,7 @@ Common Name value should be the unit domain name. \* In the case of Self-signed SSL certificate, the above process is not required to follow. -#### 8: Add DISK +#### 9: Add DISK * Add the external disk to the servers below (\*Following disk sizes are recommended). Note: It is required to add the external disk on the following path @@ -170,7 +170,7 @@ Note: It is required to add the external disk on the following path | AP + NFS server | 100GB | /dev/xvdc | /opt/nfs_webdav | WebDav, event log | -#### 9: Generate SSH key +#### 10: Generate SSH key * Setup the ssh keys (RSA key pair) to access other servers from bastion server as root user. Follow the steps below: From 74781915b45388ee60339004eafc28934d284b29 Mon Sep 17 00:00:00 2001 From: "Tochiori, Yasufumi" Date: Wed, 16 Oct 2019 12:59:07 +0900 Subject: [PATCH 03/12] Modify self-singed certificate creation procedure --- 1-server_unit/README.md | 37 +------------ 3-server_unit/README.md | 39 +------------ Create_Server_Certificate_for_Self-sign.md | 64 ++++++++++++++++++++++ 3 files changed, 69 insertions(+), 71 deletions(-) create mode 100644 Create_Server_Certificate_for_Self-sign.md diff --git a/1-server_unit/README.md b/1-server_unit/README.md index 52dcad4..418222d 100644 --- a/1-server_unit/README.md +++ b/1-server_unit/README.md @@ -100,41 +100,8 @@ The following key file will be generated automatically during the Ansible execut * Prepare the SSL certificate and private key separately If you have a domain and can set it to DNS, you can use an official SSL certificate. [Example of using Let's Encrypt.](../Create_Server_Certificate_for_Letsencript.md) -\* Create and use self-signed SSL certificate when the official SSL certificate is not available. -Following is the self-signed ssl certificate creation procedure. -Common Name value should be the unit domain name. - -```console - # cd /root/ansible/resource/web/opt/nginx/conf - # openssl genrsa -des3 -out server.key 1024 - Enter pass phrase for server.key: \* Required (Characters length: is 4 - 8191) - # openssl req -new -key server.key -out server.csr - Enter pass phrase for server.key: \* enter the value of `server.key` - Country Name (2 letter code) [XX]: \* Optional ( entered value will be visible in the certificate) - State or Province Name (full name) []: \* Optional ( entered value will be visible in the certificate) - Locality Name (eg, city) [Default City]: \* Optional ( entered value will be visible in the certificate) - Organization Name (eg, company) [Default Company Ltd]: \* Optional ( entered value will be visible in the certificate) - Organizational Unit Name (eg, section) []: \* Optional ( entered value will be visible in the certificate) - Common Name (eg, your name or your server's hostname) []: \* Required ( entered value will be visible in the certificate) - Email Address []: \* Optional ( entered value will be visible in the certificate) - - Please enter the following 'extra' attributes - to be sent with your certificate request - A challenge password []: - An optional company name []: - - # cp server.key server.key.org - # openssl rsa -in server.key.org -out server.key - Enter pass phrase for server.key.org: \* enter the value of `server.key` - # openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt - # ls -l server.* -``` - - - Check if the following files are created - - server.key.org - - server.crt - - server.csr - - server.key +* Create and use self-signed SSL certificate when the official SSL certificate is not available. +[Example of using Self-sign.](../Create_Server_Certificate_for_Self-sign.md) #### 7: Deploy SSL certificate / private key diff --git a/3-server_unit/README.md b/3-server_unit/README.md index 2cd8f6b..c423526 100644 --- a/3-server_unit/README.md +++ b/3-server_unit/README.md @@ -104,42 +104,9 @@ The following key file will be generated automatically during the Ansible execut #### 6: Prepare SSL certificate / private key * Prepare the SSL certificate and private key separately -If you have a domain and can set it to DNS, you can use an official SSL certificate. [Example of using Let's Encrypt.](../Create_Server_Certificate_for_Letsencript.md) -\* Create and use self-signed SSL certificate when the official SSL certificate is not available. -Following is the self-signed ssl certificate creation procedure. -Common Name value should be the unit domain name. - -```console - # cd /root/ansible/resource/web/opt/nginx/conf - # openssl genrsa -des3 -out server.key 1024 - Enter pass phrase for server.key: \* Required (Characters length: is 4 - 8191) - # openssl req -new -key server.key -out server.csr - Enter pass phrase for server.key: \* enter the value of `server.key` - Country Name (2 letter code) [XX]: \* Optional ( entered value will be visible in the certificate) - State or Province Name (full name) []: \* Optional ( entered value will be visible in the certificate) - Locality Name (eg, city) [Default City]: \* Optional ( entered value will be visible in the certificate) - Organization Name (eg, company) [Default Company Ltd]: \* Optional ( entered value will be visible in the certificate) - Organizational Unit Name (eg, section) []: \* Optional ( entered value will be visible in the certificate) - Common Name (eg, your name or your server's hostname) []: \* Required ( entered value will be visible in the certificate) - Email Address []: \* Optional ( entered value will be visible in the certificate) - - Please enter the following 'extra' attributes - to be sent with your certificate request - A challenge password []: - An optional company name []: - - # cp server.key server.key.org - # openssl rsa -in server.key.org -out server.key - Enter pass phrase for server.key.org: \* enter the value of `server.key` - # openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt - # ls -l server.* -``` - - - Check if the following files are created - - server.key.org - - server.crt - - server.csr - - server.key +If you have a domain and can set it to DNS, you can use an official SSL certificate. [Example of using Let's Encrypt.](../Create_Server_Certificate_for_Letsencript.md) +* Create and use self-signed SSL certificate when the official SSL certificate is not available. +[Example of using Self-sign.](../Create_Server_Certificate_for_Self-sign.md) #### 7: Deploy SSL certificate / private key diff --git a/Create_Server_Certificate_for_Self-sign.md b/Create_Server_Certificate_for_Self-sign.md new file mode 100644 index 0000000..0a3697e --- /dev/null +++ b/Create_Server_Certificate_for_Self-sign.md @@ -0,0 +1,64 @@ +# Server certificate creation using Self sign + +------------------------------------------------- + +Following is server self-signed ssl certificate creation procedure. + +* Common Name value should be the unit domain name. +* Subject Alternative Name (SAN) values are also should be the unit domain name +and wildcard domain name. + +```console + # cd /root/ansible/resource/web/opt/nginx/conf + # openssl genrsa -des3 -out server.key 1024 + Enter pass phrase for server.key: \* Required (Characters length: is 4 - 8191) + # openssl req -new -key server.key -out server.csr + Enter pass phrase for server.key: \* enter the value of `server.key` + Country Name (2 letter code) [XX]: \* Optional ( entered value will be visible in the certificate) + State or Province Name (full name) []: \* Optional ( entered value will be visible in the certificate) + Locality Name (eg, city) [Default City]: \* Optional ( entered value will be visible in the certificate) + Organization Name (eg, company) [Default Company Ltd]: \* Optional ( entered value will be visible in the certificate) + Organizational Unit Name (eg, section) []: \* Optional ( entered value will be visible in the certificate) + Common Name (eg, your name or your server's hostname) []: \* Required ( entered value will be visible in the certificate) + Email Address []: \* Optional ( entered value will be visible in the certificate) + + Please enter the following 'extra' attributes + to be sent with your certificate request + A challenge password []: + An optional company name []: + + # cp server.key server.key.org + # openssl rsa -in server.key.org -out server.key + Enter pass phrase for server.key.org: \* enter the value of `server.key` + # echo "subjectAltName = DNS:{FQDN}, DNS:*.