From 8e80050459976e6be4edcfb8ec90f05c4e21644d Mon Sep 17 00:00:00 2001 From: Giovanni Toraldo <71768+gionn@users.noreply.github.com> Date: Tue, 3 Dec 2024 09:41:24 +0100 Subject: [PATCH] OPSEXP-2880 Add audit-storage role (#996) --- .envrc | 2 +- .github/workflows/enteprise.yml | 9 +++- .github/workflows/enterprise-extended.yml | 51 ------------------- 7.2.N-extra-vars.yml | 2 +- 7.3.N-extra-vars.yml | 2 +- README.md | 3 +- group_vars/all.yml | 8 +++ inventory_ha.yml | 4 ++ inventory_local.yml | 4 ++ inventory_ssh.yml | 5 ++ molecule/docker_enterprise/molecule.yml | 5 ++ molecule/elasticsearch/molecule.yml | 3 +- playbooks/acs.yml | 41 +++++++++++++++ roles/audit_storage/defaults/main.yml | 48 +++++++++++++++++ roles/audit_storage/handlers/main.yml | 13 +++++ roles/audit_storage/meta/main.yml | 33 ++++++++++++ .../molecule/default/converge.yml | 7 +++ .../molecule/default/host_vars/instance.yml | 1 + .../molecule/default/molecule.yml | 32 ++++++++++++ .../audit_storage/molecule/default/verify.yml | 14 +++++ roles/audit_storage/tasks/main.yml | 48 +++++++++++++++++ .../templates/systemd-service.j2 | 31 +++++++++++ roles/audit_storage/vars/main.yml | 6 +++ tests/test-config-aas.json | 42 +++++++++++++++ 24 files changed, 356 insertions(+), 58 deletions(-) delete mode 100644 .github/workflows/enterprise-extended.yml create mode 100644 roles/audit_storage/defaults/main.yml create mode 100644 roles/audit_storage/handlers/main.yml create mode 100644 roles/audit_storage/meta/main.yml create mode 100644 roles/audit_storage/molecule/default/converge.yml create mode 100644 roles/audit_storage/molecule/default/host_vars/instance.yml create mode 100644 roles/audit_storage/molecule/default/molecule.yml create mode 100644 roles/audit_storage/molecule/default/verify.yml create mode 100644 roles/audit_storage/tasks/main.yml create mode 100644 roles/audit_storage/templates/systemd-service.j2 create mode 100644 roles/audit_storage/vars/main.yml create mode 100644 tests/test-config-aas.json diff --git a/.envrc b/.envrc index 86b658b02..7565d7c30 100644 --- a/.envrc +++ b/.envrc @@ -4,7 +4,7 @@ export AWS_REGION=eu-west-1 export MOLECULE_IT_AWS_VPC_SUBNET_ID=subnet-6bdd4223 export BRANCH_NAME=local export BUILD_NUMBER=1 -export DTAS_VERSION=v1.5.3 +export DTAS_VERSION=v1.6.0 export MOLECULE_IT_ID=$(echo "$LOGNAME" | sha256sum | cut -c1-6) ANSIBLE_VAULT_PASSWORD_FILE=$(expand_path ./.vault_pass.txt) export ANSIBLE_VAULT_PASSWORD_FILE diff --git a/.github/workflows/enteprise.yml b/.github/workflows/enteprise.yml index c5bbee13e..16c8dbae2 100644 --- a/.github/workflows/enteprise.yml +++ b/.github/workflows/enteprise.yml @@ -19,7 +19,7 @@ on: workflow_dispatch: env: - DTAS_VERSION: v1.5.5 + DTAS_VERSION: v1.6.0 BUILD_NUMBER: ${{ github.run_id }} PY_COLORS: 1 PYTHONUNBUFFERED: 1 @@ -70,6 +70,7 @@ jobs: - name: sfs - name: sync - name: trouter + - name: audit_storage steps: - name: Share var with further reusable workflows id: jobvars @@ -164,6 +165,12 @@ jobs: fail-fast: false matrix: molecule_scenario: + - name: default + vars: vars-ubuntu20-72.yml + desc: EC2 ACS 7.2 (Ubuntu 20.04) + - name: default + vars: vars-ubuntu20-73.yml + desc: EC2 ACS 7.3 (Ubuntu 20.04) - name: default vars: vars-rocky8.yml desc: EC2 ACS 7.4 (Rocky Linux 8.9) diff --git a/.github/workflows/enterprise-extended.yml b/.github/workflows/enterprise-extended.yml deleted file mode 100644 index d15e61db5..000000000 --- a/.github/workflows/enterprise-extended.yml +++ /dev/null @@ -1,51 +0,0 @@ -name: "enterprise-extended" - -on: - workflow_dispatch: - -env: - DTAS_VERSION: v1.5.4 - BUILD_NUMBER: ${{ github.run_id }} - PY_COLORS: 1 - PYTHONUNBUFFERED: 1 - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }} - cancel-in-progress: false - -jobs: - ec2-extended: - name: ${{ matrix.molecule_scenario.desc }} - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - molecule_scenario: - - name: default - vars: vars-ubuntu20-72.yml - desc: EC2 ACS 7.2 (Ubuntu 20.04) - - name: default - vars: vars-ubuntu20-73.yml - desc: EC2 ACS 7.3 (Ubuntu 20.04) - env: - AWS_REGION: eu-west-1 - MOLECULE_IT_AWS_VPC_SUBNET_ID: subnet-6bdd4223 - steps: - - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - # avoid auth conflict when cloning DTAS during verify step - persist-credentials: false - - - name: Run extended tests - uses: ./.github/actions/molecule_integration_ec2 - timeout-minutes: 185 - with: - matrix_name: ${{ matrix.molecule_scenario.name }} - matrix_vars: ${{ matrix.molecule_scenario.vars }} - matrix_desc: ${{ matrix.molecule_scenario.desc }} - nexus_username: ${{ secrets.NEXUS_USERNAME }} - nexus_password: ${{ secrets.NEXUS_PASSWORD }} - aws_access_key_id: ${{ secrets.aws_access_key_id }} - aws_secret_access_key: ${{ secrets.aws_secret_access_key }} - pat: ${{ secrets.BOT_GITHUB_TOKEN }} diff --git a/7.2.N-extra-vars.yml b/7.2.N-extra-vars.yml index c67da439e..b8d8b7fa1 100644 --- a/7.2.N-extra-vars.yml +++ b/7.2.N-extra-vars.yml @@ -27,7 +27,7 @@ search_enterprise: search: artifact_name: alfresco-search-services repository: "{{ nexus_repository.releases }}" - version: 2.0.13 + version: 2.0.12 # ACS-9048 transform: artifact_name: alfresco-transform-core-aio repository: "{{ nexus_repository.releases }}" diff --git a/7.3.N-extra-vars.yml b/7.3.N-extra-vars.yml index ddd1b6140..6b2ab0f9a 100644 --- a/7.3.N-extra-vars.yml +++ b/7.3.N-extra-vars.yml @@ -27,7 +27,7 @@ search_enterprise: search: artifact_name: alfresco-search-services repository: "{{ nexus_repository.releases }}" - version: 2.0.13 + version: 2.0.12 # ACS-9048 transform: artifact_name: alfresco-transform-core-aio repository: "{{ nexus_repository.releases }}" diff --git a/README.md b/README.md index 93270eb61..f3d952642 100644 --- a/README.md +++ b/README.md @@ -194,8 +194,7 @@ Follow this quick checklist: * review currently open dependabot/renovate and merge them * copy the versions inside the group_vars/all.yml to a new XX.N-extra-vars.yml (in case of a new ACS major version) -* run [updatecli workflow](https://github.com/Alfresco/alfresco-ansible-deployment/actions/workflows/updatecli.yml) -* run [enterprise-extended](https://github.com/Alfresco/alfresco-ansible-deployment/actions/workflows/enterprise-extended.yml) and make sure it is green +* bump versions constraints in scripts/updatecli/updatecli_acs*.yml (workflow will take care of the rest) * ensure that the [versions table in the main readme](docs/overview.md#versioning) has been updated * ensure that docker images and AMI id for the root molecule tests are reflecting any minor OS release (e.g. [default suite](../molecule/default/)) diff --git a/group_vars/all.yml b/group_vars/all.yml index fea7f299c..bfdf22f38 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -46,6 +46,10 @@ api_explorer: artifact_name: api-explorer repository: "{{ nexus_repository.releases }}" version: 23.4.0 +audit_storage: + artifact_name: alfresco-audit-storage-distribution + repository: "{{ nexus_repository.enterprise_releases }}" + version: 1.0.0 search_enterprise: artifact_name: alfresco-elasticsearch-connector-distribution repository: "{{ nexus_repository.enterprise_releases }}" @@ -122,6 +126,10 @@ downloads: {{ adw.repository }}/{{ adw.artifact_name }}/{{ adw.version }}/{{ adw.artifact_name }}-{{ adw.version }}.zip adw_zip_sha1_checksum_url: >- {{ adw.repository }}/{{ adw.artifact_name }}/{{ adw.version }}/{{ adw.artifact_name }}-{{ adw.version }}.zip.sha1 + audit_storage_zip_url: >- + {{ audit_storage.repository }}/{{ audit_storage.artifact_name }}/{{ audit_storage.version }}/{{ audit_storage.artifact_name }}-{{ audit_storage.version }}.zip + audit_storage_zip_sha1_checksum_url: >- + {{ audit_storage.repository }}/{{ audit_storage.artifact_name }}/{{ audit_storage.version }}/{{ audit_storage.artifact_name }}-{{ audit_storage.version }}.zip.sha1 search_enterprise_zip_url: >- {{ search_enterprise.repository }}/{{ search_enterprise.artifact_name }}/{{ search_enterprise.version }}/{{ search_enterprise.artifact_name }}-{{ search_enterprise.version }}.zip search_enterprise_zip_sha1_url: >- diff --git a/inventory_ha.yml b/inventory_ha.yml index 2527bd58a..bdc336bad 100644 --- a/inventory_ha.yml +++ b/inventory_ha.yml @@ -67,6 +67,10 @@ all: hosts: sync.infra.local: + audit_storage: + hosts: + audit.infra.local: + other_repo_clients: hosts: diff --git a/inventory_local.yml b/inventory_local.yml index db31ba1b7..35d36897d 100644 --- a/inventory_local.yml +++ b/inventory_local.yml @@ -55,6 +55,10 @@ all: children: repository: + audit_storage: + children: + repository: + other_repo_clients: hosts: diff --git a/inventory_ssh.yml b/inventory_ssh.yml index 6e5c754a1..96e1bb9f2 100644 --- a/inventory_ssh.yml +++ b/inventory_ssh.yml @@ -72,6 +72,11 @@ all: syncservice_1: ansible_host: targetIP + audit_storage: + hosts: + audit_storage_1: + ansible_host: targetIP + other_repo_clients: hosts: diff --git a/molecule/docker_enterprise/molecule.yml b/molecule/docker_enterprise/molecule.yml index 72e1ff31c..518b423bc 100644 --- a/molecule/docker_enterprise/molecule.yml +++ b/molecule/docker_enterprise/molecule.yml @@ -27,8 +27,11 @@ platforms: - acc - adw - nginx + - audit_storage published_ports: - 0.0.0.0:443:443/tcp + - 0.0.0.0:8083:8083/tcp + - 0.0.0.0:9200:9200/tcp provisioner: name: ansible @@ -47,3 +50,5 @@ provisioner: verify: ../default/verify.yml verifier: name: ansible + env: + MOLECULE_IT_TEST_CONFIG: tests/test-config-aas.json diff --git a/molecule/elasticsearch/molecule.yml b/molecule/elasticsearch/molecule.yml index 71a1e74fc..25a230c69 100644 --- a/molecule/elasticsearch/molecule.yml +++ b/molecule/elasticsearch/molecule.yml @@ -29,6 +29,7 @@ platforms: - sfs - syncservice - transformers + - audit_storage - trusted_resource_consumers provisioner: name: ansible @@ -47,6 +48,6 @@ provisioner: playbooks: prepare: ../default/prepare.yml converge: ../../playbooks/acs.yml - verify: ../multimachine/verify.yml + verify: ../default/verify.yml verifier: name: ansible diff --git a/playbooks/acs.yml b/playbooks/acs.yml index 9ecfc26e0..79fd2968e 100644 --- a/playbooks/acs.yml +++ b/playbooks/acs.yml @@ -479,3 +479,44 @@ mode: "0755" tags: - sync + +- name: Audit Storage Role + hosts: audit_storage + gather_facts: false + vars: + acs_version_requirement: "{{ acs.version is version('23.4', 'ge') }}" + pre_tasks: + - name: Assert that the required version is met + ansible.builtin.fail: + msg: "Audit Storage requires ACS 23.4 or later" + when: not acs_version_requirement + roles: + - role: "../roles/audit_storage" + when: acs.edition == "Enterprise" and acs_version_requirement + audit_storage_version: "{{ audit_storage.version }}" + audit_storage_zip_url: "{{ downloads.audit_storage_zip_url }}" + audit_storage_zip_sha1_url: "{{ downloads.audit_storage_zip_sha1_checksum_url }}" + audit_storage_username: "{{ username }}" + audit_storage_group_name: "{{ group_name }}" + audit_storage_broker_url: "failover:({{ activemq_transport }}://{{ activemq_host }}:{{ ports_cfg.activemq[activemq_protocol] }})" + audit_storage_broker_username: "{{ activemq_username }}" + audit_storage_broker_password: "{{ activemq_password }}" + audit_storage_opensearch_url: "{{ elasticsearch_protocol }}://{{ elasticsearch_host }}:{{ ports_cfg.elasticsearch.http }}" + audit_storage_opensearch_username: "{{ elasticsearch_username }}" + audit_storage_opensearch_password: "{{ elasticsearch_password }}" + post_tasks: + - name: Update installation status file with Audit Storage + when: acs.edition == "Enterprise" and acs_version_requirement + become: true + vars: + audit_storage_components: + audit_storage: "{{ audit_storage }}" + ansible.builtin.blockinfile: + block: "{{ audit_storage_components | to_nice_yaml(indent=2) }}" + create: true + path: "{{ ansible_installation_status_file }}" + marker_begin: AUDIT_STORAGE_BEGIN + marker_end: AUDIT_STORAGE_END + mode: "0755" + tags: + - audit_storage diff --git a/roles/audit_storage/defaults/main.yml b/roles/audit_storage/defaults/main.yml new file mode 100644 index 000000000..c6846b632 --- /dev/null +++ b/roles/audit_storage/defaults/main.yml @@ -0,0 +1,48 @@ +--- +# defaults file for audit_storage +audit_storage_version: "1.0.0" +audit_storage_zip_url: https://nexus.alfresco.com/nexus/repository/enterprise-releases/org/alfresco/alfresco-audit-storage-distribution/{{ audit_storage_version }}/alfresco-audit-storage-distribution-{{ audit_storage_version }}.zip +audit_storage_zip_sha1_url: https://nexus.alfresco.com/nexus/repository/enterprise-releases/org/alfresco/alfresco-audit-storage-distribution/{{ audit_storage_version }}/alfresco-audit-storage-distribution-{{ audit_storage_version }}.zip.sha1 + +audit_storage_artifact_name: alfresco-audit-storage-app + +audit_storage_username: alfresco +audit_storage_group_name: alfresco + +audit_storage_server_port: 8083 + +audit_storage_broker_url: failover:(nio://localhost:61616)?timeout=3000 +audit_storage_broker_username: '' +audit_storage_broker_password: '' +audit_storage_opensearch_url: http://localhost:9200 +audit_storage_opensearch_username: '' +audit_storage_opensearch_password: '' + +audit_storage_default_environment: + SERVER_PORT: "{{ audit_storage_server_port }}" + SPRING_ACTIVEMQ_BROKERURL: "{{ audit_storage_broker_url }}" + SPRING_ACTIVEMQ_USER: "{{ audit_storage_broker_username }}" + SPRING_ACTIVEMQ_PASSWORD: "{{ audit_storage_broker_password }}" + AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_URI: "{{ audit_storage_opensearch_url }}" + AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_USERNAME: "{{ audit_storage_opensearch_username }}" + AUDIT_ENTRYSTORAGE_OPENSEARCH_CONNECTOR_PASSWORD: "{{ audit_storage_opensearch_password }}" + AUDIT_EVENTINGESTION_URI: activemq:topic:alfresco.repo.event2 +audit_storage_environment: {} + +audit_storage_java_bin_path: /opt/openjdk-17.0.11/bin/java + +audit_storage_binaries_dir: "/opt/alfresco/audit-storage-{{ audit_storage_version }}" +audit_storage_config_dir: "/etc/alfresco/audit-storage" + +audit_storage_systemd_service_unit_name: "alfresco-audit-storage" +audit_storage_systemd_service_unit_description: "Alfresco Audit Storage" +audit_storage_systemd_service_exec_start: "{{ audit_storage_java_bin_path }} -jar {{ audit_storage_artifact_path }}" +audit_storage_systemd_service_user: "{{ audit_storage_username }}" + +audit_storage_systemd_service_unit_after: syslog.target network.target local-fs.target remote-fs.target nss-lookup.target +audit_storage_systemd_service_type: simple +audit_storage_systemd_service_exec_stop: kill -15 $MAINPID +audit_storage_systemd_service_working_directory: /tmp +audit_storage_systemd_service_additional_options: {} +audit_storage_systemd_service_state: started +audit_storage_systemd_service_enabled: true diff --git a/roles/audit_storage/handlers/main.yml b/roles/audit_storage/handlers/main.yml new file mode 100644 index 000000000..0f6ade16e --- /dev/null +++ b/roles/audit_storage/handlers/main.yml @@ -0,0 +1,13 @@ +--- +# handlers file for audit_storage +- name: Reload