From 7b599bde0380d2aa24058ae188b6bc12e7ccef8f Mon Sep 17 00:00:00 2001
From: Lincoln Lee <git@lincoln.hk>
Date: Tue, 16 Jun 2015 22:39:14 +0800
Subject: [PATCH 1/6] Update setenv from the latest stash build

No more permgen.sh in the bin directory after 3.8.0
---
 recipes/tomcat_configuration.rb           |   6 +-
 templates/default/setenv_after_3_8.sh.erb | 296 ++++++++++++++++++++++
 2 files changed, 301 insertions(+), 1 deletion(-)
 create mode 100644 templates/default/setenv_after_3_8.sh.erb

diff --git a/recipes/tomcat_configuration.rb b/recipes/tomcat_configuration.rb
index 3a6aa98..43196da 100644
--- a/recipes/tomcat_configuration.rb
+++ b/recipes/tomcat_configuration.rb
@@ -2,7 +2,11 @@
 stash_version = Chef::Version.new(node['stash']['version'])
 
 template "#{node['stash']['install_path']}/stash/bin/setenv.sh" do
-  source 'setenv.sh.erb'
+  if stash_version < Chef::Version.new('3.8.0')
+    source 'setenv.sh.erb'
+  else
+    source 'setenv_after_3_8.sh.erb'
+  end
   owner node['stash']['user']
   mode '0755'
   notifies :restart, 'service[stash]', :delayed
diff --git a/templates/default/setenv_after_3_8.sh.erb b/templates/default/setenv_after_3_8.sh.erb
new file mode 100644
index 0000000..2883722
--- /dev/null
+++ b/templates/default/setenv_after_3_8.sh.erb
@@ -0,0 +1,296 @@
+#
+#  Dynamically generated by Chef on <%= node["fqdn"] %>
+#  Local modifications will be overwritten by Chef.
+#
+
+#
+# One way to set the STASH HOME path is here via this variable.  Simply uncomment it and set a valid path like
+# /stash/home.  You can of course set it outside in the command terminal; that will also work.
+#
+if [ "x${STASH_HOME}" = "x" ]; then
+    export STASH_HOME="<%= node['stash']['home_path'] %>"
+fi
+
+if [ "x${JAVA_HOME}" = "x" ]; then
+    export JAVA_HOME="<%= node['java']['java_home'] %>"
+fi
+
+
+#
+# Native libraries, such as the Tomcat native library, can be placed here for use by Stash. Alternatively, native
+# libraries can also be placed in $STASH_HOME/lib/native, where they will also be included in the library path used
+# by the JVM. By placing libraries in $STASH_HOME, they can be preserved across Stash upgrades.
+#
+# NOTE: You must choose the library architecture, x86 or x64, based on the JVM you'll be running, _not_ based on the OS.
+#
+JVM_LIBRARY_PATH="$CATALINA_HOME/lib/native:$STASH_HOME/lib/native"
+
+#
+# Occasionally Atlassian Support may recommend that you set some specific JVM arguments.  You can use this variable
+# below to do that.
+
+JVM_SUPPORT_RECOMMENDED_ARGS="<%= node['stash']['jvm']['support_args'] %>"
+
+#
+# The following 2 settings control the minimum and maximum given to the Atlassian Stash Java virtual machine.
+# In larger Stash instances, the maximum amount will need to be increased.
+#
+JVM_MINIMUM_MEMORY="<%= node['stash']['jvm']['minimum_memory'] %>"
+JVM_MAXIMUM_MEMORY="<%= node['stash']['jvm']['maximum_memory'] %>"
+
+#
+# File encoding passed into the Atlassian Stash Java virtual machine
+#
+JVM_FILE_ENCODING="UTF-8"
+
+#
+# The following are the required arguments needed for Atlassian Stash.
+#
+JVM_REQUIRED_ARGS="-Djava.awt.headless=true -Dfile.encoding=${JVM_FILE_ENCODING} -Datlassian.standalone=STASH -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dmail.mime.decodeparameters=true -Dorg.apache.catalina.connector.Response.ENFORCE_ENCODING_IN_GET_WRITER=false"
+
+#
+# Uncommenting the following will set the umask for the Atlassian Stash application. If can be used to override
+# the default settings of the Stash user is they are not sufficiently secure.
+#
+# umask 0027
+
+#-----------------------------------------------------------------------------------
+# JMX
+#
