From 9f740987c419cdfb83dd9ddbbfef1d39a2b2f7c2 Mon Sep 17 00:00:00 2001
From: to-bar <46519524+to-bar@users.noreply.github.com>
Date: Wed, 22 Apr 2020 19:57:16 +0200
Subject: [PATCH 1/5] Start ignite.service after network.target
---
.../ansible/playbooks/roles/ignite/templates/ignite.service.j2 | 1 +
1 file changed, 1 insertion(+)
diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/ignite/templates/ignite.service.j2 b/core/src/epicli/data/common/ansible/playbooks/roles/ignite/templates/ignite.service.j2
index 4fb5bc3042..34c6305a20 100644
--- a/core/src/epicli/data/common/ansible/playbooks/roles/ignite/templates/ignite.service.j2
+++ b/core/src/epicli/data/common/ansible/playbooks/roles/ignite/templates/ignite.service.j2
@@ -1,5 +1,6 @@
[Unit]
Description=Apache Ignite Server
+After=network.target
[Service]
Type=simple
From 60fd09c60fd8c9452f0a4d2096a99c273566c049 Mon Sep 17 00:00:00 2001
From: to-bar <46519524+to-bar@users.noreply.github.com>
Date: Mon, 27 Apr 2020 13:03:09 +0200
Subject: [PATCH 2/5] Install Ignite as Anisble block
---
.../playbooks/roles/ignite/tasks/main.yml | 106 +++++++++---------
1 file changed, 54 insertions(+), 52 deletions(-)
diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/ignite/tasks/main.yml b/core/src/epicli/data/common/ansible/playbooks/roles/ignite/tasks/main.yml
index ce8ffc18a6..b07fb239c4 100644
--- a/core/src/epicli/data/common/ansible/playbooks/roles/ignite/tasks/main.yml
+++ b/core/src/epicli/data/common/ansible/playbooks/roles/ignite/tasks/main.yml
@@ -1,5 +1,4 @@
---
-# tasks file for ignite
- name: Add ignite group
become: yes
group:
@@ -33,60 +32,63 @@
regexp: '^JAVA_HOME='
line: JAVA_HOME="{{ java_home_location.stdout }}"
-- name: Set Apache Ignite file name to install
- set_fact:
- ignite_file_name: "{{ specification.file_name }}"
-
- name: Check if Ignite in current version exists
stat:
- path: /opt/ignite_{{ specification.version }}/bin/ignite.sh
- register: ignite_exists
-
-- name: Download Ignite binaries
- include_role:
- name: download
- tasks_from: download_file
+ path: /opt/ignite # symlink
+ get_attributes: no
+ get_checksum: no
+ get_mime: no
+ register: ignite_dir_stat
+
+- name: Install Ignite binaries
+ when: ignite_dir_stat.stat.lnk_source is not defined
+ or ignite_dir_stat.stat.lnk_source != ignite_dest_path
+ block:
+ - name: Download Ignite binaries
+ include_role:
+ name: download
+ tasks_from: download_file
+ vars:
+ file_name: "{{ ignite_file_name }}"
+
+ - name: Create temp directory
+ file:
+ path: /tmp/ignite_{{ specification.version }}
+ state: directory
+ owner: ignite
+ group: ignite
+
+ - name: Uncompress {{ ignite_file_name }} to temp directory
+ unarchive:
+ remote_src: yes
+ src: "{{ download_directory }}/{{ ignite_file_name }}"
+ dest: /tmp/ignite_{{ specification.version }}
+ owner: ignite
+ group: ignite
+ list_files: yes
+ register: archive_contents
+
+ - name: Create {{ ignite_dest_path }} directory
+ file:
+ path: "{{ ignite_dest_path }}"
+ state: directory
+ owner: ignite
+ group: ignite
+
+ - name: Copy Ignite files from tmp location
+ copy:
+ remote_src: yes
+ src: "/tmp/ignite_{{ specification.version }}/{{ archive_contents.files[0].split('/')[0] }}/"
+ dest: "{{ ignite_dest_path }}"
+
+ - name: Link /opt/ignite to the right version
+ file:
+ src: "{{ ignite_dest_path }}"
+ dest: /opt/ignite
+ state: link
vars:
- file_name: "{{ ignite_file_name }}"
- when: not ignite_exists.stat.exists
-
-- name: Create temp directory
- file:
- path: /tmp/ignite_{{ specification.version }}
- state: directory
- owner: ignite
- group: ignite
-
-- name: Uncompress {{ ignite_file_name }} to temp directory
- unarchive:
- remote_src: yes
- src: "{{ download_directory }}/{{ ignite_file_name }}"
- dest: /tmp/ignite_{{ specification.version }}
- owner: ignite
- group: ignite
- list_files: yes
- register: archive_contents
- when: not ignite_exists.stat.exists
-
-- name: Create /opt/ignite_{{ specification.version }} directory
- file:
