Story #13302: Added ability to select Vitam's components to deploy in…

… legacy mode
ProgrammeVitam · Oct 7, 2024 · 823f2f7 · 823f2f7
1 parent 4cfb5f7
commit 823f2f7
Show file tree

Hide file tree

Showing 8 changed files with 70 additions and 7 deletions.
diff --git a/Jenkinsfile.containers b/Jenkinsfile.containers
@@ -16,6 +16,7 @@ pipeline {
         SERVICE_DOCKER_PUSH_URL=credentials("SERVICE_DOCKER_PUSH_URL")
         SERVICE_REPOSITORY_URL=credentials("service-repository-url")
         GITHUB_ACCOUNT_TOKEN = credentials("vitam-prg-token")
+        JAVA_HOME="/usr/lib/jvm/java-17-openjdk-amd64"
     }
 
     stages {
@@ -25,7 +26,7 @@ pipeline {
                 [$class: 'UsernamePasswordMultiBinding', credentialsId: 'app-jenkins',usernameVariable: 'CI_USR', passwordVariable: 'CI_PSW'],
                 string(credentialsId: "service-nexus-url", variable: 'SERVICE_NEXUS_URL')
                 ]) {
-                sh 'mvn --settings .ci/settings.xml install -Djib.skip=false -DskipTests=true --show-version --batch-mode --errors -fn -DinstallAtEnd=true -DdeployAtEnd=true package -Pvitam -Djacoco.skip=true -DskipAllFrontend=true -DskipAllFrontendTests=true -Dlicense.skip=true -Djib.to.auth.username=$CI_USR -Djib.to.auth.password=$CI_PSW -pl "!cots/vitamui-mongo-express" -Denv.SERVICE_NEXUS_URL=$SERVICE_NEXUS_URL -DsendCredentialsOverHttp=true'
+                sh 'mvn --settings .ci/settings.xml install -U -Djib.skip=false -DskipTests=true --show-version --batch-mode --errors -fn -DinstallAtEnd=true -DdeployAtEnd=true package -Pvitam -Djacoco.skip=true -DskipAllFrontend=true -DskipAllFrontendTests=true -Dlicense.skip=true -Djib.to.auth.username=$CI_USR -Djib.to.auth.password=$CI_PSW -pl "!cots/vitamui-mongo-express" -Denv.SERVICE_NEXUS_URL=$SERVICE_NEXUS_URL -DsendCredentialsOverHttp=true'
                 }
             }
         }
@@ -79,7 +80,7 @@ pipeline {
                         sh "docker pull $image"
 
                         // Run Trivy scan
-                        sh "trivy image $image --ignore-unfixed --vuln-type os,library --format template --template '@html.tpl' -o reports/${imageName}-scan.html"
+                        sh "trivy image $image --ignore-unfixed --vuln-type os,library --format template --template '@html.tpl' -o reports/${imageName}-scan.html || true"
 
                         // Publish HTML report
                         publishHTML target: [

diff --git a/deployment/roles/consul/templates/vitam-container-consul.service.j2 b/deployment/roles/consul/templates/vitam-container-consul.service.j2
@@ -16,7 +16,7 @@ ExecStart=/usr/bin/docker run --rm --net=host -e 'CONSUL_ALLOW_PRIVILEGED_PORTS=
         -v "/vitam/script/consul:/vitam/script/consul" \
         -v "/vitam/data/consul:/consul/data" \
         -v "/vitam/tmp/consul:/vitam/tmp/consul" \
-        {{ container_repository.registry_url }}/vitam-external/hashicorp/consul:{{ consul_version }}
+        {{ container_repository.registry_url }}/vitam-external/hashicorp/consul:{{ consul_version }} {{ 'agent ' if inventory_hostname not in groups['hosts_vitamui_consul_server'] }}
 
 ExecStop=/usr/bin/docker stop -t 85 vitam-consul
 ExecRestart=/usr/bin/docker restart -t 85 vitam-consul

diff --git a/deployment/roles/docker/tasks/Debian.yml b/deployment/roles/docker/tasks/Debian.yml
@@ -23,6 +23,11 @@
   environment:
     https_proxy: "{{ http_proxy_environnement }}"
     http_proxy:  "{{ http_proxy_environnement }}"
+  when: http_proxy_environnement is defined and http_proxy_environnement != ""
+
+- name: add GPG docker repo key
+  shell: "curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -"
+  when: http_proxy_environnement is not defined or http_proxy_environnement == ""
 