+# JMX is enabled by selecting an authentication method value for JMX_REMOTE_AUTH and then configuring related the
+# variables.
+#
+# See http://docs.oracle.com/javase/7/docs/technotes/guides/management/agent.html for more information on JMX
+# configuration in general.
+#-----------------------------------------------------------------------------------
+
+#
+# Set the authentication to use for remote JMX access. Anything other than "password" or "ssl" will cause remote JMX
+# access to be disabled.
+#
+JMX_REMOTE_AUTH=
+
+#
+# The port for remote JMX support if enabled
+#
+JMX_REMOTE_PORT=3333
+
+#
+# If `hostname -i` returns a local address then JMX-RMI communication may fail because the address returned by JMX for
+# the RMI-JMX stub will not resolve for non-local clients. To fix this you will need to explicitly specify the
+# IP address / host name of this server that is reachable / resolvable by JMX clients. e.g.
+# RMI_SERVER_HOSTNAME="-Djava.rmi.server.hostname=non.local.name.of.my.stash.server"
+#
+#RMI_SERVER_HOSTNAME="-Djava.rmi.server.hostname="
+
+#-----------------------------------------------------------------------------------
+# JMX username/password support
+#-----------------------------------------------------------------------------------
+
+#
+# The full path to the JMX username/password file used to authenticate remote JMX clients
+#
+#JMX_PASSWORD_FILE=
+
+#-----------------------------------------------------------------------------------
+# JMX SSL support
+#-----------------------------------------------------------------------------------
+
+#
+# The full path to the Java keystore which must contain Stash's key pair used for SSL authentication for JMX
+#
+#JAVA_KEYSTORE=
+
+#
+# The password for JAVA_KEYSTORE
+#
+#JAVA_KEYSTORE_PASSWORD=
+
+#
+# The full path to the Java truststore which must contain the client certificates accepted by Stash for SSL authentication
+# of JMX
+#
+#JAVA_TRUSTSTORE=
+
+#
+# The password for JAVA_TRUSTSTORE
+#
+#JAVA_TRUSTSTORE_PASSWORD=
+
+
+#
+# Additional JVM arguments
+#
+JAVA_OPTS="<%= node['stash']['jvm']['java_opts'] %> ${JAVA_OPTS}"
+
+PRGDIR=`dirname "$0"`
+
+if [ -z "$STASH_HOME" ]; then
+    echo ""
+    echo "-------------------------------------------------------------------------------"
+    echo "  Stash doesn't know where to store its data. Please configure the STASH_HOME"
+    echo "  environment variable with the directory where Stash should store its data."
+    echo "  Ensure that the path to STASH_HOME does not contain spaces. STASH_HOME may"
+    echo "  be configured in setenv.sh, if preferred, rather than exporting it as an"
+    echo "  environment variable."
+    echo "-------------------------------------------------------------------------------"
+    exit 1
+fi
+
+echo $STASH_HOME | grep -q " "
+if [ $? -eq 0 ]; then
+    echo ""
+    echo "-------------------------------------------------------------------------------"
+    echo "  STASH_HOME \"$STASH_HOME\" contains spaces."
+    echo "  Using a directory with spaces is likely to cause unexpected behaviour and is"
+    echo "  not supported. Please use a directory which does not contain spaces."
+    echo "-------------------------------------------------------------------------------"
+    exit 1
+fi
+
+UMASK=`umask`
+UMASK_SYMBOLIC=`umask -S`
+if echo $UMASK | grep -qv '0[2367]7$'; then
+    FORCE_EXIT=false
+    echo ""
+    echo "-------------------------------------------------------------------------------"
+    echo "Stash is being run with a umask that contains potentially unsafe settings."
+    echo "The following issues were found with the mask \"$UMASK_SYMBOLIC\" ($UMASK):"
+    if echo $UMASK | grep -qv '7$'; then