{FQDN}" >san.txt \* Replace {FQDN} with your FQDN + # openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt -extfile san.txt + # ls -l server.* +``` + +* Check if the following files are created + * server.key.org + * server.crt + * server.csr + * server.key + +* Check the certificate content. (Especially CommonName and Subject Alternative Name values.) + +```console +# openssl x509 -in server.crt -text | grep Subject -1 + Not After : Oct 15 01:38:40 2020 GMT + Subject: C=XX, L=Default City, O=Default Company Ltd, CN=test.example + Subject Public Key Info: + Public Key Algorithm: rsaEncryption +-- + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:text.example, DNS:*.test.example +``` + +* After constructing Personium unit, add the certificate to JRE that runs tomcat in AP server. + +```console +# cd ${JAVA_HOME}/jre/lib/security +# cp cacerts{,.org} +# keytool -import -trustcacerts -file /path/to/your/self-signed-certificate -keystore cacerts -alias ca +``` From babfee2e71d486b1a1c8e1b298fb89f4c3b5734f Mon Sep 17 00:00:00 2001 From: "Tochiori, Yasufumi" Date: Wed, 16 Oct 2019 13:27:47 +0900 Subject: [PATCH 04/12] Modify cell owner value --- 1-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 | 3 ++- 3-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/1-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 b/1-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 index 5b48309..f0d16bb 100644 --- a/1-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 +++ b/1-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 @@ -24,7 +24,6 @@ MASTER_TOKEN={{ master_token }} CELL_NAME=unitadmin ROLE_UA_NAME=UnitAdmin ROLE_CCA_NAME=CellContentsAdmin -CELL_OWNER=personium-localunit:/$CELL_NAME/#unitadmin UNITADMIN_ACCOUNT_FILE=/root/ansible/unitadmin_account PATH_BASED_CELL_URL={{ path_based_cell_url_enabled }} @@ -40,6 +39,8 @@ else CELL_URL=https://${DOMAIN}/${CELL_NAME} fi +CELL_OWNER=${CELL_URL}/#unitadmin + # Account and password to create UU_NAME=(unitadmin) UU_PASS=() diff --git a/3-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 b/3-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 index 97f79c8..b4d4ddc 100644 --- a/3-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 +++ b/3-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 @@ -24,7 +24,6 @@ MASTER_TOKEN={{ master_token }} CELL_NAME=unitadmin ROLE_UA_NAME=UnitAdmin ROLE_CCA_NAME=CellContentsAdmin -CELL_OWNER=personium-localunit:/$CELL_NAME/#unitadmin UNITADMIN_ACCOUNT_FILE=/root/ansible/unitadmin_account PATH_BASED_CELL_URL={{ path_based_cell_url_enabled }} @@ -40,6 +39,8 @@ else CELL_URL=https://${DOMAIN}/${CELL_NAME} fi +CELL_OWNER=${CELL_URL}/#unitadmin + # Account and password to create UU_NAME=(unitadmin) UU_PASS=() From 58c4cf066d79a18a12d8bfb52019d2ea1527ffda Mon Sep 17 00:00:00 2001 From: "Tochiori, Yasufumi" Date: Wed, 16 Oct 2019 13:30:09 +0900 Subject: [PATCH 05/12] Refactor --- .../bastion/tmp/personium-init-svcmgr.sh.j2 | 20 +++++++++---------- .../bastion/tmp/personium-init-svcmgr.sh.j2 | 20 +++++++++---------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/1-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 b/1-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 index f0d16bb..f8e0928 100644 --- a/1-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 +++ b/1-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 @@ -34,12 +34,12 @@ if [ "false" == "${PATH_BASED_CELL_URL}" ]; then echo "127.0.0.1" ${CELL_NAME}.${DOMAIN} >> /etc/hosts fi - CELL_URL=https://${CELL_NAME}.${DOMAIN} + CELL_URL=https://${CELL_NAME}.${DOMAIN}/ else - CELL_URL=https://${DOMAIN}/${CELL_NAME} + CELL_URL=https://${DOMAIN}/${CELL_NAME}/ fi -CELL_OWNER=${CELL_URL}/#unitadmin +CELL_OWNER=${CELL_URL}#unitadmin # Account and password to create UU_NAME=(unitadmin) @@ -71,41 +71,41 @@ UU_PASS+=(`perl -le 'print map { ("a".."z","A".."Z", 0..9)[rand 36] } 1..16'`) echo " creating account ["${UU_NAME}"]" echo " passwd ["${UU_PASS}"]" -CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" $CELL_URL/__ctl/Account -X POST -H "Authorization: Bearer $MASTER_TOKEN" -H "X-Personium-Credential: ${UU_PASS}" -d "{\"Name\":\"${UU_NAME}\"}" -k -i -s` +CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" ${CELL_URL}__ctl/Account -X POST -H "Authorization: Bearer $MASTER_TOKEN" -H "X-Personium-Credential: ${UU_PASS}" -d "{\"Name\":\"${UU_NAME}\"}" -k -i -s` echo "$CURL_RESULT" check_response 201 "Account created" echo " -- Account check" echo "checking account["${UU_NAME}"]" -CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" $CELL_URL/__token -X POST -d "grant_type=password&username=${UU_NAME}&password=${UU_PASS}" -k -i -s` +CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" ${CELL_URL}__token -X POST -d "grant_type=password&username=${UU_NAME}&password=${UU_PASS}" -k -i -s` echo "$CURL_RESULT" check_response 200 "Check Account Created" # Create UnitAdmin role echo "###### Create UnitAdmin role ######" -CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" $CELL_URL/__ctl/Role -X POST -H "Authorization: Bearer $MASTER_TOKEN" -d "{\"Name\":\"$ROLE_UA_NAME\"}" -k -i -s` +CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" ${CELL_URL}__ctl/Role -X POST -H "Authorization: Bearer $MASTER_TOKEN" -d "{\"Name\":\"$ROLE_UA_NAME\"}" -k -i -s` echo "$CURL_RESULT" check_response 201 "UnitAdmin Role created" echo "-- UnitAdmin Role check" -CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" "$CELL_URL/__ctl/Role(%27$ROLE_UA_NAME%27)" -X GET -H "Authorization: Bearer $MASTER_TOKEN" -k -i -s` +CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" "${CELL_URL}__ctl/Role(%27$ROLE_UA_NAME%27)" -X GET -H "Authorization: Bearer $MASTER_TOKEN" -k -i -s` echo "$CURL_RESULT" check_response 200 "Check UnitAdmin Role Created" # Create CellContentsAdmin role echo "###### Create CellContentsAdmin role ######" -CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" $CELL_URL/__ctl/Role -X POST -H "Authorization: Bearer $MASTER_TOKEN" -d "{\"Name\":\"$ROLE_CCA_NAME\"}" -k -i -s` +CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" ${CELL_URL}__ctl/Role -X POST -H "Authorization: Bearer $MASTER_TOKEN" -d "{\"Name\":\"$ROLE_CCA_NAME\"}" -k -i -s` echo "$CURL_RESULT" check_response 201 "CellContentsAdmin Role created" echo "-- CellContentsAdmin Role check" -CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" "$CELL_URL/__ctl/Role(%27$ROLE_CCA_NAME%27)" -X GET -H "Authorization: Bearer $MASTER_TOKEN" -k -i -s` +CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" "${CELL_URL}__ctl/Role(%27$ROLE_CCA_NAME%27)" -X GET -H "Authorization: Bearer $MASTER_TOKEN" -k -i -s` echo "$CURL_RESULT" check_response 200 "Check CellContentsAdmin Role Created" # Link unitadmin - CellContentsAdmin echo "###### Link unitadmin - CellContentsAdmin ######" -CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" "$CELL_URL/__ctl/Role(%27$ROLE_CCA_NAME%27)/\\$links/_Account" -X POST -H "Authorization: Bearer $MASTER_TOKEN" -d "{\"uri\":\"$CELL_URL/__ctl/Account('${UU_NAME}')\"}" -k -i -s` +CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" "${CELL_URL}__ctl/Role(%27$ROLE_CCA_NAME%27)/\\$links/_Account" -X POST -H "Authorization: Bearer $MASTER_TOKEN" -d "{\"uri\":\"${CELL_URL}__ctl/Account('${UU_NAME}')\"}" -k -i -s` echo "$CURL_RESULT" check_response 204 "Link unitadmin - CellContentsAdmin" diff --git a/3-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 b/3-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 index b4d4ddc..e694d30 100644 --- a/3-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 +++ b/3-server_unit/resource/bastion/tmp/personium-init-svcmgr.sh.j2 @@ -34,12 +34,12 @@ if [ "false" == "${PATH_BASED_CELL_URL}" ]; then echo "{{ web_private_ip }}" ${CELL_NAME}.${DOMAIN} >> /etc/hosts fi - CELL_URL=https://${CELL_NAME}.${DOMAIN} + CELL_URL=https://${CELL_NAME}.${DOMAIN}/ else - CELL_URL=https://${DOMAIN}/${CELL_NAME} + CELL_URL=https://${DOMAIN}/${CELL_NAME}/ fi -CELL_OWNER=${CELL_URL}/#unitadmin +CELL_OWNER=${CELL_URL}#unitadmin # Account and password to create UU_NAME=(unitadmin) @@ -71,41 +71,41 @@ UU_PASS+=(`perl -le 'print map { ("a".."z","A".."Z", 0..9)[rand 36] } 1..16'`) echo " creating account ["${UU_NAME}"]" echo " passwd ["${UU_PASS}"]" -CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" $CELL_URL/__ctl/Account -X POST -H "Authorization: Bearer $MASTER_TOKEN" -H "X-Personium-Credential: ${UU_PASS}" -d "{\"Name\":\"${UU_NAME}\"}" -k -i -s` +CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" ${CELL_URL}__ctl/Account -X POST -H "Authorization: Bearer $MASTER_TOKEN" -H "X-Personium-Credential: ${UU_PASS}" -d "{\"Name\":\"${UU_NAME}\"}" -k -i -s` echo "$CURL_RESULT" check_response 201 "Account created" echo " -- Account check" echo "checking account["${UU_NAME}"]" -CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" $CELL_URL/__token -X POST -d "grant_type=password&username=${UU_NAME}&password=${UU_PASS}" -k -i -s` +CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" ${CELL_URL}__token -X POST -d "grant_type=password&username=${UU_NAME}&password=${UU_PASS}" -k -i -s` echo "$CURL_RESULT" check_response 200 "Check Account Created" # Create UnitAdmin role echo "###### Create UnitAdmin role ######" -CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" $CELL_URL/__ctl/Role -X POST -H "Authorization: Bearer $MASTER_TOKEN" -d "{\"Name\":\"$ROLE_UA_NAME\"}" -k -i -s` +CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" ${CELL_URL}__ctl/Role -X POST -H "Authorization: Bearer $MASTER_TOKEN" -d "{\"Name\":\"$ROLE_UA_NAME\"}" -k -i -s` echo "$CURL_RESULT" check_response 201 "UnitAdmin Role created" echo "-- UnitAdmin Role check" -CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" "$CELL_URL/__ctl/Role(%27$ROLE_UA_NAME%27)" -X GET -H "Authorization: Bearer $MASTER_TOKEN" -k -i -s` +CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" "${CELL_URL}__ctl/Role(%27$ROLE_UA_NAME%27)" -X GET -H "Authorization: Bearer $MASTER_TOKEN" -k -i -s` echo "$CURL_RESULT" check_response 200 "Check UnitAdmin Role Created" # Create CellContentsAdmin role echo "###### Create CellContentsAdmin role ######" -CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" $CELL_URL/__ctl/Role -X POST -H "Authorization: Bearer $MASTER_TOKEN" -d "{\"Name\":\"$ROLE_CCA_NAME\"}" -k -i -s` +CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" ${CELL_URL}__ctl/Role -X POST -H "Authorization: Bearer $MASTER_TOKEN" -d "{\"Name\":\"$ROLE_CCA_NAME\"}" -k -i -s` echo "$CURL_RESULT" check_response 201 "CellContentsAdmin Role created" echo "-- CellContentsAdmin Role check" -CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" "$CELL_URL/__ctl/Role(%27$ROLE_CCA_NAME%27)" -X GET -H "Authorization: Bearer $MASTER_TOKEN" -k -i -s` +CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" "${CELL_URL}__ctl/Role(%27$ROLE_CCA_NAME%27)" -X GET -H "Authorization: Bearer $MASTER_TOKEN" -k -i -s` echo "$CURL_RESULT" check_response 200 "Check CellContentsAdmin Role Created" # Link unitadmin - CellContentsAdmin echo "###### Link unitadmin - CellContentsAdmin ######" -CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" "$CELL_URL/__ctl/Role(%27$ROLE_CCA_NAME%27)/\\$links/_Account" -X POST -H "Authorization: Bearer $MASTER_TOKEN" -d "{\"uri\":\"$CELL_URL/__ctl/Account('${UU_NAME}')\"}" -k -i -s` +CURL_RESULT=`curl -w "\nstatus:%{http_code}\n" "${CELL_URL}__ctl/Role(%27$ROLE_CCA_NAME%27)/\\$links/_Account" -X POST -H "Authorization: Bearer $MASTER_TOKEN" -d "{\"uri\":\"${CELL_URL}__ctl/Account('${UU_NAME}')\"}" -k -i -s` echo "$CURL_RESULT" check_response 204 "Link unitadmin - CellContentsAdmin" From 9810333c37ac5414427059173bb748fd2ab068ee Mon Sep 17 00:00:00 2001 From: "Tochiori, Yasufumi" Date: Thu, 17 Oct 2019 17:29:57 +0900 Subject: [PATCH 06/12] Correct sentence --- Create_Server_Certificate_for_Self-sign.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Create_Server_Certificate_for_Self-sign.md b/Create_Server_Certificate_for_Self-sign.md index 0a3697e..6381ea1 100644 --- a/Create_Server_Certificate_for_Self-sign.md +++ b/Create_Server_Certificate_for_Self-sign.md @@ -5,7 +5,7 @@ Following is server self-signed ssl certificate creation procedure. * Common Name value should be the unit domain name. -* Subject Alternative Name (SAN) values are also should be the unit domain name +* Subject Alternative Name (SAN) values should also be the unit domain name and wildcard domain name. ```console From ee22597e999f61b8dc3eb4a0dbdddcde9ffae2a0 Mon Sep 17 00:00:00 2001 From: "Tochiori, Yasufumi" Date: Thu, 17 Oct 2019 19:03:42 +0900 Subject: [PATCH 07/12] Remove unused logback deployment --- 1-server_unit/Ansible_Settings_Instruction.md | 2 - 1-server_unit/group_vars/nfs.yml | 4 +- 1-server_unit/nfs.yml | 1 - .../etc/logrotate.d/personium-core-log | 0 .../resource/nfs/opt/logback/logback.xml | 152 ------------------ .../nfs/personium/logback/dc1-logback.jar | Bin 7990 -> 0 bytes 1-server_unit/tasks/ap/personium_deploy.yml | 6 + 1-server_unit/tasks/nfs/init_logback.yml | 40 ----- 3-server_unit/Ansible_Settings_Instruction.md | 2 - 3-server_unit/group_vars/nfs.yml | 2 - 3-server_unit/nfs.yml | 1 - .../etc/logrotate.d/personium-core-log | 0 .../resource/nfs/opt/logback/logback.xml | 152 ------------------ .../nfs/personium/logback/dc1-logback.jar | Bin 7990 -> 0 bytes 3-server_unit/tasks/ap/personium_deploy.yml | 6 + 3-server_unit/tasks/nfs/init_logback.yml | 40 ----- 16 files changed, 13 insertions(+), 395 deletions(-) rename 1-server_unit/resource/{nfs => ap}/etc/logrotate.d/personium-core-log (100%) delete mode 100644 1-server_unit/resource/nfs/opt/logback/logback.xml delete mode 100644 1-server_unit/resource/nfs/personium/logback/dc1-logback.jar delete mode 100644 1-server_unit/tasks/nfs/init_logback.yml rename 3-server_unit/resource/{nfs => ap}/etc/logrotate.d/personium-core-log (100%) delete mode 100644 3-server_unit/resource/nfs/opt/logback/logback.xml