Update to 2021-12-01 19:13

roles/unmaintained/bluemind/defaults/main.yml

@@ -0,0 +1,117 @@
+---
+
+bm_http_ports:
+  - 80
+  - 443
+bm_http_src_ip:
+  - 0.0.0.0/0
+
+bm_imap_ports:
+  - 143
+  - 993
+bm_imap_src_ip:
+  - 0.0.0.0/0
+
+bm_pop_ports:
+  - 110
+  - 995
+bm_pop_src_ip:
+  - 0.0.0.0/0
+
+bm_smtp_ports:
+  - 25
+  - 465
+  - 587
+bm_smtp_src_ip:
+  - 0.0.0.0/0
+
+bm_milter_ports:
+  - 2500
+bm_milter_src:ip: []
+
+bm_int_ports:
+  - 24
+  - 144
+  - 1110
+  - 1143
+  - 2000
+  - 2400
+  - 2500
+  - 4444
+  - 5280
+  - 5290
+  - 5432
+  - '5701:5715'
+  - 8021
+  - 8022
+  - 8079
+  - 8080
+  - 8082
+  - 8084
+  - 8087
+  - 9083
+  - 9086
+  - 9090
+  - 9099
+  - 9200
+  - 9300
+bm_int_src_ip: []
+
+# bm_letsencrypt_cert: bluemind.domain.tld
+
+bm_mem_alloc_base:
+  bm-core:
+    heap: 512
+    direct: 512
+    spare: 20
+  bm-node:
+    heap: 128
+    direct: 128
+    spare: 0
+  bm-eas:
+    heap: 256
+    direct: 128
+    spare: 2
+  bm-mapi:
+    heap: 512
+    direct: 256
+    spare: 10
+  bm-ips:
+    heap: 64
+    direct: 64
+    spare: 0
+  bm-hps:
+    heap: 128
+    direct: 128
+    spare: 0
+  bm-lmtpd:
+    heap: 128
+    direct: 128
+    spare: 0
+  bm-locator:
+    heap: 64
+    direct: 64
+    spare: 0
+  bm-milter:
+    heap: 64
+    direct: 64
+    spare: 0
+  bm-tika:
+    heap: 128
+    direct: 128
+    spare: 0
+  bm-xmpp:
+    heap: 32
+    direct: 32
+    spare: 0
+  bm-ysnp:
+    heap: 64
+    direct: 64
+    spare: 0
+  bm-elasticsearch:
+    heap: 512
+    direct: 512
+    spare: 20
+bm_mem_alloc: {}
+bm_mem_alloc_rules: "{{ bm_mem_alloc_base | combine(bm_mem_alloc, recursive=True) }}"
+