+        echo " - access is allowed to 'others'. It is recommended that 'others' be denied"
+        echo "   all access for security reasons."
+    fi
+    if echo $UMASK | grep -qv '[2367][0-9]$'; then
+        echo " - write access is allowed to 'group'. It is recommend that 'group' be"
+        echo "   denied write access. Read access to a restricted group is recommended"
+        echo "   to allow access to the logs."
+    fi
+    if echo $UMASK | grep -qv '0[0-9][0-9]$'; then
+        echo " - full access has been denied to 'user'. Stash cannot be run without full"
+        echo "   access being allowed."
+        FORCE_EXIT=true
+    fi
+    echo ""
+    echo "The recommended umask for Stash is \"u=,g=w,o=rwx\" (0027) and can be"
+    echo "configured in setenv.sh"
+    echo "-------------------------------------------------------------------------------"
+    if [ "x${FORCE_EXIT}" = "xtrue" ]; then
+        exit 1;
+    fi
+fi
+
+if [ "x$JMX_REMOTE_AUTH" = "xpassword" ]; then
+    if [ -z "$JMX_REMOTE_PORT" ]; then
+        echo ""
+        echo "-------------------------------------------------------------------------------"
+        echo "  Remote JMX is enabled.                                                       "
+        echo "                                                                               "
+        echo "  You must specify a valid port number. This is done by specifying             "
+        echo "  JMX_REMOTE_PORT in setenv.sh.                                                "
+        echo "-------------------------------------------------------------------------------"
+        exit 1
+    fi
+
+    if [ -z "$JMX_PASSWORD_FILE" ] || [ ! -f "$JMX_PASSWORD_FILE" ]; then
+        echo ""
+        echo "-------------------------------------------------------------------------------"
+        echo "  Remote JMX with username/password authentication is enabled.                 "
+        echo "                                                                               "
+        echo "  You must specify a valid path to the password file used by Stash.            "
+        echo "  This is done by specifying JMX_PASSWORD_FILE in setenv.sh.                   "
+        echo "-------------------------------------------------------------------------------"
+        exit 1
+    fi
+
+    JMX_OPTS="-Dcom.sun.management.jmxremote.port=${JMX_REMOTE_PORT} ${RMI_SERVER_HOSTNAME} -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.password.file=${JMX_PASSWORD_FILE}"
+
+elif [ "x$JMX_REMOTE_AUTH" = "xssl" ]; then
+    if [ -z "$JMX_REMOTE_PORT" ]; then
+        echo ""
+        echo "-------------------------------------------------------------------------------"
+        echo "  Remote JMX is enabled.                                                       "
+        echo "                                                                               "
+        echo "  You must specify a valid port number. This is done by specifying             "
+        echo "  JMX_REMOTE_PORT in setenv.sh.                                                "
+        echo "-------------------------------------------------------------------------------"
+        exit 1
+    fi
+
+    if [ -z "$JAVA_KEYSTORE" ] || [ ! -f "$JAVA_KEYSTORE" ]; then
+        echo ""
+        echo "-------------------------------------------------------------------------------"
+        echo "  Remote JMX with SSL authentication is enabled.                               "
+        echo "                                                                               "
+        echo "  You must specify a valid path to the keystore used by Stash. This is done by "
