From 86b510e7d5bdfb452c81a1830c6c81035406e567 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Wed, 28 Sep 2016 19:19:03 +0200
Subject: [PATCH] d4science-ghn-cluster: New variabiles to cover the orientdb
 configuration. library/roles/iptables/templates/iptables-rules.v4.j2: rule to
 support orientdb multicast configuration. library/roles/orientdb: Template
 all the configuration files. Move the database and log directory out of the
 distribution.

---
 iptables/templates/iptables-rules.v4.j2       |  5 +++
 orientdb/defaults/main.yml                    | 29 +++++++++++++++
 orientdb/handlers/main.yml                    |  4 +++
 orientdb/tasks/main.yml                       | 35 +++++++++++++++----
 .../default-distributed-db-config.json.j2     | 17 +++++++++
 orientdb/templates/hazelcast.xml.j2           | 18 +++++++---
 .../templates/orientdb-server-config.xml.j2   | 20 ++++++++---
 .../orientdb-server-log.properties.j2         | 12 +++----
 8 files changed, 118 insertions(+), 22 deletions(-)
 create mode 100644 orientdb/handlers/main.yml
 create mode 100644 orientdb/templates/default-distributed-db-config.json.j2

diff --git a/iptables/templates/iptables-rules.v4.j2 b/iptables/templates/iptables-rules.v4.j2
index 6a708a8..9743236 100644
--- a/iptables/templates/iptables-rules.v4.j2
+++ b/iptables/templates/iptables-rules.v4.j2
@@ -179,6 +179,11 @@
 -A INPUT -d {{ tomcat_cluster_multicast_net }} -j ACCEPT
 {% endif %}
 {% endif %}
+{% if orientdb_hazelcast_multicast_enabled is defined and orientdb_hazelcast_multicast_enabled %}
+# orientdb hazelcast multicast rules
+-A INPUT -m pkttype --pkt-type multicast -d {{ orientdb_hazelcast_multicast_group }} -j ACCEPT
+-A INPUT -m state --state NEW -p tcp -m tcp --dport {{ orientdb_hazelcast_multicast_port }} -j ACCEPT
+{% endif %}
 {% if ganglia_enabled is defined %}
 {% if ganglia_enabled %}
 {% if ganglia_gmond_cluster_port is defined %}
diff --git a/orientdb/defaults/main.yml b/orientdb/defaults/main.yml
index ac332cf..89b2a83 100644
--- a/orientdb/defaults/main.yml
+++ b/orientdb/defaults/main.yml
@@ -1,12 +1,41 @@
 ---
 orientdb_install: False
+orientdb_enabled: True
 orientdb_version: 2.2.10
 orientdb_dir: 'orientdb-community'
 orientdb_tar_file: '{{ orientdb_dir }}-{{ orientdb_version }}.tar.gz'
 orientdb_binary_distribution_url: 'http://orientdb.com/download.php?file={{ orientdb_tar_file }}' 
 orientdb_user: orientdb
+orientdb_log_dir: /var/log/orientdb
+orientdb_log_level: INFO
 orientdb_home_prefix: /home
+orientdb_data_dir: '{{ orientdb_home_prefix }}/{{ orientdb_user }}/databases'
 orientdb_configuration_files:
   - orientdb-server-log.properties
   - orientdb-server-config.xml
+  - default-distributed-db-config.json
   - hazelcast.xml
+
+orientdb_letsencrypt_ssl_enabled: False
+
+orientdb_hooks_classes:
+  - { name: 'org.gcube.informationsystem.hooks.DocumentHook', position: 'REGULAR' }
+  - { name: 'org.gcube.informationsystem.hooks.RecordHook', position: 'REGULAR' }
+
+orientdb_binary_protocol_lower_port: 2424
+orientdb_binary_protocol_higher_port: 2430
+orientdb_http_protocol_lower_port: 2480
+orientdb_http_protocol_higher_port: 2490
+
+orientdb_distributed: False
+orientdb_distributed_autodeploy: true
+orientdb_distributed_writequorum: 'majority'
+orientdb_distributed_readquorum: 1
+orientdb_distributed_readyourwrites: true
+orientdb_distributed_executionmode: 'undefined'
+orientdb_hazelcast_group_name: orientdb
+orientdb_hazelcast_group_password: orientdb
+orientbd_hazelcast_encryption: False
+orientdb_hazelcast_multicast_enabled: True
+orientdb_hazelcast_multicast_group: 235.1.1.1
+orientdb_hazelcast_multicast_port: 2434
diff --git a/orientdb/handlers/main.yml b/orientdb/handlers/main.yml
new file mode 100644
index 0000000..f31cfcd
--- /dev/null
+++ b/orientdb/handlers/main.yml
@@ -0,0 +1,4 @@
+---
+- name: Restart orientdb
+  service: name=orientdb state=restarted
+  when: orientdb_enabled
diff --git a/orientdb/tasks/main.yml b/orientdb/tasks/main.yml
index 9f7acdf..7ac339f 100644
--- a/orientdb/tasks/main.yml
+++ b/orientdb/tasks/main.yml
@@ -3,9 +3,6 @@
     - name: Create the orientdb user
       user: name={{ orientdb_user }} home={{ orientdb_home_prefix }}/{{ orientdb_user }} createhome=yes shell=/bin/bash
       