roles/unmaintained/bluemind/handlers/main.yml

@@ -0,0 +1,4 @@
+---
+
+- name: restart bluemind
+  command: bmctl restart

roles/unmaintained/bluemind/tasks/main.yml

@@ -0,0 +1,118 @@
+---
+
+- name: Install tools
+  yum:
+    name:
+      - socat
+  tags: bm
+
+- name: Create dehydrated hook dir
+  file: path=/etc/dehydrated/hooks_deploy_cert.d state=directory
+  tags: bm
+
+- name: Deploy dehydrated hook
+  template: src=dehydrated_deploy_hook.j2 dest=/etc/dehydrated/hooks_deploy_cert.d/bluemind mode=755
+  tags: bm
+
+- name: Create local conf directory
+  file: path=/etc/bm/local state=directory
+  tags: bm
+
+- name: Configure proxy
+  lineinfile:
+    regex: '^PROXY_OPTS=.*'
+    line: "PROXY_OPTS=\"{{ (system_proxy is defined and system_proxy != '') | ternary('-Dhttps.proxyHost=' ~ system_proxy | urlsplit('hostname') ~ ' -Dhttps.proxyPort=' ~ system_proxy | urlsplit('port') ~ ' -Dhttp.proxyHost=' ~ system_proxy | urlsplit('hostname') ~ ' -Dhttp.proxyPort=' ~ system_proxy | urlsplit('port'),'') }}\""
+    path: /etc/bm/local/{{ item }}.ini
+    create: True
+  loop:
+    - bm-core
+    - bm-webserver
+  notify: restart bluemind
+  tags: bm
+
+- name: Configure JVM options
+  lineinfile:
+    regex: '^JVM_OPTS=.*'
+    line: "JVM_OPTS=\"${PROXY_OPTS}\""
+    path: /etc/bm/local/{{ item }}.ini
+    insertafter: '^PROXY_OPTS=.*'
+  loop:
+    - bm-core
+    - bm-webserver
+  notify: restart bluemind
+  tags: bm
+
+- name: Configure memory allocation rules
+  template: src=rules.json.j2 dest=/etc/bm/local/rules.json
+  notify: restart bluemind
+  tags: bm
+
+- set_fact:
+    bm_restart_services: "[ 'bm-elasticsearch', 'bm-mapi' ]"
+  tags: bm
+
+- name: Create systemd unit snippet dirs
+  file: path=/etc/systemd/system/{{ item }}.service.d state=directory
+  loop: "{{ bm_restart_services }}"
+  tags: bm
+
+- name: Configure systemd to restart services on failure
+  copy:
+    content: |
+      [Service]
+      TimeoutSec=60
+      StartLimitInterval=0
+      RestartSec=1
+      Restart=on-failure
+    dest: /etc/systemd/system/{{ item }}.service.d/restart.conf
+  loop: "{{ bm_restart_services }}"
+  register: bm_units
+  notify: restart bluemind
+  tags: bm
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: bm_units.results | selectattr('changed','equalto',True) | list | length > 0
+  tags: bm
+
+- name: Handle firewall ports
+  iptables_raw:
+    name: "{{ item.name }}"
+    state: "{{ (item.src | length > 0) | ternary('present','absent') }}"
+    rules: "{% if 'tcp' in item.proto | default(['tcp']) or item.proto | default('tcp') == 'tcp' %}-A INPUT -m state --state NEW -p tcp -m multiport --dports {{ item.ports | join(',') }} -s {{ item.src | join(',') }} -j ACCEPT\n{% endif %}
+            {% if 'udp' in item.proto | default(['tcp']) or item.proto | default('tcp') == 'udp' %}-A INPUT -m state --state NEW -p udp -m multiport --dports {{ item.ports | join(',') }} -s {{ item.src | join(',') }} -j ACCEPT{% endif %}"
+  when: iptables_manage | default(True)
+  with_items:
+    - ports: "{{ bm_http_ports }}"
+      name: bm_http_ports
+      src: "{{ bm_http_src_ip }}"
+    - ports: "{{ bm_imap_ports }}"
+      name: bm_imap_ports
+      src: "{{ bm_imap_src_ip }}"
+    - ports: "{{ bm_pop_ports }}"
+      name: bm_pop_ports
+      src: "{{ bm_pop_src_ip }}"
+    - ports: "{{ bm_smtp_ports }}"
+      name: bm_smtp_ports
+      src: "{{ bm_smtp_src_ip }}"
+    - ports: "{{ bm_milter_ports }}"
+      name: bm_milter_ports
+      src: "{{ bm_milter_src_ip }}"
+    - ports: "{{ bm_int_ports }}"
+      name: bm_int_ports
+      src: "{{ bm_int_src_ip }}"
+  tags: bm,firewall
+
+- name: Create pre/post backup hook dir
+  file: path=/etc/backup/{{ item }}.d state=directory mode=750
+  loop:
+    - pre
+    - post
+  tags: bm
+
+- name: Deploy pre and post backup script
+  template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/bluemind mode=755
+  loop:
+    - pre
+    - post
+  tags: bm