+        echo "  specifying JAVA_KEYSTORE in setenv.sh.                                       "
+        echo "-------------------------------------------------------------------------------"
+        exit 1
+    fi
+
+    if [ -z "$JAVA_KEYSTORE_PASSWORD" ]; then
+        echo ""
+        echo "-------------------------------------------------------------------------------"
+        echo "  Remote JMX with SSL authentication is enabled.                               "
+        echo "                                                                               "
+        echo "  You must specify a password to the keystore used by Stash. This is done by   "
+        echo "  specifying JAVA_KEYSTORE_PASSWORD in setenv.sh.                              "
+        echo "-------------------------------------------------------------------------------"
+        exit 1
+    fi
+
+    if [ -z "$JAVA_TRUSTSTORE" ] || [ ! -f "$JAVA_TRUSTSTORE" ]; then
+        echo ""
+        echo "-------------------------------------------------------------------------------"
+        echo "  Remote JMX with SSL authentication is enabled.                               "
+        echo "                                                                               "
+        echo "  You must specify a valid path to the keystore used by Stash. This is done by "
+        echo "  specifying JAVA_TRUSTSTORE in setenv.sh.                                     "
+        echo "-------------------------------------------------------------------------------"
+        exit 1
+    fi
+
+    if [ -z "$JAVA_TRUSTSTORE_PASSWORD" ]; then
+        echo ""
+        echo "-------------------------------------------------------------------------------"
+        echo "  Remote JMX with SSL authentication enabled.                                  "
+        echo "                                                                               "
+        echo "  You must specify a password to the truststore used by Stash. This is done by "
+        echo "  specifying JAVA_TRUSTSTORE_PASSWORD in setenv.sh.                            "
+        echo "-------------------------------------------------------------------------------"
+        exit 1
+    fi
+
+    JMX_OPTS="-Dcom.sun.management.jmxremote.port=${JMX_REMOTE_PORT} ${RMI_SERVER_HOSTNAME} -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl.need.client.auth=true -Djavax.net.ssl.keyStore=${JAVA_KEYSTORE} -Djavax.net.ssl.keyStorePassword=${JAVA_KEYSTORE_PASSWORD} -Djavax.net.ssl.trustStore=${JAVA_TRUSTSTORE} -Djavax.net.ssl.trustStorePassword=${JAVA_TRUSTSTORE_PASSWORD}"
+fi
+
+STASH_HOME_MINUSD=-Dstash.home=$STASH_HOME
+
+if [ "x$JVM_LIBRARY_PATH" != "x" ]; then
+    JVM_LIBRARY_PATH_MINUSD=-Djava.library.path=$JVM_LIBRARY_PATH
+    JVM_REQUIRED_ARGS="${JVM_REQUIRED_ARGS} ${JVM_LIBRARY_PATH_MINUSD}"
+fi
+
+JAVA_OPTS="-Xms${JVM_MINIMUM_MEMORY} -Xmx${JVM_MAXIMUM_MEMORY} ${JAVA_OPTS} ${JVM_REQUIRED_ARGS} ${JVM_SUPPORT_RECOMMENDED_ARGS} ${STASH_HOME_MINUSD}"
+
+# PermGen size needs to be increased if encountering OutOfMemoryError: PermGen problems.
+MAX_PERM_SIZE="<%= node['stash']['jvm']['maximum_permgen'] %>"
+JAVA_OPTS="-XX:MaxPermSize=${MAX_PERM_SIZE} ${JAVA_OPTS}"
+
+export JAVA_OPTS
+
+CATALINA_OPTS="${JMX_OPTS} ${CATALINA_OPTS}"
+export CATALINA_OPTS
+
+if [ "x$STASH_HOME_MINUSD" != "x" ]; then
+    echo "Using STASH_HOME:      $STASH_HOME"
+fi
+
+# set the location of the pid file
+if [ -z "$CATALINA_PID" ] ; then
+    if [ -n "$CATALINA_BASE" ] ; then
+        CATALINA_PID="$CATALINA_BASE"/work/catalina.pid
+    elif [ -n "$CATALINA_HOME" ] ; then
+        CATALINA_PID="$CATALINA_HOME"/work/catalina.pid
+    fi
+fi
+export CATALINA_PID

