Merge branch 'master' into kris/fix_ex_ttl_in_redis_calls

vor 4 Jahren · 551fbf9e32
--- a/.gitignore
+++ b/.gitignore
@@ -1,7 +1,6 @@
 *.iml
 .idea
 tmp
 logs
 dependency-reduced-pom.xml
 *.log
 *~
--- a/bubble-server/src/main/java/bubble/ApiConstants.java
+++ b/bubble-server/src/main/java/bubble/ApiConstants.java
@@ -201,6 +201,7 @@ public class ApiConstants {
    public static final String EP_FORK = "/fork";
    public static final String EP_NODE_MANAGER = "/nodeman";
    public static final String EP_UPGRADE = "/upgrade";
    public static final String EP_LOGS = "/logs";

    public static final String DETECT_ENDPOINT = "/detect";
    public static final String EP_LOCALE = "/locale";
--- a/bubble-server/src/main/java/bubble/resources/cloud/LogsResource.java
+++ b/bubble-server/src/main/java/bubble/resources/cloud/LogsResource.java
@@ -0,0 +1,49 @@
 /**
 * Copyright (c) 2020 Bubble, Inc.  All rights reserved.
 * For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/
 */
 package bubble.resources.cloud;

 import bubble.model.account.Account;
 import bubble.service.boot.SelfNodeService;
 import lombok.NonNull;
 import org.glassfish.jersey.server.ContainerRequest;
 import org.springframework.beans.factory.annotation.Autowired;

 import javax.ws.rs.*;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.Response;

 import static bubble.ApiConstants.*;
 import static org.cobbzilla.util.http.HttpContentTypes.APPLICATION_JSON;
 import static org.cobbzilla.wizard.resources.ResourceUtil.forbiddenEx;
 import static org.cobbzilla.wizard.resources.ResourceUtil.ok;

@Consumes(APPLICATION_JSON)
@Produces(APPLICATION_JSON)
 public class LogsResource {

    @Autowired private SelfNodeService selfNodeService;

    private Account account;

    public LogsResource(@NonNull final Account account) {
        this.account = account;
    }

    @GET @Path(EP_STATUS)
    @NonNull public Response getLoggingStatus(@NonNull @Context final ContainerRequest ctx) {
        return ok(selfNodeService.getLogFlag());
    }

    @POST @Path(EP_START)
    @NonNull public Response startLogging(@NonNull @Context final ContainerRequest ctx) { return setLogFlag(true); }
    @POST @Path(EP_STOP)
    @NonNull public Response stopLogging(@NonNull @Context final ContainerRequest ctx) { return setLogFlag(false); }

    @NonNull private Response setLogFlag(final boolean b) {
        if (!account.admin()) throw forbiddenEx(); // caller must be admin
        selfNodeService.setLogFlag(b);
        return ok();
    }
 }
--- a/bubble-server/src/main/java/bubble/resources/cloud/NetworksResource.java
+++ b/bubble-server/src/main/java/bubble/resources/cloud/NetworksResource.java
@@ -18,16 +18,15 @@ import bubble.model.cloud.BubbleNetwork;
 import bubble.model.cloud.CloudService;
 import bubble.resources.TagsResource;
 import bubble.resources.account.AccountOwnedResource;
 import bubble.service.boot.SelfNodeService;
 import bubble.service.cloud.GeoService;
 import lombok.NonNull;
 import lombok.extern.slf4j.Slf4j;
 import org.glassfish.grizzly.http.server.Request;
 import org.glassfish.jersey.server.ContainerRequest;
 import org.springframework.beans.factory.annotation.Autowired;

 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.QueryParam;
 import javax.ws.rs.*;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.Response;
@@ -47,6 +46,7 @@ public class NetworksResource extends AccountOwnedResource<BubbleNetwork, Bubble
    @Autowired private BubbleFootprintDAO footprintDAO;
    @Autowired private AccountPlanDAO accountPlanDAO;
    @Autowired private GeoService geoService;
    @Autowired private SelfNodeService selfNodeService;

    private BubbleDomain domain;