- path: /opt/ignite_{{ specification.version }}
- state: directory
- owner: ignite
- group: ignite
-
-- name: Copy Ignite files from tmp location
- copy:
- remote_src: yes
- src: "/tmp/ignite_{{ specification.version }}/{{ archive_contents.files[0].split('/')[0] }}/"
- dest: /opt/ignite_{{ specification.version }}
- when: not ignite_exists.stat.exists
-
-- name: Link /opt/ignite to the right version
- file:
- dest: /opt/ignite
- state: link
- src: /opt/ignite_{{ specification.version }}
+ ignite_file_name: "{{ specification.file_name }}"
+ ignite_dest_path: /opt/ignite_{{ specification.version }}
- name: Copy Ignite enabled plugins
copy:
From 12714cbcb4403249fb7653087ea6a3f2c3d8ad41 Mon Sep 17 00:00:00 2001
From: to-bar <46519524+to-bar@users.noreply.github.com>
Date: Mon, 27 Apr 2020 13:30:29 +0200
Subject: [PATCH 3/5] Reserve ports from ephemeral range
---
.../playbooks/roles/ignite/defaults/main.yml | 5 +++++
.../playbooks/roles/ignite/tasks/main.yml | 20 +++++++++++++++++++
2 files changed, 25 insertions(+)
create mode 100644 core/src/epicli/data/common/ansible/playbooks/roles/ignite/defaults/main.yml
diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/ignite/defaults/main.yml b/core/src/epicli/data/common/ansible/playbooks/roles/ignite/defaults/main.yml
new file mode 100644
index 0000000000..a7d319d544
--- /dev/null
+++ b/core/src/epicli/data/common/ansible/playbooks/roles/ignite/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+ignite_ports_from_ephemeral_range: # strings are required
+ - '47100-47109'
+ - '47500-47509'
+ - '49112'
\ No newline at end of file
diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/ignite/tasks/main.yml b/core/src/epicli/data/common/ansible/playbooks/roles/ignite/tasks/main.yml
index b07fb239c4..43b07debc6 100644
--- a/core/src/epicli/data/common/ansible/playbooks/roles/ignite/tasks/main.yml
+++ b/core/src/epicli/data/common/ansible/playbooks/roles/ignite/tasks/main.yml
@@ -86,10 +86,30 @@
src: "{{ ignite_dest_path }}"
dest: /opt/ignite
state: link
+ register: link_ignite_version
+
vars:
ignite_file_name: "{{ specification.file_name }}"
ignite_dest_path: /opt/ignite_{{ specification.version }}
+- name: Reserve ports from ephemeral range
+ when: link_ignite_version.changed
+ block:
+ - name: Get net.ipv4.ip_local_reserved_ports
+ command: cat /proc/sys/net/ipv4/ip_local_reserved_ports
+ register: ip_local_reserved_ports
+ changed_when: false
+
+ - name: Reserve ports from ephemeral range
+ sysctl:
+ name: net.ipv4.ip_local_reserved_ports
+ value: "{{ (reserved_ports + ignite_ports_from_ephemeral_range) | sort | unique | join(',') }}"
+ sysctl_set: yes
+ state: present
+ reload: yes
+ vars:
+ reserved_ports: "{{ ip_local_reserved_ports.stdout.split(',') | reject('equalto', '') | list }}"
+
- name: Copy Ignite enabled plugins
copy:
remote_src: yes
From 41815e62338d60eccbe84026b70f3cf22da5e532 Mon Sep 17 00:00:00 2001
From: to-bar <46519524+to-bar@users.noreply.github.com>
Date: Mon, 27 Apr 2020 23:17:06 +0200
Subject: [PATCH 4/5] Override function findAvailableJmxPort
---
.../playbooks/roles/ignite/defaults/main.yml | 30 ++++++++++++++++++-
.../playbooks/roles/ignite/tasks/main.yml | 27 ++++++++++++-----
2 files changed, 48 insertions(+), 9 deletions(-)
diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/ignite/defaults/main.yml b/core/src/epicli/data/common/ansible/playbooks/roles/ignite/defaults/main.yml
index a7d319d544..a1fbaa5a85 100644
--- a/core/src/epicli/data/common/ansible/playbooks/roles/ignite/defaults/main.yml
+++ b/core/src/epicli/data/common/ansible/playbooks/roles/ignite/defaults/main.yml
@@ -2,4 +2,32 @@
ignite_ports_from_ephemeral_range: # strings are required
- '47100-47109'
- '47500-47509'
- - '49112'
\ No newline at end of file
+ - '49112'
+
+# The following block is appended to $IGNITE_HOME/bin/include/functions.sh
+block_to_append_to_ignite_functions_script: |
+ #
+ # The function exports JMX_MON variable with Java JMX options.