From c319bdca4d4d8227052cec8df23a7d1445662434 Mon Sep 17 00:00:00 2001
From: Lincoln Lee <git@lincoln.hk>
Date: Fri, 19 Jun 2015 22:15:28 +0800
Subject: [PATCH 2/6] Move setenv to 3.8+ folder

---
 recipes/tomcat_configuration.rb                                 | 2 +-
 .../default/{setenv_after_3_8.sh.erb => 3.8+/setenv.sh.erb}     | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename templates/default/{setenv_after_3_8.sh.erb => 3.8+/setenv.sh.erb} (100%)

diff --git a/recipes/tomcat_configuration.rb b/recipes/tomcat_configuration.rb
index 43196da..9e0f46b 100644
--- a/recipes/tomcat_configuration.rb
+++ b/recipes/tomcat_configuration.rb
@@ -5,7 +5,7 @@
   if stash_version < Chef::Version.new('3.8.0')
     source 'setenv.sh.erb'
   else
-    source 'setenv_after_3_8.sh.erb'
+    source '3.8+/setenv.sh.erb'
   end
   owner node['stash']['user']
   mode '0755'
diff --git a/templates/default/setenv_after_3_8.sh.erb b/templates/default/3.8+/setenv.sh.erb
similarity index 100%
rename from templates/default/setenv_after_3_8.sh.erb
rename to templates/default/3.8+/setenv.sh.erb

From 6a4842ee0b3cfbf90e0994f22cd9be57914a1c1c Mon Sep 17 00:00:00 2001
From: Lincoln Lee <git@lincoln.hk>
Date: Fri, 19 Jun 2015 22:47:40 +0800
Subject: [PATCH 3/6] Use new server.xml and move the shared folder

https://confluence.atlassian.com/display/STASH/Stash+upgrade+guide#Stashupgradeguide-Stash3.8updatenotes
---
 recipes/default.rb                    |   2 +-
 recipes/tomcat_configuration.rb       |  13 +-
 templates/default/3.8+/server.xml.erb | 185 ++++++++++++++++++++++++++
 3 files changed, 196 insertions(+), 4 deletions(-)
 create mode 100644 templates/default/3.8+/server.xml.erb

diff --git a/recipes/default.rb b/recipes/default.rb
index d9ed47e..3ad083d 100644
--- a/recipes/default.rb
+++ b/recipes/default.rb
@@ -11,8 +11,8 @@
 
 include_recipe 'stash::database' if settings['database']['host'] == 'localhost'
 include_recipe "stash::#{platform}_#{node['stash']['install_type']}"
+include_recipe 'stash::configuration'
 include_recipe 'stash::tomcat_configuration'
 include_recipe 'stash::apache2'
-include_recipe 'stash::configuration'
 include_recipe "stash::service_#{node['stash']['service_type']}"
 include_recipe 'stash::backup_client' if node['stash']['backup_client']['version']
diff --git a/recipes/tomcat_configuration.rb b/recipes/tomcat_configuration.rb
index 9e0f46b..feb91cd 100644
--- a/recipes/tomcat_configuration.rb
+++ b/recipes/tomcat_configuration.rb
@@ -1,5 +1,10 @@
 settings = Stash.settings(node)
 stash_version = Chef::Version.new(node['stash']['version'])
+server_xml_path = "#{node['stash']['install_path']}/stash/conf/server.xml"
+
+if stash_version >= Chef::Version.new('3.8.0')
+  server_xml_path = "#{node['stash']['home_path']}/shared/server.xml"
+end
 
 template "#{node['stash']['install_path']}/stash/bin/setenv.sh" do
   if stash_version < Chef::Version.new('3.8.0')
@@ -12,13 +17,15 @@
   notifies :restart, 'service[stash]', :delayed
 end
 
