Fix facts and test

Author: Michael Kluge

README.md

@@ -247,6 +247,11 @@ Reverse proxy can be configured as a hash as part of the JIRA resource
    },
 ```
 
+### notes on secret encryption in dbconfig.xml
+The JIRA process will read the dbconfig.xml on startup replace it with the string "{ATL_SECURED}". The password is moved
+into `<shared_homedir>/keys/javax.crypto.spec.SecretKeySpec_<some random number>`. It is important that this directory
+is not located inside of the installation dir as you would lose it in the case of an update.
+
 ## Reference
 
 see [REFERENCE.md](REFERENCE.md)

lib/facter/jira_installation_status.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+Facter.add('jira_service_status') do
+  setcode do
+    Facter::Core::Execution.execute('systemctl is-active jira')
+  end
+end
+
+Facter.add('jira_running_pid') do
+  setcode do
+    Facter::Core::Execution.execute('systemctl show -p MainPID --value jira')
+  end
+end
+
+Facter.add('jira_running_user') do
+  setcode do
+    if Facter.value('jira_service_status') == 'active' && Facter.value('jira_running_pid') != ''
+      Facter::Core::Execution.execute(format('stat -c %%U /proc/%s', Facter.value('jira_running_pid')))
+    else
+      '<unknown>'
+    end
+  end
+end
+
+Facter.add('jira_running_dbconfig_exists') do
+  setcode do
+    if Facter.value('jira_running_user') == '<unknown>'
+      false
+    else
+      File.exist? format('%s/dbconfig.xml', Dir.home(Facter.value('jira_running_user')))
+    end
+  end
+end
+
+Facter.add('jira_running_version') do
+  setcode do
+    if Facter.value('jira_running_user') == '<unknown>'
+      '<unknown>'
+    else
+      Facter::Core::Execution.execute('systemctl show --property ExecStart --value jira | grep -o -E "path=[^ ]+" | grep -o -E "\-[0-9\.]+\-" | tr -d "-"')
+    end
+  end
+end

manifests/init.pp

@@ -484,9 +484,15 @@
     fail('You need to specify a value for javahome')
   }
 
-  $change_dbpassword_real = versioncmp($version, '10.3.0') ? {
-    -1      => true,
-    default => $change_dbpassword,
+  if $facts['jira_running_dbconfig_exists'] {
+    $change_dbpassword_real = versioncmp($version, '10.3.0') ? {
+      -1      => true,
+      default => $change_dbpassword,
+    }
+  }
+  else {
+    # jira propably not installed
+    $change_dbpassword_real = true
   }
 
   contain jira::install

spec/acceptance/default_parameters_jira_10_spec.rb

@@ -2,126 +2,124 @@
 
 require 'spec_helper_acceptance'
 
-describe 'jira 10 postgresql' do
-  it 'installs jira 10 with defaults' do
-    prepare = <<-EOS
-
-      package {'diffutils':
-        ensure  => installed
-      }
-      file_line{'enable show_diff':
-        path => '/etc/puppetlabs/puppet/puppet.conf',
-        line => 'show_diff = true'
-      }
-    EOS
-    apply_manifest(prepare, catch_failures: true)
-
-    pp = <<-EOS
-
-      $java_package = $facts['os']['family'] ? {
-        'RedHat' => 'java-17-openjdk-headless',
-        'Debian' => 'openjdk-17-jre-headless',
-      }
-
-      $java_home = $facts['os']['family'] ? {
-        'RedHat' => '/usr/lib/jvm/jre-17-openjdk',
-        'Debian' => '/usr/lib/jvm/java-1.17.0-openjdk-amd64',
-      }
-
-      # The output of `systemctl status postgresql` is non ascii which
-      # breaks the Exec in Postgresql::Server::Instance::Reload
-      # on rhel based docker containers
-      # We don't need the output.