--- a/bubble-server/src/main/java/bubble/resources/cloud/NodesResource.java
+++ b/bubble-server/src/main/java/bubble/resources/cloud/NodesResource.java
@@ -10,6 +10,7 @@ import bubble.model.cloud.BubbleDomain;
 import bubble.model.cloud.BubbleNetwork;
 import bubble.model.cloud.BubbleNode;
 import bubble.resources.account.ReadOnlyAccountOwnedResource;
 import lombok.NonNull;
 import lombok.extern.slf4j.Slf4j;
 import org.glassfish.grizzly.http.server.Request;
 import org.glassfish.jersey.server.ContainerRequest;
@@ -19,6 +20,7 @@ import javax.ws.rs.PathParam;
 import javax.ws.rs.core.Context;
 import java.util.List;

 import static bubble.ApiConstants.EP_LOGS;
 import static bubble.ApiConstants.EP_NODE_MANAGER;
 import static org.cobbzilla.wizard.resources.ResourceUtil.*;

@@ -83,4 +85,10 @@ public class NodesResource extends ReadOnlyAccountOwnedResource<BubbleNode, Bubb
        return configuration.subResource(NodeManagerResource.class, node);
    }

    @Path(EP_LOGS)
    public LogsResource getLogs(@NonNull @Context final ContainerRequest ctx, @PathParam("id") String id) {
        final Account caller = userPrincipal(ctx);
        return configuration.subResource(LogsResource.class, caller);
    }

 }
--- a/bubble-server/src/main/java/bubble/service/boot/SelfNodeService.java
+++ b/bubble-server/src/main/java/bubble/service/boot/SelfNodeService.java
@@ -23,4 +23,7 @@ public interface SelfNodeService {
    void setActivated(BubbleNode thisNode);

    BubblePlan getThisPlan();

    Boolean getLogFlag();
    void setLogFlag(final boolean logFlag);
 }
--- a/bubble-server/src/main/java/bubble/service/boot/StandardSelfNodeService.java
+++ b/bubble-server/src/main/java/bubble/service/boot/StandardSelfNodeService.java
@@ -34,6 +34,7 @@ import org.cobbzilla.util.http.HttpUtil;
 import org.cobbzilla.util.io.FileUtil;
 import org.cobbzilla.util.string.StringUtil;
 import org.cobbzilla.util.system.OneWayFlag;
 import org.cobbzilla.wizard.cache.redis.RedisService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;

@@ -56,6 +57,7 @@ import static org.cobbzilla.util.daemon.ZillaRuntime.die;
 import static org.cobbzilla.util.io.FileUtil.abs;
 import static org.cobbzilla.util.io.FileUtil.toFileOrDie;
 import static org.cobbzilla.util.json.JsonUtil.*;
 import static org.cobbzilla.wizard.cache.redis.RedisService.EX;

@Service @Slf4j
 public class StandardSelfNodeService implements SelfNodeService {
@@ -69,6 +71,10 @@ public class StandardSelfNodeService implements SelfNodeService {
    public static final File SAGE_KEY_FILE = new File(HOME_DIR, SAGE_KEY_JSON);
    public static final long MIN_SAGE_KEY_TTL = MINUTES.toMillis(5);

    private static final String REDIS_LOG_FLAG_KEY = "bubble_server_logs_enabled";
    private static final long TTL_LOG_FLAG_NODE = DAYS.toSeconds(7);
    private static final long TTL_LOG_FLAG_SAGE = DAYS.toSeconds(30);

    @Autowired private BubbleNodeDAO nodeDAO;
    @Autowired private BubbleNodeKeyDAO nodeKeyDAO;
    @Autowired private BubbleNetworkDAO networkDAO;
@@ -84,6 +90,9 @@ public class StandardSelfNodeService implements SelfNodeService {
    private static final AtomicReference<BubbleNode> sageNode = new AtomicReference<>();
    private static final AtomicBoolean wasRestored = new AtomicBoolean(false);