 - name: install apt-transport-https as Docker repository is https
   package:

diff --git a/deployment/roles/filebeat/defaults/main.yml b/deployment/roles/filebeat/defaults/main.yml
@@ -1,5 +1,8 @@
 ---
 
+filebeat_version: "{{ filebeat.version | default('8.14.3') }}"
+filebeat_package: "filebeat{{ '=' if ansible_os_family == 'Debian' else '-' }}{{ filebeat_version }}"
+
 filebeat_processors:
   processors:
     - add_host_metadata:

diff --git a/deployment/roles/filebeat/tasks/add_inputs.yml b/deployment/roles/filebeat/tasks/add_inputs.yml
@@ -1,10 +1,10 @@
 ---
 
-- name: Create input.d folder
+- name: Create inputs.d folder
   file:
     path: /etc/filebeat/inputs.d
     state: directory
-    mode: 0755
+    mode: "{{ vitam_defaults.folder.folder_permission }}"
   notify: "filebeat - restart service"
 
 - set_fact:

diff --git a/deployment/roles/filebeat/tasks/add_modules.yml b/deployment/roles/filebeat/tasks/add_modules.yml
@@ -1,5 +1,13 @@
 ---
 
+- name: Create modules.d folder
+  file:
+    path: "/etc/filebeat/modules.d"
+    state: directory
+    mode: "{{ vitam_defaults.folder.folder_permission }}"
+  notify: "filebeat - restart service"
+  when: install_mode == "container"
+
 - name: Add reverse filebeat module
   template:
     src: modules/{{ reverse | default('nginx') | lower }}.yml.j2

diff --git a/deployment/roles/filebeat/tasks/install.yml b/deployment/roles/filebeat/tasks/install.yml
@@ -1,10 +1,29 @@
 ---
 
-- name: Install Filebeat
+- name: "Install {{ filebeat_package }} package"
   package:
-    name: filebeat
+    name: "{{ filebeat_package }}"
     state: latest
   notify: "filebeat - restart service"
+  when: install_mode != "container"
+
+- name: Ensure Filebeat directory exist
+  file:
+    path: "/etc/filebeat"
+    state: directory
+    mode: "{{ vitam_defaults.folder.folder_permission }}"
+  notify: "filebeat - restart service"
+  when: install_mode == "container"
+
+- name: "Deploy systemd service file for filebeat"
+  template:
+    src: "filebeat.service.j2"
+    dest: "{{ '/lib/systemd/system' if ansible_os_family == 'Debian' else '/usr/lib/systemd/system' }}/filebeat.service"
+    owner: root
+    group: root
+    mode: "0644"
+  notify: "filebeat - restart service"
+  when: install_mode == "container"
 
 - name: Add Filebeat config file
   template:

diff --git a/deployment/roles/filebeat/templates/filebeat.service.j2 b/deployment/roles/filebeat/templates/filebeat.service.j2
@@ -0,0 +1,27 @@
+[Unit]
+Description=filebeat
+Documentation=http://www.elastic.co
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+Restart=always
+Environment="CONTAINER_NAME=filebeat"
+ExecStartPre=-/usr/bin/docker rm -f filebeat
+ExecStart=/usr/bin/docker run --rm \
+  --name filebeat \
+  --user=root \
+  --volume="/etc/filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml:rw" \
+  --volume="/etc/filebeat/modules.d:/usr/share/filebeat/modules.d:rw" \
+  --volume="/etc/filebeat/inputs.d:/usr/share/filebeat/inputs.d:rw" \
+  --volume="/vitam:/vitam:rw" \
+  --volume="/vitamui:/vitamui:rw" \
+  --volume="/var/lib/docker/containers:/var/lib/docker/containers:ro" \
+  --volume="/var/run/docker.sock:/var/run/docker.sock:ro" \
+  {{ container_repository.registry_url }}/vitam-external/elastic/filebeat:{{ filebeat_version }} \
+  -e --strict.perms=false
+
+ExecStop=/usr/bin/docker stop filebeat
+
+[Install]
+WantedBy=multi-user.target