-template "#{node['stash']['install_path']}/stash/conf/server.xml" do
+template server_xml_path do
   if stash_version.major == 1
     source 'server.xml.erb'
-  elsif stash_version >= Chef::Version.new('3.3.0')
+  elsif stash_version < Chef::Version.new('3.3.0')
+    source 'server-tomcat7.xml.erb'
+  elsif stash_version < Chef::Version.new('3.8.0')
     source 'server-tomcat8.xml.erb'
   else
-    source 'server-tomcat7.xml.erb'
+    source '3.8+/server.xml.erb'
   end
   owner node['stash']['user']
   mode '0640'
diff --git a/templates/default/3.8+/server.xml.erb b/templates/default/3.8+/server.xml.erb
new file mode 100644
index 0000000..dcc8f1a
--- /dev/null
+++ b/templates/default/3.8+/server.xml.erb
@@ -0,0 +1,185 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!--
+  Dynamically generated by Chef on <%= node["fqdn"] %>
+  Local modifications will be overwritten by Chef.
+-->
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!-- Note:  A "Server" is not itself a "Container", so you may not
+     define subcomponents such as "Valves" at this level.
+     Documentation at /docs/config/server.html
+ -->
+<Server port="8006" shutdown="SHUTDOWN">
+    <!-- Security listener. Documentation at /docs/config/listeners.html
+    <Listener className="org.apache.catalina.security.SecurityListener" />
+    -->
+    <!--APR library loader. Documentation at /docs/apr.html -->
+    <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+    <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+    <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+    <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+    <!--Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /-->
+
+    <!-- Global JNDI resources
+         Documentation at /docs/jndi-resources-howto.html
+    -->
+    <GlobalNamingResources>
+        <!-- Editable user database that can also be used by
+             UserDatabaseRealm to authenticate users
+        -->
+        <Resource name="UserDatabase" auth="Container"
+                  type="org.apache.catalina.UserDatabase"
+                  description="User database that can be updated and saved"
+                  factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+                  pathname="conf/tomcat-users.xml" />
+    </GlobalNamingResources>
+
+    <!-- A "Service" is a collection of one or more "Connectors" that share
+         a single "Container" Note:  A "Service" is not itself a "Container",
+         so you may not define subcomponents such as "Valves" at this level.
+         Documentation at /docs/config/service.html
+     -->
+    <Service name="Catalina">
+
+        <!--The connectors can use a shared executor, you can define one or more named thread pools-->
+        <!--
+        <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
+            maxThreads="150" minSpareThreads="4"/>
+        -->
+
+
+        <!-- A "Connector" represents an endpoint by which requests are received
+             and responses are returned. Documentation at :
+             Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
+             Java AJP  Connector: /docs/config/ajp.html
+             APR (HTTP/AJP) Connector: /docs/apr.html
+             Define a non-SSL HTTP/1.1 Connector on port 7990
+
+             If you change this port, you have to update scripts.cfg as well
+             to have the same port configuration.
+        -->
+        <Connector port="<%= node['stash']['tomcat']['port'] %>" protocol="HTTP/1.1"
+                   connectionTimeout="20000"
+                   useBodyEncodingForURI="true"
+                   compression="on"
+                   compressableMimeType="text/html,text/xml,text/plain,text/css,application/json,application/javascript,application/x-javascript"
+                   <% if node['stash']['apache2'] -%>
+                   redirectPort="<%= node['stash']['apache2']['ssl']['port'] %>"
+                   secure="true"
+                   scheme="https"
+                   proxyName="<%= node['stash']['apache2']['virtual_host_alias'] %>"
+                   proxyPort="<%= node['stash']['apache2']['ssl']['port'] %>"
+                   <% else -%>
+                   redirectPort="<%= node['stash']['tomcat']['ssl_port'] %>"
+                   <% end -%>
+                   />
+
+        <!-- A "Connector" using the shared thread pool-->