roles/unmaintained/bluemind/templates/bm-core.log.xml.j2

@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+  <appender name="CORE" class="ch.qos.logback.classic.net.SyslogAppender">
+    <syslogHost>localhost</syslogHost>
+    <port>10514</port>
+    <facility>DAEMON</facility>
+    <suffixPattern>bm-core - [%thread] %c{1} %p - %m\n</suffixPattern>
+  </appender>
+  <logger name="org.apache.directory.shared" level="ERROR" />
+  <root level="INFO">
+    <appender-ref ref="CORE" />
+  </root>
+
+  <appender name="XMPP" class="ch.qos.logback.classic.net.SyslogAppender">
+    <syslogHost>localhost</syslogHost>
+    <port>10514</port>
+    <facility>DAEMON</facility>
+    <suffixPattern>bm-xmpp - [%thread] %c{1} %p - %m\n</suffixPattern>
+  </appender>
+  <logger name="net.bluemind.xmpp" level="INFO" additivity="false" />
+    <appender-ref ref="XMPP" />
+  </logger>
+
+  <appender name="MAILINDEX" class="ch.qos.logback.classic.net.SyslogAppender">
+    <syslogHost>localhost</syslogHost>
+    <port>10514</port>
+    <facility>DAEMON</facility>
+    <suffixPattern>bm-mailindex - [%thread] %c{1} %p - %m\n</suffixPattern>
+  </appender>
+  <logger name="net.bluemind.index.mail" level="INFO" additivity="false" />
+    <appender-ref ref="MAILINDEX" />
+  </logger>
+
+  <appender name="SLOWRESTCALL" class="ch.qos.logback.classic.net.SyslogAppender">
+    <syslogHost>localhost</syslogHost>
+    <port>10514</port>
+    <facility>DAEMON</facility>
+    <suffixPattern>bm-slowrestcall - [%thread] %c{1} %p - %m\n</suffixPattern>
+  </appender>
+  <logger name="net.bluemind.core.rest.log.CallLogger" level="WARN" additivity="false" />
+    <appender-ref ref="SLOWRESTCALL" />
+  </logger>
+
+  <appender name="RESTSOCKJSPROXYHANDLER" class="ch.qos.logback.classic.net.SyslogAppender">
+    <syslogHost>localhost</syslogHost>
+    <port>10514</port>
+    <facility>DAEMON</facility>
+    <suffixPattern>bm-js - [%thread] %c{1} %p - %m\n</suffixPattern>
+  </appender>
+  <logger name="net.bluemind.core.rest.sockjs.vertx.RestSockJsProxyHandler" level="INFO" additivity="false" />
+    <appender-ref ref="RESTSOCKJSPROXYHANDLER" />
+  </logger>
+</configuration>

