Merge from develop (#13)

* Issue8 correct checksum (#9) * - Add LICENSE file (#2) - Correct license name in README.md - Add github templates * issue8: set sha1 instead md5 * Use solr_base_path during install fase. Further steps will fail if the correct path is not given here. * Prefix all variables with solr_ This will prevent possible collisions since some names are very generic. Modify commented code so it's not too long. It was too long even before I touched it ;-) * Allow changing SOLR_HOME to something custom This will allow settings a custom value for SOLR_HOME without changing the default. * This will allow configuring the solr logs location This will allow modification of SOLR_LOGS_DIR without changing the defaults. * Add solr version to README.md (#10) * Allow disabling SSL usage. In some setups we do not want SSL. This allows us to disable it. * Allow disabling authentication This will all running a solr server withouth authentication * #14 add limits (#15) * Add linux limits values * fix too many spaces before colon (colons) * fix typo * remove absolute path for keytool * fix keytool execution error * fix review issues
lean-delivery · Oct 16, 2018 · 0fee8e7 · 0fee8e7
1 parent 6de952c
commit 0fee8e7
Show file tree

Hide file tree

Showing 18 changed files with 164 additions and 113 deletions.
diff --git a/README.md b/README.md
@@ -8,6 +8,7 @@ This role:
   - Installs Solr standalone on Centos 7, Ubuntu or Windows host.
   - Configures SSL for Solr 7.0 and later
   - Configures Solr
+  - Supported Solr versions: 6.x - 7.x. The latest tested is 7.1.0
 
 For additional configuration, such as master or slave mode use roles:
   - solr-master (lean-delivery.ansible-role-solr-master)
@@ -41,13 +42,15 @@ Requirements
     default: `http://archive.apache.org/dist/lucene/solr`
   - `solr_distr_url` - url to zip file
     default: `{{ solr_url }}/{{ solr_version }}/solr-{{ solr_version }}.zip`
-  - `overrride_dest_main_path` - root directory to store solr folder
+  - `override_dest_main_path` - root directory to store solr folder
     default: `/opt`
     default: `C:\Solr`
-  - `overrride_dest_solr_path` - solr folder path
+  - `override_dest_solr_path` - solr folder path
     default: `{{ dest_main_path }}/solr-{{ solr_version }}`
     default: `{{ dest_main_path }}\\solr-{{ solr_version }}`
-  - `change_default_password` - to change default password (will be solr/SolrRocks)
+  - `solr_change_default_password` - to change default password (will be solr/SolrRocks)
+    default: `True`
+  - `solr_auth_configure` - Enable authentication
     default: `True`
   - `solr_auth_type` - authentication type
     default: `basic`
@@ -77,22 +80,28 @@ Requirements
     default: `solr`
   - `solr_base_path` - path to solr base
     default: `/var/solr`
+  - `solr_home` - path to SOLR_HOME
+    default: `{{ solr_base_path }}/data`
   - `solr_with_systemd` - to run solr as a service
     default: `True`
+  - `solr_logs_dir` - path to store logs
+    default: `{{ solr_base_path }}/logs`
 # https://lucene.apache.org/solr/guide/7_1/enabling-ssl.html
+  - `solr_ssl_configure` - configure SSL
+    default: `True`
   - `solr_ssl_key_size` - certificate key size
     default: 4096
-  - `overrride_solr_ssl_key_store_path` - directory to store keystore
+  - `override_solr_ssl_key_store_path` - directory to store keystore
     default: `{{ dest_solr_path }}/server/solr`
     default: `{{ dest_solr_path }}\\server\\solr`
   - `solr_ssl_key_store_name` - keystore name. If file with such name exists in role folder/files - it will be used as keystore.
     default: `solr-ssl.keystore.jks`
-  - `overrride_solr_ssl_key_store` - path to solr keystore.
+  - `override_solr_ssl_key_store` - path to solr keystore.
     default: `{{ solr_ssl_key_store_path }}/{{ solr_ssl_key_store_name }}`
     default: `{{ solr_ssl_key_store_path }}\\{{ solr_ssl_key_store_name }}`
   - `solr_ssl_key_store_password` - keystore password
     default: `123456`
-  - `overrride_solr_ssl_trust_store` - path to trust keystore
+  - `override_solr_ssl_trust_store` - path to trust keystore
     default: `{{ solr_ssl_key_store_path }}/{{ solr_ssl_key_store_name }}`
     default: `{{ solr_ssl_key_store_path }}\\{{ solr_ssl_key_store_name }}`
   - `solr_ssl_trust_store_password` - trusted keystore password
@@ -107,23 +116,29 @@ Requirements
     default: `JKS`
   - `solr_ssl_certificate_provider` - only for Linux os. https://docs.ansible.com/ansible/latest/openssl_certificate_module.html
     default: `selfsigned`
-  - `ca_domain` - certificate domain name
+  - `solr_ca_domain` - certificate domain name
     default: `example.com`
-  - `overrride_local_cert_file_path` - path to private cert
+  - `override_local_cert_file_path` - path to private cert
     default: `/etc/pki/tls/private`
     default: `/etc/ssl/private`
-  - `local_pkey_file_name` - private cert name
+  - `solr_local_pkey_file_name` - private cert name
     default: `{{ ansible_hostname }}.ca-pkey.pem`
-  - `overrride_local_cert_file_path` - path to public cert
+  - `override_local_cert_file_path` - path to public cert
     default: `/etc/pki/tls/certs`
     default: `/etc/ssl/certs`
-  - `local_cert_file_name` -public cert name
+  - `solr_local_cert_file_name` -public cert name
     default: `{{ ansible_hostname }}.ca-cert.pem`
+  - `solr_set_limits` - to set limits
+    default: `True`
+  - `solr_open_files_limit` - linux open files limit value
+    default: `65000`
+  - `solr_max_processes_limit` - linux max processes limit value
+    default: `65000`
 # Windows variables
-  - `win_temp_dir` - temporary directory
+  - `solr_win_temp_dir` - temporary directory
     default: `C:\Windows\Temp`
-  - `win_ssl_subj` - CSR subject
-    default: `/C=BY/ST=Minsk/L=Minsk/O=O/OU=IT/CN={{ ca_domain }}`
+  - `solr_win_ssl_subj` - CSR subject
+    default: `/C=BY/ST=Minsk/L=Minsk/O=O/OU=IT/CN={{ solr_ca_domain }}`
 