-    # - name: Get the orientdb distribution
-    #   get_url: url={{ orientdb_binary_distribution_url }} dest=/srv/{{ orientdb_tar_file }} validate_certs=False
-
     - name: Unpack the orientdb distribution
       become: True
       become_user: '{{ orientdb_user }}'
@@ -22,12 +19,38 @@
       template: src=orientdb.init.j2 dest=/etc/init.d/orientdb owner=root group=root mode=0755
 
     - name: Create a orientdb log directory out of the distribution directory
-      file: /var/log/orientdb state=directory owner={{ orientdb_user }} group={{ orientdb_user }} mode=0755
+      file: dest={{ orientdb_log_dir }} state=directory owner={{ orientdb_user }} group={{ orientdb_user }} mode=0755
 
-    - name: Install the orientdb configuration files
+    - name: Link the log directory inside the orientdb user home
       become: True
       become_user: '{{ orientdb_user }}'
-      template: src={{ item }}.j2 dest={{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}/{{ item }} mode=0444
+      file: dest={{ orientdb_home_prefix }}/{{ orientdb_user }}/logs src={{ orientdb_log_dir }} state=link
+
+    - name: Create the databases directory inside the orientdb user home
+      become: True
+      become_user: '{{ orientdb_user }}'
+      file: dest={{ orientdb_data_dir }} state=directory mode=0750
+
+    - name: Install the orientdb configuration files
+      template: src={{ item }}.j2 dest={{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }}/config/{{ item }} owner={{ orientdb_user }} group={{ orientdb_user }} mode=0440
+      with_items: '{{ orientdb_configuration_files }}'
+      notify: Restart orientdb
+
+    - name: Ensure that the service is enabled and running
+      service: name=orientdb state=started enabled=yes
+      when: orientdb_enabled
 
