feat: Testservice now deployed via Ansible (#3265)

* chore: Deployment of testservice via Ansible * Adjust README * Fix handler and add Dockerfile for building * Fix building and deploying native libs * Remove native library usage (not needed for core-crypto) * Use node018 in example too
wireapp · Jan 30, 2025 · 4055696 · 4055696
1 parent 76d2206
commit 4055696
Show file tree

Hide file tree

Showing 13 changed files with 214 additions and 54 deletions.
diff --git a/testservice/.gitignore b/testservice/.gitignore
@@ -0,0 +1 @@
+*.jar
diff --git a/testservice/Dockerfile b/testservice/Dockerfile
@@ -0,0 +1,21 @@
+FROM --platform=linux/amd64 eclipse-temurin:17-jdk
+
+# disable prompts from the txdata
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && apt-get install -y \
+    build-essential \
+    cargo \
+    gcc \
+    software-properties-common \
+    unzip \
+    clang \
+    curl \
+    && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /app
+
+COPY . .
+
+RUN ./gradlew clean
+RUN ./gradlew :testservice:shadowJar
diff --git a/testservice/Jenkinsfile b/testservice/Jenkinsfile
@@ -37,28 +37,14 @@ pipeline {
                 expression { return sh(returnStdout: true, script: 'uname -s').contains('Linux') }
             }
             steps {
-                // Remove old files
-                sh "rm -rf ${HOME}/.testservice/"
-                sh "mkdir -p ${HOME}/.config/systemd/user/"
-                sh """printf \\
-'[Unit]
-Description=kalium-testservice
-After=network.target
-[Service]
-LimitNOFILE=infinity
-LimitNPROC=infinity
-LimitCORE=infinity
-TimeoutStartSec=8
-WorkingDirectory=${WORKSPACE}
-Environment="PATH=/usr/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin"
-ExecStart=java -Djava.library.path=${WORKSPACE}/native/libs/ -jar ${WORKSPACE}/testservice/build/libs/testservice-0.0.1-SNAPSHOT-all.jar server ${WORKSPACE}/testservice/config.yml
-Restart=always
-[Install]
-WantedBy=default.target
-' \\
-> ${HOME}/.config/systemd/user/kalium-testservice.service"""
-                sh 'systemctl --user daemon-reload'
-                sh 'systemctl --user restart kalium-testservice'
+                ansiblePlaybook(
+                    credentialsId: 'callingservice_debian',
+                    disableHostKeyChecking: true,
+                    forks: 2,
+                    inventory: 'ansible/hosts.ini',
+                    playbook: 'ansible/site.yml',
+                    extras: '-verbose'
+                )
             }
         }
         stage('Deploy on macOS') {

diff --git a/testservice/README.md b/testservice/README.md
@@ -24,41 +24,20 @@ java -jar testservice/build/libs/testservice-*-all.jar server testservice/config
 
 ## Installation
 
-### Linux
-
-Create log directory and give it the right user permissions:
-```
-mkdir -p /var/log/kalium-testservice
-chmod <user>:<user> /var/log/kalium-testservice
-```
-
-Install systemd service as user:
-```
-mkdir -p ${HOME}/.config/systemd/user/
+Build inside container:
+```shell
+docker build --platform linux/arm64 -t testservice_build_env -f testservice/Dockerfile .
+docker create --name temp_container testservice_build_env
+docker cp temp_container:/app/testservice/build/libs/testservice-0.0.1-SNAPSHOT-all.jar ./testservice/testservice-0.0.1-SNAPSHOT-all.jar
+(optional) docker cp temp_container:/app/native/libs ./native/
+docker rm temp_container
 ```
 
-Create file `${HOME}/.config/systemd/user/kalium-testservice.service` with following content:
-```
-[Unit]
-Description=kalium-testservice
-After=network.target
-[Service]
-LimitNOFILE=infinity
-LimitNPROC=infinity
-LimitCORE=infinity
-TimeoutStartSec=8
-WorkingDirectory=${WORKSPACE}
-Environment="PATH=/usr/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin"
-ExecStart=java -Djava.library.path=${WORKSPACE}/native/libs/ -jar ${WORKSPACE}/testservice/build/libs/testservice-0.0.1-SNAPSHOT-all.jar server ${WORKSPACE}/testservice/config.yml
-Restart=always
-[Install]
-WantedBy=default.target
-```
+Run Ansible script with:
 
-Restart service:
-```
-systemctl --user daemon-reload
-systemctl --user restart kalium-testservice
+```shell
+cd testservice/ansible
+ansible-playbook -i hosts.ini site.yml --diff
 ```
 
