From 180ae3349e6d1d1bf90bb7d772875151d8f74b7b Mon Sep 17 00:00:00 2001 From: Mohamed Achoubie Date: Thu, 26 Sep 2024 15:32:09 +0200 Subject: [PATCH] Story #13302: Added ability to select Vitam's components to deploy in legacy mode --- Jenkinsfile.containers | 5 ++-- .../vitam-container-consul.service.j2 | 2 +- deployment/roles/docker/tasks/Debian.yml | 5 ++++ deployment/roles/filebeat/defaults/main.yml | 3 +++ .../roles/filebeat/tasks/add_modules.yml | 8 ++++++ deployment/roles/filebeat/tasks/install.yml | 19 +++++++++++++ .../filebeat/templates/filebeat.service.j2 | 27 +++++++++++++++++++ 7 files changed, 66 insertions(+), 3 deletions(-) create mode 100644 deployment/roles/filebeat/templates/filebeat.service.j2 diff --git a/Jenkinsfile.containers b/Jenkinsfile.containers index 9c055d1b2b5..8bf97574a70 100644 --- a/Jenkinsfile.containers +++ b/Jenkinsfile.containers @@ -16,6 +16,7 @@ pipeline { SERVICE_DOCKER_PUSH_URL=credentials("SERVICE_DOCKER_PUSH_URL") SERVICE_REPOSITORY_URL=credentials("service-repository-url") GITHUB_ACCOUNT_TOKEN = credentials("vitam-prg-token") + JAVA_HOME="/usr/lib/jvm/java-17-openjdk-amd64" } stages { @@ -25,7 +26,7 @@ pipeline { [$class: 'UsernamePasswordMultiBinding', credentialsId: 'app-jenkins',usernameVariable: 'CI_USR', passwordVariable: 'CI_PSW'], string(credentialsId: "service-nexus-url", variable: 'SERVICE_NEXUS_URL') ]) { - sh 'mvn --settings .ci/settings.xml install -Djib.skip=false -DskipTests=true --show-version --batch-mode --errors -fn -DinstallAtEnd=true -DdeployAtEnd=true package -Pvitam -Djacoco.skip=true -DskipAllFrontend=true -DskipAllFrontendTests=true -Dlicense.skip=true -Djib.to.auth.username=$CI_USR -Djib.to.auth.password=$CI_PSW -pl "!cots/vitamui-mongo-express" -Denv.SERVICE_NEXUS_URL=$SERVICE_NEXUS_URL -DsendCredentialsOverHttp=true' + sh 'mvn --settings .ci/settings.xml install -U -Djib.skip=false -DskipTests=true --show-version --batch-mode --errors -fn -DinstallAtEnd=true -DdeployAtEnd=true package -Pvitam -Djacoco.skip=true -DskipAllFrontend=true -DskipAllFrontendTests=true -Dlicense.skip=true -Djib.to.auth.username=$CI_USR -Djib.to.auth.password=$CI_PSW -pl "!cots/vitamui-mongo-express" -Denv.SERVICE_NEXUS_URL=$SERVICE_NEXUS_URL -DsendCredentialsOverHttp=true' } } } @@ -79,7 +80,7 @@ pipeline { sh "docker pull $image" // Run Trivy scan - sh "trivy image $image --ignore-unfixed --vuln-type os,library --format template --template '@html.tpl' -o reports/${imageName}-scan.html" + sh "trivy image $image --ignore-unfixed --vuln-type os,library --format template --template '@html.tpl' -o reports/${imageName}-scan.html || true" // Publish HTML report publishHTML target: [ diff --git a/deployment/roles/consul/templates/vitam-container-consul.service.j2 b/deployment/roles/consul/templates/vitam-container-consul.service.j2 index a874fde80f4..0b39243bff4 100644 --- a/deployment/roles/consul/templates/vitam-container-consul.service.j2 +++ b/deployment/roles/consul/templates/vitam-container-consul.service.j2 @@ -16,7 +16,7 @@ ExecStart=/usr/bin/docker run --rm --net=host -e 'CONSUL_ALLOW_PRIVILEGED_PORTS= -v "/vitam/script/consul:/vitam/script/consul" \ -v "/vitam/data/consul:/consul/data" \ -v "/vitam/tmp/consul:/vitam/tmp/consul" \ - {{ container_repository.registry_url }}/vitam-external/hashicorp/consul:{{ consul_version }} + {{ container_repository.registry_url }}/vitam-external/hashicorp/consul:{{ consul_version }} {{ 'agent ' if inventory_hostname not in groups['hosts_vitamui_consul_server'] }} ExecStop=/usr/bin/docker stop -t 85 vitam-consul ExecRestart=/usr/bin/docker restart -t 85 vitam-consul diff --git a/deployment/roles/docker/tasks/Debian.yml b/deployment/roles/docker/tasks/Debian.yml index 9468393e27b..a97efa0bea8 100644 --- a/deployment/roles/docker/tasks/Debian.yml +++ b/deployment/roles/docker/tasks/Debian.yml @@ -23,6 +23,11 @@ environment: https_proxy: "{{ http_proxy_environnement }}" http_proxy: "{{ http_proxy_environnement }}" + when: http_proxy_environnement is defined and http_proxy_environnement != "" + +- name: add GPG docker repo key + shell: "curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -" + when: http_proxy_environnement is not defined or http_proxy_environnement == "" - name: install apt-transport-https as Docker repository is https package: diff --git a/deployment/roles/filebeat/defaults/main.yml b/deployment/roles/filebeat/defaults/main.yml index 4419b747fd6..dbac140be8e 100755 --- a/deployment/roles/filebeat/defaults/main.yml +++ b/deployment/roles/filebeat/defaults/main.yml @@ -1,5 +1,8 @@ --- +filebeat_version: "{{ filebeat.version | default('8.14.3') }}" +filebeat_package: "filebeat{{ '=' if ansible_os_family == 'Debian' else '-' }}{{ filebeat_version }}" + filebeat_processors: processors: - add_host_metadata: diff --git a/deployment/roles/filebeat/tasks/add_modules.yml b/deployment/roles/filebeat/tasks/add_modules.yml index 10ba69bef6e..1f626274c66 100644 --- a/deployment/roles/filebeat/tasks/add_modules.yml +++ b/deployment/roles/filebeat/tasks/add_modules.yml @@ -1,5 +1,13 @@ --- +- name: Create modules.d folder + file: + path: "/etc/filebeat/modules.d" + state: directory + mode: "{{ vitam_defaults.folder.folder_permission }}" + notify: "filebeat - restart service" + when: install_mode == "container" + - name: Add reverse filebeat module template: src: modules/{{ reverse | default('nginx') | lower }}.yml.j2 diff --git a/deployment/roles/filebeat/tasks/install.yml b/deployment/roles/filebeat/tasks/install.yml index 2cd9ecac590..0f92536d5fd 100644 --- a/deployment/roles/filebeat/tasks/install.yml +++ b/deployment/roles/filebeat/tasks/install.yml @@ -5,6 +5,25 @@ name: filebeat state: latest notify: "filebeat - restart service" + when: install_mode != "container" + +- name: Ensure Filebeat directory exist + file: + path: "/etc/filebeat" + state: directory + mode: "{{ vitam_defaults.folder.folder_permission }}" + notify: "filebeat - restart service" + when: install_mode == "container" + +- name: "Deploy systemd service file for filebeat" + template: + src: "filebeat.service.j2" + dest: "{{ '/lib/systemd/system' if ansible_os_family == 'Debian' else '/usr/lib/systemd/system' }}/filebeat.service" + owner: root + group: root + mode: "0644" + notify: "filebeat - restart service" + when: install_mode == "container" - name: Add Filebeat config file template: diff --git a/deployment/roles/filebeat/templates/filebeat.service.j2 b/deployment/roles/filebeat/templates/filebeat.service.j2 new file mode 100644 index 00000000000..b98ef3d084b --- /dev/null +++ b/deployment/roles/filebeat/templates/filebeat.service.j2 @@ -0,0 +1,27 @@ +[Unit] +Description=filebeat +Documentation=http://www.elastic.co +Wants=network-online.target +After=network-online.target + +[Service] +Restart=always +Environment="CONTAINER_NAME=filebeat" +ExecStartPre=-/usr/bin/docker rm -f filebeat +ExecStart=/usr/bin/docker run --rm \ + --name filebeat \ + --user=root \ + --volume="/etc/filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml:rw" \ + --volume="/etc/filebeat/modules.d:/usr/share/filebeat/modules.d:rw" \ + --volume="/etc/filebeat/inputs.d:/usr/share/filebeat/inputs.d:rw" \ + --volume="/vitam:/vitam:rw" \ + --volume="/vitamui:/vitamui:rw" \ + --volume="/var/lib/docker/containers:/var/lib/docker/containers:ro" \ + --volume="/var/run/docker.sock:/var/run/docker.sock:ro" \ + {{ container_repository.registry_url }}/vitam-external/elastic/filebeat:{{ filebeat_version }} \ + -e --strict.perms=false + +ExecStop=/usr/bin/docker stop filebeat + +[Install] +WantedBy=multi-user.target