   tags: orientdb
   when: orientdb_install
+
+
+- block:
+    - name: Ensure that the service is disabled and stopped
+      service: name=orientdb state=stopped enabled=no
+
+    - name: Remove the link to the orientdb distribution
+      file: dest={{ orientdb_home_prefix }}/{{ orientdb_user }}/{{ orientdb_dir }} state=absent
+
+  tags: orientdb
+  when: not orientdb_install
+
diff --git a/orientdb/templates/default-distributed-db-config.json.j2 b/orientdb/templates/default-distributed-db-config.json.j2
new file mode 100644
index 0000000..2ea42f3
--- /dev/null
+++ b/orientdb/templates/default-distributed-db-config.json.j2
@@ -0,0 +1,17 @@
+{
+  "autoDeploy": {{ orientdb_distributed_autodeploy }},
+  "readQuorum": {{ orientdb_distributed_readquorum }},
+  "writeQuorum": "{{ orientdb_distributed_writequorum }}",
+  "executionMode": "{{ orientdb_distributed_executionmode }}",
+  "readYourWrites": {{ orientdb_distributed_readyourwrites }},
+  "servers": {
+    "*": "master"
+  },
+  "clusters": {
+    "internal": {
+    },
+    "*": {
+      "servers": ["<NEW_NODE>"]
+    }
+  }
+}
diff --git a/orientdb/templates/hazelcast.xml.j2 b/orientdb/templates/hazelcast.xml.j2
index 9893262..0702c52 100644
--- a/orientdb/templates/hazelcast.xml.j2
+++ b/orientdb/templates/hazelcast.xml.j2
@@ -12,17 +12,25 @@
 	xsi:schemaLocation="http://www.hazelcast.com/schema/config hazelcast-config-3.3.xsd"
 	xmlns="http://www.hazelcast.com/schema/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
 	<group>
-		<name>orientdb</name>
-		<password>orientdb</password>
+		<name>{{ orientdb_hazelcast_group_name }}</name>
+		<password>{{ orientdb_hazelcast_group_password }}</password>
 	</group>
 	<network>
 		<port auto-increment="true">2434</port>
 		<join>
-			<multicast enabled="true">
-				<multicast-group>235.1.1.1</multicast-group>
-				<multicast-port>2434</multicast-port>
+			<multicast enabled="{{ orientdb_hazelcast_multicast_enabled | ternary('true','false') }}">
+				<multicast-group>{{ orientdb_hazelcast_multicast_group }}</multicast-group>
+				<multicast-port>{{ orientdb_hazelcast_multicast_port }}</multicast-port>
 			</multicast>
 		</join>
+        {% if orientbd_hazelcast_encryption %}
+        <symmetric-encryption enabled="true">
+            <algorithm>Blowfish</algorithm>
+            <salt>{{ orientdb_hazelcast_salt }}</salt>
+            <password>{{ orientdb_hazelcast_pwd }}</password>
+            <iteration-count>19</iteration-count>
+        </symmetric-encryption>
+        {% endif %}
 	</network>
 	<executor-service>
 		<pool-size>16</pool-size>
diff --git a/orientdb/templates/orientdb-server-config.xml.j2 b/orientdb/templates/orientdb-server-config.xml.j2
index f028f9a..bbc1583 100644
--- a/orientdb/templates/orientdb-server-config.xml.j2
+++ b/orientdb/templates/orientdb-server-config.xml.j2
@@ -9,7 +9,12 @@
         </handler>
         <handler class="com.orientechnologies.orient.server.hazelcast.OHazelcastPlugin">
             <parameters>
-                <parameter value="${distributed}" name="enabled"/>
+              {% if orientdb_distributed %}
+                <parameter value="true" name="enabled"/>
+                {% else %}
+                <parameter value="false" name="enabled"/>
+                {% endif %}
+                <parameter value="nodeName" name="{{ ansible_fqdn }}"/>
                 <parameter value="${ORIENTDB_HOME}/config/default-distributed-db-config.json" name="configuration.db.default"/>
                 <parameter value="${ORIENTDB_HOME}/config/hazelcast.xml" name="configuration.hazelcast"/>
             </parameters>
@@ -59,8 +64,8 @@
             <protocol implementation="com.orientechnologies.orient.server.network.protocol.http.ONetworkProtocolHttpDb" name="http"/>
         </protocols>
         <listeners>
-            <listener protocol="binary" socket="default" port-range="2424-2430" ip-address="0.0.0.0"/>
-            <listener protocol="http" socket="default" port-range="2480-2490" ip-address="0.0.0.0">
+            <listener protocol="binary" socket="default" port-range="{{ orientdb_binary_protocol_lower_port }}-{{ orientdb_binary_protocol_higher_port }}" ip-address="0.0.0.0"/>
+            <listener protocol="http" socket="default" port-range="{{ orientdb_http_protocol_lower_port }}-{{ orientdb_http_protocol_higher_port }}" ip-address="0.0.0.0">
                 <commands>
                     <command implementation="com.orientechnologies.orient.server.network.protocol.http.command.get.OServerCommandGetStaticContent" pattern="GET|www GET|studio/ GET| GET|*.htm GET|*.html GET|*.xml GET|*.jpeg GET|*.jpg GET|*.png GET|*.gif GET|*.js GET|*.css GET|*.swf GET|*.ico GET|*.txt GET|*.otf GET|*.pjs GET|*.svg GET|*.json GET|*.woff GET|*.woff2 GET|*.ttf GET|*.svgz" stateful="false">
                         <parameters>
@@ -79,13 +84,18 @@
     </network>
     <storages/>
     <users>
-        <user resources="*" password="iePoog9o" name="root"/>
-        <user resources="connect,server.listDatabases,server.dblist" password="{PBKDF2WithHmacSHA256}0F37A00B86DCF9F3B76D38ACE382F41D28C881C1F6628CC7:C9FBA67AE4A549B5E6F25D14350FDAE712B37B870C9DE697:65536" name="guest"/>
+        <user resources="*" password="{{ orientdb_root_pwd }}" name="root"/>
     </users>
     <properties>
         <entry value="1" name="db.pool.min"/>
         <entry value="50" name="db.pool.max"/>
         <entry value="true" name="profiler.enabled"/>
+        <entry value="{{ orientdb_data_dir }}" name="server.database.path" />
     </properties>
+    <hooks>
+      {% for class in orientdb_hooks_classes %}
+      <hook class="{{ class.name }}" position="{{ class.position }}"/>
+      {% endfor %}
+    </hooks>
     <isAfterFirstTime>true</isAfterFirstTime>
 </orient-server>
diff --git a/orientdb/templates/orientdb-server-log.properties.j2 b/orientdb/templates/orientdb-server-log.properties.j2
index 25190bc..6539fd0 100644
--- a/orientdb/templates/orientdb-server-log.properties.j2
+++ b/orientdb/templates/orientdb-server-log.properties.j2
@@ -24,19 +24,19 @@
 handlers = java.util.logging.ConsoleHandler, java.util.logging.FileHandler
 