    @Autowired private RedisService redisService;
    @Getter(lazy=true) private final RedisService nodeConfig = redisService.prefixNamespace(getClass().getSimpleName());

    @Override public boolean initThisNode(BubbleNode thisNode) {
        log.info("initThisNode: initializing with thisNode="+thisNode.id());
        final BubbleConfiguration c = configuration;
@@ -432,4 +441,20 @@ public class StandardSelfNodeService implements SelfNodeService {
        return planDAO.findByUuid(accountPlan.getPlan());
    }

    @Override
    public Boolean getLogFlag() {
        if (!getNodeConfig().exists(REDIS_LOG_FLAG_KEY)) return false;
        return Boolean.valueOf(getNodeConfig().get_plaintext(REDIS_LOG_FLAG_KEY));
    }

    @Override
    public void setLogFlag(final boolean logFlag) {
        if (logFlag) {
            getNodeConfig().set_plaintext(REDIS_LOG_FLAG_KEY, "true", EX,
                                          isSelfSage() ? TTL_LOG_FLAG_SAGE : TTL_LOG_FLAG_NODE);
        } else {
            // just (try to) remove the flag
            getNodeConfig().del(REDIS_LOG_FLAG_KEY);
        }
    }
 }
--- a/bubble-server/src/main/java/bubble/service_dbfilter/DbFilterSelfNodeService.java
+++ b/bubble-server/src/main/java/bubble/service_dbfilter/DbFilterSelfNodeService.java
@@ -29,4 +29,7 @@ public class DbFilterSelfNodeService implements SelfNodeService {

    @Override public BubblePlan getThisPlan() { return notSupported("getThisPlan"); }

    @Override public Boolean getLogFlag() { return notSupported("getLogFlag"); }
    @Override public void setLogFlag(boolean logFlag) { notSupported("setLogFlag"); }

 }
--- a/bubble-server/src/main/resources/ansible/install_local.sh.hbs
+++ b/bubble-server/src/main/resources/ansible/install_local.sh.hbs
@@ -2,7 +2,7 @@

 ANSIBLE_USER="{{node.user}}"
 ANSIBLE_HOME="$(cd ~{{node.user}} && pwd)"
 LOG="${ANSIBLE_HOME}/.ansible.log"
 LOG=/var/log/bubble/ansible.log

 # Stop unattended upgrades so that apt installs will work
 # unattended upgrades are re-enabled at the end of the ansible run
@@ -17,7 +17,7 @@ set -m

 {{#if isNode}}
 # touch algo log and start tailing it
 ALGO_LOG=/tmp/install_algo.log
 ALGO_LOG=/var/log/bubble/install_algo.log
 touch ${ALGO_LOG} && tail -f ${ALGO_LOG} &
 {{/if}}

@@ -80,7 +80,7 @@ fi
 {{#if isNode}}
 # touch algo log and start tailing it
 set -m
 touch /tmp/install_algo.log && tail -f /tmp/install_algo.log &
 touch ${ALGO_LOG} && tail -f ${ALGO_LOG} &
 {{/if}}

 set -o pipefail
--- a/bubble-server/src/main/resources/ansible/roles/algo/tasks/main.yml
+++ b/bubble-server/src/main/resources/ansible/roles/algo/tasks/main.yml
@@ -14,7 +14,7 @@

 # Don't setup algo when in restore mode, bubble_restore_monitor.sh will set it up after the CA key has been restored
 - name: Run algo playbook to install algo
  shell: bash -c "/root/ansible/roles/algo/algo/install_algo.sh 2>&1 >> /tmp/install_algo.log"
  shell: bash -c "/root/ansible/roles/algo/algo/install_algo.sh 2>&1 >> /var/log/bubble/install_algo.log"
  tags: algo_related