 Example Inventory
 ----------------
@@ -146,7 +161,7 @@ Example Playbook
 - name: Install and Configure Solr
   hosts: solr
   vars:
-    change_default_password: False
+    solr_change_default_password: False
   roles:
     - role: lean-delivery.java
       java_major_version: 8

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -7,7 +7,8 @@ solr_version: 7.1.0
 solr_url: http://archive.apache.org/dist/lucene/solr
 solr_distr_url: "{{ solr_url }}/{{ solr_version }}/solr-{{ solr_version }}.zip"
 
-change_default_password: True
+solr_change_default_password: True
+solr_auth_configure: True
 solr_auth_type: "basic"
 solr_auth_user: "solrserver"
 solr_auth_pass: "server123"
@@ -23,9 +24,12 @@ solr_group: "solr"
 solr_port: 8983
 solr_service_name: "solr"
 solr_base_path: /var/solr
+solr_home: "{{ solr_base_path }}/data"
 solr_with_systemd: True
+solr_logs_dir: "{{ solr_base_path }}/logs"
 
 # SSL
+solr_ssl_configure: True
 solr_ssl_key_store_name: "solr-ssl.keystore.jks"
 solr_ssl_key_size: 4096
 solr_ssl_key_store_password: 123456
@@ -38,10 +42,15 @@ solr_ssl_trust_store_type: JKS
 solr_ssl_certificate_provider: selfsigned
 