systemd + become: true + ansible.builtin.systemd: + daemon_reload: true + +- name: Restart {{ audit_storage_systemd_service_unit_name }} + become: true + ansible.builtin.systemd: + name: "{{ audit_storage_systemd_service_unit_name }}" + state: restarted + when: audit_storage_systemd_service_state == 'started' diff --git a/roles/audit_storage/meta/main.yml b/roles/audit_storage/meta/main.yml new file mode 100644 index 000000000..718c32e7b --- /dev/null +++ b/roles/audit_storage/meta/main.yml @@ -0,0 +1,33 @@ +galaxy_info: + author: Alfresco Ops Readiness + description: This role installs and configures the audit storage for Alfresco + company: Hyland Software + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + license: Apache-2.0 + + min_ansible_version: "2.12" + + platforms: + - name: Ubuntu + versions: + - bionic + - focal + - name: EL + versions: + - "8" + - "9" + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: + - role: java diff --git a/roles/audit_storage/molecule/default/converge.yml b/roles/audit_storage/molecule/default/converge.yml new file mode 100644 index 000000000..e451f3d5d --- /dev/null +++ b/roles/audit_storage/molecule/default/converge.yml @@ -0,0 +1,7 @@ +--- +- name: Converge + hosts: all + roles: + - role: activemq + - role: elasticsearch + - role: audit_storage diff --git a/roles/audit_storage/molecule/default/host_vars/instance.yml b/roles/audit_storage/molecule/default/host_vars/instance.yml new file mode 100644 index 000000000..146ddd8e0 --- /dev/null +++ b/roles/audit_storage/molecule/default/host_vars/instance.yml @@ -0,0 +1 @@ +ansible_user: ansible diff --git a/roles/audit_storage/molecule/default/molecule.yml b/roles/audit_storage/molecule/default/molecule.yml new file mode 100644 index 000000000..9c966be41 --- /dev/null +++ b/roles/audit_storage/molecule/default/molecule.yml @@ -0,0 +1,32 @@ +--- +dependency: + name: galaxy +driver: + name: docker +platforms: + - name: instance + image: $MOLECULE_ROLE_IMAGE + dockerfile: ../../../../tests/molecule/Dockerfile-noprivs.j2 + command: "/lib/systemd/systemd" + privileged: true + tmpfs: + - /run + - /run/lock + - /tmp + volume_mounts: + - "/sys/fs/cgroup:/sys/fs/cgroup:ro" + groups: + - audit_storage + - activemq + - elasticsearch +provisioner: + name: ansible + ansible_args: + - -e + - "@../../../../tests/molecule/secrets.yml" + inventory: + links: + group_vars: ../../../../group_vars + host_vars: host_vars +verifier: + name: ansible diff --git a/roles/audit_storage/molecule/default/verify.yml b/roles/audit_storage/molecule/default/verify.yml new file mode 100644 index 000000000..8cd7f029e --- /dev/null +++ b/roles/audit_storage/molecule/default/verify.yml @@ -0,0 +1,14 @@ +--- +- name: Verify + hosts: instance + gather_facts: false + tasks: + - name: Populate service facts + ansible.builtin.service_facts: + + - name: Check that service is up and running + ansible.builtin.assert: + that: + - ansible_facts.services['alfresco-audit-storage.service'] is defined + - ansible_facts.services['alfresco-audit-storage.service'].state == 'running' + quiet: true diff --git a/roles/audit_storage/tasks/main.yml b/roles/audit_storage/tasks/main.yml new file mode 100644 index 000000000..8180ff75e --- /dev/null +++ b/roles/audit_storage/tasks/main.yml @@ -0,0 +1,48 @@ +--- +# tasks file for audit_storage +- name: Download audit storage distribution {{ audit_storage_version }} + ansible.builtin.get_url: + url: "{{ audit_storage_zip_url }}" + dest: "{{ download_location }}/{{ audit_storage_artifact_name }}-{{ audit_storage_version }}.zip" + checksum: sha1:{{ lookup('url', audit_storage_zip_sha1_url, username=nexus_user, password=nexus_password) }} # pragma: allowlist secret + mode: "0644" + url_username: "{{ nexus_user }}" + url_password: "{{ nexus_password }}" + +- name: Install Audit Storage + become: true + block: + - name: Create directories + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: "{{ audit_storage_username }}" + group: "{{ audit_storage_group_name }}" + mode: "0755" + loop: + - "{{ audit_storage_binaries_dir }}" + - "{{ audit_storage_config_dir }}" + + - name: Extract distribution zip in binaries + ansible.builtin.unarchive: + src: "{{ download_location }}/{{ audit_storage_artifact_name }}-{{ audit_storage_version }}.zip" + dest: "{{ audit_storage_binaries_dir }}" + remote_src: true + creates: "{{ audit_storage_binaries_dir }}/README.md" + owner: "{{ audit_storage_username }}" + group: "{{ audit_storage_group_name }}" + + - name: Create systemd service + ansible.builtin.template: + src: systemd-service.j2 + dest: /etc/systemd/system/{{ audit_storage_systemd_service_unit_name }}.service + mode: "0644" + notify: + - Reload systemd + - Restart {{ audit_storage_systemd_service_unit_name }} + + - name: Start service + ansible.builtin.systemd: + name: "{{ audit_storage_systemd_service_unit_name }}" + state: "{{ audit_storage_systemd_service_state }}" + enabled: "{{ audit_storage_systemd_service_enabled }}" diff --git a/roles/audit_storage/templates/systemd-service.j2 b/roles/audit_storage/templates/systemd-service.j2 new file mode 100644 index 000000000..aac9c760e --- /dev/null +++ b/roles/audit_storage/templates/systemd-service.j2 @@ -0,0 +1,31 @@ +[Unit] +Description={{ audit_storage_systemd_service_unit_description }} +After={{ audit_storage_systemd_service_unit_after }} + +[Service] +Type={{ audit_storage_systemd_service_type }} +{% if audit_storage_systemd_service_type == 'oneshot' %} +RemainAfterExit=yes +{% endif %} + +User={{ audit_storage_systemd_service_user }} + +{% for key, value in audit_storage_systemd_service_environment.items() %} +Environment="{{ key }}={{ value | replace('%', '%%') }}" +{% endfor %} + +ExecStart={{ audit_storage_systemd_service_exec_start }} +ExecStop={{ audit_storage_systemd_service_exec_stop }} + +Restart=on-failure +RestartSec=60 +SuccessExitStatus=143 + +WorkingDirectory={{ audit_storage_systemd_service_working_directory }} + +{% for key, value in audit_storage_systemd_service_additional_options.items() %} +{{ key }}={{ value }} +{% endfor %} + +[Install] +WantedBy=multi-user.target diff --git a/roles/audit_storage/vars/main.yml b/roles/audit_storage/vars/main.yml new file mode 100644 index 000000000..9786eab47 --- /dev/null +++ b/roles/audit_storage/vars/main.yml @@ -0,0 +1,6 @@ +--- +# vars file for audit_storage +audit_storage_artifact_path: "{{ audit_storage_binaries_dir }}/{{ audit_storage_artifact_name }}-{{ audit_storage_version }}.jar" +audit_storage_systemd_service_environment: >- + {{ audit_storage_default_environment | + combine(audit_storage_environment) }} diff --git a/tests/test-config-aas.json b/tests/test-config-aas.json new file mode 100644 index 000000000..3bd79b1b1 --- /dev/null +++ b/tests/test-config-aas.json @@ -0,0 +1,42 @@ +{ + "config": { + "host": "TEST_URL", + "username": "admin", + "password": "admin", + "search_retry_interval_seconds": "30" + }, + "assertions": { + "acs": { + "edition": "Enterprise", + "version": "23.4.0", + "identity": false, + "modules": [ + { + "id": "org.alfresco.integrations.google.docs", + "version": "4.1.0", + "installed": true + }, + { + "id": "alfresco-aos-module", + "version": "3.2.0", + "installed": true + }, + { + "id": "org_alfresco_device_sync_repo", + "version": "5.1.0", + "installed": true + } + ] + }, + "acc": { + "version": "9.2.0" + }, + "adw": { + "version": "5.2.0" + }, + "aas": { + "audit_host": "http://localhost:8083", + "elasticsearch_host": "http://localhost:9200" + } + } + }