delete mode 100644 3-server_unit/resource/nfs/personium/logback/dc1-logback.jar delete mode 100644 3-server_unit/tasks/nfs/init_logback.yml diff --git a/1-server_unit/Ansible_Settings_Instruction.md b/1-server_unit/Ansible_Settings_Instruction.md index 3a7f878..9302318 100644 --- a/1-server_unit/Ansible_Settings_Instruction.md +++ b/1-server_unit/Ansible_Settings_Instruction.md @@ -154,8 +154,6 @@ Below are the files where modification is required. memcached_lock_cachesize: 512 memcached_cache_cachesize: 512 - - logback_version: 1.2.3 ``` #### Bastion server (file destination : /group_vars/bastion.yml) diff --git a/1-server_unit/group_vars/nfs.yml b/1-server_unit/group_vars/nfs.yml index 77d5ee5..2a92b25 100644 --- a/1-server_unit/group_vars/nfs.yml +++ b/1-server_unit/group_vars/nfs.yml @@ -14,6 +14,4 @@ cache_port: 11212 # memcached cachesize memcached_lock_cachesize: 512 -memcached_cache_cachesize: 512 - -logback_version: 1.2.3 \ No newline at end of file +memcached_cache_cachesize: 512 \ No newline at end of file diff --git a/1-server_unit/nfs.yml b/1-server_unit/nfs.yml index 0c21904..e34db5d 100644 --- a/1-server_unit/nfs.yml +++ b/1-server_unit/nfs.yml @@ -2,7 +2,6 @@ - include: ./tasks/common/init_process_account_personium.yml - include: ./tasks/nfs/init_personium-dir.yml -- include: ./tasks/nfs/init_logback.yml - include: ./tasks/nfs/init_memcached_env_os.yml when: cache_in_nfs diff --git a/1-server_unit/resource/nfs/etc/logrotate.d/personium-core-log b/1-server_unit/resource/ap/etc/logrotate.d/personium-core-log similarity index 100% rename from 1-server_unit/resource/nfs/etc/logrotate.d/personium-core-log rename to 1-server_unit/resource/ap/etc/logrotate.d/personium-core-log diff --git a/1-server_unit/resource/nfs/opt/logback/logback.xml b/1-server_unit/resource/nfs/opt/logback/logback.xml deleted file mode 100644 index 8e4744f..0000000 --- a/1-server_unit/resource/nfs/opt/logback/logback.xml +++ /dev/null @@ -1,152 +0,0 @@ - - - - - - - - ${LOG_FORMAT} - - - - - /personium/personium-core/log/personium-core.info.log - - - /personium/personium-core/log/personium-core.info.log.%d{yyyyMMdd}.gz - - - ${LOG_FORMAT} - - - - - /personium/personium-core/log/personium-core.log - - WARN - - - ${LOG_FORMAT} - true - - - - - - /personium/personium-core/log/personium-user.log - - - /personium/personium-core/log/personium-user.log.%d{yyyy-MM-dd}.gz - - - ${LOG_FORMAT} - - - - - /personium/personium-engine/log/personium-engine.log - - - /personium/personium-engine/log/personium-engine.log.%d{yyyyMMdd}.gz - - - ${LOG_FORMAT} - - - - - /personium/personium-repair/log/personium-repair.log - - - /personium/personium-repair/log/personium-repair.log.%d{yyyyMMdd}.gz - - - ${LOG_FORMAT} - - - - - - eventlog_path - unknown - - - - /personium_nfs/personium-core/eventlog/${eventlog_path}/current/default.log - - /personium_nfs/personium-core/eventlog/${eventlog_path}/archive/default.log.%i.zip - 1 - 12 - - - 50MB - - - %d{"yyyy-MM-dd'T'HH:mm:ss.SSS'Z'",UTC},[%-5level],%msg%n - - - - - - - /personium/logback/log/logback.log - - - /personium/logback/log/logback.log.%d{yyyyMMdd}.gz - - - %d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] [%-5level] %logger{0} %msg%n - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/1-server_unit/resource/nfs/personium/logback/dc1-logback.jar b/1-server_unit/resource/nfs/personium/logback/dc1-logback.jar deleted file mode 100644 index 269cbd0eb1ba3e30d9238c1e98dcc975bd6c1bdf..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7990 zcmbtZ1ymf#)<%N|4-zBAmJU}2wfG{}x z@Uq$L+q`{y-udsG?&)*-eqY_H?ykCZKP3Pn5<1+SjV6Gk{&n&D3GMb@UP?`jMOHzY zP3dpbkE042|KHG4;cW{rcS+`ji?nh*Ba2IYA1Znw+e&$}g*%d4rt+^H^}pYy1*eKlTs6n3?A;z{F=A+728No0TXNO=F~^3A44#sySI zG3{Q3+;o@bLcEj~C{s^ELcF*S6zQ(DIWCCsZ;D!POjq+m_ec5<@UHbnFR^(p-}xj` zYX#h>`Q50rm`(2Lb9^ldxruy%b)ApU)_x=Xl~iAI=po%A_kjkI88R*|BWF(1w_F-u zdAUP*m7)~R?xSAIL@|A%6cq(QJY_DzqRRf2zBp9<*g{JQ+FF|N4+eP;RS3nfhZ%~v z2uhQS3VBU5Bw1r-aSLMv0(D6{Y?F&MHj+7);*g81QXwR@k1*u5P2@^bo?G{?haM3I zPLNbd!ud?502@0t{9h|HS%_)BrzEyR6jM*7#FQKlxqfmYJ^u|V*ioWas^>98-m)Nc zk-`h(J$Yrbvum@rr_^*Jc#&@YUiQAE+xvFFeY=ymAx}}61q)p?vzQb>M$(Ijy1b$@terQ zBDb`eR`Wq@sQEHI9)XbHXF3&I925sLF=?0mDDJtwC0b2|MT>z2fC@3DMW8)@emmrX_Y4&U48kL?mu%&pyP8P4!8 zmM5{tn@?|7UE48{<^Mdo_+^ekug1%{oG33S`yeUS>RCuEej(%3D!Id&P_qeC^kaJR z&LO_OwSQIoShE-ddmuw8*Rv{n)<-O2VgfDfbmnQ{=+9qg0S1rHFQ7DrHA`6H5znZi z-mSGyiKJn+P}QHk7?cmlD97Z-4V#Y{74T*3~dL!HJul`v_j z>O+&gK5RVdXwJcDEk4J9a>V96!E(LIcu21{o+UIf>y@z%e5K>nc34d!@VKd2E%6O( zg4Udz=SfnE;g>VgC==}j2m+sMgrclqR{heh9d`8R%ona>xv#|aAN2y2%D5#kuyPCP zOT*;@xs}?R%fxIos?l-*)c}c;!2B9E z3P-76hcAZE0HnMBefg@NZ|(lvI%df8Lkev}Dj%wjDkp+a=4MJKEn=~`_hP(NDjM35 z+>*MlaPA%bP81JZsNVIzw`o|2EuNfgbVJc|Tk+S!*i~CTa^N?@#>$s)i?YJUz5Gb1 z=f*F84nsaR)v1!6Qn3&zvl0ra0b>Um7ICED+Y3nPEA$y-dTy=zttc5OH_(6nqL_Cc z>p3GMT{A$Opo5R*)GqstL9s7e!tR94V9$xATxI(?fHWXjcZm?Qck3$*r+!|4Zi7Nd zBu(xtJm}?xH_?54EhMocA)?3ehBJI=gVnf$Z3V;wEZR|>zI3^gxe_{Jws`%jiqYv( zN$LG)3sdoS=`~g;wrvk*R%lH2MRAnu$Vu$!$hfXAn=OduT6s^LeLn2RhQ!#8SIB5; zRthI7&%8>|rGBVp&w|*CH;=ue8)`U>#;O;apFGClE?OJs(ovB1B@Xg{rP5eIWlNre z0un5tZ~IX;L!!XE4-!w!-{B2dV|qPjvCqqAa|C(5CA>+Q*}vPEW*xzcJcMsiW0Gxc z#GdXAa;v9JjVIHDTK9VJ8FwVT!6aw15Q2HquXOJoM3vFXk6Hf~Mmr6t4p3b2#Bf@L z^&zKMB1!wWgasIMpfJ0uNd*fKc{WWBWKdZi_3fYBLy$==7C^nsjPc1N48oeV>~qT< zigpADGQ>HodT!fP_U1dhyoBLi>r5@SGE?l&SAonw-+$_o;LwK^=%6!34a6@!5L=41 zsal97hh)NS>{K+@mmQ$m0O3w7OI`kHkKG*NrCw)57aaWOm05 zVhO>Jg<%*}7p6q?lVmfMR+uOW17Q760eJ6cL@uED;j;6s3Z=*r1#Si^?uN|o)MbUU z+x<*sy|JIiYKR$e7|JXW7 z3$I#qQr(qy=lcPI{7RVZ%Vg0Bl|3U#)g!JZ^z+TnkM_rVw$$bF?#3f2Gq1^?`@NM zWL?#>*2}se(_XZGZ{>lZZgk&9JtFoz{3xqLGgeIo!p$u?wuRglt_#*J69*y=K)1<* zv4vsy-2Sp1>MqG)*<2_MWi{w^|9*88+%ZR@_KsA-(8m$67re6uaO_`_m2X7*GlE;S z>Rb!L<<(|$|5^Q>FN;^fjd=Z74&jNG+7l=gVpF3ZF^wH0WWxX z$AySbQPh0$L&}m&_WDJ)?NZA=4O!<(TLWL63oLBpbW-rhfYG38??aT|=hI5yA4C*;$o%!aDpL%n=EfNo0o3YExENX5^?|2@+=6|4Z73Rb1Q7rEGit4nGlP~HR zc)-D;SsgLSMX2A{hXJ*oC|I5pPp5H!8MN1Gjl?_mc|Jhw@jOnIH(i_Zy`*CBjCtrvq8tf(;6dQ-! zxNP{AOCSc7f@@Q;gp=-70Xqq`RV`ZEBZs|N00u#;n?OX_P@=~Ae(VwYSk=doxRYu~ z&rln&rKcV%--i)XiyZ$}GLo!r;A6}pO4PI7l*C;!niYv?qc+rf z2-%}_%All(m6u<}1r|kZbvqAyUaq-VYhy}WJ?!(;9^Pgf09}C&i`tyF&rnCI!p+=> zWZaYnDU@`)$W%lTrRbI1F=>zKl^c)v`y)FF*aYvX@~lT$MpBMBF&NML;w^%irc{f* za8T-0pq8Fiw3gr*4G*a8F!MTsBmS2Z$>eGWw6CySbX_n#1up>y= z(WDWFK%5r^;kK10yp^I6Je!rK9&c!Xr3FD)ktLUh>M>EZXz0NFcA{w?^CWYF>aKGG zyU&vz+=3eU-nH(u(!t(UdL%V$4s3xuF9$Kzn zaY;HBAVhmHZg%Cu{!s&(c5lL0@eh#z<*KJSX+8O$WSpN#IALHOCWS^>(7W+WQ!nW5 zQvf^5t2HIhFYNeo@l+~avUy4@op&?uhz_?&Rge~K4wvd)36{B$r!KXlBc8Ab4=flh z;}@Of$iFdqm2%umJgNSEKRlPdqP1lOsccJ2qc&@MPFeRPqWMBzoz;IS>xoC;-euGC zz4O6JX7Hrjv!%?qCNEXlf%NrLZnypwudw^tImG>nTmAP=+T0Nyma8_n;V7ne(Sfe} zF){flWmHj=C!ks?s+^$-5?aw>Q^)ELr7PEq#rnQ(g=K#2 zw&G5hiqo*svO}=RHU~4iVUnZkWPjGZ2C*=ejfx?hYuKMnXKpxn6H95z&obEZ`xZ!N zQH(n-$gq1^`?kc>k4kXEB8^h@(`h6RY~1OwNA;4rVF0yH)2QR+TyH)6IChjnk1ot< z7|OaixYzipAP6F-bYd4Y9cKi4o#Wg+T&K(#-PF#J^cnOE`>zk34iH*{-mIa_NiML< z<|70V=L2M~a4&f&X!f5Ux(B!5sQ_bQN7SQ!JH>PZrCmLcztonycu)M{>mh&iWY#4M zcOvmA*$t7@VwWo-_L0|mO?CJLsrgJ!49sPZb>)ohYt*sl1AApp!XXtx?p`I0JbEvF z*385W#B9W;~$*NbTVy2zxCsWz5nTl+8GBKfAeShu^oBC;VI}RB@#Te`Z#z z)f$?a6R7_VaJE`@K`EZRNMXUOSTis1rT&cN&$>w8A5rg3*QPVJQZcHW^&(I54V@0LPM2yk#8 z5aHm&{y&?38jkPV{&W>RFrFBJ2x1&E^m&PaR&loji&E{wFEYkOt&fNwQ${55TD(b^ z#l06q4h^Wgro?