diff --git a/testservice/.gitignore b/testservice/.gitignore new file mode 100644 index 00000000000..d392f0e82c4 --- /dev/null +++ b/testservice/.gitignore @@ -0,0 +1 @@ +*.jar diff --git a/testservice/Dockerfile b/testservice/Dockerfile new file mode 100644 index 00000000000..1ab87a23abc --- /dev/null +++ b/testservice/Dockerfile @@ -0,0 +1,21 @@ +FROM --platform=linux/amd64 eclipse-temurin:17-jdk + +# disable prompts from the txdata +ENV DEBIAN_FRONTEND=noninteractive + +RUN apt-get update && apt-get install -y \ + build-essential \ + cargo \ + gcc \ + software-properties-common \ + unzip \ + clang \ + curl \ + && rm -rf /var/lib/apt/lists/* + +WORKDIR /app + +COPY . . + +RUN ./gradlew clean +RUN ./gradlew :testservice:shadowJar diff --git a/testservice/Jenkinsfile b/testservice/Jenkinsfile index 3b2520fa9b4..6221568dfa1 100644 --- a/testservice/Jenkinsfile +++ b/testservice/Jenkinsfile @@ -37,28 +37,14 @@ pipeline { expression { return sh(returnStdout: true, script: 'uname -s').contains('Linux') } } steps { - // Remove old files - sh "rm -rf ${HOME}/.testservice/" - sh "mkdir -p ${HOME}/.config/systemd/user/" - sh """printf \\ -'[Unit] -Description=kalium-testservice -After=network.target -[Service] -LimitNOFILE=infinity -LimitNPROC=infinity -LimitCORE=infinity -TimeoutStartSec=8 -WorkingDirectory=${WORKSPACE} -Environment="PATH=/usr/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin" -ExecStart=java -Djava.library.path=${WORKSPACE}/native/libs/ -jar ${WORKSPACE}/testservice/build/libs/testservice-0.0.1-SNAPSHOT-all.jar server ${WORKSPACE}/testservice/config.yml -Restart=always -[Install] -WantedBy=default.target -' \\ -> ${HOME}/.config/systemd/user/kalium-testservice.service""" - sh 'systemctl --user daemon-reload' - sh 'systemctl --user restart kalium-testservice' + ansiblePlaybook( + credentialsId: 'callingservice_debian', + disableHostKeyChecking: true, + forks: 2, + inventory: 'ansible/hosts.ini', + playbook: 'ansible/site.yml', + extras: '-verbose' + ) } } stage('Deploy on macOS') { diff --git a/testservice/README.md b/testservice/README.md index 11086a21535..5341086fbcf 100644 --- a/testservice/README.md +++ b/testservice/README.md @@ -24,41 +24,20 @@ java -jar testservice/build/libs/testservice-*-all.jar server testservice/config ## Installation -### Linux - -Create log directory and give it the right user permissions: -``` -mkdir -p /var/log/kalium-testservice -chmod : /var/log/kalium-testservice -``` - -Install systemd service as user: -``` -mkdir -p ${HOME}/.config/systemd/user/ +Build inside container: +```shell +docker build --platform linux/arm64 -t testservice_build_env -f testservice/Dockerfile . +docker create --name temp_container testservice_build_env +docker cp temp_container:/app/testservice/build/libs/testservice-0.0.1-SNAPSHOT-all.jar ./testservice/testservice-0.0.1-SNAPSHOT-all.jar +(optional) docker cp temp_container:/app/native/libs ./native/ +docker rm temp_container ``` -Create file `${HOME}/.config/systemd/user/kalium-testservice.service` with following content: -``` -[Unit] -Description=kalium-testservice -After=network.target -[Service] -LimitNOFILE=infinity -LimitNPROC=infinity -LimitCORE=infinity -TimeoutStartSec=8 -WorkingDirectory=${WORKSPACE} -Environment="PATH=/usr/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin" -ExecStart=java -Djava.library.path=${WORKSPACE}/native/libs/ -jar ${WORKSPACE}/testservice/build/libs/testservice-0.0.1-SNAPSHOT-all.jar server ${WORKSPACE}/testservice/config.yml -Restart=always -[Install] -WantedBy=default.target -``` +Run Ansible script with: -Restart service: -``` -systemctl --user daemon-reload -systemctl --user restart kalium-testservice +```shell +cd testservice/ansible +ansible-playbook -i hosts.ini site.yml --diff ``` ## Random number generation diff --git a/testservice/ansible/README.md b/testservice/ansible/README.md new file mode 100644 index 00000000000..ede60a897a6 --- /dev/null +++ b/testservice/ansible/README.md @@ -0,0 +1,5 @@ +# Ansible playbook for kalium testservice + +Execute with: `ansible-playbook -i hosts.ini site.yml --diff` + +Run only on individual nodes: `ansible-playbook -i hosts.ini -l node018 site.yml --diff` diff --git a/testservice/ansible/hosts.ini b/testservice/ansible/hosts.ini new file mode 100644 index 00000000000..19dd0f1fd6e --- /dev/null +++ b/testservice/ansible/hosts.ini @@ -0,0 +1,2 @@ +[node018] +192.168.2.18 diff --git a/testservice/ansible/roles/common/files/20auto-upgrades b/testservice/ansible/roles/common/files/20auto-upgrades new file mode 100644 index 00000000000..ffe520844e6 --- /dev/null +++ b/testservice/ansible/roles/common/files/20auto-upgrades @@ -0,0 +1,4 @@ +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Unattended-Upgrade "1"; +APT::Periodic::AutocleanInterval "7"; +Unattended-Upgrade::OnlyOnACPower "false"; diff --git a/testservice/ansible/roles/common/handlers/main.yml b/testservice/ansible/roles/common/handlers/main.yml new file mode 100644 index 00000000000..eb060cc6142 --- /dev/null +++ b/testservice/ansible/roles/common/handlers/main.yml @@ -0,0 +1,5 @@ +- name: "Restart sshd" + service: + name: ssh + state: restarted + diff --git a/testservice/ansible/roles/common/tasks/main.yml b/testservice/ansible/roles/common/tasks/main.yml new file mode 100644 index 00000000000..68067279dcc --- /dev/null +++ b/testservice/ansible/roles/common/tasks/main.yml @@ -0,0 +1,37 @@ +- name: Update package repository + when: + - ansible_facts['distribution'] == "Debian" + apt: + update_cache: true + +- name: Install java and other useful packages + when: + - ansible_facts['distribution'] == "Debian" + package: + name: + - openjdk-17-jre-headless + - vim + - curl + - jq + - git + - intel-microcode + - unattended-upgrades + state: present + +- name: Disallow SSH root login + lineinfile: + dest: /etc/ssh/sshd_config + regexp: "^PermitRootLogin" + line: "PermitRootLogin no" + state: present + validate: sshd -t -f %s + notify: + - Restart sshd + +- name: Configure unattended upgrades + copy: + src: 20auto-upgrades + dest: /etc/apt/apt.conf.d/20auto-upgrades + mode: 0644 + owner: root + group: root diff --git a/testservice/ansible/roles/kalium-testservice/files/kalium-testservice.service b/testservice/ansible/roles/kalium-testservice/files/kalium-testservice.service new file mode 100644 index 00000000000..9508696434a --- /dev/null +++ b/testservice/ansible/roles/kalium-testservice/files/kalium-testservice.service @@ -0,0 +1,18 @@ +[Unit] +Description=kalium-testservice +After=network.target + +[Service] +User=kalium +Group=kalium +LimitNOFILE=infinity +LimitNPROC=infinity +LimitCORE=infinity +TimeoutStartSec=8 +WorkingDirectory=/usr/local/kalium-testservice +Environment="PATH=/usr/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin" +ExecStart=java -Djava.library.path=/usr/local/kalium-testservice/native/libs/ -jar /usr/local/kalium-testservice/testservice.jar server /usr/local/kalium-testservice/config.yml +Restart=always + +[Install] +WantedBy=default.target diff --git a/testservice/ansible/roles/kalium-testservice/tasks/main.yml b/testservice/ansible/roles/kalium-testservice/tasks/main.yml new file mode 100644 index 00000000000..9038ad1e88e --- /dev/null +++ b/testservice/ansible/roles/kalium-testservice/tasks/main.yml @@ -0,0 +1,88 @@ +- name: Install java and other useful packages + when: + - ansible_facts['distribution'] == "Debian" + package: + name: + - haveged + - openjdk-17-jre-headless + - libc6 + state: present + +- name: Enable service for random number generation + systemd: + name: haveged + daemon_reload: true + enabled: true + state: restarted + +- name: Create user account + user: + name: kalium + shell: /bin/bash + state: present + groups: audio, video + +- name: Ensure logs directory exists + file: + path: /var/log/kalium-testservice/ + state: directory + owner: kalium + group: kalium + mode: '0755' + +- name: Create directory for runtime files + file: + path: /usr/local/kalium-testservice/ + state: directory + owner: kalium + group: kalium + mode: '0755' + +- name: Deploy config + copy: + src: ../config.yml + dest: /usr/local/kalium-testservice/config.yml + owner: kalium + group: kalium + mode: '0644' + +# Native libraries are not external anymore with core crypto +#- name: Create directory for native libs +# file: +# path: /usr/local/kalium-testservice/native/libs/ +# state: directory +# owner: kalium +# group: kalium +# mode: '0755' +# +#- name: Deploy native libraries +# copy: +# src: ../../native/libs/ +# dest: /usr/local/kalium-testservice/native/libs/ +# owner: kalium +# group: kalium +# mode: '0644' + +- name: Deploy jar + copy: + src: ../testservice-0.0.1-SNAPSHOT-all.jar + dest: /usr/local/kalium-testservice/testservice.jar + owner: kalium + group: kalium + mode: '0644' + +- name: Deploy service + copy: + src: kalium-testservice.service + dest: /etc/systemd/system/kalium-testservice.service + owner: kalium + group: kalium + mode: '0644' + +- name: Enable and start service + systemd: + name: kalium-testservice + daemon_reload: true + enabled: true + state: restarted + diff --git a/testservice/ansible/site.yml b/testservice/ansible/site.yml new file mode 100644 index 00000000000..821850d487a --- /dev/null +++ b/testservice/ansible/site.yml @@ -0,0 +1,13 @@ +- hosts: all + become: yes + become_user: root + gather_facts: yes + roles: + - role: common + +- hosts: node018 + become: yes + become_user: root + gather_facts: yes + roles: + - role: kalium-testservice diff --git a/testservice/src/main/kotlin/com/wire/kalium/testservice/managed/InstanceService.kt b/testservice/src/main/kotlin/com/wire/kalium/testservice/managed/InstanceService.kt index 51e593d62e0..cb226369c01 100644 --- a/testservice/src/main/kotlin/com/wire/kalium/testservice/managed/InstanceService.kt +++ b/testservice/src/main/kotlin/com/wire/kalium/testservice/managed/InstanceService.kt @@ -145,6 +145,7 @@ class InstanceService( File.separator + ".testservice" + File.separator + instanceId log.info("Instance $instanceId: Creating $instancePath") val kaliumConfigs = KaliumConfigs( + encryptProteusStorage = true, developmentApiEnabled = instanceRequest.developmentApiEnabled ?: false ) val coreLogic = CoreLogic(instancePath, kaliumConfigs, userAgent)