 # Algo installation clears out iptable rules. Add needed bubble rules back:
--- a/bubble-server/src/main/resources/ansible/roles/bubble/templates/snapshot_ansible.sh.j2
+++ b/bubble-server/src/main/resources/ansible/roles/bubble/templates/snapshot_ansible.sh.j2
@@ -1,34 +0,0 @@
 #!/bin/bash

 SCRIPT="${0}"
 SCRIPT_DIR=$(cd $(dirname ${SCRIPT}) && pwd)

 LOG=/tmp/$(basename ${0}).log

 function die {
  echo 1>&2 "${1}"
  log "${1}"
  exit 1
 }

 function log {
  echo "${1}" | tee -a ${LOG}
 }

 if [[ $(whoami) != "{{ admin_user }}" ]] ; then
  if [[ $(whoami) == "root" ]] ; then
    sudo -H -u "{{ admin_user }}" ${0}
    exit $?
  fi
  die "${0} must be run as {{ admin_user }}"
 fi

 ANSIBLE_USER_HOME=$(cd ~{{ admin_user }} && pwd)

 ANSIBLE_SNAPSHOT="/home/bubble/ansible.tgz"

 cd ${ANSIBLE_USER_HOME} \
  && tar czf ${ANSIBLE_SNAPSHOT} ./ansible \
  && chmod 400 ${ANSIBLE_SNAPSHOT} \
  && chown bubble ${ANSIBLE_SNAPSHOT} \
  || die "Error creating ansible snapshot"
--- a/bubble-server/src/main/resources/ansible/roles/common/tasks/main.yml
+++ b/bubble-server/src/main/resources/ansible/roles/common/tasks/main.yml
@@ -4,3 +4,11 @@
 - name: Set hostname to {{ hostname }}
  hostname:
    name: '{{ hostname }}'

 - name: Set log flag to true with EX of 7 days for non-sage nodes
  shell: echo 'set bubble.StandardSelfNodeService.bubble_server_logs_enabled "true" EX 604800' | redis-cli
  when: install_type != 'sage'

 - name: Set log flag to true with EX of 30 days for sage nodes
  shell: echo 'set bubble.StandardSelfNodeService.bubble_server_logs_enabled "true" EX 2592000' | redis-cli
  when: install_type == 'sage'
--- a/bubble-server/src/main/resources/ansible/roles/finalizer/templates/supervisor_bubble.conf.j2
+++ b/bubble-server/src/main/resources/ansible/roles/finalizer/templates/supervisor_bubble.conf.j2
@@ -1,7 +1,7 @@

 [program:bubble]
 stdout_logfile = /home/bubble/logs/bubble-out.log
 stderr_logfile = /home/bubble/logs/bubble-err.log
 stdout_logfile = /var/log/bubble/api-server-out.log
 stderr_logfile = /var/log/bubble/api-server-err.log
 command=sudo -u bubble bash -c "/usr/bin/java \
  -Dfile.encoding=UTF-8 -Djava.net.preferIPv4Stack=true \
  -XX:+UseG1GC -XX:MaxGCPauseMillis=400 {{ bubble_java_opts }} \
--- a/bubble-server/src/main/resources/bubble/host-prefixes.txt
+++ b/bubble-server/src/main/resources/bubble/host-prefixes.txt
@@ -964,7 +964,6 @@ beset
 besit
 besom
 besot
 besti
 bests
 betas
 beted
--- a/bubble-server/src/main/resources/message_templates/en_US/server/post_auth/ResourceMessages.properties
+++ b/bubble-server/src/main/resources/message_templates/en_US/server/post_auth/ResourceMessages.properties
@@ -308,7 +308,7 @@ payment_type_credit_applied=credit applied
 payment_type_refund=refund

 label_promotion_FirstMonthFree=First Month Free
 label_promotion_FirstMonthFree_description=No charge for the first month of your plan!
 label_promotion_FirstMonthFree_description=There is no charge for the first month of your Bubble.
 label_promotion_ReferralMonthFree=Referral Bonus
 label_promotion_ReferralMonthFree_description=An additional month of free service!
 label_promotion_AccountCredit1=$1 Bonus
--- a/bubble-server/src/main/resources/message_templates/en_US/server/pre_auth/ResourceMessages.properties
+++ b/bubble-server/src/main/resources/message_templates/en_US/server/pre_auth/ResourceMessages.properties
@@ -344,27 +344,27 @@ marketing_message_dedicated_title=Dedicated, Private & Secure
 marketing_message_dedicated_content=Your Bubble runs on its own dedicated system. Not even we have access to your Bubble.

