From 0fee8e79e4fc670b40faaa8858e178027c56a7b7 Mon Sep 17 00:00:00 2001 From: Viachaslau Kabak Date: Tue, 16 Oct 2018 14:58:26 +0300 Subject: [PATCH] Merge from develop (#13) * Issue8 correct checksum (#9) * - Add LICENSE file (#2) - Correct license name in README.md - Add github templates * issue8: set sha1 instead md5 * Use solr_base_path during install fase. Further steps will fail if the correct path is not given here. * Prefix all variables with solr_ This will prevent possible collisions since some names are very generic. Modify commented code so it's not too long. It was too long even before I touched it ;-) * Allow changing SOLR_HOME to something custom This will allow settings a custom value for SOLR_HOME without changing the default. * This will allow configuring the solr logs location This will allow modification of SOLR_LOGS_DIR without changing the defaults. * Add solr version to README.md (#10) * Allow disabling SSL usage. In some setups we do not want SSL. This allows us to disable it. * Allow disabling authentication This will all running a solr server withouth authentication * #14 add limits (#15) * Add linux limits values * fix too many spaces before colon (colons) * fix typo * remove absolute path for keytool * fix keytool execution error * fix review issues --- README.md | 45 +++++++++++++++-------- defaults/main.yml | 21 ++++++++--- molecule/cloud-aws-delegated/playbook.yml | 2 +- molecule/cloud-epc-delegated/playbook.yml | 2 +- molecule/cloud-epc-windows/playbook.yml | 2 +- molecule/default/playbook.yml | 2 +- tasks/configuration/Linux.yml | 20 +++++----- tasks/configuration/Windows.yml | 28 +++++++------- tasks/main.yml | 2 +- tasks/ssl/Linux.yml | 32 +++++++++------- tasks/ssl/Windows.yml | 32 ++++++++-------- tasks/system/Linux.yml | 31 +++++++++++++--- tasks/system/Windows.yml | 4 +- templates/solr.in.cmd.j2 | 6 +-- templates/solr.in.sh.j2 | 10 ++--- vars/Debian.yml | 14 +++---- vars/RedHat.yml | 14 +++---- vars/Windows.yml | 10 ++--- 18 files changed, 164 insertions(+), 113 deletions(-) diff --git a/README.md b/README.md index 8598c7d..7433c76 100755 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ This role: - Installs Solr standalone on Centos 7, Ubuntu or Windows host. - Configures SSL for Solr 7.0 and later - Configures Solr + - Supported Solr versions: 6.x - 7.x. The latest tested is 7.1.0 For additional configuration, such as master or slave mode use roles: - solr-master (lean-delivery.ansible-role-solr-master) @@ -41,13 +42,15 @@ Requirements default: `http://archive.apache.org/dist/lucene/solr` - `solr_distr_url` - url to zip file default: `{{ solr_url }}/{{ solr_version }}/solr-{{ solr_version }}.zip` - - `overrride_dest_main_path` - root directory to store solr folder + - `override_dest_main_path` - root directory to store solr folder default: `/opt` default: `C:\Solr` - - `overrride_dest_solr_path` - solr folder path + - `override_dest_solr_path` - solr folder path default: `{{ dest_main_path }}/solr-{{ solr_version }}` default: `{{ dest_main_path }}\\solr-{{ solr_version }}` - - `change_default_password` - to change default password (will be solr/SolrRocks) + - `solr_change_default_password` - to change default password (will be solr/SolrRocks) + default: `True` + - `solr_auth_configure` - Enable authentication default: `True` - `solr_auth_type` - authentication type default: `basic` @@ -77,22 +80,28 @@ Requirements default: `solr` - `solr_base_path` - path to solr base default: `/var/solr` + - `solr_home` - path to SOLR_HOME + default: `{{ solr_base_path }}/data` - `solr_with_systemd` - to run solr as a service default: `True` + - `solr_logs_dir` - path to store logs + default: `{{ solr_base_path }}/logs` # https://lucene.apache.org/solr/guide/7_1/enabling-ssl.html + - `solr_ssl_configure` - configure SSL + default: `True` - `solr_ssl_key_size` - certificate key size default: 4096 - - `overrride_solr_ssl_key_store_path` - directory to store keystore + - `override_solr_ssl_key_store_path` - directory to store keystore default: `{{ dest_solr_path }}/server/solr` default: `{{ dest_solr_path }}\\server\\solr` - `solr_ssl_key_store_name` - keystore name. If file with such name exists in role folder/files - it will be used as keystore. default: `solr-ssl.keystore.jks` - - `overrride_solr_ssl_key_store` - path to solr keystore. + - `override_solr_ssl_key_store` - path to solr keystore. default: `{{ solr_ssl_key_store_path }}/{{ solr_ssl_key_store_name }}` default: `{{ solr_ssl_key_store_path }}\\{{ solr_ssl_key_store_name }}` - `solr_ssl_key_store_password` - keystore password default: `123456` - - `overrride_solr_ssl_trust_store` - path to trust keystore + - `override_solr_ssl_trust_store` - path to trust keystore default: `{{ solr_ssl_key_store_path }}/{{ solr_ssl_key_store_name }}` default: `{{ solr_ssl_key_store_path }}\\{{ solr_ssl_key_store_name }}` - `solr_ssl_trust_store_password` - trusted keystore password @@ -107,23 +116,29 @@ Requirements default: `JKS` - `solr_ssl_certificate_provider` - only for Linux os. https://docs.ansible.com/ansible/latest/openssl_certificate_module.html default: `selfsigned` - - `ca_domain` - certificate domain name + - `solr_ca_domain` - certificate domain name default: `example.com` - - `overrride_local_cert_file_path` - path to private cert + - `override_local_cert_file_path` - path to private cert default: `/etc/pki/tls/private` default: `/etc/ssl/private` - - `local_pkey_file_name` - private cert name + - `solr_local_pkey_file_name` - private cert name default: `{{ ansible_hostname }}.ca-pkey.pem` - - `overrride_local_cert_file_path` - path to public cert + - `override_local_cert_file_path` - path to public cert default: `/etc/pki/tls/certs` default: `/etc/ssl/certs` - - `local_cert_file_name` -public cert name + - `solr_local_cert_file_name` -public cert name default: `{{ ansible_hostname }}.ca-cert.pem` + - `solr_set_limits` - to set limits + default: `True` + - `solr_open_files_limit` - linux open files limit value + default: `65000` + - `solr_max_processes_limit` - linux max processes limit value + default: `65000` # Windows variables - - `win_temp_dir` - temporary directory + - `solr_win_temp_dir` - temporary directory default: `C:\Windows\Temp` - - `win_ssl_subj` - CSR subject - default: `/C=BY/ST=Minsk/L=Minsk/O=O/OU=IT/CN={{ ca_domain }}` + - `solr_win_ssl_subj` - CSR subject + default: `/C=BY/ST=Minsk/L=Minsk/O=O/OU=IT/CN={{ solr_ca_domain }}` Example Inventory ---------------- @@ -146,7 +161,7 @@ Example Playbook - name: Install and Configure Solr hosts: solr vars: - change_default_password: False + solr_change_default_password: False roles: - role: lean-delivery.java java_major_version: 8 diff --git a/defaults/main.yml b/defaults/main.yml index cc53c53..1f1b218 100755 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -7,7 +7,8 @@ solr_version: 7.1.0 solr_url: http://archive.apache.org/dist/lucene/solr solr_distr_url: "{{ solr_url }}/{{ solr_version }}/solr-{{ solr_version }}.zip" -change_default_password: True +solr_change_default_password: True +solr_auth_configure: True solr_auth_type: "basic" solr_auth_user: "solrserver" solr_auth_pass: "server123" @@ -23,9 +24,12 @@ solr_group: "solr" solr_port: 8983 solr_service_name: "solr" solr_base_path: /var/solr +solr_home: "{{ solr_base_path }}/data" solr_with_systemd: True +solr_logs_dir: "{{ solr_base_path }}/logs" # SSL +solr_ssl_configure: True solr_ssl_key_store_name: "solr-ssl.keystore.jks" solr_ssl_key_size: 4096 solr_ssl_key_store_password: 123456 @@ -38,10 +42,15 @@ solr_ssl_trust_store_type: JKS