|U*+p!8{^_-7zq1qIv)`7VyyJe$<}j4YY-4fB%aaV=8BWO0O6xc3 zfG-xI4~`olS=+|2^>1oH+XHYY}CsSW6ed&D9IoG=uCg+bk)ltk;5@lmFW5rMbWkNj%T zU1|q#+TBJKW9}ios*dy;$xI`rDcnHK)piweN2 z_>SxhBZ*!oNjfTjw3|V0kGN|#iIk}ch{2(o<>xIaSq1c>YsAX3-u_e3>aR7zyRz6H zH9{LhN09A*ai;jy`L;aA`g`$>_1{Wre{G2AAF(FJ94xn0HX}o0t3P5ug?o2f6TC^R z8iL&x14)VD;5hy#9=qG{oNcTpwRFJqyab*KUIDl}>N&ePiO5CX@beW|FYyO=6Y72P z7?N3~ENMVOLQF8bD3;AXy5thqFG&+!9iU$AMSeNs}4H^4X~2h)_q(~xOB z_iY!17R8!ZaHEo^QuSUuCBhlE>q|USCeu~yJggE*^*o#thh=Knp0`N~2w7vuS(Gx> zkgQQ)cfbp(vccsCToODZfSl3XlLM=K@GHM_OMh$2R zLN|9;Ero7yoiNpe?}QKDY9vMT6vZ)8dRE^F{A|*T>%E{aXKb4L63w;}2#*B(k_Wxj zLTFiQ7#f0Olmqg1=w;P0XR@*Pz3wmipDIvl;hjwRTYm!f0LNUTq+jZUrY9wS27{FF zl^!0+vRUrqD2auyIM5%yw%sx27Wfi~AuR!~o4k~kxHK3-%M9&3c4m(^RgAzzCnt$X zE065dQO0GM;rZ&>3*RbTo&j$Fy8qj78){AD=K-~9T@u^)vVj_9=N+=ABCj>@agFw3 z)aVyu+V>+a%v)CyScyVEH&7wlJ@}+S$Q!CHjt(!gG!S3<@$q4}`d%2!yjTS&p)07t z#f=|M97HHd*C$@VU)AVcVO4n8B{Kc-x7gI&swOV{$AgO#8TP?$0$agPg9xeBGSCtw zo9D9zaO$_m`Z$d@2|X@9@UY9h+i|*KhO-0&u*c3~U|s*@Pwnq{o>`I>1x6H9OpWSP6yE;Wfj%GpK9?~jO+?)4yZ zq@QRolQN=(u#;(P%NxEP%iBRipAaRk&U?NX?yW9-@}x0%m6L5}Po%iKge0>9Mc1hY zyYxH@gzP|pD3rXS{wi?z-g+o4S{j*osm==-K3Ib5NGkBMZx_-NPQ_?4R=Lhm{039> zk*0c4v)dDFIc*Wgg=ia=*PutOC)|e~>-AKHu}(R)RVWYZg8N)=V18~F4qZjaYmF#D zk?!sS&{0}Sce%?OxXVh~e$@;C4Ge?BnzFi1(u?W$lqeWpr)SrqB`@P#TRWz-G+}A8 z8@ha?RvXubUSXn+UKW6Z!m`vSC#LpJSHiFi z6L}h*6N24JfRRVe<$(EM#H71&99jx4T5SS{Heqkpbe=|l(OmOA)%e|JQF!CpvIUg< z!&20;Xrg0P{!5&ED6_!x&5BIf80C;%)*Z?o!`h83i~XTZEzF@NyKk$1N<8i)pF?W9 zPp-FD;UMdae;%TFR#+KXJ5$c`IiDoZq}yM7s3Fbq8{FT}}g-R4=d!x%JCjUhxzDFtnmrJ{l{^@M;k=o;A17 zrDxsz(5?f)n8~JZ0)_gGd^%&DUC~LgNFLl6{S6VZX{}JfZ1>pP{=g#;ApX79b=#?1 z!-3nq%d38_YCmEBS^K(kzOx)3`rGp#i{YP?u%8USDo}SC)pxsVxa0QnyJGb-)W51) zcbe6AyF;wqUfv;oDp-Gyyj!fl+Z_@M{@;=RT7Lf?e5Yys1PlHO{;6>NJ;|NM^^*kr z_ar|RuODRpS@Zfqm*Z3N&t(6kfc<<<|2fzG*;p3tFJt$k`#&Q8`^J7`-aniBReSyO zqq@1Fxz$+zc(HzDSw9BmSMXh)_1$pbZf=x+1^<$D{XN%R-u06!;vc#GJq!E6`=9f$ zAIv#Elm8R%?^)T;@%#Q^{&j}>Nl!}p%lQ3e2>u-Q9sSSwN(q2`?~dvI?T`2NYu&!( Hf`j`%QrV4g diff --git a/1-server_unit/tasks/ap/personium_deploy.yml b/1-server_unit/tasks/ap/personium_deploy.yml index 2e304c1..93508ee 100644 --- a/1-server_unit/tasks/ap/personium_deploy.yml +++ b/1-server_unit/tasks/ap/personium_deploy.yml @@ -14,6 +14,12 @@ - name: Deploy logback.xml copy: src=./resource/ap/opt/logback/logback.xml dest=/opt/logback/logback.xml owner=personium group=personium mode=0644 +- name: Create /personium/logback/log/logback.log + file: path=/personium/logback/log/logback.log state=touch owner=personium group=personium mode=644 + +- name: Deploy /etc/logrotate.d/personium-core-log + copy: src=./resource/ap/etc/logrotate.d/personium-core-log dest=/etc/logrotate.d/personium-core-log owner=root group=root mode=0644 + - name: Stop tomcat systemd: name: tomcat diff --git a/1-server_unit/tasks/nfs/init_logback.yml b/1-server_unit/tasks/nfs/init_logback.yml deleted file mode 100644 index 8eed251..0000000 --- a/1-server_unit/tasks/nfs/init_logback.yml +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright FUJITSU LIMITED 2015-2017. - -- name: Download logback - command: wget -q -O logback-{{ logback_version }}.tar.gz --no-check-certificate http://logback.qos.ch/dist/logback-{{ logback_version }}.tar.gz - args: - chdir: /usr/local/src - creates: /usr/local/src/logback-{{ logback_version }}.tar.gz - -- name: Download slf4j - command: wget -q -O slf4j-1.6.4.tar.gz --no-check-certificate http://www.slf4j.org/dist/slf4j-1.6.4.tar.gz - args: - chdir: /usr/local/src - creates: /usr/local/src/slf4j-1.6.4.tar.gz - -- name: Create /opt/logback directory - file: state=directory path=/opt/logback owner=personium group=personium mode=0755 - -- name: Create /personium/logback/log/logback.log - file: path=/personium/logback/log/logback.log state=touch owner=personium group=personium mode=644 - -- name: Expand logback - command: tar xzf /usr/local/src/logback-{{ logback_version }}.tar.gz - args: - chdir: /opt/logback - creates: /opt/logback/logback-{{ logback_version }} - -- name: Expand slf4j - command: tar xzf /usr/local/src/slf4j-1.6.4.tar.gz - args: - chdir: /opt/logback - creates: /opt/logback/slf4j-1.6.4 - -- name: Change owner /opt/logback/logback-{{ logback_version }} directory - file: state=directory path=/opt/logback/logback-{{ logback_version }} owner=personium group=personium recurse=yes - -- name: Change owner /opt/logback/slf4j-1.6.4 directory - file: state=directory path=/opt/logback/slf4j-1.6.4 owner=personium group=personium recurse=yes - -- name: Deploy /etc/logrotate.d/personium-core-log - copy: src=./resource/nfs/etc/logrotate.d/personium-core-log dest=/etc/logrotate.d/personium-core-log owner=root group=root mode=0644 diff --git a/3-server_unit/Ansible_Settings_Instruction.md b/3-server_unit/Ansible_Settings_Instruction.md index 3530b22..fc49489 100644 --- a/3-server_unit/Ansible_Settings_Instruction.md +++ b/3-server_unit/Ansible_Settings_Instruction.md @@ -220,8 +220,6 @@ Below are the files where modification is required. memcached_lock_cachesize: 512 memcached_cache_cachesize: 512 - - logback_version: 1.2.3 ``` #### bastion server (file destination : /group_vars/bastion.yml) diff --git a/3-server_unit/group_vars/nfs.yml b/3-server_unit/group_vars/nfs.yml index 8d377a1..b7c80fe 100644 --- a/3-server_unit/group_vars/nfs.yml +++ b/3-server_unit/group_vars/nfs.yml @@ -15,5 +15,3 @@ cache_port: 11212 # memcached cachesize memcached_lock_cachesize: 512 memcached_cache_cachesize: 512 - -logback_version: 1.2.3 \ No newline at end of file diff --git a/3-server_unit/nfs.yml b/3-server_unit/nfs.yml index 9282156..da228e2 100644 --- a/3-server_unit/nfs.yml +++ b/3-server_unit/nfs.yml @@ -12,7 +12,6 @@ - include: ./tasks/common/init_process_account_personium.yml - include: ./tasks/nfs/init_personium-dir.yml - include: ./tasks/nfs/init_nfs-server.yml -- include: ./tasks/nfs/init_logback.yml - include: ./tasks/nfs/init_memcached_env_os.yml when: cache_in_nfs - include: ./tasks/nfs/init_memcached_install.yml diff --git a/3-server_unit/resource/nfs/etc/logrotate.d/personium-core-log b/3-server_unit/resource/ap/etc/logrotate.d/personium-core-log similarity index 100% rename from 3-server_unit/resource/nfs/etc/logrotate.d/personium-core-log rename to 3-server_unit/resource/ap/etc/logrotate.d/personium-core-log diff --git a/3-server_unit/resource/nfs/opt/logback/logback.xml b/3-server_unit/resource/nfs/opt/logback/logback.xml deleted file mode 100644 index 8e4744f..0000000 --- a/3-server_unit/resource/nfs/opt/logback/logback.xml +++ /dev/null @@ -1,152 +0,0 @@ - - - - - - - - ${LOG_FORMAT} - - - - - /personium/personium-core/log/personium-core.info.log - - - /personium/personium-core/log/personium-core.info.log.%d{yyyyMMdd}.gz - - - ${LOG_FORMAT} - - - - - /personium/personium-core/log/personium-core.log - - WARN - - - ${LOG_FORMAT} - true - - - - - - /personium/personium-core/log/personium-user.log - - - /personium/personium-core/log/personium-user.log.%d{yyyy-MM-dd}.gz - - - ${LOG_FORMAT} - - - - - /personium/personium-engine/log/personium-engine.log - - - /personium/personium-engine/log/personium-engine.log.%d{yyyyMMdd}.gz - - - ${LOG_FORMAT} - - - - - /personium/personium-repair/log/personium-repair.log - - - /personium/personium-repair/log/personium-repair.log.%d{yyyyMMdd}.gz - - - ${LOG_FORMAT} - - - - - - eventlog_path - unknown - - - - /personium_nfs/personium-core/eventlog/${eventlog_path}/current/default.log - - /personium_nfs/personium-core/eventlog/${eventlog_path}/archive/default.log.%i.zip - 1 - 12 - - - 50MB - - - %d{"yyyy-MM-dd'T'HH:mm:ss.SSS'Z'",UTC},[%-5level],%msg%n - - - - - - - /personium/logback/log/logback.log - - - /personium/logback/log/logback.log.