 marketing_pricing_title=What does it cost?
 marketing_pricing_options=standard,plus,super
 marketing_pricing_options=personal,power,mega
 marketing_pricing_common_options=Free 30-day Trial,Bubble App Suite Included,Connect Unlimited Devices,Dedicated Private VPN
 marketing_pricing_period=/mo

 marketing_pricing_standard_title=Standard Plan
 marketing_pricing_standard_users=1 User Account
 marketing_pricing_standard_price=1200
 marketing_pricing_standard_options=1 User Account,1TB/Month of Data Transfer
 marketing_pricing_standard_link=/register?plan=bubble

 marketing_pricing_plus_title=Plus Plan
 marketing_pricing_plus_users=5 User Accounts
 marketing_pricing_plus_price=1900
 marketing_pricing_plus_options=5 User Accounts,2TB/Month of Data Transfer
 marketing_pricing_plus_link=/register?plan=bubble_plus

 marketing_pricing_super_title=Super Plan
 marketing_pricing_super_users=10 User Accounts
 marketing_pricing_super_price=3100
 marketing_pricing_super_options=10 User Accounts,3TB/Month of Data Transfer
 marketing_pricing_super_link=/register?plan=bubble_super
 marketing_pricing_personal_title=Personal Bubble
 marketing_pricing_personal_users=1 User Account
 marketing_pricing_personal_price=1200
 marketing_pricing_personal_options=1 User Account,1TB/Month of Data Transfer
 marketing_pricing_personal_link=/register?plan=bubble

 marketing_pricing_power_title=Power Plan
 marketing_pricing_power_users=5 User Accounts
 marketing_pricing_power_price=1900
 marketing_pricing_power_options=5 User Accounts,2TB/Month of Data Transfer
 marketing_pricing_power_link=/register?plan=bubble_plus

 marketing_pricing_mega_title=Mega Plan
 marketing_pricing_mega_users=10 User Accounts
 marketing_pricing_mega_price=3100
 marketing_pricing_mega_options=10 User Accounts,3TB/Month of Data Transfer
 marketing_pricing_mega_link=/register?plan=bubble_super

 # Old Login/Registration/Forgot Password
 form_title_login=Login
--- a/bubble-server/src/main/resources/packer/roles/algo/files/algo_refresh_users.sh
+++ b/bubble-server/src/main/resources/packer/roles/algo/files/algo_refresh_users.sh
@@ -2,7 +2,7 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/
 #
 LOG=/tmp/bubble.algo_refresh_users.log
 LOG=/var/log/bubble/algo_refresh_users.log

 ALGO_BASE=/root/ansible/roles/algo/algo
 REFRESH_MARKER=${ALGO_BASE}/.refreshing_users
--- a/bubble-server/src/main/resources/packer/roles/algo/files/algo_refresh_users_monitor.sh
+++ b/bubble-server/src/main/resources/packer/roles/algo/files/algo_refresh_users_monitor.sh
@@ -2,7 +2,7 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/
 #
 LOG=/tmp/bubble.algo_refresh_users_monitor.log
 LOG=/var/log/bubble/algo_refresh_users_monitor.log

 function die {
  echo 1>&2 "${1}"
--- a/bubble-server/src/main/resources/packer/roles/algo/files/wg_monitor_connections.sh
+++ b/bubble-server/src/main/resources/packer/roles/algo/files/wg_monitor_connections.sh
@@ -2,7 +2,7 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/
 #
 LOG=/tmp/bubble.wg_monitor_connections.log
 LOG=/var/log/bubble/wg_monitor_connections.log

 function die {
  echo 1>&2 "${1}"
--- a/bubble-server/src/main/resources/packer/roles/bubble/files/bubble_restore_monitor.sh
+++ b/bubble-server/src/main/resources/packer/roles/bubble/files/bubble_restore_monitor.sh
@@ -12,7 +12,7 @@ BUBBLE_SELF_NODE="${BUBBLE_HOME}/${SELF_NODE}"
 ADMIN_PORT=${1:?no admin port provided}
 TIMEOUT=${2:-3600}  # 60 minutes default timeout

 LOG=/tmp/bubble.restore.log
 LOG=/var/log/bubble/restore.log

 function die {
  echo 1>&2 "${1}"
@@ -111,6 +111,8 @@ fi
 # flush redis
 log "Flushing redis"
 echo "FLUSHALL" | redis-cli || die "Error flushing redis"
 # but reset the log flag to true (EX in 7 days) - do this here so logs from following lines will be logged
 echo 'set bubble.StandardSelfNodeService.bubble_server_logs_enabled "true" EX 604800' | redis-cli

 # restore algo configs
 log "Restoring algo configs"
--- a/bubble-server/src/main/resources/packer/roles/bubble/files/bubble_upgrade.sh
+++ b/bubble-server/src/main/resources/packer/roles/bubble/files/bubble_upgrade.sh
@@ -5,7 +5,7 @@
 BUBBLE_HOME="/home/bubble"
 UPGRADE_JAR="${BUBBLE_HOME}/upgrade.jar"
 BUBBLE_JAR="${BUBBLE_HOME}/api/bubble.jar"
 LOG=/tmp/bubble.upgrade.log
 LOG=/var/log/bubble/upgrade.log

 function die {
  echo 1>&2 "${1}"
--- a/bubble-server/src/main/resources/packer/roles/bubble/files/bubble_upgrade_monitor.sh
+++ b/bubble-server/src/main/resources/packer/roles/bubble/files/bubble_upgrade_monitor.sh
@@ -6,7 +6,7 @@ THIS_DIR="$(cd "$(dirname "${0}")" && pwd)"

 BUBBLE_HOME="/home/bubble"
 UPGRADE_JAR="${BUBBLE_HOME}/upgrade.jar"
 LOG=/tmp/bubble.upgrade.log
 LOG=/var/log/bubble/upgrade.log

 function log {
  echo "$(date): ${1}" >> ${LOG}
--- a/bubble-server/src/main/resources/packer/roles/bubble/files/init_bubble_db.sh
+++ b/bubble-server/src/main/resources/packer/roles/bubble/files/init_bubble_db.sh
@@ -4,7 +4,7 @@
 #
 echo "$@" > /tmp/init.args

 LOG=/dev/null
 LOG=/var/log/bubble/init_db.log

 function die {
  echo 1>&2 "${1}"
--- a/bubble-server/src/main/resources/packer/roles/bubble/files/log_manager.sh
+++ b/bubble-server/src/main/resources/packer/roles/bubble/files/log_manager.sh
@@ -0,0 +1,26 @@
 #!/bin/bash
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license:
 # https://getbubblenow.com/bubble-license/
 #

 BUBBLE_LOGS_FOLDER=/var/log/bubble
 REDIS_LOG_FLAG_KEY="bubble.StandardSelfNodeService.bubble_server_logs_enabled"