-      class { 'postgresql::server':
-        service_status => 'systemctl status postgresql > /dev/null'
-      }
-
-      postgresql::server::db { 'jira':
-        user     => 'jiraadm',
-        password => postgresql::postgresql_password('jiraadm', 'mypassword'),
-      }
-
-      # There is a bug in the check-java.sh that prevents jira from starting on Centos Stream 8
-      # https://jira.atlassian.com/browse/JRASERVER-77097
-      # Running with script_check_java_manage => true to solve this
-      class { 'jira':
-        version                  => '10.3.2',
-        change_dbpassword        => true,
-        java_package             => $java_package,
-        javahome                 => $java_home,
-        script_check_java_manage => false,
-        connection_settings      => 'tcpKeepAlive=true',
-        require                  => Postgresql::Server::Db['jira']
-      }
-    EOS
-
-    pp_upgrade = <<-EOS
-      $java_package = $facts['os']['family'] ? {
-        'RedHat' => 'java-17-openjdk-headless',
-        'Debian' => 'openjdk-17-jre-headless',
-      }
-
-      $java_home = $facts['os']['family'] ? {
-        'RedHat' => '/usr/lib/jvm/jre-17-openjdk',
-        'Debian' => '/usr/lib/jvm/java-1.17.0-openjdk-amd64',
-      }
-
-      class { 'jira':
-        version                  => '10.3.3',
-        change_dbpassword        => true,
-        java_package             => $java_package,
-        javahome                 => $java_home,
-        connection_settings      => 'tcpKeepAlive=true',
-        script_check_java_manage => false
-      }
-    EOS
-
-    # jira just takes *ages* to start up :-(
-    wget_cmd = 'wget -q --tries=24 --retry-connrefused --read-timeout=10 localhost:8080'
-    apply_manifest(pp, catch_failures: true)
-    sleep SLEEP_SECONDS
-    shell wget_cmd, acceptable_exit_codes: [0, 8]
-    sleep SLEEP_SECONDS
-    shell wget_cmd, acceptable_exit_codes: [0, 8]
-    pp = pp.gsub(/change_dbpassword.+=> true,/, 'change_dbpassword => false,')
-    apply_manifest(pp, catch_changes: true)
-
-    apply_manifest(pp_upgrade, catch_failures: true)
-    sleep SLEEP_SECONDS
-    shell wget_cmd, acceptable_exit_codes: [0, 8]
-    sleep SLEEP_SECONDS
-    shell wget_cmd, acceptable_exit_codes: [0, 8]
-
-    pp_upgrade = pp_upgrade.gsub(/change_dbpassword.+=> true,/, 'change_dbpassword => false,')
-    apply_manifest(pp_upgrade, catch_changes: true)
-  end
-
-  describe process('java') do
-    it { is_expected.to be_running }
-  end
-
-  describe port(8080) do
-    it { is_expected.to be_listening }
-  end
-
-  describe service('jira') do
-    it { is_expected.to be_enabled }
-    it { is_expected.to be_running }
-  end
-
-  describe user('jira') do
-    it { is_expected.to belong_to_group 'jira' }
-    it { is_expected.to have_login_shell '/bin/true' }
-  end
-  describe command('sleep 1200') do
-  end
-  describe command('wget -q --tries=54 --retry-connrefused --read-timeout=10 -O- localhost:8080') do
-    its(:stdout) { is_expected.to include('10.3.3') }
-  end
+def on_supported_os
+  (fact('os.family') == 'Debian' and fact('os.release.major') == '11') or (fact('os.family') == 'RedHat' and fact('os.release.major') >= '8')
+end
 
-  describe 'shutdown' do
-    it { shell('service jira stop', acceptable_exit_codes: [0, 1]) }
-    it { shell('pkill -9 -f postgres', acceptable_exit_codes: [0, 1]) }
-    it { shell('pkill -9 -f jira', acceptable_exit_codes: [0, 1]) }
+context 'jira 10 only on RedHat >=8 and Debian-11', if: on_supported_os do
+  describe 'jira 10 postgresql' do
+    it 'installs jira 10 with defaults' do
+      prepare = <<-EOS
+        package {'diffutils':
+          ensure  => installed
+        }
+        file_line{'enable show_diff':
+          path => '/etc/puppetlabs/puppet/puppet.conf',
+          line => 'show_diff = true'
+        }
+      EOS
+      apply_manifest(prepare, catch_failures: true)
+
+      pre = <<-EOS
+        if $facts['os']['family']  == 'RedHat' {
+          $java_package = 'java-17-openjdk'
+          $java_home = '/usr/lib/jvm/jre-17-openjdk'
+          $manage_dnf_module = true
+        }
+        elsif $facts['os']['family']  == 'Debian' {
+          $java_package = 'openjdk-17-jre'
+          $java_home = '/usr/lib/jvm/java-1.17.0-openjdk-amd64'
+          $manage_dnf_module = false
+        }
+      EOS
+
+      pp = <<-EOS
+        # The output of `systemctl status postgresql` is non ascii which
+        # breaks the Exec in Postgresql::Server::Instance::Reload
+        # on rhel based docker containers
+        # We don't need the output.