 # Certificate
-ca_domain: "example.com"
-local_pkey_file_name: "{{ ansible_hostname }}.ca-pkey.pem"
-local_cert_file_name: "{{ ansible_hostname }}.ca-cert.pem"
+solr_ca_domain: "example.com"
+solr_local_pkey_file_name: "{{ ansible_hostname }}.ca-pkey.pem"
+solr_local_cert_file_name: "{{ ansible_hostname }}.ca-cert.pem"
+
+# Linux limits set
+solr_set_limits: True
+solr_open_files_limit: 65000
+solr_max_processes_limit: 65000
 
 # Windows vars
-win_temp_dir: C:\Windows\Temp
-win_ssl_subj: "/C=BY/ST=Minsk/L=Minsk/O=O/OU=IT/CN={{ ca_domain }}"
+solr_win_temp_dir: C:\Windows\Temp
+solr_win_ssl_subj: "/C=BY/ST=Minsk/L=Minsk/O=O/OU=IT/CN={{ solr_ca_domain }}"
diff --git a/molecule/cloud-aws-delegated/playbook.yml b/molecule/cloud-aws-delegated/playbook.yml
@@ -10,4 +10,4 @@
     - role: lean_delivery.java
     - role: ansible-role-solr-standalone
   vars:
-    change_default_password: False
+    solr_change_default_password: False
diff --git a/molecule/cloud-epc-delegated/playbook.yml b/molecule/cloud-epc-delegated/playbook.yml
@@ -10,4 +10,4 @@
     - role: lean_delivery.java
     - role: ansible-role-solr-standalone
   vars:
-    change_default_password: False
+    solr_change_default_password: False
diff --git a/molecule/cloud-epc-windows/playbook.yml b/molecule/cloud-epc-windows/playbook.yml
@@ -18,4 +18,4 @@
     - role: lean_delivery.java
     - role: ansible-role-solr-standalone
   vars:
-    change_default_password: False
+    solr_change_default_password: False
diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml
@@ -10,4 +10,4 @@
     - role: lean_delivery.java
     - role: ansible-role-solr-standalone
   vars:
-    change_default_password: False
+    solr_change_default_password: False
diff --git a/tasks/configuration/Linux.yml b/tasks/configuration/Linux.yml
@@ -28,7 +28,7 @@
     mode: 0755
   become: True
   when:
-    - solr_auth_type is defined
+    - solr_auth_configure
     - solr_version is version('7.0.0', '>=')
   notify:
     - "restart solr linux"
@@ -38,7 +38,7 @@
 
 - name: "Wait for Solr is UP"
   uri:
-    url: "{{ (solr_ssl_key_store is defined) | ternary('https', 'http') }}://\
+    url: "{{ (solr_ssl_configure == true) | ternary('https', 'http') }}://\
       {{ inventory_hostname }}:{{ solr_port }}/solr"
     status_code: 200
     validate_certs: False
@@ -50,13 +50,13 @@
   retries: 20
   delay: 10
   when:
-    - solr_auth_type is defined
+    - solr_auth_configure
     - solr_version is version('7.0.0', '>=')
-    - change_default_password
+    - solr_change_default_password
 
 - name: Create admin user via API
   uri:
-    url: "{{ (solr_ssl_key_store is defined) | ternary('https', 'http') }}://\
+    url: "{{ (solr_ssl_configure == true) | ternary('https', 'http') }}://\
       {{ inventory_hostname }}:{{ solr_port }}/solr/admin/authentication"
     method: POST
     user: solr
@@ -69,15 +69,15 @@
     body: '{"set-user": {"{{ solr_auth_user }}" : "{{ solr_auth_pass }}"}}'
   become: True
   when:
-    - solr_auth_type is defined
+    - solr_auth_configure
     - solr_version is version('7.0.0', '>=')
-    - change_default_password
+    - solr_change_default_password
   notify:
     - "restart solr linux"
 