 REDIS_LOG_FLAG_VALUE=$(echo "get ${REDIS_LOG_FLAG_KEY}" | redis-cli | xargs echo | tr '[:upper:]' '[:lower:]')

 if [[ ${REDIS_LOG_FLAG_VALUE} == true ]]; then
  is_reload_needed=false
  for logFile in $(find "${BUBBLE_LOGS_FOLDER}"/* -type l); do
    rm "${logFile}"
    touch "${logFile}"
    is_reload_needed=true
  done
  if [[ ${is_reload_needed} == true ]]; then
    supervisorctl reload
  fi
 else
  for logFile in $(find "${BUBBLE_LOGS_FOLDER}"/* -type f); do
    ln -sf /dev/null "${logFile}"
  done
 fi
--- a/bubble-server/src/main/resources/packer/roles/bubble/files/refresh_bubble_ssh_keys.sh
+++ b/bubble-server/src/main/resources/packer/roles/bubble/files/refresh_bubble_ssh_keys.sh
@@ -2,7 +2,7 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/
 #
 LOG=/tmp/bubble.refresh_bubble_ssh_keys.log
 LOG=/var/log/bubble/refresh_bubble_ssh_keys.log

 function die {
  echo 1>&2 "${1}"
--- a/bubble-server/src/main/resources/packer/roles/bubble/files/refresh_bubble_ssh_keys_monitor.sh
+++ b/bubble-server/src/main/resources/packer/roles/bubble/files/refresh_bubble_ssh_keys_monitor.sh
@@ -2,7 +2,7 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/
 #
 LOG=/tmp/bubble.ssh_keys_monitor.log
 LOG=/var/log/bubble/ssh_keys_monitor.log

 function die {
  echo 1>&2 "${1}"
--- a/bubble-server/src/main/resources/packer/roles/bubble/tasks/main.yml
+++ b/bubble-server/src/main/resources/packer/roles/bubble/tasks/main.yml
@@ -9,14 +9,6 @@

 - import_tasks: postgresql.yml

 - name: Create bubble user
  user:
    name: bubble
    comment: bubble user
    shell: /bin/bash
    system: yes
    home: /home/bubble

 - name: Creates bubble API dir
  file:
    path: /home/bubble/api
@@ -25,14 +17,6 @@
    mode: 0555
    state: directory

 - name: Creates bubble logs dir
  file:
    path: /home/bubble/logs
    owner: bubble
    group: root
    mode: 0770
    state: directory

 - name: Install bubble jar
  copy:
    src: bubble.jar
@@ -113,6 +97,7 @@
    - refresh_bubble_ssh_keys.sh
    - bubble_upgrade_monitor.sh
    - bubble_upgrade.sh
    - log_manager.sh

 - name: Install refresh_bubble_ssh_keys_monitor supervisor conf file
  copy:
@@ -124,6 +109,13 @@
    src: supervisor_bubble_upgrade_monitor.conf
    dest: /etc/supervisor/conf.d/bubble_upgrade_monitor.conf

 - name: Install log_namager monitor cron
  cron:
    name: "Log flag check and manager"
    minute: "*/5"
    user: "root"
    job: "log_manager.sh"

 - name: Install packer for sage node
  shell: su - bubble bash -c install_packer.sh
  when: install_type == 'sage'
--- a/bubble-server/src/main/resources/packer/roles/common/files/ensure_file_exists.sh
+++ b/bubble-server/src/main/resources/packer/roles/common/files/ensure_file_exists.sh
@@ -4,7 +4,7 @@
 #
 TARGET_FILE=${1:?no target file provided}
 TIMEOUT=${2:?no timeout provided}
 LOG=/tmp/ensure_file_$(echo ${TARGET_FILE} | tr '/' '_').log
 LOG=/var/log/bubble/ensure_file_$(echo ${TARGET_FILE} | tr '/' '_').log

 start=$(date +%s)
 while [[ ! -s ${TARGET_FILE} && $(expr $(date +%s) - ${start}) -le ${TIMEOUT} ]] ; do
--- a/bubble-server/src/main/resources/packer/roles/common/tasks/main.yml
+++ b/bubble-server/src/main/resources/packer/roles/common/tasks/main.yml
@@ -57,3 +57,30 @@
    state: restarted
  with_items:
    - fail2ban

 - name: Create bubble-log group
  group:
    name: bubble-log

 - name: Add root user to newly created group
  user:
    name: root
    groups: bubble-log
    append: yes