roles/unmaintained/bluemind/templates/bm-eas.log.xml.j2

@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+  <appender name="ALL" class="ch.qos.logback.classic.net.SyslogAppender">
+    <syslogHost>localhost</syslogHost>
+    <port>10514</port>
+    <facility>DAEMON</facility>
+    <suffixPattern>bm-eas - [%thread] %c{1} %p - %m\n</suffixPattern>
+  </appender>
+
+  <appender name="REQUESTS" class="ch.qos.logback.classic.net.SyslogAppender">
+    <syslogHost>localhost</syslogHost>
+    <port>10514</port>
+    <facility>DAEMON</facility>
+    <suffixPattern>bm-eas-requests - [%thread] %c{1} %p - %m\n</suffixPattern>
+  </appender>
+
+  <appender name="SIFT" class="ch.qos.logback.classic.sift.SiftingAppender">
+    <!-- in the absence of the class attribute, it is assumed that the
+         desired discriminator type is
+         ch.qos.logback.classic.sift.MDCBasedDiscriminator -->
+    <discriminator>
+      <key>user</key>
+      <defaultValue>anonymous</defaultValue>
+    </discriminator>
+    <sift>
+      <appender name="FILE-${user}" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>/var/log/bm-eas/user-eas-${user}.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+          <maxIndex>10</maxIndex>
+          <FileNamePattern>/var/log/bm-eas/user-eas-${user}.log.%i.gz</FileNamePattern>
+        </rollingPolicy>
+        <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+          <MaxFileSize>5000KB</MaxFileSize>
+        </triggeringPolicy>
+        <encoder>
+          <pattern>%d [%thread] %c{1} %p - %m\n</pattern>
+        </encoder>
+      </appender>
+    </sift>
+  </appender>
+
+  <appender name="ASYNC_SIFT" class="ch.qos.logback.classic.AsyncAppender">
+    <queueSize>500</queueSize>
+    <discardingThreshold>0</discardingThreshold>
+    <appender-ref ref="SIFT" />
+  </appender>
+
+  <logger name="org.apache.directory.shared.asn1.ber" level="ERROR">
+    <appender-ref ref="ALL"/>
+  </logger>
+  <logger name="net.bluemind.vertx.common.request.impl.WrappedResponse" level="INFO" additivity="true">
+    <appender-ref ref="REQUESTS"/>
+  </logger>
+
+  <root level="INFO">
+    <appender-ref ref="ALL"/>
+    <appender-ref ref="ASYNC_SIFT"/>
+  </root>
+</configuration>

roles/unmaintained/bluemind/templates/bm-hps.log.xml.j2

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+  <appender name="SYSLOG" class="ch.qos.logback.classic.net.SyslogAppender">
+    <syslogHost>localhost</syslogHost>
+    <port>10514</port>
+    <facility>DAEMON</facility>
+    <suffixPattern>bm-hps - [%thread] %c{1} %p - %m\n</suffixPattern>
+  </appender>
+  <root level="INFO">
+    <appender-ref ref="SYSLOG" />
+  </root>
+</configuration>

roles/unmaintained/bluemind/templates/bm-ips.log.xml.j2

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+  <appender name="SYSLOG" class="ch.qos.logback.classic.net.SyslogAppender">
+    <syslogHost>localhost</syslogHost>
+    <port>10514</port>
+    <facility>DAEMON</facility>
+    <suffixPattern>bm-ips - [%thread] %c{1} %p - %m\n</suffixPattern>
+  </appender>
+  <root level="INFO">
+    <appender-ref ref="SYSLOG" />
+  </root>
+</configuration>

roles/unmaintained/bluemind/templates/bm-lmtp.log.xml.j2

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+  <appender name="SYSLOG" class="ch.qos.logback.classic.net.SyslogAppender">
+    <syslogHost>localhost</syslogHost>
+    <port>10514</port>
+    <facility>DAEMON</facility>
+    <suffixPattern>bm-lmtp - [%thread] %c{1} %p - %m\n</suffixPattern>
+  </appender>
+  <root level="INFO">
+    <appender-ref ref="SYSLOG" />
+  </root>
+</configuration>

roles/unmaintained/bluemind/templates/bm-locator.log.xml.j2

@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+  <appender name="SYSLOG" class="ch.qos.logback.classic.net.SyslogAppender">
+    <syslogHost>localhost</syslogHost>
+    <port>10514</port>
+    <facility>DAEMON</facility>
+    <suffixPattern>bm-locator - [%thread] %c{1} %p - %m\n</suffixPattern>
+  </appender>
+  <logger name="org.apache.directory.shared.asn1.ber" level="ERROR" />
+  <root level="INFO">
+    <appender-ref ref="SYSLOG" />
+  </root>
+</configuration>