 # Set the default logging level for the root logger
-.level = INFO
-com.orientechnologies.level = INFO
-com.orientechnologies.orient.server.distributed.level = INFO
+.level = {{ orientdb_log_level }}
+com.orientechnologies.level = {{ orientdb_log_level }}
+com.orientechnologies.orient.server.distributed.level = {{ orientdb_log_level }}
 
 # Set the default logging level for new ConsoleHandler instances
-java.util.logging.ConsoleHandler.level = INFO
+java.util.logging.ConsoleHandler.level = {{ orientdb_log_level }}
 # Set the default formatter for new ConsoleHandler instances
 java.util.logging.ConsoleHandler.formatter = com.orientechnologies.common.log.OAnsiLogFormatter
 
 # Set the default logging level for new FileHandler instances
-java.util.logging.FileHandler.level = INFO
+java.util.logging.FileHandler.level = {{ orientdb_log_level }}
 # Naming style for the output file
-java.util.logging.FileHandler.pattern=../log/orient-server.log
+java.util.logging.FileHandler.pattern={{ orientdb_log_dir }}/orient-server.log
 # Set the default formatter for new FileHandler instances
 java.util.logging.FileHandler.formatter = com.orientechnologies.common.log.OLogFormatter
 # Limiting size of output file in bytes: