From 3d5a984427d5ef79d49a44dfb13b9ebea9299672 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@sevenseas.org>
Date: Wed, 25 Nov 2015 16:56:39 +0100
Subject: [PATCH] d4science-ghn-cluster: couchdb: authentication data to
 support the couchdb ganglia plugin
 d4science-ghn-cluster/group_vars/egi_smartexecutor: Install a nginx proxy in
 front of tomcat d4science-ghn-cluster/group_vars/ghn_smartgears_prod: Install
 the gcube keys. Get them from the workspace. library/roles/couchdb: Support
 ganglia and the installation of a specific ganglia plugin.
 library/roles/tomcat-multiple-instances/defaults/main.yml: Fix the jmx
 options.
 dnet-openaire/host_vars/node6.t.openaire.research-infrastructures.eu: jmx
 rules for tomcat and iptables.

---
 couchdb/defaults/main.yml                   |  3 +++
 couchdb/files/couchdb.py                    | 18 +++++++++++++++---
 couchdb/tasks/ganglia-plugin.yml            |  8 ++++----
 couchdb/templates/couchdb.pyconf.j2         | 16 ++++++++++++++++
 tomcat-multiple-instances/defaults/main.yml |  2 +-
 5 files changed, 39 insertions(+), 8 deletions(-)

diff --git a/couchdb/defaults/main.yml b/couchdb/defaults/main.yml
index d984f65c..197b1d83 100644
--- a/couchdb/defaults/main.yml
+++ b/couchdb/defaults/main.yml
@@ -69,4 +69,7 @@ couchdb_replicator_options:
 
 ganglia_enabled: False
 couchdb_ganglia_url: http://localhost:5984/_stats
+# If set, http basic auth is used for the connection
+#couchdb_ganglia_url_username: '{{ couchdb_ganglia_user}}'
+#couchdb_ganglia_url_password: '{{ couchdb_ganglia_user_pwd }}'
 couchdb_ganglia_refresh_rate: 60
diff --git a/couchdb/files/couchdb.py b/couchdb/files/couchdb.py
index 21589f8b..35a41ab3 100644
--- a/couchdb/files/couchdb.py
+++ b/couchdb/files/couchdb.py
@@ -26,6 +26,8 @@ class UpdateCouchdbThread(threading.Thread):
         self.metrics = {}
         self.settings = {}
         self.stats_url = params['stats_url']
+        self.stats_url_username = params['stats_url_username']
+        self.stats_url_password = params['stats_url_password']
         self._metrics_lock = threading.Lock()
         self._settings_lock = threading.Lock()
 
@@ -47,15 +49,21 @@ class UpdateCouchdbThread(threading.Thread):
         self.running = False
 
     @staticmethod
-    def _get_couchdb_stats(url, refresh_rate):
+    def _get_couchdb_stats(url, username, password, refresh_rate):
         if refresh_rate == 60 or refresh_rate == 300 or refresh_rate == 900:
             url += '?range=' + str(refresh_rate)
         else:
             logging.warning('The specified refresh_rate of %d is invalid and has been substituted with 60!' % refresh_rate)
             url += '?range=60'
 
+        if username != "":
+            passman = urllib2.HTTPPasswordMgrWithDefaultRealm()
+            passman.add_password(None, url, username, password)
+            urllib2.install_opener(urllib2.build_opener(urllib2.HTTPBasicAuthHandler(passman)))
+
+        request = urllib2.Request(url)
         # Set time out for urlopen to 2 seconds otherwise we run into the possibility of hosing gmond
-        c = urllib2.urlopen(url, None, 2)
+        c = urllib2.urlopen(request, None, 2)
         json_data = c.read()
         c.close()
 
@@ -87,7 +95,7 @@ class UpdateCouchdbThread(threading.Thread):
 
         try:
             logging.debug(' opening URL: ' + str(self.stats_url))
-            data = UpdateCouchdbThread._get_couchdb_stats(self.stats_url, self.refresh_rate)
+            data = UpdateCouchdbThread._get_couchdb_stats(self.stats_url, self.stats_url_username, self.stats_url_password, self.refresh_rate)
         except:
             logging.warning('error refreshing metrics')
             logging.warning(traceback.print_exc(file=sys.stdout))
@@ -289,6 +297,8 @@ if __name__ == '__main__':
         logging.debug('running from the cmd line')
         parser = OptionParser()
         parser.add_option('-u', '--URL', dest='stats_url', default='http://127.0.0.1:5984/_stats', help='URL for couchdb stats page')
+        parser.add_option('-U', '--user', dest='stats_url_username', default='')
+        parser.add_option('-P', '--password', dest='stats_url_password', default='')
         parser.add_option('-q', '--quiet', dest='quiet', action='store_true', default=False)
         parser.add_option('-r', '--refresh-rate', dest='refresh_rate', default=60)
         parser.add_option('-d', '--debug', dest='debug', action='store_true', default=False)
@@ -297,6 +307,8 @@ if __name__ == '__main__':
 
         descriptors = metric_init({
             'stats_url': options.stats_url,
+            'stats_url_username': options.stats_url_username,
+            'stats_url_password': options.stats_url_password,
             'refresh_rate': options.refresh_rate
         })
 
diff --git a/couchdb/tasks/ganglia-plugin.yml b/couchdb/tasks/ganglia-plugin.yml
index 3d1f4460..5c9a0f7b 100644
--- a/couchdb/tasks/ganglia-plugin.yml
+++ b/couchdb/tasks/ganglia-plugin.yml
@@ -3,11 +3,11 @@
 # The ganglia plugin comes from https://github.com/ganglia/gmond_python_modules
 #
 - name: Install the ganglia plugin for Couchdb
-  copy: src=couchdb.py dest=/usr/lib/ganglia/python_modules/couchdb.py owner=root group=root mode=0644
+  copy: src=couchdb.py dest=/usr/lib/ganglia/python_modules/couchdb.py owner=root group=root mode=0444
   notify: Restart ganglia monitor
-  tags: ganglia
+  tags: [ 'ganglia', 'couchdb' ]
 
 - name: Distribute the ganglia (gmond) configuration for the Couchdb plugin
-  template: src=couchdb.pyconf.j2 dest=/etc/ganglia/conf.d/couchdb.pyconf owner=root group=root mode=444
+  template: src=couchdb.pyconf.j2 dest=/etc/ganglia/conf.d/couchdb.pyconf owner=root group=ganglia mode=0440
   notify: Restart ganglia monitor
-  tags: ganglia
+  tags: [ 'ganglia', 'couchdb' ]
diff --git a/couchdb/templates/couchdb.pyconf.j2 b/couchdb/templates/couchdb.pyconf.j2
index 83e8905a..5836a6a3 100644
--- a/couchdb/templates/couchdb.pyconf.j2
+++ b/couchdb/templates/couchdb.pyconf.j2
@@ -9,6 +9,22 @@ modules {
       value = '{{ couchdb_ganglia_url }}'
     }
 
+    param stats_url_username {
+{% if couchdb_ganglia_url_username is defined %}
+      value = '{{ couchdb_ganglia_url_username }}'
+{% else %}
+      value = ''
+{% endif %}
+    }
+
+    param stats_url_password {
+{% if couchdb_ganglia_url_password is defined %}
+      value = '{{ couchdb_ganglia_url_password }}'
+{% else %}
+      value = ''
+{% endif %}
+    }
+
     param refresh_rate {
       value = '{{ couchdb_ganglia_refresh_rate }}'
     }
diff --git a/tomcat-multiple-instances/defaults/main.yml b/tomcat-multiple-instances/defaults/main.yml
index 683c5c25..d88f1b4f 100644
--- a/tomcat-multiple-instances/defaults/main.yml
+++ b/tomcat-multiple-instances/defaults/main.yml
@@ -51,5 +51,5 @@ tomcat_m_jmx_localhost_only: False
 # This is only an example. Insert a line for each tomcat instance. 'app_contexts' can be used to automatically configure apache or nginx virtualhost http/ajp proxy
 #
 #tomcat_m_instances:
-#  - {  http_enabled: True, http_port: '8180', http_address: '0.0.0.0', ajp_enabled: False, ajp_port: '8109', ajp_address: '127.0.0.1', restart_timeout: '{{ tomcat_m_restart_timeout }}', shutdown_port: '8105', java_home: '{{ jdk_java_home }}', user: '{{ tomcat_m_default_user }}', user_home: '{{ tomcat_m_instances_base_path }}', user_shell: '{{ tomcat_m_default_user_shell }}', instance_path: '{{ tomcat_m_instances_base_path }}/8180', max_threads: '{{ tomcat_m_max_threads }}', autodeploy: '{{ tomcat_m_webapps_autodeploy }}', unpack: '{{ tomcat_m_webapps_unpack }}', install_server_xml: True, default_conf: True, java_opts: '{{ tomcat_m_java_opts }}', java_gc_opts: '{{ tomcat_m_java_gc_opts }}', other_java_opts: '{{ tomcat_m_other_java_opts }}', jmx_enabled: '{{ tomcat_m_jmx_enabled }}', jmx_auth_enabled: '{{ tomcat_m_jmx_auth_enabled }}', jmx_auth_dir: '{{ tomcat_m_instances_base_path }}/8180/conf', jmx_port: '8182', jmx_monitorpass: '{{ set_in_a_vault_file }}', jmx_controlpass: '{{ set_in_a_vault_file }}', remote_debugging: '{{ tomcat_m_enable_remote_debugging }}', remote_debugging_port: '8100', access_log_enabled: True, log_rotation_freq: daily, log_retain: 30, allowed_hosts: [ 'xxx.xxx.xxx.xxx/32', 'yyy.yyy.yyy.yyy/32' ], app_contexts: [ 'app1', 'app2' ] }
+#  - {  http_enabled: True, http_port: '8180', http_address: '0.0.0.0', ajp_enabled: False, ajp_port: '8109', ajp_address: '127.0.0.1', restart_timeout: '{{ tomcat_m_restart_timeout }}', shutdown_port: '8105', java_home: '{{ jdk_java_home }}', user: '{{ tomcat_m_default_user }}', user_home: '{{ tomcat_m_instances_base_path }}', user_shell: '{{ tomcat_m_default_user_shell }}', instance_path: '{{ tomcat_m_instances_base_path }}/8180', max_threads: '{{ tomcat_m_max_threads }}', autodeploy: '{{ tomcat_m_webapps_autodeploy }}', unpack: '{{ tomcat_m_webapps_unpack }}', install_server_xml: True, default_conf: True, java_opts: '{{ tomcat_m_java_opts }}', java_gc_opts: '{{ tomcat_m_java_gc_opts }}', other_java_opts: '{{ tomcat_m_other_java_opts }}', jmx_enabled: '{{ tomcat_m_jmx_enabled }}', jmx_disable_additional_ports: '{{ tomcat_m_jmx_disable_additional_ports }}', jmx_auth_enabled: '{{ tomcat_m_jmx_auth_enabled }}', jmx_auth_dir: '{{ tomcat_m_instances_base_path }}/8180/conf', jmx_port: '8182', jmx_monitorpass: '{{ set_in_a_vault_file }}', jmx_controlpass: '{{ set_in_a_vault_file }}', remote_debugging: '{{ tomcat_m_enable_remote_debugging }}', remote_debugging_port: '8100', access_log_enabled: True, log_rotation_freq: daily, log_retain: 30, allowed_hosts: [ 'xxx.xxx.xxx.xxx/32', 'yyy.yyy.yyy.yyy/32' ], app_contexts: [ 'app1', 'app2' ] }