From 36786f966e6f895314c5d8e127ce6e8929070327 Mon Sep 17 00:00:00 2001 From: Giovanni Toraldo Date: Thu, 20 Mar 2025 16:10:25 +0100 Subject: [PATCH 1/2] startup application via native systemd --- roles/sync/defaults/main.yml | 4 +- roles/sync/tasks/configure.yml | 3 + roles/sync/tasks/main.yml | 21 +- roles/sync/templates/alfresco-sync.service | 14 -- roles/sync/templates/alfresco-sync.service.j2 | 17 ++ roles/sync/templates/syncservice.sh.j2 | 236 ------------------ 6 files changed, 31 insertions(+), 264 deletions(-) delete mode 100644 roles/sync/templates/alfresco-sync.service create mode 100644 roles/sync/templates/alfresco-sync.service.j2 delete mode 100644 roles/sync/templates/syncservice.sh.j2 diff --git a/roles/sync/defaults/main.yml b/roles/sync/defaults/main.yml index 5f9b59245..addea37cc 100644 --- a/roles/sync/defaults/main.yml +++ b/roles/sync/defaults/main.yml @@ -13,7 +13,6 @@ sync_environment: JAVA_OPTS: - -Xms512m - -Xmx2g - - $JAVA_OPTS sync_jmx_config_remote_enabled: false sync_jmx_config_remote_port: 50800 sync_jmx_config_remote_rmi_port: 50801 @@ -29,3 +28,6 @@ sync_db_url: "" sync_db_driver: org.postgresql.Driver sync_db_name: "alfresco-sync" sync_db_username: "alfresco-sync" + +sync_java_home: "{{ java_home }}" +sync_activemq_host: "{{ activemq_host }}" diff --git a/roles/sync/tasks/configure.yml b/roles/sync/tasks/configure.yml index c2e7678b6..4f8274bc7 100644 --- a/roles/sync/tasks/configure.yml +++ b/roles/sync/tasks/configure.yml @@ -37,6 +37,9 @@ repo: hostname: "{{ nginx_host }}" port: "{{ ports_cfg.nginx.http }}" + sync: + cluster: + enabled: false logging: appenders: - type: console diff --git a/roles/sync/tasks/main.yml b/roles/sync/tasks/main.yml index bf57a5da6..3c694c7e7 100644 --- a/roles/sync/tasks/main.yml +++ b/roles/sync/tasks/main.yml @@ -81,23 +81,18 @@ export SYNC_HOME={{ sync_home }} insertafter: EOF - - name: Add sync service startup script - ansible.builtin.template: - src: syncservice.sh.j2 - dest: "{{ binaries_folder }}/syncservice.sh" - owner: "{{ username }}" - group: "{{ group_name }}" - mode: 'u=rwx,g=rwx' - notify: - - Restart-sync + - name: Remove deprecated startup script + ansible.builtin.file: + path: "{{ binaries_folder }}/syncservice.sh" + state: absent - name: Add alfresco-sync.service service ansible.builtin.template: - src: alfresco-sync.service + src: alfresco-sync.service.j2 dest: "/etc/systemd/system/alfresco-sync.service" - owner: "{{ username }}" - group: "{{ group_name }}" - mode: 'u=rwx,g=rwx' + owner: "root" + group: "root" + mode: "0640" notify: - Enable-sync - Restart-sync diff --git a/roles/sync/templates/alfresco-sync.service b/roles/sync/templates/alfresco-sync.service deleted file mode 100644 index 4e7341624..000000000 --- a/roles/sync/templates/alfresco-sync.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=Alfresco Sync Service -After=syslog.socket network.target local-fs.target remote-fs.target - -[Service] -Type=forking -User={{ username }} -ExecStart={{ binaries_folder }}/syncservice.sh start -ExecStop={{ binaries_folder }}/syncservice.sh stop -Restart=on-failure -RestartSec=60 - -[Install] -WantedBy=multi-user.target diff --git a/roles/sync/templates/alfresco-sync.service.j2 b/roles/sync/templates/alfresco-sync.service.j2 new file mode 100644 index 000000000..9a5949a41 --- /dev/null +++ b/roles/sync/templates/alfresco-sync.service.j2 @@ -0,0 +1,17 @@ +[Unit] +Description=Alfresco Sync Service +After=syslog.socket network.target local-fs.target remote-fs.target + +[Service] +Type=simple +WorkingDirectory={{ sync_home }} +User={{ username }} +ExecStart={{ sync_java_home }}/bin/java $JAVA_OPTS -cp '{{ sync_home }}/service-sync/connectors/*:service-sync-5.2.0.jar' org.alfresco.service.sync.dropwizard.SyncService server {{ config_folder }}/sync-service/config.yml +Restart=on-failure +RestartSec=60 +{% for key, value in sync_environment.items() %} +Environment="{{ key }}={{ value | join(' ') | replace('%', '%%') }}" +{% endfor %} + +[Install] +WantedBy=multi-user.target diff --git a/roles/sync/templates/syncservice.sh.j2 b/roles/sync/templates/syncservice.sh.j2 deleted file mode 100644 index e70d326a4..000000000 --- a/roles/sync/templates/syncservice.sh.j2 +++ /dev/null @@ -1,236 +0,0 @@ -#!/bin/bash -if [ $(id -u) -eq 0 ]; then - echo "This script must not be executed by root" - exit -fi - -. {{ config_folder }}/setenv.sh - -{% for key, value in sync_environment.items() %} -{{ key }}="{{ value | join(' ') }}" -{% endfor %} - -### Fill in these bits: -USER="alfresco" -### Path to service-sync jar -JAR_LOCATION=${SYNC_HOME}/service-sync -SYNC_JAR_VERSION=${SYNC_VERSION} -SYNC_JAR_FILE=service-sync-$SYNC_JAR_VERSION.jar -SYNC_JAR_CONFIG_YML_LOCATION={{ config_folder }}/sync-service/config.yml -DB_CONNECTORS_FOLDER=${JAR_LOCATION}/connectors -SYNC_LOG_LOCATION={{ logs_folder }} -NAME="alfresco-syncservice" - -### Start of JMX config ### -### true | false -ENABLE_JMX_REMOTE={{ sync_jmx_config_remote_enabled }} -JMX_REMOTE_PORT={{ sync_jmx_config_remote_port }} -### Remote JMX administration requires changing the following to the IP address of the Sync Service machine: -#Specify a value only if intended to connect from a different network than the one Sync service is in. -#Specify localhost or 127.0.0.1 if intended to be accessed only from localhost. -JMX_RMI_HOSTNAME= -JMX_REMOTE_RMI_PORT={{ sync_jmx_config_remote_rmi_port }} - -### true | false -ENABLE_JMX_REMOTE_AUTHENTICATION=false -### If you enable JMX_REMOTE_AUTHENTICATION, then, set the next two properties (ie.JMX_PASSWORD_FILE, JMX_ACCESS_FILE) -JMX_PASSWORD_FILE=/path/to/jmx.password -JMX_ACCESS_FILE=/path/to/jmx.access - -### Caution - if you set 'ENABLE_JMX_REMOTE_AUTHENTICATION' and 'ENABLE_JMX_REMOTE_SSL' to false, any remote user who knows -### (or guesses) your port number and host name will be able to monitor and control your applications and platform. -### true | false -ENABLE_JMX_REMOTE_SSL=false -### If you enable JMX_REMOTE_SSL, then, set the next six properties -### The password for both out-of-the-box keyStores can be looked-up in the "server.applicationConnectors.keyStorePassword" section of the config.yml file. -### KeyStore details -SYNC_KEYSTORE=/path/to/sync.p12 -SYNC_KEYSTORE_PASSWORD=store-passowrd -SYNC_KEYSTORE_TYPE=JCEKS -### TrustStore details -SYNC_TRUSTSTORE=/path/to/sync.truststore -SYNC_TRUSTSTORE_PASSWORD=store-passowrd -SYNC_TRUSTSTORE_TYPE=JCEKS -### End of JMX config ### - -#Whether the output of Sync start/stop command should be suppressed or not. -#If true, then the commands' output will be printed in the console. -SYNC_VERBOSE_OUTPUT=false - -### No changes required below this point -PID_FILE={{ data_folder }}/syncservice.pid -JMX_CONF="-Dcom.sun.management.jmxremote=$ENABLE_JMX_REMOTE" -JMX_SECURITY_CONF="" -if [ $ENABLE_JMX_REMOTE = true ]; then - JMX_CONF="$JMX_CONF -Dcom.sun.management.jmxremote.port=$JMX_REMOTE_PORT -Dcom.sun.management.jmxremote.rmi.port=$JMX_REMOTE_RMI_PORT -Dcom.sun.management.jmxremote.authenticate=$ENABLE_JMX_REMOTE_AUTHENTICATION -Dcom.sun.management.jmxremote.ssl=$ENABLE_JMX_REMOTE_SSL" - - if [ ! -z $JMX_RMI_HOSTNAME ]; then - JMX_CONF="$JMX_CONF -Djava.rmi.server.hostname=$JMX_RMI_HOSTNAME" - fi - - if [ $ENABLE_JMX_REMOTE_AUTHENTICATION = true ]; then - JMX_SECURITY_CONF="-Dcom.sun.management.jmxremote.access.file=$JMX_ACCESS_FILE -Dcom.sun.management.jmxremote.password.file=$JMX_PASSWORD_FILE" - fi -fi -if [ $ENABLE_JMX_REMOTE_SSL = true ]; then - JMX_SECURITY_CONF="$JMX_SECURITY_CONF -Djavax.net.ssl.keyStore=$SYNC_KEYSTORE -Djavax.net.ssl.keyStorePassword=$SYNC_KEYSTORE_PASSWORD -Djavax.net.ssl.keyStoreType=$SYNC_KEYSTORE_TYPE -Djavax.net.ssl.trustStore=$SYNC_TRUSTSTORE -Djavax.net.ssl.trustStoreType=$SYNC_TRUSTSTORE_TYPE -Djavax.net.ssl.trustStorePassword=$SYNC_TRUSTSTORE_PASSWORD" -fi -JMX_CONF="$JMX_CONF $JMX_SECURITY_CONF" - -PGREP_STRING="$SYNC_JAR_FILE" -SUPPRESS_OUTPUT_CMD="> /dev/null 2>&1" - -if [ $SYNC_VERBOSE_OUTPUT = true ]; then -SUPPRESS_OUTPUT_CMD=""; -fi - -START_CMD="cd $JAR_LOCATION;$JAVA_HOME/bin/java $JMX_CONF $JAVA_OPTS -cp $DB_CONNECTORS_FOLDER/*:$SYNC_JAR_FILE org.alfresco.service.sync.dropwizard.SyncService server $SYNC_JAR_CONFIG_YML_LOCATION $SUPPRESS_OUTPUT_CMD &" -STOP_CMD="cd $JAR_LOCATION;$JAVA_HOME/bin/java $JMX_SECURITY_CONF $JAVA_OPTS -cp $SYNC_JAR_FILE org.alfresco.service.sync.SyncServiceShutdown --stop $SUPPRESS_OUTPUT_CMD" - -CUR_USER=$(whoami) - -#Extract the PID of the JAVA process running Sync service. -#The JAVA process may be spawned from the process executing the 'sh' command, which also matches the filter. -#Hence we just want the newest process in the chain, using the -n flag. -PID_GREP_CMD="\$(pgrep -u \$USER -f \${PGREP_STRING} -n)" - -invoke_jar() { - eval "$1" -} - -log_success_msg() { - echo "$*" - logger "$_" -} - -log_failure_msg() { - echo "$*" - logger "$_" -} - -check_proc() { - eval RET="$PID_GREP_CMD" - if [ -n "$RET" ]; then - return 0 - else - return 1 - fi -} - -start_script() { - - check_proc - if [ $? -eq 0 ]; then - eval PID="$PID_GREP_CMD" - log_success_msg "$NAME with pid '$PID' is already running." - exit 0 - fi - - #Make $USER the owner of the jxm password file - if [ $ENABLE_JMX_REMOTE_AUTHENTICATION = true ]; then - chown $USER: $JMX_PASSWORD_FILE - chmod 600 $JMX_PASSWORD_FILE - fi - - #Make $USER the owner of the log file - SYNC_LOG_FILE=$SYNC_LOG_LOCATION/sync-service.log - if [ -f $SYNC_LOG_FILE ]; then - chown $USER: $SYNC_LOG_FILE - fi - - invoke_jar "$START_CMD" - # Sleep for a while to see if anything cries - sleep 5 - - check_proc - if [ $? -eq 0 ]; then - eval PID="$PID_GREP_CMD" - log_success_msg "Started $NAME with pid $PID." - echo $PID >"${PID_FILE}" - else - log_failure_msg "Error starting $NAME." - exit 1 - fi -} - -stop_script() { - # if [ "${CUR_USER}" != "root" ]; then - # log_failure_msg "You do not have permission to stop $NAME." - # exit 1 - # fi - - eval PID="$PID_GREP_CMD" - - check_proc - if [ $? -eq 0 ]; then - echo "Invoking Sync service stop method." - invoke_jar "\"$STOP_CMD $PID\"" - - STOPPED="0" - KILL_MAXSECONDS=15 - i=0 - echo "Waiting at most $KILL_MAXSECONDS seconds for regular termination of $NAME with pid: $PID." - while [ "$i" -le "$KILL_MAXSECONDS" ]; do - check_proc - if [ $? -eq 0 ]; then - sleep 1 - printf "." - check_proc - else - STOPPED="1" - break - fi - i="$(expr $i + 1)" - done - - if [ "$STOPPED" -ne "1" ]; then - log_failure_msg "Regular shutdown was not successful. Sending SIGKILL to process." - kill -KILL $PID - check_proc - if [ $? -eq 0 ]; then - log_failure_msg "Error stopping $NAME with pid: $PID." - exit 1 - else - log_success_msg "Stopped $NAME." - fi - else - log_success_msg "Stopped $NAME." - fi - else - log_failure_msg "$NAME is not running." - exit 0 - fi - rm -f "$PID_FILE" >/dev/null 2>&1 -} - -check_status() { - check_proc - if [ $? -eq 0 ]; then - log_success_msg "$NAME is running." - else - log_failure_msg "$NAME is stopped." - exit 1 - fi -} - -case "$1" in -start) - start_script - ;; -stop) - stop_script - ;; -restart) - stop_script - start_script - ;; -status) - check_status - ;; -*) - echo "Usage: $0 {start|stop|restart|status}" - exit 1 - ;; -esac - -exit 0 From 4209ab35b330b5cd7704bf69028cea7b51046a4d Mon Sep 17 00:00:00 2001 From: Giovanni Toraldo Date: Fri, 21 Mar 2025 15:45:34 +0100 Subject: [PATCH 2/2] wip --- roles/sync/defaults/main.yml | 2 ++ roles/sync/molecule/default/converge.yml | 33 ++----------------- roles/sync/tasks/configure.yml | 2 ++ roles/sync/templates/alfresco-sync.service.j2 | 5 +-- 4 files changed, 9 insertions(+), 33 deletions(-) diff --git a/roles/sync/defaults/main.yml b/roles/sync/defaults/main.yml index addea37cc..676f08a75 100644 --- a/roles/sync/defaults/main.yml +++ b/roles/sync/defaults/main.yml @@ -31,3 +31,5 @@ sync_db_username: "alfresco-sync" sync_java_home: "{{ java_home }}" sync_activemq_host: "{{ activemq_host }}" + +sync_repo_config_url: '${repo.scheme}://${repo.hostname}:${repo.port}/alfresco/service/devicesync/config' diff --git a/roles/sync/molecule/default/converge.yml b/roles/sync/molecule/default/converge.yml index 7ae7de819..b5fbedef0 100644 --- a/roles/sync/molecule/default/converge.yml +++ b/roles/sync/molecule/default/converge.yml @@ -4,26 +4,10 @@ vars: molecule_nexus_username: "{{ lookup('env', 'NEXUS_USERNAME') }}" molecule_nexus_password: "{{ lookup('env', 'NEXUS_PASSWORD') }}" - sync_amp_device_sync_version: 5.1.0 - sync_amp_device_sync_artifact_name: alfresco-device-sync-repo - sync_amp_device_sync_repository: https://artifacts.alfresco.com/nexus/content/groups/private/org/alfresco/services/sync - sync_amp_device_sync_archive_url: "{{ sync_amp_device_sync_repository }}/{{ sync_amp_device_sync_artifact_name }}/{{ sync_amp_device_sync_version }}/{{ sync_amp_device_sync_artifact_name }}-{{ sync_amp_device_sync_version }}.amp" roles: - role: activemq - - role: nginx + - role: postgres tasks: - - name: Install PostgreSQL - ansible.builtin.include_role: - name: postgres - - name: Setup repository database - ansible.builtin.include_role: - name: postgres - tasks_from: setup_db - vars: - postgres_db_name: "{{ repository_db_name }}" - postgres_db_username: "{{ repository_db_username }}" - postgres_db_password: "{{ repo_db_password }}" - postgres_db_clients: "{{ groups.repository }}" - name: Setup sync database ansible.builtin.include_role: name: postgres @@ -33,27 +17,14 @@ postgres_db_username: "{{ sync_db_username }}" postgres_db_password: "{{ sync_db_password }}" postgres_db_clients: "{{ groups.syncservice }}" - - name: Install Alfresco repository - ansible.builtin.include_role: - name: repository - vars: - repository_properties: "{{ global_properties }}" - repository_nexus_username: "{{ molecule_nexus_username }}" - repository_nexus_password: "{{ molecule_nexus_password }}" - repository_amp_downloads: - - url: "{{ sync_amp_device_sync_archive_url }}" - checksum: "sha1:{{ sync_amp_device_sync_archive_url }}.sha1" - dest: "{{ repository_content_folder }}/amps_repo/{{ sync_amp_device_sync_artifact_name }}.amp" - url_username: "{{ molecule_nexus_username }}" - url_password: "{{ molecule_nexus_password }}" - name: Install Alfresco sync service ansible.builtin.include_role: name: sync vars: + sync_repo_config_url: "https://run.mocky.io/v3/a62ce156-37c8-47b3-8cd1-08628b3aa130" sync_zip_username: "{{ molecule_nexus_username }}" sync_zip_password: "{{ molecule_nexus_password }}" sync_environment: JAVA_OPTS: - -Xms512m - -Xmx900m - - $JAVA_OPTS diff --git a/roles/sync/tasks/configure.yml b/roles/sync/tasks/configure.yml index 4f8274bc7..b957845d7 100644 --- a/roles/sync/tasks/configure.yml +++ b/roles/sync/tasks/configure.yml @@ -37,6 +37,8 @@ repo: hostname: "{{ nginx_host }}" port: "{{ ports_cfg.nginx.http }}" + syncconfig: + url: "{{ sync_repo_config_url }}" sync: cluster: enabled: false diff --git a/roles/sync/templates/alfresco-sync.service.j2 b/roles/sync/templates/alfresco-sync.service.j2 index 9a5949a41..e6b34e7e4 100644 --- a/roles/sync/templates/alfresco-sync.service.j2 +++ b/roles/sync/templates/alfresco-sync.service.j2 @@ -4,11 +4,12 @@ After=syslog.socket network.target local-fs.target remote-fs.target [Service] Type=simple -WorkingDirectory={{ sync_home }} +WorkingDirectory={{ sync_home }}/service-sync User={{ username }} -ExecStart={{ sync_java_home }}/bin/java $JAVA_OPTS -cp '{{ sync_home }}/service-sync/connectors/*:service-sync-5.2.0.jar' org.alfresco.service.sync.dropwizard.SyncService server {{ config_folder }}/sync-service/config.yml +ExecStart={{ sync_java_home }}/bin/java $JAVA_OPTS -cp '{{ sync_home }}/service-sync/connectors/*:service-sync-{{ sync_version }}.jar' org.alfresco.service.sync.dropwizard.SyncService server {{ config_folder }}/sync-service/config.yml Restart=on-failure RestartSec=60 +TimeoutStopSec=5 {% for key, value in sync_environment.items() %} Environment="{{ key }}={{ value | join(' ') | replace('%', '%%') }}" {% endfor %}