Log flag and logs refactoring (#33)

Use get_... and set_plaintext for log flag in redis Use links to /dev/null when logs are turned off Merge branch 'master' into kris/log_flag # Conflicts: # bubble-server/src/main/resources/packer/roles/nginx/files/init_dhparams.sh Add missing GET annotation on log flag status API call Remove encryption of log flag in redis Simplify geter and setter of log flag Fix log manager's tests and text replacements Fix log manager script Fix log manager script Move log manager cron to root user Move one more log into correct bubble folder Reload supervisor after changes in logs setup Remove another host prefix Add new subresource class for logs Create bubble user, bubble-log group and log folder earlier Set log flag initial value Fix not implemented error Add root user to the new group Fix user for newly created cron Move all log output to /var/log/bubble/ Merge branch 'master' into kris/log_flag Create a cron for log_manager in packer's ansible Add script for setting up logs as per log flag Add API calls to read and set log flag Remove not used file Use same log files' naming for tmp folder's logs Co-authored-by: Kristijan Mitrovic <kmitrovic@itekako.com> Reviewed-on: #33
4 лет назад · d5d2bb508a
--- a/.gitignore
+++ b/.gitignore
@@ -1,7 +1,6 @@
 *.iml
 .idea
 tmp
 logs
 dependency-reduced-pom.xml
 *.log
 *~
--- a/bubble-server/src/main/java/bubble/ApiConstants.java
+++ b/bubble-server/src/main/java/bubble/ApiConstants.java
@@ -201,6 +201,7 @@ public class ApiConstants {
    public static final String EP_FORK = "/fork";
    public static final String EP_NODE_MANAGER = "/nodeman";
    public static final String EP_UPGRADE = "/upgrade";
    public static final String EP_LOGS = "/logs";

    public static final String DETECT_ENDPOINT = "/detect";
    public static final String EP_LOCALE = "/locale";
--- a/bubble-server/src/main/java/bubble/resources/cloud/LogsResource.java
+++ b/bubble-server/src/main/java/bubble/resources/cloud/LogsResource.java
@@ -0,0 +1,49 @@
 /**
 * Copyright (c) 2020 Bubble, Inc.  All rights reserved.
 * For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/
 */
 package bubble.resources.cloud;

 import bubble.model.account.Account;
 import bubble.service.boot.SelfNodeService;
 import lombok.NonNull;
 import org.glassfish.jersey.server.ContainerRequest;
 import org.springframework.beans.factory.annotation.Autowired;

 import javax.ws.rs.*;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.Response;

 import static bubble.ApiConstants.*;
 import static org.cobbzilla.util.http.HttpContentTypes.APPLICATION_JSON;
 import static org.cobbzilla.wizard.resources.ResourceUtil.forbiddenEx;
 import static org.cobbzilla.wizard.resources.ResourceUtil.ok;

@Consumes(APPLICATION_JSON)
@Produces(APPLICATION_JSON)
 public class LogsResource {

    @Autowired private SelfNodeService selfNodeService;

    private Account account;

    public LogsResource(@NonNull final Account account) {
        this.account = account;
    }

    @GET @Path(EP_STATUS)
    @NonNull public Response getLoggingStatus(@NonNull @Context final ContainerRequest ctx) {
        return ok(selfNodeService.getLogFlag());
    }

    @POST @Path(EP_START)
    @NonNull public Response startLogging(@NonNull @Context final ContainerRequest ctx) { return setLogFlag(true); }
    @POST @Path(EP_STOP)
    @NonNull public Response stopLogging(@NonNull @Context final ContainerRequest ctx) { return setLogFlag(false); }

    @NonNull private Response setLogFlag(final boolean b) {
        if (!account.admin()) throw forbiddenEx(); // caller must be admin
        selfNodeService.setLogFlag(b);
        return ok();
    }
 }
--- a/bubble-server/src/main/java/bubble/resources/cloud/NetworksResource.java
+++ b/bubble-server/src/main/java/bubble/resources/cloud/NetworksResource.java
@@ -18,16 +18,15 @@ import bubble.model.cloud.BubbleNetwork;
 import bubble.model.cloud.CloudService;
 import bubble.resources.TagsResource;
 import bubble.resources.account.AccountOwnedResource;
 import bubble.service.boot.SelfNodeService;
 import bubble.service.cloud.GeoService;
 import lombok.NonNull;
 import lombok.extern.slf4j.Slf4j;
 import org.glassfish.grizzly.http.server.Request;
 import org.glassfish.jersey.server.ContainerRequest;
 import org.springframework.beans.factory.annotation.Autowired;

 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.QueryParam;
 import javax.ws.rs.*;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.Response;
@@ -47,6 +46,7 @@ public class NetworksResource extends AccountOwnedResource<BubbleNetwork, Bubble
    @Autowired private BubbleFootprintDAO footprintDAO;
    @Autowired private AccountPlanDAO accountPlanDAO;
    @Autowired private GeoService geoService;
    @Autowired private SelfNodeService selfNodeService;

    private BubbleDomain domain;

--- a/bubble-server/src/main/java/bubble/resources/cloud/NodesResource.java
+++ b/bubble-server/src/main/java/bubble/resources/cloud/NodesResource.java
@@ -10,6 +10,7 @@ import bubble.model.cloud.BubbleDomain;
 import bubble.model.cloud.BubbleNetwork;
 import bubble.model.cloud.BubbleNode;
 import bubble.resources.account.ReadOnlyAccountOwnedResource;
 import lombok.NonNull;
 import lombok.extern.slf4j.Slf4j;
 import org.glassfish.grizzly.http.server.Request;
 import org.glassfish.jersey.server.ContainerRequest;
@@ -19,6 +20,7 @@ import javax.ws.rs.PathParam;
 import javax.ws.rs.core.Context;
 import java.util.List;

 import static bubble.ApiConstants.EP_LOGS;
 import static bubble.ApiConstants.EP_NODE_MANAGER;
 import static org.cobbzilla.wizard.resources.ResourceUtil.*;

@@ -83,4 +85,10 @@ public class NodesResource extends ReadOnlyAccountOwnedResource<BubbleNode, Bubb
        return configuration.subResource(NodeManagerResource.class, node);
    }

    @Path(EP_LOGS)
    public LogsResource getLogs(@NonNull @Context final ContainerRequest ctx, @PathParam("id") String id) {
        final Account caller = userPrincipal(ctx);
        return configuration.subResource(LogsResource.class, caller);
    }

 }
--- a/bubble-server/src/main/java/bubble/service/boot/SelfNodeService.java
+++ b/bubble-server/src/main/java/bubble/service/boot/SelfNodeService.java
@@ -23,4 +23,7 @@ public interface SelfNodeService {
    void setActivated(BubbleNode thisNode);

    BubblePlan getThisPlan();

    Boolean getLogFlag();
    void setLogFlag(final boolean logFlag);
 }
--- a/bubble-server/src/main/java/bubble/service/boot/StandardSelfNodeService.java
+++ b/bubble-server/src/main/java/bubble/service/boot/StandardSelfNodeService.java
@@ -34,6 +34,7 @@ import org.cobbzilla.util.http.HttpUtil;
 import org.cobbzilla.util.io.FileUtil;
 import org.cobbzilla.util.string.StringUtil;
 import org.cobbzilla.util.system.OneWayFlag;
 import org.cobbzilla.wizard.cache.redis.RedisService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;

@@ -56,6 +57,7 @@ import static org.cobbzilla.util.daemon.ZillaRuntime.die;
 import static org.cobbzilla.util.io.FileUtil.abs;
 import static org.cobbzilla.util.io.FileUtil.toFileOrDie;
 import static org.cobbzilla.util.json.JsonUtil.*;
 import static org.cobbzilla.wizard.cache.redis.RedisService.EX;

@Service @Slf4j
 public class StandardSelfNodeService implements SelfNodeService {
@@ -69,6 +71,10 @@ public class StandardSelfNodeService implements SelfNodeService {
    public static final File SAGE_KEY_FILE = new File(HOME_DIR, SAGE_KEY_JSON);
    public static final long MIN_SAGE_KEY_TTL = MINUTES.toMillis(5);

    private static final String REDIS_LOG_FLAG_KEY = "bubble_server_logs_enabled";
    private static final long TTL_LOG_FLAG_NODE = DAYS.toSeconds(7);
    private static final long TTL_LOG_FLAG_SAGE = DAYS.toSeconds(30);

    @Autowired private BubbleNodeDAO nodeDAO;
    @Autowired private BubbleNodeKeyDAO nodeKeyDAO;
    @Autowired private BubbleNetworkDAO networkDAO;
@@ -84,6 +90,9 @@ public class StandardSelfNodeService implements SelfNodeService {
    private static final AtomicReference<BubbleNode> sageNode = new AtomicReference<>();
    private static final AtomicBoolean wasRestored = new AtomicBoolean(false);

    @Autowired private RedisService redisService;
    @Getter(lazy=true) private final RedisService nodeConfig = redisService.prefixNamespace(getClass().getSimpleName());

    @Override public boolean initThisNode(BubbleNode thisNode) {
        log.info("initThisNode: initializing with thisNode="+thisNode.id());
        final BubbleConfiguration c = configuration;
@@ -432,4 +441,20 @@ public class StandardSelfNodeService implements SelfNodeService {
        return planDAO.findByUuid(accountPlan.getPlan());
    }

    @Override
    public Boolean getLogFlag() {
        if (!getNodeConfig().exists(REDIS_LOG_FLAG_KEY)) return false;
        return Boolean.valueOf(getNodeConfig().get_plaintext(REDIS_LOG_FLAG_KEY));
    }

    @Override
    public void setLogFlag(final boolean logFlag) {
        if (logFlag) {
            getNodeConfig().set_plaintext(REDIS_LOG_FLAG_KEY, "true", EX,
                                          isSelfSage() ? TTL_LOG_FLAG_SAGE : TTL_LOG_FLAG_NODE);
        } else {
            // just (try to) remove the flag
            getNodeConfig().del(REDIS_LOG_FLAG_KEY);
        }
    }
 }
--- a/bubble-server/src/main/java/bubble/service_dbfilter/DbFilterSelfNodeService.java
+++ b/bubble-server/src/main/java/bubble/service_dbfilter/DbFilterSelfNodeService.java
@@ -29,4 +29,7 @@ public class DbFilterSelfNodeService implements SelfNodeService {

    @Override public BubblePlan getThisPlan() { return notSupported("getThisPlan"); }

    @Override public Boolean getLogFlag() { return notSupported("getLogFlag"); }
    @Override public void setLogFlag(boolean logFlag) { notSupported("setLogFlag"); }

 }
--- a/bubble-server/src/main/resources/ansible/install_local.sh.hbs
+++ b/bubble-server/src/main/resources/ansible/install_local.sh.hbs
@@ -2,7 +2,7 @@

 ANSIBLE_USER="{{node.user}}"
 ANSIBLE_HOME="$(cd ~{{node.user}} && pwd)"
 LOG="${ANSIBLE_HOME}/.ansible.log"
 LOG=/var/log/bubble/ansible.log

 # Stop unattended upgrades so that apt installs will work
 # unattended upgrades are re-enabled at the end of the ansible run
@@ -17,7 +17,7 @@ set -m

 {{#if isNode}}
 # touch algo log and start tailing it
 ALGO_LOG=/tmp/install_algo.log
 ALGO_LOG=/var/log/bubble/install_algo.log
 touch ${ALGO_LOG} && tail -f ${ALGO_LOG} &
 {{/if}}

@@ -80,7 +80,7 @@ fi
 {{#if isNode}}
 # touch algo log and start tailing it
 set -m
 touch /tmp/install_algo.log && tail -f /tmp/install_algo.log &
 touch ${ALGO_LOG} && tail -f ${ALGO_LOG} &
 {{/if}}

 set -o pipefail
--- a/bubble-server/src/main/resources/ansible/roles/algo/tasks/main.yml
+++ b/bubble-server/src/main/resources/ansible/roles/algo/tasks/main.yml
@@ -14,7 +14,7 @@

 # Don't setup algo when in restore mode, bubble_restore_monitor.sh will set it up after the CA key has been restored
 - name: Run algo playbook to install algo
  shell: bash -c "/root/ansible/roles/algo/algo/install_algo.sh 2>&1 >> /tmp/install_algo.log"
  shell: bash -c "/root/ansible/roles/algo/algo/install_algo.sh 2>&1 >> /var/log/bubble/install_algo.log"
  tags: algo_related

 # Algo installation clears out iptable rules. Add needed bubble rules back:
--- a/bubble-server/src/main/resources/ansible/roles/bubble/templates/snapshot_ansible.sh.j2
+++ b/bubble-server/src/main/resources/ansible/roles/bubble/templates/snapshot_ansible.sh.j2
@@ -1,34 +0,0 @@
 #!/bin/bash

 SCRIPT="${0}"
 SCRIPT_DIR=$(cd $(dirname ${SCRIPT}) && pwd)

 LOG=/tmp/$(basename ${0}).log

 function die {
  echo 1>&2 "${1}"
  log "${1}"
  exit 1
 }

 function log {
  echo "${1}" | tee -a ${LOG}
 }

 if [[ $(whoami) != "{{ admin_user }}" ]] ; then
  if [[ $(whoami) == "root" ]] ; then
    sudo -H -u "{{ admin_user }}" ${0}
    exit $?
  fi
  die "${0} must be run as {{ admin_user }}"
 fi

 ANSIBLE_USER_HOME=$(cd ~{{ admin_user }} && pwd)

 ANSIBLE_SNAPSHOT="/home/bubble/ansible.tgz"

 cd ${ANSIBLE_USER_HOME} \
  && tar czf ${ANSIBLE_SNAPSHOT} ./ansible \
  && chmod 400 ${ANSIBLE_SNAPSHOT} \
  && chown bubble ${ANSIBLE_SNAPSHOT} \
  || die "Error creating ansible snapshot"
--- a/bubble-server/src/main/resources/ansible/roles/common/tasks/main.yml
+++ b/bubble-server/src/main/resources/ansible/roles/common/tasks/main.yml
@@ -4,3 +4,11 @@
 - name: Set hostname to {{ hostname }}
  hostname:
    name: '{{ hostname }}'

 - name: Set log flag to true with EX of 7 days for non-sage nodes
  shell: echo 'set bubble.StandardSelfNodeService.bubble_server_logs_enabled "true" EX 604800' | redis-cli
  when: install_type != 'sage'

 - name: Set log flag to true with EX of 30 days for sage nodes
  shell: echo 'set bubble.StandardSelfNodeService.bubble_server_logs_enabled "true" EX 2592000' | redis-cli
  when: install_type == 'sage'
--- a/bubble-server/src/main/resources/ansible/roles/finalizer/templates/supervisor_bubble.conf.j2
+++ b/bubble-server/src/main/resources/ansible/roles/finalizer/templates/supervisor_bubble.conf.j2
@@ -1,7 +1,7 @@

 [program:bubble]
 stdout_logfile = /home/bubble/logs/bubble-out.log
 stderr_logfile = /home/bubble/logs/bubble-err.log
 stdout_logfile = /var/log/bubble/api-server-out.log
 stderr_logfile = /var/log/bubble/api-server-err.log
 command=sudo -u bubble bash -c "/usr/bin/java \
  -Dfile.encoding=UTF-8 -Djava.net.preferIPv4Stack=true \
  -XX:+UseG1GC -XX:MaxGCPauseMillis=400 {{ bubble_java_opts }} \
--- a/bubble-server/src/main/resources/bubble/host-prefixes.txt
+++ b/bubble-server/src/main/resources/bubble/host-prefixes.txt
@@ -964,7 +964,6 @@ beset
 besit
 besom
 besot
 besti
 bests
 betas
 beted
--- a/bubble-server/src/main/resources/packer/roles/algo/files/algo_refresh_users.sh
+++ b/bubble-server/src/main/resources/packer/roles/algo/files/algo_refresh_users.sh
@@ -2,7 +2,7 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/
 #
 LOG=/tmp/bubble.algo_refresh_users.log
 LOG=/var/log/bubble/algo_refresh_users.log

 ALGO_BASE=/root/ansible/roles/algo/algo
 REFRESH_MARKER=${ALGO_BASE}/.refreshing_users
--- a/bubble-server/src/main/resources/packer/roles/algo/files/algo_refresh_users_monitor.sh
+++ b/bubble-server/src/main/resources/packer/roles/algo/files/algo_refresh_users_monitor.sh
@@ -2,7 +2,7 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/
 #
 LOG=/tmp/bubble.algo_refresh_users_monitor.log
 LOG=/var/log/bubble/algo_refresh_users_monitor.log

 function die {
  echo 1>&2 "${1}"
--- a/bubble-server/src/main/resources/packer/roles/algo/files/wg_monitor_connections.sh
+++ b/bubble-server/src/main/resources/packer/roles/algo/files/wg_monitor_connections.sh
@@ -2,7 +2,7 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/
 #
 LOG=/tmp/bubble.wg_monitor_connections.log
 LOG=/var/log/bubble/wg_monitor_connections.log

 function die {
  echo 1>&2 "${1}"
--- a/bubble-server/src/main/resources/packer/roles/bubble/files/bubble_restore_monitor.sh
+++ b/bubble-server/src/main/resources/packer/roles/bubble/files/bubble_restore_monitor.sh
@@ -12,7 +12,7 @@ BUBBLE_SELF_NODE="${BUBBLE_HOME}/${SELF_NODE}"
 ADMIN_PORT=${1:?no admin port provided}
 TIMEOUT=${2:-3600}  # 60 minutes default timeout

 LOG=/tmp/bubble.restore.log
 LOG=/var/log/bubble/restore.log

 function die {
  echo 1>&2 "${1}"
@@ -111,6 +111,8 @@ fi
 # flush redis
 log "Flushing redis"
 echo "FLUSHALL" | redis-cli || die "Error flushing redis"
 # but reset the log flag to true (EX in 7 days) - do this here so logs from following lines will be logged
 echo 'set bubble.StandardSelfNodeService.bubble_server_logs_enabled "true" EX 604800' | redis-cli

 # restore algo configs
 log "Restoring algo configs"
--- a/bubble-server/src/main/resources/packer/roles/bubble/files/bubble_upgrade.sh
+++ b/bubble-server/src/main/resources/packer/roles/bubble/files/bubble_upgrade.sh
@@ -5,7 +5,7 @@
 BUBBLE_HOME="/home/bubble"
 UPGRADE_JAR="${BUBBLE_HOME}/upgrade.jar"
 BUBBLE_JAR="${BUBBLE_HOME}/api/bubble.jar"
 LOG=/tmp/bubble.upgrade.log
 LOG=/var/log/bubble/upgrade.log

 function die {
  echo 1>&2 "${1}"
--- a/bubble-server/src/main/resources/packer/roles/bubble/files/bubble_upgrade_monitor.sh
+++ b/bubble-server/src/main/resources/packer/roles/bubble/files/bubble_upgrade_monitor.sh
@@ -6,7 +6,7 @@ THIS_DIR="$(cd "$(dirname "${0}")" && pwd)"

 BUBBLE_HOME="/home/bubble"
 UPGRADE_JAR="${BUBBLE_HOME}/upgrade.jar"
 LOG=/tmp/bubble.upgrade.log
 LOG=/var/log/bubble/upgrade.log

 function log {
  echo "$(date): ${1}" >> ${LOG}
--- a/bubble-server/src/main/resources/packer/roles/bubble/files/init_bubble_db.sh
+++ b/bubble-server/src/main/resources/packer/roles/bubble/files/init_bubble_db.sh
@@ -4,7 +4,7 @@
 #
 echo "$@" > /tmp/init.args

 LOG=/dev/null
 LOG=/var/log/bubble/init_db.log

 function die {
  echo 1>&2 "${1}"
--- a/bubble-server/src/main/resources/packer/roles/bubble/files/log_manager.sh
+++ b/bubble-server/src/main/resources/packer/roles/bubble/files/log_manager.sh
@@ -0,0 +1,26 @@
 #!/bin/bash
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license:
 # https://getbubblenow.com/bubble-license/
 #

 BUBBLE_LOGS_FOLDER=/var/log/bubble
 REDIS_LOG_FLAG_KEY="bubble.StandardSelfNodeService.bubble_server_logs_enabled"

 REDIS_LOG_FLAG_VALUE=$(echo "get ${REDIS_LOG_FLAG_KEY}" | redis-cli | xargs echo | tr '[:upper:]' '[:lower:]')

 if [[ ${REDIS_LOG_FLAG_VALUE} == true ]]; then
  is_reload_needed=false
  for logFile in $(find "${BUBBLE_LOGS_FOLDER}"/* -type l); do
    rm "${logFile}"
    touch "${logFile}"
    is_reload_needed=true
  done
  if [[ ${is_reload_needed} == true ]]; then
    supervisorctl reload
  fi
 else
  for logFile in $(find "${BUBBLE_LOGS_FOLDER}"/* -type f); do
    ln -sf /dev/null "${logFile}"
  done
 fi
--- a/bubble-server/src/main/resources/packer/roles/bubble/files/refresh_bubble_ssh_keys.sh
+++ b/bubble-server/src/main/resources/packer/roles/bubble/files/refresh_bubble_ssh_keys.sh
@@ -2,7 +2,7 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/
 #
 LOG=/tmp/bubble.refresh_bubble_ssh_keys.log
 LOG=/var/log/bubble/refresh_bubble_ssh_keys.log

 function die {
  echo 1>&2 "${1}"
--- a/bubble-server/src/main/resources/packer/roles/bubble/files/refresh_bubble_ssh_keys_monitor.sh
+++ b/bubble-server/src/main/resources/packer/roles/bubble/files/refresh_bubble_ssh_keys_monitor.sh
@@ -2,7 +2,7 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/
 #
 LOG=/tmp/bubble.ssh_keys_monitor.log
 LOG=/var/log/bubble/ssh_keys_monitor.log

 function die {
  echo 1>&2 "${1}"
--- a/bubble-server/src/main/resources/packer/roles/bubble/tasks/main.yml
+++ b/bubble-server/src/main/resources/packer/roles/bubble/tasks/main.yml
@@ -9,14 +9,6 @@

 - import_tasks: postgresql.yml

 - name: Create bubble user
  user:
    name: bubble
    comment: bubble user
    shell: /bin/bash
    system: yes
    home: /home/bubble

 - name: Creates bubble API dir
  file:
    path: /home/bubble/api
@@ -25,14 +17,6 @@
    mode: 0555
    state: directory

 - name: Creates bubble logs dir
  file:
    path: /home/bubble/logs
    owner: bubble
    group: root
    mode: 0770
    state: directory

 - name: Install bubble jar
  copy:
    src: bubble.jar
@@ -113,6 +97,7 @@
    - refresh_bubble_ssh_keys.sh
    - bubble_upgrade_monitor.sh
    - bubble_upgrade.sh
    - log_manager.sh

 - name: Install refresh_bubble_ssh_keys_monitor supervisor conf file
  copy:
@@ -124,6 +109,13 @@
    src: supervisor_bubble_upgrade_monitor.conf
    dest: /etc/supervisor/conf.d/bubble_upgrade_monitor.conf

 - name: Install log_namager monitor cron
  cron:
    name: "Log flag check and manager"
    minute: "*/5"
    user: "root"
    job: "log_manager.sh"

 - name: Install packer for sage node
  shell: su - bubble bash -c install_packer.sh
  when: install_type == 'sage'
--- a/bubble-server/src/main/resources/packer/roles/common/files/ensure_file_exists.sh
+++ b/bubble-server/src/main/resources/packer/roles/common/files/ensure_file_exists.sh
@@ -4,7 +4,7 @@
 #
 TARGET_FILE=${1:?no target file provided}
 TIMEOUT=${2:?no timeout provided}
 LOG=/tmp/ensure_file_$(echo ${TARGET_FILE} | tr '/' '_').log
 LOG=/var/log/bubble/ensure_file_$(echo ${TARGET_FILE} | tr '/' '_').log

 start=$(date +%s)
 while [[ ! -s ${TARGET_FILE} && $(expr $(date +%s) - ${start}) -le ${TIMEOUT} ]] ; do
--- a/bubble-server/src/main/resources/packer/roles/common/tasks/main.yml
+++ b/bubble-server/src/main/resources/packer/roles/common/tasks/main.yml
@@ -57,3 +57,30 @@
    state: restarted
  with_items:
    - fail2ban

 - name: Create bubble-log group
  group:
    name: bubble-log

 - name: Add root user to newly created group
  user:
    name: root
    groups: bubble-log
    append: yes

 - name: Create bubble user
  user:
    name: bubble
    comment: bubble user
    shell: /bin/bash
    system: yes
    home: /home/bubble
    groups: bubble-log

 - name: Creates bubble logs dir
  file:
    path: /var/log/bubble
    owner: bubble
    group: bubble-log
    mode: 0770
    state: directory
--- a/bubble-server/src/main/resources/packer/roles/finalizer/files/snapshot_ansible.sh
+++ b/bubble-server/src/main/resources/packer/roles/finalizer/files/snapshot_ansible.sh
@@ -5,7 +5,7 @@
 SCRIPT="${0}"
 SCRIPT_DIR=$(cd $(dirname ${SCRIPT}) && pwd)

 LOG=/tmp/$(basename ${0}).log
 LOG=/var/log/bubble/snapshot_ansible.log

 function die {
  echo 1>&2 "${1}"
--- a/bubble-server/src/main/resources/packer/roles/finalizer/files/supervisor_bubble_nodemanager.conf
+++ b/bubble-server/src/main/resources/packer/roles/finalizer/files/supervisor_bubble_nodemanager.conf
@@ -1,5 +1,5 @@

 [program:nodemanager]
 stdout_logfile = /home/bubble/logs/nodemanager-out.log
 stderr_logfile = /home/bubble/logs/nodemanager-err.log
 stdout_logfile = /var/log/bubble/nodemanager-out.log
 stderr_logfile = /var/log/bubble/nodemanager-err.log
 command=/usr/sbin/bubble-nodemanager
--- a/bubble-server/src/main/resources/packer/roles/firewall/files/supervisor_bubble_peer_manager.conf
+++ b/bubble-server/src/main/resources/packer/roles/firewall/files/supervisor_bubble_peer_manager.conf
@@ -1,5 +1,5 @@

 [program:bubble_peer_manager]
 stdout_logfile = /var/log/bubble_peer_manager-out.log
 stderr_logfile = /var/log/bubble_peer_manager-err.log
 stdout_logfile = /var/log/bubble/bubble_peer_manager-out.log
 stderr_logfile = /var/log/bubble/bubble_peer_manager-err.log
 command=bash -c "/usr/local/bin/bubble_peer_manager.py /home/bubble/peers.json /home/bubble/self_node.json 60"
--- a/bubble-server/src/main/resources/packer/roles/mitmproxy/files/mitm_monitor.sh
+++ b/bubble-server/src/main/resources/packer/roles/mitmproxy/files/mitm_monitor.sh
@@ -2,7 +2,7 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/
 #
 LOG=/tmp/mitm_monitor.log
 LOG=/var/log/bubble/mitm_monitor.log

 function die {
  echo 1>&2 "${1}"
--- a/bubble-server/src/main/resources/packer/roles/mitmproxy/tasks/main.yml
+++ b/bubble-server/src/main/resources/packer/roles/mitmproxy/tasks/main.yml
@@ -27,6 +27,7 @@
    shell: /bin/bash
    system: yes
    home: /home/mitmproxy
    groups: bubble-log

 - name: Creates mitmproxy dir
  file:
--- a/bubble-server/src/main/resources/packer/roles/nginx/files/init_certbot.sh
+++ b/bubble-server/src/main/resources/packer/roles/nginx/files/init_certbot.sh
@@ -2,7 +2,7 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/
 #
 LOG=/tmp/init_certbot.log
 LOG=/var/log/bubble/init_certbot.log

 function log {
  echo "$(date): ${1}" >> ${LOG}
--- a/bubble-server/src/main/resources/packer/roles/nginx/files/init_dhparams.sh
+++ b/bubble-server/src/main/resources/packer/roles/nginx/files/init_dhparams.sh
@@ -2,7 +2,7 @@
 #
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/
 #
 LOG=/tmp/dhparams.log
 LOG=/var/log/bubble/dhparams.log
 DH_PARAMS=/etc/nginx/dhparams.pem

 function log {