%d{yyyyMMdd}.gz - - - %d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] [%-5level] %logger{0} %msg%n - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/3-server_unit/resource/nfs/personium/logback/dc1-logback.jar b/3-server_unit/resource/nfs/personium/logback/dc1-logback.jar deleted file mode 100644 index 269cbd0eb1ba3e30d9238c1e98dcc975bd6c1bdf..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7990 zcmbtZ1ymf#)<%N|4-zBAmJU}2wfG{}x z@Uq$L+q`{y-udsG?&)*-eqY_H?ykCZKP3Pn5<1+SjV6Gk{&n&D3GMb@UP?`jMOHzY zP3dpbkE042|KHG4;cW{rcS+`ji?nh*Ba2IYA1Znw+e&$}g*%d4rt+^H^}pYy1*eKlTs6n3?A;z{F=A+728No0TXNO=F~^3A44#sySI zG3{Q3+;o@bLcEj~C{s^ELcF*S6zQ(DIWCCsZ;D!POjq+m_ec5<@UHbnFR^(p-}xj` zYX#h>`Q50rm`(2Lb9^ldxruy%b)ApU)_x=Xl~iAI=po%A_kjkI88R*|BWF(1w_F-u zdAUP*m7)~R?xSAIL@|A%6cq(QJY_DzqRRf2zBp9<*g{JQ+FF|N4+eP;RS3nfhZ%~v z2uhQS3VBU5Bw1r-aSLMv0(D6{Y?F&MHj+7);*g81QXwR@k1*u5P2@^bo?G{?haM3I zPLNbd!ud?502@0t{9h|HS%_)BrzEyR6jM*7#FQKlxqfmYJ^u|V*ioWas^>98-m)Nc zk-`h(J$Yrbvum@rr_^*Jc#&@YUiQAE+xvFFeY=ymAx}}61q)p?vzQb>M$(Ijy1b$@terQ zBDb`eR`Wq@sQEHI9)XbHXF3&I925sLF=?0mDDJtwC0b2|MT>z2fC@3DMW8)@emmrX_Y4&U48kL?mu%&pyP8P4!8 zmM5{tn@?|7UE48{<^Mdo_+^ekug1%{oG33S`yeUS>RCuEej(%3D!Id&P_qeC^kaJR z&LO_OwSQIoShE-ddmuw8*Rv{n)<-O2VgfDfbmnQ{=+9qg0S1rHFQ7DrHA`6H5znZi z-mSGyiKJn+P}QHk7?cmlD97Z-4V#Y{74T*3~dL!HJul`v_j z>O+&gK5RVdXwJcDEk4J9a>V96!E(LIcu21{o+UIf>y@z%e5K>nc34d!@VKd2E%6O( zg4Udz=SfnE;g>VgC==}j2m+sMgrclqR{heh9d`8R%ona>xv#|aAN2y2%D5#kuyPCP zOT*;@xs}?R%fxIos?l-*)c}c;!2B9E z3P-76hcAZE0HnMBefg@NZ|(lvI%df8Lkev}Dj%wjDkp+a=4MJKEn=~`_hP(NDjM35 z+>*MlaPA%bP81JZsNVIzw`o|2EuNfgbVJc|Tk+S!*i~CTa^N?@#>$s)i?YJUz5Gb1 z=f*F84nsaR)v1!6Qn3&zvl0ra0b>Um7ICED+Y3nPEA$y-dTy=zttc5OH_(6nqL_Cc z>p3GMT{A$Opo5R*)GqstL9s7e!tR94V9$xATxI(?fHWXjcZm?Qck3$*r+!|4Zi7Nd zBu(xtJm}?xH_?54EhMocA)?3ehBJI=gVnf$Z3V;wEZR|>zI3^gxe_{Jws`%jiqYv( zN$LG)3sdoS=`~g;wrvk*R%lH2MRAnu$Vu$!$hfXAn=OduT6s^LeLn2RhQ!#8SIB5; zRthI7&%8>|rGBVp&w|*CH;=ue8)`U>#;O;apFGClE?OJs(ovB1B@Xg{rP5eIWlNre z0un5tZ~IX;L!!XE4-!w!-{B2dV|qPjvCqqAa|C(5CA>+Q*}vPEW*xzcJcMsiW0Gxc z#GdXAa;v9JjVIHDTK9VJ8FwVT!6aw15Q2HquXOJoM3vFXk6Hf~Mmr6t4p3b2#Bf@L z^&zKMB1!wWgasIMpfJ0uNd*fKc{WWBWKdZi_3fYBLy$==7C^nsjPc1N48oeV>~qT< zigpADGQ>HodT!fP_U1dhyoBLi>r5@SGE?l&SAonw-+$_o;LwK^=%6!34a6@!5L=41 zsal97hh)NS>{K+@mmQ$m0O3w7OI`kHkKG*NrCw)57aaWOm05 zVhO>Jg<%*}7p6q?lVmfMR+uOW17Q760eJ6cL@uED;j;6s3Z=*r1#Si^?uN|o)MbUU z+x<*sy|JIiYKR$e7|JXW7 z3$I#qQr(qy=lcPI{7RVZ%Vg0Bl|3U#)g!JZ^z+TnkM_rVw$$bF?#3f2Gq1^?`@NM zWL?#>*2}se(_XZGZ{>lZZgk&9JtFoz{3xqLGgeIo!p$u?wuRglt_#*J69*y=K)1<* zv4vsy-2Sp1>MqG)*<2_MWi{w^|9*88+%ZR@_KsA-(8m$67re6uaO_`_m2X7*GlE;S z>Rb!L<<(|$|5^Q>FN;^fjd=Z74&jNG+7l=gVpF3ZF^wH0WWxX z$AySbQPh0$L&}m&_WDJ)?NZA=4O!<(TLWL63oLBpbW-rhfYG38??aT|=hI5yA4C*;$o%!aDpL%n=EfNo0o3YExENX5^?|2@+=6|4Z73Rb1Q7rEGit4nGlP~HR zc)-D;SsgLSMX2A{hXJ*oC|I5pPp5H!8MN1Gjl?_mc|Jhw@jOnIH(i_Zy`*CBjCtrvq8tf(;6dQ-! zxNP{AOCSc7f@@Q;gp=-70Xqq`RV`ZEBZs|N00u#;n?OX_P@=~Ae(VwYSk=doxRYu~ z&rln&rKcV%--i)XiyZ$}GLo!r;A6}pO4PI7l*C;!niYv?qc+rf z2-%}_%All(m6u<}1r|kZbvqAyUaq-VYhy}WJ?!(;9^Pgf09}C&i`tyF&rnCI!p+=> zWZaYnDU@`)$W%lTrRbI1F=>zKl^c)v`y)FF*aYvX@~lT$MpBMBF&NML;w^%irc{f* za8T-0pq8Fiw3gr*4G*a8F!MTsBmS2Z$>eGWw6CySbX_n#1up>y= z(WDWFK%5r^;kK10yp^I6Je!rK9&c!Xr3FD)ktLUh>M>EZXz0NFcA{w?^CWYF>aKGG zyU&vz+=3eU-nH(u(!t(UdL%V$4s3xuF9$Kzn zaY;HBAVhmHZg%Cu{!s&(c5lL0@eh#z<*KJSX+8O$WSpN#IALHOCWS^>(7W+WQ!nW5 zQvf^5t2HIhFYNeo@l+~avUy4@op&?uhz_?&Rge~K4wvd)36{B$r!KXlBc8Ab4=flh z;}@Of$iFdqm2%umJgNSEKRlPdqP1lOsccJ2qc&@MPFeRPqWMBzoz;IS>xoC;-euGC zz4O6JX7Hrjv!%?qCNEXlf%NrLZnypwudw^tImG>nTmAP=+T0Nyma8_n;V7ne(Sfe} zF){flWmHj=C!ks?s+^$-5?aw>Q^)ELr7PEq#rnQ(g=K#2 zw&G5hiqo*svO}=RHU~4iVUnZkWPjGZ2C*=ejfx?hYuKMnXKpxn6H95z&obEZ`xZ!N zQH(n-$gq1^`?kc>k4kXEB8^h@(`h6RY~1OwNA;4rVF0yH)2QR+TyH)6IChjnk1ot< z7|OaixYzipAP6F-bYd4Y9cKi4o#Wg+T&K(#-PF#J^cnOE`>zk34iH*{-mIa_NiML< z<|70V=L2M~a4&f&X!f5Ux(B!5sQ_bQN7SQ!JH>PZrCmLcztonycu)M{>mh&iWY#4M zcOvmA*$t7@VwWo-_L0|mO?CJLsrgJ!49sPZb>)ohYt*sl1AApp!XXtx?p`I0JbEvF z*385W#B9W;~$*NbTVy2zxCsWz5nTl+8GBKfAeShu^oBC;VI}RB@#Te`Z#z z)f$?a6R7_VaJE`@K`EZRNMXUOSTis1rT&cN&$>w8A5rg3*QPVJQZcHW^&(I54V@0LPM2yk#8 z5aHm&{y&?38jkPV{&W>RFrFBJ2x1&E^m&PaR&loji&E{wFEYkOt&fNwQ${55TD(b^ z#l06q4h^Wgro?|U*+p!8{^_-7zq1qIv)`7VyyJe$<}j4YY-4fB%aaV=8BWO0O6xc3 zfG-xI4~`olS=+|2^>1oH+XHYY}CsSW6ed&D9IoG=uCg+bk)ltk;5@lmFW5rMbWkNj%T zU1|q#+TBJKW9}ios*dy;$xI`rDcnHK)piweN2 z_>SxhBZ*!oNjfTjw3|V0kGN|#iIk}ch{2(o<>xIaSq1c>YsAX3-u_e3>aR7zyRz6H zH9{LhN09A*ai;jy`L;aA`g`$>_1{Wre{G2AAF(FJ94xn0HX}o0t3P5ug?o2f6TC^R z8iL&x14)VD;5hy#9=qG{oNcTpwRFJqyab*KUIDl}>N&ePiO5CX@beW|FYyO=6Y72P z7?N3~ENMVOLQF8bD3;AXy5thqFG&+!9iU$AMSeNs}4H^4X~2h)_q(~xOB z_iY!17R8!ZaHEo^QuSUuCBhlE>q|USCeu~yJggE*^*o#thh=Knp0`N~2w7vuS(Gx> zkgQQ)cfbp(vccsCToODZfSl3XlLM=K@GHM_OMh$2R zLN|9;Ero7yoiNpe?}QKDY9vMT6vZ)8dRE^F{A|*T>%E{aXKb4L63w;}2#*B(k_Wxj zLTFiQ7#f0Olmqg1=w;P0XR@*Pz3wmipDIvl;hjwRTYm!f0LNUTq+jZUrY9wS27{FF zl^!0+vRUrqD2auyIM5%yw%sx27Wfi~AuR!~o4k~kxHK3-%M9&3c4m(^RgAzzCnt$X zE065dQO0GM;rZ&>3*RbTo&j$Fy8qj78){AD=K-~9T@u^)vVj_9=N+=ABCj>@agFw3 z)aVyu+V>+a%v)CyScyVEH&7wlJ@}+S$Q!CHjt(!gG!S3<@$q4}`d%2!yjTS&p)07t z#f=|M97HHd*C$@VU)AVcVO4n8B{Kc-x7gI&swOV{$AgO#8TP?$0$agPg9xeBGSCtw zo9D9zaO$_m`Z$d@2|X@9@UY9h+i|*KhO-0&u*c3~U|s*@Pwnq{o>`I>1x6H9OpWSP6yE;Wfj%GpK9?~jO+?)4yZ zq@QRolQN=(u#;(P%NxEP%iBRipAaRk&U?NX?yW9-@}x0%m6L5}Po%iKge0>9Mc1hY zyYxH@gzP|pD3rXS{wi?z-g+o4S{j*osm==-K3Ib5NGkBMZx_-NPQ_?4R=Lhm{039> zk*0c4v)dDFIc*Wgg=ia=*PutOC)|e~>-AKHu}(R)RVWYZg8N)=V18~F4qZjaYmF#D zk?!sS&{0}Sce%?OxXVh~e$@;C4Ge?BnzFi1(u?W$lqeWpr)SrqB`@P#TRWz-G+}A8 z8@ha?RvXubUSXn+UKW6Z!m`vSC#LpJSHiFi z6L}h*6N24JfRRVe<$(EM#H71&99jx4T5SS{Heqkpbe=|l(OmOA)%e|JQF!CpvIUg< z!&20;Xrg0P{!5&ED6_!x&5BIf80C;%)*Z?o!`h83i~XTZEzF@NyKk$1N<8i)pF?W9 zPp-FD;UMdae;%TFR#+KXJ5$c`IiDoZq}yM7s3Fbq8{FT}}g-R4=d!x%JCjUhxzDFtnmrJ{l{^@M;k=o;A17 zrDxsz(5?f)n8~JZ0)_gGd^%&DUC~LgNFLl6{S6VZX{}JfZ1>pP{=g#;ApX79b=#?1 z!-3nq%d38_YCmEBS^K(kzOx)3`rGp#i{YP?u%8USDo}SC)pxsVxa0QnyJGb-)W51) zcbe6AyF;wqUfv;oDp-Gyyj!fl+Z_@M{@;=RT7Lf?e5Yys1PlHO{;6>NJ;|NM^^*kr z_ar|RuODRpS@Zfqm*Z3N&t(6kfc<<<|2fzG*;p3tFJt$k`#&Q8`^J7`-aniBReSyO zqq@1Fxz$+zc(HzDSw9BmSMXh)_1$pbZf=x+1^<$D{XN%R-u06!;vc#GJq!E6`=9f$ zAIv#Elm8R%?^)T;@%#Q^{&j}>Nl!}p%lQ3e2>u-Q9sSSwN(q2`?~dvI?T`2NYu&!( Hf`j`%QrV4g diff --git a/3-server_unit/tasks/ap/personium_deploy.yml b/3-server_unit/tasks/ap/personium_deploy.yml index dea804c..1fb811d 100644 --- a/3-server_unit/tasks/ap/personium_deploy.yml +++ b/3-server_unit/tasks/ap/personium_deploy.yml @@ -14,6 +14,12 @@ - name: Deploy logback.xml copy: src=./resource/ap/opt/logback/logback.xml dest=/opt/logback/logback.xml owner=personium group=personium mode=0644 +- name: Create /personium/logback/log/logback.log + file: path=/personium/logback/log/logback.log state=touch owner=personium group=personium mode=644 + +- name: Deploy /etc/logrotate.d/personium-core-log + copy: src=./resource/ap/etc/logrotate.d/personium-core-log dest=/etc/logrotate.d/personium-core-log owner=root group=root mode=0644 + - name: Stop tomcat systemd: name: tomcat diff --git a/3-server_unit/tasks/nfs/init_logback.yml b/3-server_unit/tasks/nfs/init_logback.yml deleted file mode 100644 index 8eed251..0000000 --- a/3-server_unit/tasks/nfs/init_logback.yml +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright FUJITSU LIMITED 2015-2017. - -- name: Download logback - command: wget -q -O logback-{{ logback_version }}.tar.gz --no-check-certificate http://logback.qos.ch/dist/logback-{{ logback_version }}.tar.gz - args: - chdir: /usr/local/src - creates: /usr/local/src/logback-{{ logback_version }}.tar.gz - -- name: Download slf4j - command: wget -q -O slf4j-1.6.4.tar.gz --no-check-certificate http://www.slf4j.org/dist/slf4j-1.6.4.tar.gz - args: - chdir: /usr/local/src - creates: /usr/local/src/slf4j-1.6.4.tar.gz - -- name: Create /opt/logback directory - file: state=directory path=/opt/logback owner=personium group=personium mode=0755 - -- name: Create /personium/logback/log/logback.log - file: path=/personium/logback/log/logback.log state=touch owner=personium group=personium mode=644 - -- name: Expand logback - command: tar xzf /usr/local/src/logback-{{ logback_version }}.tar.gz - args: - chdir: /opt/logback - creates: /opt/logback/logback-{{ logback_version }} - -- name: Expand slf4j - command: tar xzf /usr/local/src/slf4j-1.6.4.tar.gz - args: - chdir: /opt/logback - creates: /opt/logback/slf4j-1.6.4 - -- name: Change owner /opt/logback/logback-{{ logback_version }} directory - file: state=directory path=/opt/logback/logback-{{ logback_version }} owner=personium group=personium recurse=yes - -- name: Change owner /opt/logback/slf4j-1.6.4 directory - file: state=directory path=/opt/logback/slf4j-1.6.4 owner=personium group=personium recurse=yes - -- name: Deploy /etc/logrotate.d/personium-core-log - copy: src=./resource/nfs/etc/logrotate.d/personium-core-log dest=/etc/logrotate.d/personium-core-log owner=root group=root mode=0644 From 2ee6d3d0246977272d30c5330ac0509195096ad9 Mon Sep 17 00:00:00 2001 From: "Tochiori, Yasufumi" Date: Fri, 18 Oct 2019 09:21:05 +0900 Subject: [PATCH 08/12] Update tomcat version to 9.0.27 --- 1-server_unit/group_vars/ap.yml | 2 +- 3-server_unit/group_vars/ap.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/1-server_unit/group_vars/ap.yml b/1-server_unit/group_vars/ap.yml index b239c6b..2658884 100644 --- a/1-server_unit/group_vars/ap.yml +++ b/1-server_unit/group_vars/ap.yml @@ -17,6 +17,6 @@ cache_port: 11212 cache_manager: memcached -tomcat_version: 9.0.10 +tomcat_version: 9.0.27 commons_daemon_version : 1.1.0 activemq_version: 5.15.8 diff --git a/3-server_unit/group_vars/ap.yml b/3-server_unit/group_vars/ap.yml index faf839c..9fda4e4 100644 --- a/3-server_unit/group_vars/ap.yml +++ b/3-server_unit/group_vars/ap.yml @@ -17,6 +17,6 @@ cache_port: 11212 cache_manager: memcached -tomcat_version: 9.0.10 +tomcat_version: 9.0.27 commons_daemon_version : 1.1.0 activemq_version: 5.15.8 From 98be3aa0d717be63bb2abad0e35564cdc5bbd2e3 Mon Sep 17 00:00:00 2001 From: "Tochiori, Yasufumi" Date: Fri, 18 Oct 2019 09:28:17 +0900 Subject: [PATCH 09/12] Fix Prerequisite --- 1-server_unit/README.md | 4 ++-- 3-server_unit/README.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/1-server_unit/README.md b/1-server_unit/README.md index d3a8ae2..36350b5 100644 --- a/1-server_unit/README.md +++ b/1-server_unit/README.md @@ -56,9 +56,9 @@ The following key file will be generated automatically during the Ansible execut * Prerequisite: * All infrastructure is created - * User account: root + * User account: sudo user * Ansible execution user account: root - * Ansible execution environment : Web/Bastion server + * Ansible execution environment : Bastion server * Fixed global IP address is attached to the Web server * Fixed private IP of all the remote servers. diff --git a/3-server_unit/README.md b/3-server_unit/README.md index 563e2f9..0b1d3e6 100644 --- a/3-server_unit/README.md +++ b/3-server_unit/README.md @@ -61,9 +61,9 @@ The following key file will be generated automatically during the Ansible execut * Prerequisite: * All infrastructure is created - * User account: root + * User account: sudo user * Ansible execution user account: root - * Ansible execution environment : Web/Bastion server + * Ansible execution environment : Bastion server * Fixed global IP address is attached to the Web server * Fixed private IP of all the remote servers. From f2cf6d0378f58194bc1d3687939eccafe5a59aee Mon Sep 17 00:00:00 2001 From: "Tochiori, Yasufumi" Date: Fri, 18 Oct 2019 09:37:48 +0900 Subject: [PATCH 10/12] Fix typo --- 1-server_unit/README.md | 8 ++++---- 3-server_unit/Ansible_Settings_Instruction.md | 6 +++--- 3-server_unit/README.md | 6 +++--- ...ipt.md => Create_Server_Certificate_for_Letsencrypt.md | 0 How_to_generate_Self-signed_Unit_Certificate.md | 2 +- 5 files changed, 11 insertions(+), 11 deletions(-) rename Create_Server_Certificate_for_Letsencript.md => Create_Server_Certificate_for_Letsencrypt.md (100%) diff --git a/1-server_unit/README.md b/1-server_unit/README.md index 36350b5..38c2a4c 100644 --- a/1-server_unit/README.md +++ b/1-server_unit/README.md @@ -2,7 +2,7 @@ --------------------------------------- ## Overview -The purpose of this document is to explain explecitely how to construct Personium unit on 1 server using Ansible. +The purpose of this document is to explain explicitly how to construct Personium unit on 1 server using Ansible. This ansible is checking the operation with Personium version 1.5.2 later and CentOS 7.2. ## Server setup :white_check_mark: @@ -70,7 +70,7 @@ See [DNS Setup for per-cell URL](../DNS_Setup_for_per-cell_url.md). * Using git client, clone the `ansible` repository (https://github.com/personium/ansible) to your local environment. \* Please clone or download the zip file from the release branch. -\* Since the master branch may contain new features which are under testing and development, errorneous behavior may be expected. +\* Since the master branch may contain new features which are under testing and development, erroneous behavior may be expected. \* From now on, we describe `1-server_unit` under cloned folder as `$ansible`. #### 3: Setup Ansible parameters @@ -104,7 +104,7 @@ See [DNS Setup for per-cell URL](../DNS_Setup_for_per-cell_url.md). #### 7: Prepare SSL certificate / private key * Prepare the SSL certificate and private key separately -If you have a domain and can set it to DNS, you can use an official SSL certificate. [Example of using Let's Encrypt.](../Create_Server_Certificate_for_Letsencript.md) +If you have a domain and can set it to DNS, you can use an official SSL certificate. [Example of using Let's Encrypt.](../Create_Server_Certificate_for_Letsencrypt.md) * Create and use self-signed SSL certificate when the official SSL certificate is not available. [Example of using Self-sign.](../Create_Server_Certificate_for_Self-sign.md) @@ -307,7 +307,7 @@ The `private key` (identification) will be placed in `/root/.ssh/id_rsa` \* reachability testing is done, if it shows the same - For the developers conveniency this document introduced the procedure to construct Personium unit using Ansible. + For the developers convenience this document introduced the procedure to construct Personium unit using Ansible. Hope developers will enjoy deploying Personium unit on any of their suitable environment. Please try Personium and let us know your feedback or comments for further betterment of Personium. Your feedback and comments will be highly appreciated. -------------------------------------------------------------------- diff --git a/3-server_unit/Ansible_Settings_Instruction.md b/3-server_unit/Ansible_Settings_Instruction.md index 3530b22..1c47ea0 100644 --- a/3-server_unit/Ansible_Settings_Instruction.md +++ b/3-server_unit/Ansible_Settings_Instruction.md @@ -65,15 +65,15 @@ Below are the files where modification is required. # EX: {Web_FQDN}->ec2-54-65-33-203.ap-northeast-1.compute.amazonaws.com {Bastion_Network_Separation} -# -> Specify the network catagory for Bastion server +# -> Specify the network category for Bastion server # EX: {Bastion_Network_Separation}->172.31.10.0/24 {WEB_Network_Separation} -# -> Specify the network catagory for WEB server +# -> Specify the network category for WEB server # EX: {WEB_Network_Separation}->172.31.10.0/24 {AP_Network_Separation} -# -> Specify the network catagory for AP server +# -> Specify the network category for AP server # EX: {AP_Network_Separation}->172.31.13.0/24 {Master_Token} diff --git a/3-server_unit/README.md b/3-server_unit/README.md index 0b1d3e6..9aa078f 100644 --- a/3-server_unit/README.md +++ b/3-server_unit/README.md @@ -75,7 +75,7 @@ See [DNS Setup for per-cell URL](../DNS_Setup_for_per-cell_url.md) * Using git client, clone the `ansible` repository (https://github.com/personium/ansible) to your local environment. \* Please clone or download the zip file from the release branch. -\* Since the master branch may contain new features which are under testing and development, errorneous behavior may be expected. +\* Since the master branch may contain new features which are under testing and development, erroneous behavior may be expected. \* From now on, we describe this `3-server_unit` folder as `$ansible`. #### 3: Setup Ansible parameters @@ -109,7 +109,7 @@ See [DNS Setup for per-cell URL](../DNS_Setup_for_per-cell_url.md) #### 7: Prepare SSL certificate / private key * Prepare the SSL certificate and private key separately -If you have a domain and can set it to DNS, you can use an official SSL certificate. [Example of using Let's Encrypt.](../Create_Server_Certificate_for_Letsencript.md) +If you have a domain and can set it to DNS, you can use an official SSL certificate. [Example of using Let's Encrypt.](../Create_Server_Certificate_for_Letsencrypt.md) * Create and use self-signed SSL certificate when the official SSL certificate is not available. [Example of using Self-sign.](../Create_Server_Certificate_for_Self-sign.md) @@ -324,7 +324,7 @@ The `private key` (identification) will be placed in `/root/.ssh/id_rsa` \* reachability testing is done, if it shows the same - For the developers conveniency this document introduced the procedure to construct Personium unit using Ansible. + For the developers convenience this document introduced the procedure to construct Personium unit using Ansible. Hope developers will enjoy deploying Personium unit on any of their suitable environment. Please try Personium and let us know your feedback or comments for further betterment of Personium. Your feedback and comments will be highly appreciated. -------------------------------------------------------------------- diff --git a/Create_Server_Certificate_for_Letsencript.md b/Create_Server_Certificate_for_Letsencrypt.md similarity index 100% rename from Create_Server_Certificate_for_Letsencript.md rename to Create_Server_Certificate_for_Letsencrypt.md diff --git a/How_to_generate_Self-signed_Unit_Certificate.md b/How_to_generate_Self-signed_Unit_Certificate.md index 0d573b5..b21e798 100644 --- a/How_to_generate_Self-signed_Unit_Certificate.md +++ b/How_to_generate_Self-signed_Unit_Certificate.md @@ -9,7 +9,7 @@ Followings will be created by openssl, after performing the procedure below. | File name | Explanation | |---|---| -|unit.key |This is a unit secret key. Created by RSA secret key of more than 2048bit in DER format. Managing this unit secret key strictly is highly recomended.| +|unit.key |This is a unit secret key. Created by RSA secret key of more than 2048bit in DER format. Managing this unit secret key strictly is highly recommended.| |unit.csr |Request for X.509 certificate. This file will be required to create the certificate and not be deployed on the server. | |unit-self-sign.crt |It is a DER format certificate supporting Unit Key. The value of CN should be the FQDN of `web` server. | From 79c45a78de9f381f0f6fae243e6b9eb7744b5a51 Mon Sep 17 00:00:00 2001 From: "Tochiori, Yasufumi" Date: Fri, 18 Oct 2019 09:41:47 +0900 Subject: [PATCH 11/12] Update tomcat version description --- 1-server_unit/Ansible_Settings_Instruction.md | 2 +- 3-server_unit/Ansible_Settings_Instruction.md | 2 +- README.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/1-server_unit/Ansible_Settings_Instruction.md b/1-server_unit/Ansible_Settings_Instruction.md index 3a7f878..3c0f1a6 100644 --- a/1-server_unit/Ansible_Settings_Instruction.md +++ b/1-server_unit/Ansible_Settings_Instruction.md @@ -115,7 +115,7 @@ Below are the files where modification is required. cache_manager: memcached - tomcat_version: 9.0.10 + tomcat_version: 9.0.27 commons_daemon_version : 1.1.0 diff --git a/3-server_unit/Ansible_Settings_Instruction.md b/3-server_unit/Ansible_Settings_Instruction.md index 1c47ea0..d4cd44f 100644 --- a/3-server_unit/Ansible_Settings_Instruction.md +++ b/3-server_unit/Ansible_Settings_Instruction.md @@ -181,7 +181,7 @@ Below are the files where modification is required. cache_manager: memcached - tomcat_version: 9.0.10 + tomcat_version: 9.0.27 commons_daemon_version : 1.1.0 diff --git a/README.md b/README.md index 44ec305..239a081 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,7 @@ For the setting procedure, please refer to [setup-vagrant](https://github.com/pe |Category | Name |Version | | |:--------------|:---------------|-------------:|:------------------| | java | AdoptOpenJDK | 8u192 | -- | - | tomcat | tomcat | 9.0.10 | web | + | tomcat | tomcat | 9.0.27 | web | | | commons-daemon | 1.1.0 | -- | | activemq | activemq | 5.15.8 | -- | | nginx | nginx | 1.14.2 | proxy | From f6c9f775a356f18cba12c1ece787bee7d563ea36 Mon Sep 17 00:00:00 2001 From: "Tochiori, Yasufumi" Date: Mon, 21 Oct 2019 13:52:03 +0900 Subject: [PATCH 12/12] Update commons_daemon_version to 1.2.2 --- 1-server_unit/Ansible_Settings_Instruction.md | 2 +- 1-server_unit/group_vars/ap.yml | 2 +- 3-server_unit/Ansible_Settings_Instruction.md | 2 +- 3-server_unit/group_vars/ap.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/1-server_unit/Ansible_Settings_Instruction.md b/1-server_unit/Ansible_Settings_Instruction.md index 42f41f7..d9e734c 100644 --- a/1-server_unit/Ansible_Settings_Instruction.md +++ b/1-server_unit/Ansible_Settings_Instruction.md @@ -117,7 +117,7 @@ Below are the files where modification is required. tomcat_version: 9.0.27 - commons_daemon_version : 1.1.0 + commons_daemon_version : 1.2.2 activemq_version: 5.15.8 ``` diff --git a/1-server_unit/group_vars/ap.yml b/1-server_unit/group_vars/ap.yml index 2658884..bc4005c 100644 --- a/1-server_unit/group_vars/ap.yml +++ b/1-server_unit/group_vars/ap.yml @@ -18,5 +18,5 @@ cache_manager: memcached tomcat_version: 9.0.27 -commons_daemon_version : 1.1.0 +commons_daemon_version : 1.2.2 activemq_version: 5.15.8 diff --git a/3-server_unit/Ansible_Settings_Instruction.md b/3-server_unit/Ansible_Settings_Instruction.md index 2b174ee..4018b3a 100644 --- a/3-server_unit/Ansible_Settings_Instruction.md +++ b/3-server_unit/Ansible_Settings_Instruction.md @@ -183,7 +183,7 @@ Below are the files where modification is required. tomcat_version: 9.0.27 - commons_daemon_version : 1.1.0 + commons_daemon_version : 1.2.2 activemq_version: 5.15.8 ``` diff --git a/3-server_unit/group_vars/ap.yml b/3-server_unit/group_vars/ap.yml index 9fda4e4..a84f590 100644 --- a/3-server_unit/group_vars/ap.yml +++ b/3-server_unit/group_vars/ap.yml @@ -18,5 +18,5 @@ cache_manager: memcached tomcat_version: 9.0.27 -commons_daemon_version : 1.1.0 +commons_daemon_version : 1.2.2 activemq_version: 5.15.8