 ## Random number generation

diff --git a/testservice/ansible/README.md b/testservice/ansible/README.md
@@ -0,0 +1,5 @@
+# Ansible playbook for kalium testservice
+
+Execute with: `ansible-playbook -i hosts.ini site.yml --diff`
+
+Run only on individual nodes: `ansible-playbook -i hosts.ini -l node018 site.yml --diff`
diff --git a/testservice/ansible/hosts.ini b/testservice/ansible/hosts.ini
@@ -0,0 +1,2 @@
+[node018]
+192.168.2.18
diff --git a/testservice/ansible/roles/common/files/20auto-upgrades b/testservice/ansible/roles/common/files/20auto-upgrades
@@ -0,0 +1,4 @@
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Unattended-Upgrade "1";
+APT::Periodic::AutocleanInterval "7";
+Unattended-Upgrade::OnlyOnACPower "false";
diff --git a/testservice/ansible/roles/common/handlers/main.yml b/testservice/ansible/roles/common/handlers/main.yml
@@ -0,0 +1,5 @@
+- name: "Restart sshd"
+  service:
+    name: ssh
+    state: restarted
+
diff --git a/testservice/ansible/roles/common/tasks/main.yml b/testservice/ansible/roles/common/tasks/main.yml
@@ -0,0 +1,37 @@
+- name: Update package repository
+  when:
+    - ansible_facts['distribution'] == "Debian"
+  apt:
+    update_cache: true
+
+- name: Install java and other useful packages
+  when:
+    - ansible_facts['distribution'] == "Debian"
+  package:
+    name:
+      - openjdk-17-jre-headless
+      - vim
+      - curl
+      - jq
+      - git
+      - intel-microcode
+      - unattended-upgrades
+    state: present
+
+- name: Disallow SSH root login
+  lineinfile:
+    dest: /etc/ssh/sshd_config
+    regexp: "^PermitRootLogin"
+    line: "PermitRootLogin no"
+    state: present
+    validate: sshd -t -f %s
+  notify:
+    - Restart sshd
+
+- name: Configure unattended upgrades
+  copy:
+    src: 20auto-upgrades
+    dest: /etc/apt/apt.conf.d/20auto-upgrades
+    mode: 0644
+    owner: root
+    group: root
diff --git a/testservice/ansible/roles/kalium-testservice/files/kalium-testservice.service b/testservice/ansible/roles/kalium-testservice/files/kalium-testservice.service
@@ -0,0 +1,18 @@
+[Unit]
+Description=kalium-testservice
+After=network.target
+
+[Service]
+User=kalium
+Group=kalium
+LimitNOFILE=infinity
+LimitNPROC=infinity
+LimitCORE=infinity
+TimeoutStartSec=8
+WorkingDirectory=/usr/local/kalium-testservice
+Environment="PATH=/usr/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin"
+ExecStart=java -Djava.library.path=/usr/local/kalium-testservice/native/libs/ -jar /usr/local/kalium-testservice/testservice.jar server /usr/local/kalium-testservice/config.yml
+Restart=always
+
+[Install]
+WantedBy=default.target
diff --git a/testservice/ansible/roles/kalium-testservice/tasks/main.yml b/testservice/ansible/roles/kalium-testservice/tasks/main.yml
@@ -0,0 +1,88 @@
+- name: Install java and other useful packages
+  when:
+    - ansible_facts['distribution'] == "Debian"
+  package:
+    name:
+      - haveged
+      - openjdk-17-jre-headless
+      - libc6
+    state: present
+
+- name: Enable service for random number generation
+  systemd:
+    name: haveged
+    daemon_reload: true
+    enabled: true
+    state: restarted
+
+- name: Create user account
+  user:
+    name: kalium
+    shell: /bin/bash
+    state: present
+    groups: audio, video
+
+- name: Ensure logs directory exists
+  file:
+    path: /var/log/kalium-testservice/
+    state: directory
+    owner: kalium
+    group: kalium
+    mode: '0755'
+
+- name: Create directory for runtime files
+  file:
+    path: /usr/local/kalium-testservice/
+    state: directory
+    owner: kalium
+    group: kalium
+    mode: '0755'
+
+- name: Deploy config
+  copy:
+    src: ../config.yml
+    dest: /usr/local/kalium-testservice/config.yml
+    owner: kalium
+    group: kalium
+    mode: '0644'
+
+# Native libraries are not external anymore with core crypto
+#- name: Create directory for native libs
+#  file:
+#    path: /usr/local/kalium-testservice/native/libs/
+#    state: directory
+#    owner: kalium
+#    group: kalium
+#    mode: '0755'
+#
+#- name: Deploy native libraries
+#  copy:
+#    src: ../../native/libs/
+#    dest: /usr/local/kalium-testservice/native/libs/
+#    owner: kalium
+#    group: kalium
+#    mode: '0644'
+
+- name: Deploy jar
+  copy:
+    src: ../testservice-0.0.1-SNAPSHOT-all.jar
+    dest: /usr/local/kalium-testservice/testservice.jar
+    owner: kalium
+    group: kalium
+    mode: '0644'
+
+- name: Deploy service
+  copy:
+    src: kalium-testservice.service
+    dest: /etc/systemd/system/kalium-testservice.service
+    owner: kalium
+    group: kalium
+    mode: '0644'
+
+- name: Enable and start service
+  systemd:
+    name: kalium-testservice
+    daemon_reload: true
+    enabled: true
+    state: restarted
+
diff --git a/testservice/ansible/site.yml b/testservice/ansible/site.yml
@@ -0,0 +1,13 @@
+- hosts: all
+  become: yes
+  become_user: root
+  gather_facts: yes
+  roles:
+  - role: common
+
+- hosts: node018
+  become: yes
+  become_user: root
+  gather_facts: yes
+  roles:
+  - role: kalium-testservice
diff --git a/testservice/src/main/kotlin/com/wire/kalium/testservice/managed/InstanceService.kt b/testservice/src/main/kotlin/com/wire/kalium/testservice/managed/InstanceService.kt
@@ -145,6 +145,7 @@ class InstanceService(
                 File.separator + ".testservice" + File.separator + instanceId
         log.info("Instance $instanceId: Creating $instancePath")
         val kaliumConfigs = KaliumConfigs(
+            encryptProteusStorage = true,
             developmentApiEnabled = instanceRequest.developmentApiEnabled ?: false
         )
         val coreLogic = CoreLogic(instancePath, kaliumConfigs, userAgent)