roles/unmaintained/bluemind/templates/bm-milter.log.xml.j2

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+  <appender name="SYSLOG" class="ch.qos.logback.classic.net.SyslogAppender">
+    <syslogHost>localhost</syslogHost>
+    <port>10514</port>
+    <facility>DAEMON</facility>
+    <suffixPattern>bm-milter - [%thread] %c{1} %p - %m\n</suffixPattern>
+  </appender>
+  <root level="INFO">
+    <appender-ref ref="SYSLOG" />
+  </root>
+</configuration>

roles/unmaintained/bluemind/templates/bm-node.log.xml.j2

@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+  <appender name="SYSLOG" class="ch.qos.logback.classic.net.SyslogAppender">
+    <syslogHost>localhost</syslogHost>
+    <port>10514</port>
+    <facility>DAEMON</facility>
+    <suffixPattern>bm-node - [%thread] %c{1} %p - %m\n</suffixPattern>
+  </appender>
+  <logger name="org.apache.sshd.server" level="WARN" />
+  <root level="INFO">
+    <appender-ref ref="SYSLOG" />
+  </root>
+</configuration>

roles/unmaintained/bluemind/templates/bm-syslog.service.j2

@@ -0,0 +1,19 @@
+[Unit]
+Description=Bluemind syslog daemon
+After=syslog.target
+
+[Service]
+Type=simple
+ExecStart=/bin/socat -t0 -T0 -u -s udp4-recv:10514 stdout
+User=bm-syslog
+Group=bm-syslog
+Restart=always
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+
+[Install]
+WantedBy=multi-user.target
+

roles/unmaintained/bluemind/templates/bm-tika.log.xml.j2

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+  <appender name="SYSLOG" class="ch.qos.logback.classic.net.SyslogAppender">
+    <syslogHost>localhost</syslogHost>
+    <port>10514</port>
+    <facility>DAEMON</facility>
+    <suffixPattern>bm-locator - [%thread] %c{1} %p - %m\n</suffixPattern>
+  </appender>
+  <root level="INFO">
+    <appender-ref ref="SYSLOG" />
+  </root>
+</configuration>

roles/unmaintained/bluemind/templates/bm-webserver.log.xml.j2

@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+  <appender name="SYSLOG" class="ch.qos.logback.classic.net.SyslogAppender">
+    <syslogHost>localhost</syslogHost>
+    <port>10514</port>
+    <facility>DAEMON</facility>
+    <suffixPattern>bm-webserver - [%thread] %c{1} %p - %m\n</suffixPattern>
+  </appender>
+  <root level="INFO">
+    <appender-ref ref="SYSLOG" />
+  </root>
+
+  <appender name="DAV" class="ch.qos.logback.classic.net.SyslogAppender">
+    <syslogHost>localhost</syslogHost>
+    <port>10514</port>
+    <facility>DAEMON</facility>
+    <suffixPattern>bm-dav - [%thread] %c{1} %p - %m\n</suffixPattern>
+  </appender>
+  <logger name="net.bluemind.dav.server" level="INFO" additivity="false">
+    <appender-ref ref="DAV" />
+  </logger>
+
+  <appender name="SETUP" class="ch.qos.logback.classic.net.SyslogAppender">
+    <syslogHost>localhost</syslogHost>
+    <port>10514</port>
+    <facility>DAEMON</facility>
+    <suffixPattern>bm-setup - [%thread] %c{1} %p - %m\n</suffixPattern>
+  </appender>
+  <logger name="net.bluemind.sw.server" level="INFO" additivity="false">
+    <appender-ref ref="SETUP" />
+  </logger>
+
+  <appender name="JSLOG" class="ch.qos.logback.classic.net.SyslogAppender">
+    <syslogHost>localhost</syslogHost>
+    <port>10514</port>
+    <facility>DAEMON</facility>
+    <suffixPattern>bm-js-errors - [%thread] %c{1} %p - %m\n</suffixPattern>
+  </appender>
+  <logger name="net.bluemind.webmodule.server.handlers.LogHandler" level="INFO" additivity="false">
+    <appender-ref ref="JSLOG" />
+  </logger>
+</configuration>
+