+        class { 'postgresql::globals':
+          manage_dnf_module => $manage_dnf_module,
+          version           => '13',
+        }
+        class { 'postgresql::server':
+          service_status => 'systemctl status postgresql > /dev/null'
+        }
+
+        postgresql::server::db { 'jira':
+          user     => 'jiraadm',
+          password => postgresql::postgresql_password('jiraadm', 'mypassword'),
+        }
+
+        # There is a bug in the check-java.sh that prevents jira from starting on Centos Stream 8
+        # https://jira.atlassian.com/browse/JRASERVER-77097
+        # Running with script_check_java_manage => true to solve this
+        class { 'jira':
+          version                  => '10.3.2',
+          java_package             => $java_package,
+          javahome                 => $java_home,
+          script_check_java_manage => false,
+          connection_settings      => 'tcpKeepAlive=true',
+          require                  => Postgresql::Server::Db['jira']
+        }
+      EOS
+      pp = pre + pp
+
+      pp_upgrade = <<-EOS
+        class { 'jira':
+          version                  => '10.3.3',
+          java_package             => $java_package,
+          javahome                 => $java_home,
+          connection_settings      => 'tcpKeepAlive=true',
+          script_check_java_manage => false
+        }
+      EOS
+      pp_upgrade = pre + pp_upgrade
+
+      # jira just takes *ages* to start up :-(
+      wget_cmd = 'wget -q --tries=24 --retry-connrefused --read-timeout=10 localhost:8080'
+      apply_manifest(pp, catch_failures: true)
+      sleep SLEEP_SECONDS
+      shell wget_cmd, acceptable_exit_codes: [0, 8]
+      sleep SLEEP_SECONDS
+      shell wget_cmd, acceptable_exit_codes: [0, 8]
+      apply_manifest(pp, catch_changes: true)
+
+      apply_manifest(pp_upgrade, catch_failures: true)
+      sleep SLEEP_SECONDS
+      shell wget_cmd, acceptable_exit_codes: [0, 8]
+      sleep SLEEP_SECONDS
+      shell wget_cmd, acceptable_exit_codes: [0, 8]
+
+      apply_manifest(pp_upgrade, catch_changes: true)
+    end
+
+    describe process('java') do
+      it { is_expected.to be_running }
+    end
+
+    describe port(8080) do
+      it { is_expected.to be_listening }
+    end
+
+    describe service('jira') do
+      it { is_expected.to be_enabled }
+      it { is_expected.to be_running }
+    end
+
+    describe user('jira') do
+      it { is_expected.to belong_to_group 'jira' }
+      it { is_expected.to have_login_shell '/bin/true' }
+    end
+
+    describe command('wget -q --tries=54 --retry-connrefused --read-timeout=10 -O- localhost:8080') do
+      its(:stdout) { is_expected.to include('10.3.3') }
+    end
+
+    describe 'shutdown' do
+      it { shell('service jira stop', acceptable_exit_codes: [0, 1]) }
+      it { shell('pkill -9 -f postgres', acceptable_exit_codes: [0, 1]) }
+      it { shell('pkill -9 -f jira', acceptable_exit_codes: [0, 1]) }
+    end
   end
 end