solr_ssl_certificate_provider: selfsigned # Certificate -ca_domain: "example.com" -local_pkey_file_name: "{{ ansible_hostname }}.ca-pkey.pem" -local_cert_file_name: "{{ ansible_hostname }}.ca-cert.pem" +solr_ca_domain: "example.com" +solr_local_pkey_file_name: "{{ ansible_hostname }}.ca-pkey.pem" +solr_local_cert_file_name: "{{ ansible_hostname }}.ca-cert.pem" + +# Linux limits set +solr_set_limits: True +solr_open_files_limit: 65000 +solr_max_processes_limit: 65000 # Windows vars -win_temp_dir: C:\Windows\Temp -win_ssl_subj: "/C=BY/ST=Minsk/L=Minsk/O=O/OU=IT/CN={{ ca_domain }}" +solr_win_temp_dir: C:\Windows\Temp +solr_win_ssl_subj: "/C=BY/ST=Minsk/L=Minsk/O=O/OU=IT/CN={{ solr_ca_domain }}" diff --git a/molecule/cloud-aws-delegated/playbook.yml b/molecule/cloud-aws-delegated/playbook.yml index e1873fe..e9a1efb 100755 --- a/molecule/cloud-aws-delegated/playbook.yml +++ b/molecule/cloud-aws-delegated/playbook.yml @@ -10,4 +10,4 @@ - role: lean_delivery.java - role: ansible-role-solr-standalone vars: - change_default_password: False + solr_change_default_password: False diff --git a/molecule/cloud-epc-delegated/playbook.yml b/molecule/cloud-epc-delegated/playbook.yml index 6b8eed6..a425dbe 100755 --- a/molecule/cloud-epc-delegated/playbook.yml +++ b/molecule/cloud-epc-delegated/playbook.yml @@ -10,4 +10,4 @@ - role: lean_delivery.java - role: ansible-role-solr-standalone vars: - change_default_password: False + solr_change_default_password: False diff --git a/molecule/cloud-epc-windows/playbook.yml b/molecule/cloud-epc-windows/playbook.yml index 679e39a..e254cac 100755 --- a/molecule/cloud-epc-windows/playbook.yml +++ b/molecule/cloud-epc-windows/playbook.yml @@ -18,4 +18,4 @@ - role: lean_delivery.java - role: ansible-role-solr-standalone vars: - change_default_password: False + solr_change_default_password: False diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index e1873fe..e9a1efb 100755 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -10,4 +10,4 @@ - role: lean_delivery.java - role: ansible-role-solr-standalone vars: - change_default_password: False + solr_change_default_password: False diff --git a/tasks/configuration/Linux.yml b/tasks/configuration/Linux.yml index f393064..2ff6d7f 100755 --- a/tasks/configuration/Linux.yml +++ b/tasks/configuration/Linux.yml @@ -28,7 +28,7 @@ mode: 0755 become: True when: - - solr_auth_type is defined + - solr_auth_configure - solr_version is version('7.0.0', '>=') notify: - "restart solr linux" @@ -38,7 +38,7 @@ - name: "Wait for Solr is UP" uri: - url: "{{ (solr_ssl_key_store is defined) | ternary('https', 'http') }}://\ + url: "{{ (solr_ssl_configure == true) | ternary('https', 'http') }}://\ {{ inventory_hostname }}:{{ solr_port }}/solr" status_code: 200 validate_certs: False @@ -50,13 +50,13 @@ retries: 20 delay: 10 when: - - solr_auth_type is defined + - solr_auth_configure - solr_version is version('7.0.0', '>=') - - change_default_password + - solr_change_default_password - name: Create admin user via API uri: - url: "{{ (solr_ssl_key_store is defined) | ternary('https', 'http') }}://\ + url: "{{ (solr_ssl_configure == true) | ternary('https', 'http') }}://\ {{ inventory_hostname }}:{{ solr_port }}/solr/admin/authentication" method: POST user: solr @@ -69,15 +69,15 @@ body: '{"set-user": {"{{ solr_auth_user }}" : "{{ solr_auth_pass }}"}}' become: True when: - - solr_auth_type is defined + - solr_auth_configure - solr_version is version('7.0.0', '>=') - - change_default_password + - solr_change_default_password notify: - "restart solr linux" - name: "Change default admin user password via API" uri: - url: "{{ (solr_ssl_key_store is defined) | ternary('https', 'http') }}://\ + url: "{{ (solr_ssl_configure == true) | ternary('https', 'http') }}://\ {{ inventory_hostname }}:{{ solr_port }}/solr/admin/authentication" method: POST user: solr @@ -90,8 +90,8 @@ body: '{"set-user": {"solr" : "{{ solr_auth_pass }}"}}' become: True when: - - solr_auth_type is defined + - solr_auth_configure - solr_version is version('7.0.0', '>=') - - change_default_password + - solr_change_default_password notify: - "restart solr linux" diff --git a/tasks/configuration/Windows.yml b/tasks/configuration/Windows.yml index 77ea70b..0398f16 100755 --- a/tasks/configuration/Windows.yml +++ b/tasks/configuration/Windows.yml @@ -20,7 +20,7 @@ src: security.json.j2 dest: "{{ dest_solr_path }}\\server\\solr\\security.json" when: - - solr_auth_type is defined + - solr_auth_configure - solr_version is version('7.0.0', '>=') notify: "restart solr windows" @@ -41,18 +41,18 @@ - name: "Force all notified handlers" meta: flush_handlers when: - - solr_auth_type is defined + - solr_auth_configure - solr_version is version('7.0.0', '>=') - name: "Set protocol" set_fact: - solr_proto: "{{ (solr_ssl_key_store is defined) | ternary('https', 'http') }}" + solr_proto: "{{ (solr_ssl_configure == True) | ternary('https', 'http') }}" - name: "Wait for Solr is UP" run_once: True win_get_url: url: "{{ solr_proto }}://{{ inventory_hostname }}:{{ solr_port }}/solr/" - dest: "{{ win_temp_dir }}\\test.html" + dest: "{{ solr_win_temp_dir }}\\test.html" validate_certs: False url_username: solr url_password: SolrRocks @@ -61,9 +61,9 @@ retries: 20 delay: 10 when: - - solr_auth_type is defined + - solr_auth_configure - solr_version is version('7.0.0', '>=') - - change_default_password + - solr_change_default_password # There is a bug with certificate validation for "win_uri" module (validation can't be switched off) # Needs to be checked on ansible 2.7.0 @@ -79,9 +79,9 @@ # Content-Type: 'application/json' # body: '{"set-user": {"{{ solr_auth_user }}" : "{{ solr_auth_pass }}"}}' # when: -# - solr_auth_type is defined +# - solr_auth_configure # - solr_version is version('7.0.0', '>=') -# - change_default_password +# - solr_change_default_password # notify: # - "restart solr windows" # @@ -97,9 +97,9 @@ # Content-Type: 'application/json' # body: '{"set-user": {"solr" : "{{ solr_auth_pass }}"}}' # when: -# - solr_auth_type is defined +# - solr_auth_configure # - solr_version is version('7.0.0', '>=') -# - change_default_password +# - solr_change_default_password # notify: # - "restart solr windows" @@ -116,9 +116,9 @@ -H "Content-type:application/json" \ -d "{"set-user": {"{{ solr_auth_user }}" : "{{ solr_auth_pass }}"}}" when: - - solr_auth_type is defined + - solr_auth_configure - solr_version is version('7.0.0', '>=') - - change_default_password + - solr_change_default_password notify: - "restart solr windows" @@ -130,8 +130,8 @@ -H "Content-type:application/json" \ -d "{"set-user": {"solr" : "{{ solr_auth_pass }}"}}" when: - - solr_auth_type is defined + - solr_auth_configure - solr_version is version('7.0.0', '>=') - - change_default_password + - solr_change_default_password notify: - "restart solr windows" diff --git a/tasks/main.yml b/tasks/main.yml index 23790ab..1d1711e 100755 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -20,7 +20,7 @@ loop_control: loop_var: platform when: - - solr_ssl_key_store is defined + - solr_ssl_configure - not solr_service_status - name: "Solr configuration" diff --git a/tasks/ssl/Linux.yml b/tasks/ssl/Linux.yml index e99d204..eeffbf7 100755 --- a/tasks/ssl/Linux.yml +++ b/tasks/ssl/Linux.yml @@ -17,7 +17,7 @@ - name: "Create private certificate" openssl_privatekey: - path: "{{ local_pkey_file_path }}/{{ local_pkey_file_name }}" + path: "{{ local_pkey_file_path }}/{{ solr_local_pkey_file_name }}" size: "{{ solr_ssl_key_size|int }}" force: True become: True @@ -27,9 +27,9 @@ - name: "Create CSR" openssl_csr: - path: "/tmp/{{ local_cert_file_name }}.csr" - privatekey_path: "{{ local_pkey_file_path }}/{{ local_pkey_file_name }}" - common_name: "{{ ca_domain }}" + path: "/tmp/{{ solr_local_cert_file_name }}.csr" + privatekey_path: "{{ local_pkey_file_path }}/{{ solr_local_pkey_file_name }}" + common_name: "{{ solr_ca_domain }}" force: True become: True # https://github.com/ansible/ansible/issues/45726 @@ -38,9 +38,9 @@ - name: "Create certificates for keystore" openssl_certificate: - csr_path: "/tmp/{{ local_cert_file_name }}.csr" - path: "{{ local_cert_file_path }}/{{ local_cert_file_name }}" - privatekey_path: "{{ local_pkey_file_path }}/{{ local_pkey_file_name }}" + csr_path: "/tmp/{{ solr_local_cert_file_name }}.csr" + path: "{{ local_cert_file_path }}/{{ solr_local_cert_file_name }}" + privatekey_path: "{{ local_pkey_file_path }}/{{ solr_local_pkey_file_name }}" provider: "{{ solr_ssl_certificate_provider }}" force: True become: True @@ -50,9 +50,11 @@ # - name: "Create keystore" # java_keystore: -# name: "{{ ca_domain }}" -# certificate: "{{lookup('file', '{{ local_cert_file_path }}/{{ local_cert_file_name }}') }}" -# private_key: "{{lookup('file', '{{ local_pkey_file_path }}/{{ local_pkey_file_name }}') }}" +# name: "{{ solr_ca_domain }}" +# certificate: "{{lookup('file', '{{ local_cert_file_path }}/\ +# {{ solr_local_cert_file_name }}') }}" +# private_key: "{{lookup('file', '{{ local_pkey_file_path }}/\ +# {{ solr_local_pkey_file_name }}') }}" # password: "{{ solr_ssl_key_store_password }}" # dest: "{{ solr_ssl_key_store }}" # owner: "{{ solr_user }}" @@ -67,8 +69,8 @@ - name: "Export certificate and private key into a bundle" command: > openssl pkcs12 -export - -in "{{ local_cert_file_path }}/{{ local_cert_file_name }}" - -inkey "{{ local_pkey_file_path }}/{{ local_pkey_file_name }}" + -in "{{ local_cert_file_path }}/{{ solr_local_cert_file_name }}" + -inkey "{{ local_pkey_file_path }}/{{ solr_local_pkey_file_name }}" -name "{{ ansible_hostname }}" -passout pass:{{ solr_ssl_key_store_password }} -out "{{ ansible_hostname }}.p12" @@ -76,13 +78,15 @@ chdir: "{{ solr_ssl_key_store_path }}/" creates: "{{ ansible_hostname }}.p12" become: True + become_flags: '-i' + become_method: sudo when: - not keystore_file.stat.exists - ansible_version.full is version('2.7', '<') - name: "Import the PKCS12 file into a new java keystore" command: > - /opt/jdk/jdk1.8.0_181/jre/bin/keytool + keytool -importkeystore -deststorepass {{ solr_ssl_key_store_password }} -srcstorepass {{ solr_ssl_key_store_password }} @@ -93,6 +97,8 @@ chdir: "{{ solr_ssl_key_store_path }}/" creates: "{{ solr_ssl_key_store_name }}" become: True + become_flags: '-i' + become_method: sudo when: - not keystore_file.stat.exists - ansible_version.full is version('2.7', '<') diff --git a/tasks/ssl/Windows.yml b/tasks/ssl/Windows.yml index 9a0a317..7d14e8f 100755 --- a/tasks/ssl/Windows.yml +++ b/tasks/ssl/Windows.yml @@ -19,31 +19,33 @@ - name: "Create private certificate" win_command: > - openssl genrsa -out "{{ win_temp_dir }}\\{{ local_pkey_file_name }}" \ + openssl genrsa -out "{{ solr_win_temp_dir }}\\{{ solr_local_pkey_file_name }}" \ "{{ solr_ssl_key_size|int }}" when: not keystore_file.stat.exists - name: "Create CSR" win_command: > openssl req -nodes -newkey rsa:"{{ solr_ssl_key_size|int }}" \ - -keyout "{{ win_temp_dir }}\\{{ local_pkey_file_name }}" \ - -out "{{ win_temp_dir }}\\{{ local_cert_file_name }}.csr" \ - -subj "{{ win_ssl_subj }}" + -keyout "{{ solr_win_temp_dir }}\\{{ solr_local_pkey_file_name }}" \ + -out "{{ solr_win_temp_dir }}\\{{ solr_local_cert_file_name }}.csr" \ + -subj "{{ solr_win_ssl_subj }}" when: not keystore_file.stat.exists - name: "Create certificates for keystore" win_command: > openssl x509 -req -days 365 \ - -in "{{ win_temp_dir }}\\{{ local_cert_file_name }}.csr" \ - -signkey "{{ win_temp_dir }}\\{{ local_pkey_file_name }}" \ - -out "{{ win_temp_dir }}\\{{ local_cert_file_name }}" + -in "{{ solr_win_temp_dir }}\\{{ solr_local_cert_file_name }}.csr" \ + -signkey "{{ solr_win_temp_dir }}\\{{ solr_local_pkey_file_name }}" \ + -out "{{ solr_win_temp_dir }}\\{{ solr_local_cert_file_name }}" when: not keystore_file.stat.exists # - name: "Create keystore" # java_keystore: -# name: "{{ ca_domain }}" -# certificate: "{{lookup('file', '{{ local_cert_file_path }}/{{ local_cert_file_name }}') }}" -# private_key: "{{lookup('file', '{{ local_pkey_file_path }}/{{ local_pkey_file_name }}') }}" +# name: "{{ solr_ca_domain }}" +# certificate: "{{lookup('file', '{{ local_cert_file_path }}/\ +# {{ solr_local_cert_file_name }}') }}" +# private_key: "{{lookup('file', '{{ local_pkey_file_path }}/\ +# {{ solr_local_pkey_file_name }}') }}" # password: "{{ solr_ssl_key_store_password }}" # dest: "{{ solr_ssl_key_store }}" # owner: "{{ solr_user }}" @@ -55,14 +57,14 @@ - name: "Export certificate and private key into a bundle" win_command: > openssl pkcs12 -export - -in {{ win_temp_dir }}\\{{ local_cert_file_name }} - -inkey {{ win_temp_dir }}\\{{ local_pkey_file_name }} + -in {{ solr_win_temp_dir }}\\{{ solr_local_cert_file_name }} + -inkey {{ solr_win_temp_dir }}\\{{ solr_local_pkey_file_name }} -name {{ ansible_hostname }} -passout pass:{{ solr_ssl_key_store_password }} -out {{ ansible_hostname }}.p12 args: - chdir: "{{ win_temp_dir }}" - creates: "{{ win_temp_dir }}\\{{ ansible_hostname }}.p12" + chdir: "{{ solr_win_temp_dir }}" + creates: "{{ solr_win_temp_dir }}\\{{ ansible_hostname }}.p12" when: - not keystore_file.stat.exists - ansible_version.full is version('2.7', '<') @@ -81,7 +83,7 @@ -deststorepass {{ solr_ssl_key_store_password }} -srcstorepass {{ solr_ssl_key_store_password }} -destkeystore {{ solr_ssl_key_store_name }} - -srckeystore "{{ win_temp_dir }}\\{{ ansible_hostname }}.p12" + -srckeystore "{{ solr_win_temp_dir }}\\{{ ansible_hostname }}.p12" -srcstoretype PKCS12 args: chdir: "{{ solr_ssl_key_store_path }}" diff --git a/tasks/system/Linux.yml b/tasks/system/Linux.yml index 090561c..83ea45f 100755 --- a/tasks/system/Linux.yml +++ b/tasks/system/Linux.yml @@ -19,6 +19,24 @@ state: present become: True +- name: "Set open files limit" + pam_limits: + domain: "{{ solr_user }}" + limit_item: "nofile" + limit_type: "-" + value: "{{ solr_open_files_limit }}" + when: solr_set_limits + become: True + +- name: "Set max processes limit" + pam_limits: + domain: "{{ solr_user }}" + limit_item: "nproc" + limit_type: "-" + value: "{{ solr_max_processes_limit }}" + when: solr_set_limits + become: True + - name: "Check if Solr Service Exists" stat: path: /etc/init.d/solr @@ -28,20 +46,20 @@ set_fact: solr_service_status: "{{ solr_service_stat.stat.exists }}" -- name: "Get md5 for solr {{ solr_version }}" +- name: "Get sha1 for solr {{ solr_version }}" set_fact: - md5_value: "{{ md5_url_item }}" - with_url: "{{ solr_distr_url }}.md5" + sha1_value: "{{ sha1_url_item }}" + with_url: "{{ solr_distr_url }}.sha1" when: not solr_service_status loop_control: - loop_var: md5_url_item + loop_var: sha1_url_item # initial deployment of solr - name: "Download solr {{ solr_version }} archive" get_url: url: "{{ solr_distr_url }}" dest: "{{ dest_solr_path }}.zip" - checksum: md5:{{ md5_value.split(" ")[0] }} + checksum: sha1:{{ sha1_value.split(" ")[0] }} register: result until: result is succeeded retries: 10 @@ -59,7 +77,8 @@ when: not solr_service_status - name: "Install solr as service" - command: /bin/bash {{ dest_solr_path }}/bin/install_solr_service.sh {{ dest_solr_path }}.zip -f -n + command: /bin/bash {{ dest_solr_path }}/bin/install_solr_service.sh \ + {{ dest_solr_path }}.zip -f -n -d {{ solr_base_path }} become: True when: not solr_service_status diff --git a/tasks/system/Windows.yml b/tasks/system/Windows.yml index fd7a86f..5343ddf 100755 --- a/tasks/system/Windows.yml +++ b/tasks/system/Windows.yml @@ -11,13 +11,13 @@ - name: "Download solr {{ solr_version }}" win_get_url: url: "{{ solr_distr_url }}" - dest: "{{ win_temp_dir }}\\{{ solr_version }}.zip" + dest: "{{ solr_win_temp_dir }}\\{{ solr_version }}.zip" force: False when: not solr_service_status - name: "Unzip solr {{ solr_version }}" win_unzip: - src: "{{ win_temp_dir }}\\{{ solr_version }}.zip" + src: "{{ solr_win_temp_dir }}\\{{ solr_version }}.zip" dest: "{{ dest_main_path }}" creates: "{{ dest_solr_path }}" when: not solr_service_status diff --git a/templates/solr.in.cmd.j2 b/templates/solr.in.cmd.j2 index ba9d4e4..2d12264 100755 --- a/templates/solr.in.cmd.j2 +++ b/templates/solr.in.cmd.j2 @@ -101,7 +101,7 @@ REM to enable https module with custom jetty configuration. REM set SOLR_SSL_ENABLED=true REM Uncomment to set SSL-related system properties REM Be sure to update the paths to the correct keystore for your environment -{% if solr_ssl_key_store is defined %} +{% if solr_ssl_configure %} set SOLR_SSL_KEY_STORE={{ solr_ssl_key_store }} set SOLR_SSL_KEY_STORE_PASSWORD={{ solr_ssl_key_store_password }} set SOLR_SSL_TRUST_STORE={{ solr_ssl_trust_store }} @@ -123,11 +123,11 @@ REM set SOLR_SSL_CLIENT_TRUST_STORE_TYPE= REM Settings for authentication REM Please configure only one of SOLR_AUTHENTICATION_CLIENT_BUILDER or SOLR_AUTH_TYPE parameters REM set SOLR_AUTHENTICATION_CLIENT_BUILDER=org.apache.solr.client.solrj.impl.PreemptiveBasicAuthClientBuilderFactory -{% if solr_auth_type is defined and solr_version is version('7.0.0', '>=') %} +{% solr_auth_configure and solr_version is version('7.0.0', '>=') %} set SOLR_AUTH_TYPE={{ solr_auth_type }} {% endif %} -{% if solr_authentication_opts is defined and solr_version is version('7.0.0', '>=') %} +{% if solr_auth_configure and solr_version is version('7.0.0', '>=') %} set SOLR_AUTHENTICATION_OPTS="{{ solr_authentication_opts }}" {% endif %} diff --git a/templates/solr.in.sh.j2 b/templates/solr.in.sh.j2 index f1e077e..1c8a894 100755 --- a/templates/solr.in.sh.j2 +++ b/templates/solr.in.sh.j2 @@ -47,7 +47,7 @@ SOLR_PID_DIR={{ solr_base_path }} # Path to a directory for Solr to store cores and their data. By default, Solr will use server/solr # If solr.xml is not stored in ZooKeeper, this directory needs to contain solr.xml -SOLR_HOME={{ solr_base_path }}/data +SOLR_HOME={{ solr_home }} # Solr provides a default Log4J configuration properties file in server/resources # however, you may want to customize the log settings and file appender location @@ -56,7 +56,7 @@ LOG4J_PROPS={{ solr_base_path }}/log4j.properties # Location where Solr should write logs to; should agree with the file appender # settings in server/resources/log4j.properties -SOLR_LOGS_DIR={{ solr_base_path }}/logs +SOLR_LOGS_DIR={{ solr_logs_dir }} # Sets the port Solr binds to, default is 8983 SOLR_PORT="{{ solr_port }}" @@ -68,15 +68,15 @@ SOLR_PORT="{{ solr_port }}" ZK_HOST="{{zk_host}}" {% endif %} -{% if solr_auth_type is defined and solr_version is version('7.0.0', '>=') %} +{% if solr_auth_configure and solr_version is version('7.0.0', '>=') %} SOLR_AUTH_TYPE="{{ solr_auth_type }}" {% endif %} -{% if solr_authentication_opts is defined and solr_version is version('7.0.0', '>=') %} +{% if solr_auth_configure and solr_version is version('7.0.0', '>=') %} SOLR_AUTHENTICATION_OPTS="{{ solr_authentication_opts }}" {% endif %} -{% if solr_ssl_key_store is defined %} +{% if solr_ssl_configure %} SOLR_SSL_KEY_STORE="{{ solr_ssl_key_store }}" SOLR_SSL_KEY_STORE_PASSWORD="{{ solr_ssl_key_store_password }}" SOLR_SSL_TRUST_STORE="{{ solr_ssl_trust_store }}" diff --git a/vars/Debian.yml b/vars/Debian.yml index cd313e9..e8bfc5e 100755 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -8,17 +8,17 @@ requirements: - "unzip" - "lsof" -dest_main_path: "{{ overrride_dest_main_path|default('/opt', True) }}" -dest_solr_path: "{{ overrride_dest_solr_path|\ +dest_main_path: "{{ override_dest_main_path|default('/opt', True) }}" +dest_solr_path: "{{ override_dest_solr_path|\ default(dest_main_path + '/solr-' + solr_version, True) }}" # SSL -solr_ssl_key_store_path: "{{ overrride_solr_ssl_key_store_path|\ +solr_ssl_key_store_path: "{{ override_solr_ssl_key_store_path|\ default(dest_solr_path + '/server/solr', True) }}" -solr_ssl_key_store: "{{ overrride_solr_ssl_key_store|\ +solr_ssl_key_store: "{{ override_solr_ssl_key_store|\ default(solr_ssl_key_store_path + '/' + solr_ssl_key_store_name, True) }}" -solr_ssl_trust_store: "{{ overrride_solr_ssl_trust_store|\ +solr_ssl_trust_store: "{{ override_solr_ssl_trust_store|\ default(solr_ssl_key_store_path + '/' + solr_ssl_key_store_name, True) }}" -local_cert_file_path: "{{ overrride_local_cert_file_path|\ +local_cert_file_path: "{{ override_local_cert_file_path|\ default('/etc/ssl/certs', True) }}" -local_pkey_file_path: "{{ overrride_local_pkey_file_path|\ +local_pkey_file_path: "{{ override_local_pkey_file_path|\ default('/etc/ssl/private', True) }}" diff --git a/vars/RedHat.yml b/vars/RedHat.yml index ae68226..925b756 100755 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -11,17 +11,17 @@ requirements: - "lsof" - "libselinux-python" -dest_main_path: "{{ overrride_dest_main_path|default('/opt', True) }}" -dest_solr_path: "{{ overrride_dest_solr_path|\ +dest_main_path: "{{ override_dest_main_path|default('/opt', True) }}" +dest_solr_path: "{{ override_dest_solr_path|\ default(dest_main_path + '/solr-' + solr_version, True) }}" # SSL -solr_ssl_key_store_path: "{{ overrride_solr_ssl_key_store_path|\ +solr_ssl_key_store_path: "{{ override_solr_ssl_key_store_path|\ default(dest_solr_path + '/server/solr', True) }}" -solr_ssl_key_store: "{{ overrride_solr_ssl_key_store|\ +solr_ssl_key_store: "{{ override_solr_ssl_key_store|\ default(solr_ssl_key_store_path + '/' + solr_ssl_key_store_name, True) }}" -solr_ssl_trust_store: "{{ overrride_solr_ssl_trust_store|\ +solr_ssl_trust_store: "{{ override_solr_ssl_trust_store|\ default(solr_ssl_key_store_path + '/' + solr_ssl_key_store_name, True) }}" -local_cert_file_path: "{{ overrride_local_cert_file_path|\ +local_cert_file_path: "{{ override_local_cert_file_path|\ default('/etc/pki/tls/certs', True) }}" -local_pkey_file_path: "{{ overrride_local_pkey_file_path|\ +local_pkey_file_path: "{{ override_local_pkey_file_path|\ default('/etc/pki/tls/private', True) }}" diff --git a/vars/Windows.yml b/vars/Windows.yml index 53834d4..c46b180 100755 --- a/vars/Windows.yml +++ b/vars/Windows.yml @@ -1,12 +1,12 @@ --- -dest_main_path: "{{ overrride_dest_main_path|default('C:\\Solr', True) }}" -dest_solr_path: "{{ overrride_dest_solr_path|\ +dest_main_path: "{{ override_dest_main_path|default('C:\\Solr', True) }}" +dest_solr_path: "{{ override_dest_solr_path|\ default(dest_main_path +'\\solr-' + solr_version, True) }}" # Windows SSL -solr_ssl_key_store_path: "{{ overrride_solr_ssl_key_store_path|\ +solr_ssl_key_store_path: "{{ override_solr_ssl_key_store_path|\ default(dest_solr_path + '\\server\\solr', True) }}" -solr_ssl_key_store: "{{ overrride_solr_ssl_key_store|\ +solr_ssl_key_store: "{{ override_solr_ssl_key_store|\ default(solr_ssl_key_store_path + '\\\\' + solr_ssl_key_store_name, True) }}" -solr_ssl_trust_store: "{{ overrride_solr_ssl_trust_store|\ +solr_ssl_trust_store: "{{ override_solr_ssl_trust_store|\ default(solr_ssl_key_store_path + '\\\\' + solr_ssl_key_store_name, True) }}"