+        <!--
+        <Connector executor="tomcatThreadPool"
+                   port="7990" protocol="HTTP/1.1"
+                   connectionTimeout="20000"
+                   redirectPort="8443" />
+        -->
+        <!-- Define a SSL HTTP/1.1 Connector on port 8443
+             This connector uses the NIO implementation that requires the JSSE
+             style configuration. When using the APR/native implementation, the
+             OpenSSL style configuration is required as described in the APR/native
+             documentation -->
+        <Connector port="<%= node['stash']['tomcat']['ssl_port'] %>"
+             maxHttpHeaderSize="8192"
+             SSLEnabled="true"
+             maxThreads="150"
+             minSpareThreads="25"
+             maxSpareThreads="75"
+             enableLookups="false"
+             disableUploadTimeout="true"
+             useBodyEncodingForURI="true"
+             acceptCount="100"
+             scheme="https"
+             secure="true"
+             clientAuth="false"
+             sslProtocol="TLS"
+             <%- if @tomcat %>
+             <%= "keyAlias=\"#{@tomcat['keyAlias']}\"" if @tomcat['keyAlias'] %>
+             <%= "keystoreFile=\"#{@tomcat['keystoreFile']}\"" if @tomcat['keystoreFile'] %>
+             <%= "keystorePass=\"#{@tomcat['keystorePass']}\"" if @tomcat['keystorePass'] %>
+             <%- end %>
+        />
+
+        <!-- An Engine represents the entry point (within Catalina) that processes
+             every request.  The Engine implementation for Tomcat stand alone
+             analyzes the HTTP headers included with the request, and passes them
+             on to the appropriate Host (virtual host).
+             Documentation at /docs/config/engine.html -->
+
+        <!-- You should set jvmRoute to support load-balancing via AJP ie :
+        <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
+        -->
+        <Engine name="Catalina" defaultHost="localhost">
+
+            <!-- For clustering, please take a look at documentation at:
+                 /docs/cluster-howto.html  (simple how to)
+                 /docs/config/cluster.html (reference documentation) -->
+            <!--
+            <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
+            -->
+
+            <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+                 via a brute-force attack -->
+            <Realm className="org.apache.catalina.realm.LockOutRealm">
+                <!-- This Realm uses the UserDatabase configured in the global JNDI
+                     resources under the key "UserDatabase".  Any edits
+                     that are performed against this UserDatabase are immediately
+                     available for use by the Realm.  -->
+                <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+                       resourceName="UserDatabase"/>
+            </Realm>
+
+            <Host name="localhost" appBase="webapps"
+                  unpackWARs="true" autoDeploy="true"
+                  xmlValidation="false" xmlNamespaceAware="false">
+
+                <!-- Before changing the context path for Stash, please read our documentation:
+                     https://confluence.atlassian.com/x/5oCNEQ
+
+                     You will have to update scripts.cfg
+                     AND rename webapps/ROOT directory. -->
+
+                <Context docBase="${catalina.home}/atlassian-stash"
+                         path=""
+                         reloadable="false"
+                         useHttpOnly="true"/>
+
+                <!-- SingleSignOn valve, share authentication between web applications
+                     Documentation at: /docs/config/valve.html -->
+                <!--
+                <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+                -->
+
+                <!-- Access log processes all example.
+                     Documentation at: /docs/config/valve.html
+                     Note: The pattern used is equivalent to using pattern="common" -->
+                <!--
+                <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+                       prefix="localhost_access_log" suffix=".txt"
+                       pattern="%h %l %u %t &quot;%r&quot; %s %b" />
+                -->
+            </Host>
+        </Engine>
+    </Service>
+</Server>

From 54609d8a73d0bff6fa81006b92ab07f4d3182288 Mon Sep 17 00:00:00 2001
From: Lincoln Lee <git@lincoln.hk>
Date: Fri, 19 Jun 2015 22:49:00 +0800
Subject: [PATCH 4/6] Increase default maximum_permgen

---
 README.md             | 2 +-
 attributes/default.rb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 42f7f95..429b59c 100644
--- a/README.md
+++ b/README.md
@@ -107,7 +107,7 @@ Attribute | Description | Type | Default
 ----------|-------------|------|--------
 minimum_memory | JVM minimum memory | String | 512m
 maximum_memory | JVM maximum memory | String | 768m
-maximum_permgen | JVM maximum PermGen memory | String | 256m
+maximum_permgen | JVM maximum PermGen memory | String | 384m
 java_opts | additional JAVA_OPTS to be passed to Stash JVM during startup | String | ""
 support_args | additional JAVA_OPTS recommended by Atlassian support for Stash JVM during startup | String | ""
 
diff --git a/attributes/default.rb b/attributes/default.rb
index 6d9386c..d657e23 100644
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -191,7 +191,7 @@
 
 default['stash']['jvm']['minimum_memory']  = '512m'
 default['stash']['jvm']['maximum_memory']  = '768m'
-default['stash']['jvm']['maximum_permgen'] = '256m'
+default['stash']['jvm']['maximum_permgen'] = '384m'
 default['stash']['jvm']['java_opts']       = ''
 default['stash']['jvm']['support_args']    = ''
 

From 742fb1a684071ef7f80dfb8cdbb1a762687ced13 Mon Sep 17 00:00:00 2001
From: Lincoln Lee <git@lincoln.hk>
Date: Fri, 19 Jun 2015 22:50:50 +0800
Subject: [PATCH 5/6] Add contributors

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 429b59c..b6bc8d2 100644
--- a/README.md
+++ b/README.md
@@ -298,4 +298,6 @@ Please see license information in: [LICENSE](LICENSE)
 * Ramon Makkelie (@ramonskie)
 * Martin (@martianus)
 * Mikhail Zholobov (@legal90)
+* Claudio Rivabene (@crivabene)
+* Patrick Connolly (@patcon)
 * Lincoln Lee (@linc01n)

From 36f10b0be79eb4251110bc0098922f06e471a784 Mon Sep 17 00:00:00 2001
From: Lincoln Lee <git@lincoln.hk>
Date: Fri, 19 Jun 2015 23:10:25 +0800
Subject: [PATCH 6/6] Prepare for 3.16.0 cookbook release

---
 CHANGELOG.md | 19 +++++++++++++++++++
 metadata.rb  |  2 +-
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 656e399..f33dee0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,21 @@
 * Enhancement: [#58][]: Update mysql dependency to ~> 6.0
 * Enhancement: [#61][]: Fix deprecation warning from Berkshelf
 
+## 3.16.0
+
+### 3.16.0 Major Changes
+
+* In default recipe run `stash::configuration` before `stash::tomcat_configuration`
+* For stash version 3.8+, move `server.xml` from `#{install_path}/config` to `#{home_path}/shared`
+* Increase default `maximum_permgen` from `256m` to `384m` [#84][]
+
+### 3.16.0 Minor Changes
+
+* Enhancement: [#87][]: Add support of Stash versions 3.8.1, 3.9.1, 3.9.2, 3.10.0
+* Bugfix: [#89][]: Use proper setenv.sh format for v3.8+
+* Bugfix: [#90][]: Do a apt-get update before running package install for debian-based vagrant
+
+
 ## 3.15.0
 
 * Enhancement: [#82][]: Default to Stash 3.8.0 and Stash Backup Client 1.8.2
@@ -482,3 +497,7 @@ To switch to new defaults:
 [#77]: https://github.com/bflad/chef-stash/issues/77
 [#79]: https://github.com/bflad/chef-stash/issues/79
 [#82]: https://github.com/bflad/chef-stash/issues/82
+[#84]: https://github.com/bflad/chef-stash/issues/84
+[#87]: https://github.com/bflad/chef-stash/issues/87
+[#89]: https://github.com/bflad/chef-stash/issues/89
+[#90]: https://github.com/bflad/chef-stash/issues/90
diff --git a/metadata.rb b/metadata.rb
index 3553fbe..17a9473 100644
--- a/metadata.rb
+++ b/metadata.rb
@@ -4,7 +4,7 @@
 license 'Apache 2.0'
 description 'Installs/Configures Atlassian Stash'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version '3.15.0'
+version '3.16.0'
 recipe 'stash', 'Installs/Configures Atlassian Stash'
 recipe 'stash::apache2', 'Installs/Configures Apache 2 proxy for Stash'
 recipe 'stash::backup_client', 'Installs/Configures Atlassian Stash Backup Client'