 - name: "Change default admin user password via API"
   uri:
-    url: "{{ (solr_ssl_key_store is defined) | ternary('https', 'http') }}://\
+    url: "{{ (solr_ssl_configure == true) | ternary('https', 'http') }}://\
       {{ inventory_hostname }}:{{ solr_port }}/solr/admin/authentication"
     method: POST
     user: solr
@@ -90,8 +90,8 @@
     body: '{"set-user": {"solr" : "{{ solr_auth_pass }}"}}'
   become: True
   when:
-    - solr_auth_type is defined
+    - solr_auth_configure
     - solr_version is version('7.0.0', '>=')
-    - change_default_password
+    - solr_change_default_password
   notify:
     - "restart solr linux"
diff --git a/tasks/configuration/Windows.yml b/tasks/configuration/Windows.yml
@@ -20,7 +20,7 @@
     src: security.json.j2
     dest: "{{ dest_solr_path }}\\server\\solr\\security.json"
   when:
-    - solr_auth_type is defined
+    - solr_auth_configure
     - solr_version is version('7.0.0', '>=')
   notify: "restart solr windows"
 
@@ -41,18 +41,18 @@
 - name: "Force all notified handlers"
   meta: flush_handlers
   when:
-    - solr_auth_type is defined
+    - solr_auth_configure
     - solr_version is version('7.0.0', '>=')
 
 - name: "Set protocol"
   set_fact:
-    solr_proto: "{{ (solr_ssl_key_store is defined) | ternary('https', 'http') }}"
+    solr_proto: "{{ (solr_ssl_configure == True) | ternary('https', 'http') }}"
 
 - name: "Wait for Solr is UP"
   run_once: True
   win_get_url:
     url: "{{ solr_proto }}://{{ inventory_hostname }}:{{ solr_port }}/solr/"
-    dest: "{{ win_temp_dir }}\\test.html"
+    dest: "{{ solr_win_temp_dir }}\\test.html"
     validate_certs: False
     url_username: solr
     url_password: SolrRocks
@@ -61,9 +61,9 @@
   retries: 20
   delay: 10
   when:
-    - solr_auth_type is defined
+    - solr_auth_configure
     - solr_version is version('7.0.0', '>=')
-    - change_default_password
+    - solr_change_default_password
 
 # There is a bug with certificate validation for "win_uri" module (validation can't be switched off)
 # Needs to be checked on ansible 2.7.0
@@ -79,9 +79,9 @@
 #       Content-Type: 'application/json'
 #     body: '{"set-user": {"{{ solr_auth_user }}" : "{{ solr_auth_pass }}"}}'
 #   when:
-#     - solr_auth_type is defined
+#     - solr_auth_configure
 #     - solr_version is version('7.0.0', '>=')
-#     - change_default_password
+#     - solr_change_default_password
 #   notify:
 #     - "restart solr windows"
 #
@@ -97,9 +97,9 @@
 #       Content-Type: 'application/json'
 #     body: '{"set-user": {"solr" : "{{ solr_auth_pass }}"}}'
 #   when:
-#     - solr_auth_type is defined
+#     - solr_auth_configure
 #     - solr_version is version('7.0.0', '>=')
-#     - change_default_password
+#     - solr_change_default_password
 #   notify:
 #     - "restart solr windows"
 
@@ -116,9 +116,9 @@
     -H "Content-type:application/json" \
     -d "{"set-user": {"{{ solr_auth_user }}" : "{{ solr_auth_pass }}"}}"
   when:
-    - solr_auth_type is defined
+    - solr_auth_configure
     - solr_version is version('7.0.0', '>=')
-    - change_default_password
+    - solr_change_default_password
   notify:
     - "restart solr windows"
 
@@ -130,8 +130,8 @@
     -H "Content-type:application/json" \
     -d "{"set-user": {"solr" : "{{ solr_auth_pass }}"}}"
   when:
-    - solr_auth_type is defined
+    - solr_auth_configure
     - solr_version is version('7.0.0', '>=')
-    - change_default_password
+    - solr_change_default_password
   notify:
     - "restart solr windows"
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -20,7 +20,7 @@
   loop_control:
     loop_var: platform
   when:
-    - solr_ssl_key_store is defined
+    - solr_ssl_configure
     - not solr_service_status
 
 - name: "Solr configuration"