 - name: Create bubble user
  user:
    name: bubble
    comment: bubble user
    shell: /bin/bash
    system: yes
    home: /home/bubble
    groups: bubble-log

 - name: Creates bubble logs dir
  file:
    path: /var/log/bubble
    owner: bubble
    group: bubble-log
    mode: 0770
    state: directory
--- a/bubble-server/src/main/resources/packer/roles/finalizer/files/snapshot_ansible.sh
+++ b/bubble-server/src/main/resources/packer/roles/finalizer/files/snapshot_ansible.sh
@@ -5,7 +5,7 @@
 SCRIPT="${0}"
 SCRIPT_DIR=$(cd $(dirname ${SCRIPT}) && pwd)

 LOG=/tmp/$(basename ${0}).log
 LOG=/var/log/bubble/snapshot_ansible.log

 function die {
  echo 1>&2 "${1}"
--- a/bubble-server/src/main/resources/packer/roles/finalizer/files/supervisor_bubble_nodemanager.conf
+++ b/bubble-server/src/main/resources/packer/roles/finalizer/files/supervisor_bubble_nodemanager.conf
@@ -1,5 +1,5 @@

 [program:nodemanager]
 stdout_logfile = /home/bubble/logs/nodemanager-out.log
 stderr_logfile = /home/bubble/logs/nodemanager-err.log
 stdout_logfile = /var/log/bubble/nodemanager-out.log
 stderr_logfile = /var/log/bubble/nodemanager-err.log
 command=/usr/sbin/bubble-nodemanager
--- a/bubble-server/src/main/resources/packer/roles/firewall/files/supervisor_bubble_peer_manager.conf
+++ b/bubble-server/src/main/resources/packer/roles/firewall/files/supervisor_bubble_peer_manager.conf
@@ -1,5 +1,5 @@

 [program:bubble_peer_manager]
 stdout_logfile = /var/log/bubble_peer_manager-out.log
 stderr_logfile = /var/log/bubble_peer_manager-err.log
 stdout_logfile = /var/log/bubble/bubble_peer_manager-out.log
 stderr_logfile = /var/log/bubble/bubble_peer_manager-err.log
 command=bash -c "/usr/local/bin/bubble_peer_manager.py /home/bubble/peers.json /home/bubble/self_node.json 60"
--- a/bubble-server/src/main/resources/packer/roles/mitmproxy/files/mitm_monitor.sh
+++ b/bubble-server/src/main/resources/packer/roles/mitmproxy/files/mitm_monitor.sh
@@ -2,7 +2,7 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/
 #
 LOG=/tmp/mitm_monitor.log
 LOG=/var/log/bubble/mitm_monitor.log

 function die {
  echo 1>&2 "${1}"
--- a/bubble-server/src/main/resources/packer/roles/mitmproxy/tasks/main.yml
+++ b/bubble-server/src/main/resources/packer/roles/mitmproxy/tasks/main.yml
@@ -27,6 +27,7 @@
    shell: /bin/bash
    system: yes
    home: /home/mitmproxy
    groups: bubble-log

 - name: Creates mitmproxy dir
  file:
--- a/bubble-server/src/main/resources/packer/roles/nginx/files/init_certbot.sh
+++ b/bubble-server/src/main/resources/packer/roles/nginx/files/init_certbot.sh
@@ -2,7 +2,7 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/
 #
 LOG=/tmp/init_certbot.log
 LOG=/var/log/bubble/init_certbot.log

 function log {
  echo "$(date): ${1}" >> ${LOG}
--- a/bubble-server/src/main/resources/packer/roles/nginx/files/init_dhparams.sh
+++ b/bubble-server/src/main/resources/packer/roles/nginx/files/init_dhparams.sh
@@ -2,7 +2,7 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/
 #
 LOG=/tmp/dhparams.log
 LOG=/var/log/bubble/dhparams.log
 DH_PARAMS=/etc/nginx/dhparams.pem

 function log {