+ # Overrides original version in order to:
+ # 1) Use fixed ports for JMX (https://github.com/epiphany-platform/epiphany/issues/1181)
+ # 2) Disable direct remote access to unsecured JMX (remote access possible through SSH tunnel)
+ #
+ findAvailableJmxPort() {
+ export IGNITE_JMX_PORT=49112
+
+ JMX_PORT=`"$JAVA" -cp "${IGNITE_LIBS}" org.apache.ignite.internal.util.portscanner.GridJmxPortFinder`
+
+ #
+ # This variable defines parameters for JMX monitoring and management.
+ #
+ if [ -n "$JMX_PORT" ]; then
+ # java.rmi.server.hostname=127.0.0.1 is used to make JMX accessible through SSH tunnel
+ JMX_MON="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=${JMX_PORT} \
+ -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false \
+ -Dcom.sun.management.jmxremote.rmi.port=${JMX_PORT} -Djava.rmi.server.hostname=127.0.0.1"
+ else
+ # If JMX port wasn't found do not initialize JMX.
+ echo "$0, WARN: Failed to resolve JMX host (JMX will be disabled): $HOSTNAME"
+ JMX_MON=""
+ fi
+ }
diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/ignite/tasks/main.yml b/core/src/epicli/data/common/ansible/playbooks/roles/ignite/tasks/main.yml
index 43b07debc6..6b6d32ea5d 100644
--- a/core/src/epicli/data/common/ansible/playbooks/roles/ignite/tasks/main.yml
+++ b/core/src/epicli/data/common/ansible/playbooks/roles/ignite/tasks/main.yml
@@ -26,10 +26,10 @@
changed_when: false
- name: Set JAVA_HOME environment variable for all users
- lineinfile:
- path: /etc/environment
- state: present
- regexp: '^JAVA_HOME='
+ lineinfile:
+ path: /etc/environment
+ state: present
+ regexp: '^JAVA_HOME='
line: JAVA_HOME="{{ java_home_location.stdout }}"
- name: Check if Ignite in current version exists
@@ -58,7 +58,7 @@
owner: ignite
group: ignite
- - name: Uncompress {{ ignite_file_name }} to temp directory
+ - name: Uncompress {{ ignite_file_name }} to temp directory
unarchive:
remote_src: yes
src: "{{ download_directory }}/{{ ignite_file_name }}"
@@ -110,6 +110,17 @@
vars:
reserved_ports: "{{ ip_local_reserved_ports.stdout.split(',') | reject('equalto', '') | list }}"
+- name: Append block to /opt/ignite/bin/include/functions.sh
+ blockinfile:
+ path: /opt/ignite/bin/include/functions.sh
+ marker: "# {mark} ANSIBLE MANAGED BLOCK"
+ insertafter: EOF
+ backup: yes
+ block: "{{ block_to_append_to_ignite_functions_script }}"
+ owner: root
+ group: root
+ mode: u=rwx,g=rx,o=rx
+
- name: Copy Ignite enabled plugins
copy:
remote_src: yes
@@ -154,7 +165,7 @@
- name: Restart Ignite service
become: yes
- systemd:
- name: ignite
- state: restarted
+ systemd:
+ name: ignite
+ state: restarted
when: plugins_installed.changed or ignite_configuration_created.changed
From 59977ae2c2cc4242708a99b1c3866bba123c7a86 Mon Sep 17 00:00:00 2001
From: to-bar <46519524+to-bar@users.noreply.github.com>
Date: Tue, 28 Apr 2020 00:49:57 +0200
Subject: [PATCH 5/5] Limit number of potentially used ports
---
.../common/defaults/configuration/ignite.yml | 30 ++++++++++++++++++-
1 file changed, 29 insertions(+), 1 deletion(-)
diff --git a/core/src/epicli/data/common/defaults/configuration/ignite.yml b/core/src/epicli/data/common/defaults/configuration/ignite.yml
index 1121757781..4223d0a983 100644
--- a/core/src/epicli/data/common/defaults/configuration/ignite.yml
+++ b/core/src/epicli/data/common/defaults/configuration/ignite.yml
@@ -54,7 +54,7 @@ specification:
-
+
@@ -64,7 +64,35 @@ specification:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+