roles/unmaintained/bluemind/templates/bm-xmpp.log.xml.j2

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+  <appender name="SYSLOG" class="ch.qos.logback.classic.net.SyslogAppender">
+    <syslogHost>localhost</syslogHost>
+    <port>10514</port>
+    <facility>DAEMON</facility>
+    <suffixPattern>bm-xmpp - [%thread] %c{1} %p - %m\n</suffixPattern>
+  </appender>
+  <root level="INFO">
+    <appender-ref ref="SYSLOG" />
+  </root>
+</configuration>

roles/unmaintained/bluemind/templates/bm-ysnp.log.xml.j2

@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+  <appender name="SYSLOG" class="ch.qos.logback.classic.net.SyslogAppender">
+    <syslogHost>localhost</syslogHost>
+    <port>10514</port>
+    <facility>DAEMON</facility>
+    <suffixPattern>bm-ysnp - [%thread] %c{1} %p - %m\n</suffixPattern>
+  </appender>
+  <logger name="org.apache.directory.shared.asn1.ber" level="ERROR" />
+  <root level="INFO">
+    <appender-ref ref="SYSLOG" />
+  </root>
+</configuration>
+

roles/unmaintained/bluemind/templates/dehydrated_deploy_hook.j2

@@ -0,0 +1,12 @@
+#!/bin/bash -e
+
+{% if bm_letsencrypt_cert is defined %}
+if [ $1 == "{{ bm_letsencrypt_cert }}" ]; then
+  cat /var/lib/dehydrated/certificates/certs/{{ bm_letsencrypt_cert }}/privkey.pem >  /etc/ssl/certs/bm_cert.pem
+  cat /var/lib/dehydrated/certificates/certs/{{ bm_letsencrypt_cert }}/fullchain.pem >> /etc/ssl/certs/bm_cert.pem
+  chown root:root /etc/ssl/certs/bm_cert.pem
+  chmod 644 /etc/ssl/certs/bm_cert.pem
+  /bin/systemctl reload postfix
+  /bin/systemctl reload bm-nginx
+fi
+{% endif %}

roles/unmaintained/bluemind/templates/post-backup.j2

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+set -e
+
+rm -rf /home/lbkp/bm/*

roles/unmaintained/bluemind/templates/pre-backup.j2

@@ -0,0 +1,17 @@
+#!/bin/sh
+
+set -eo pipefail
+
+DEST=/home/lbkp/bm/pgsql
+mkdir -p $DEST
+chown postgres:postgres $DEST
+chmod 700 $DEST
+
+for DB in $(su - postgres -c "/bin/psql -d postgres -qtc 'SELECT datname from pg_database' | grep -vP '^\s+?template[01]$'")
+do
+  su - postgres -c "/bin/pg_dump -Fp -Cc $DB" | /bin/nice -n 10 zstd -c > $DEST/$DB.sql.zst
+done
+su - postgres -c "/bin/pg_dumpall --globals-only" | /bin/nice -n 10 zstd -c > $DEST/pg_globals.sql.zst
+su - postgres -c "/bin/pg_dumpall --schema-only" | /bin/nice -n 10 zstd -c > $DEST/pg_schema.sql.zst
+
+cp -a /etc/bm/local /home/lbkp/bm/conf

roles/unmaintained/bluemind/templates/rules.json.j2

@@ -0,0 +1,11 @@
+[
+{% for product in bm_mem_alloc_rules.keys() | list %}
+  {
+    "product":"{{ product }}",
+    "defaultHeap":"{{ bm_mem_alloc_rules[product].heap }}",
+    "defaultDirect":"{{ bm_mem_alloc_rules[product].direct }}",
+    "sparePercent":{{ bm_mem_alloc_rules[product].spare }}
+  }{% if not loop.last %},{% endif %}
+
+{% endfor %}
+]