diff --git a/README.md b/README.md
index f156af5..6c56cab 100644
--- a/README.md
+++ b/README.md
@@ -104,7 +104,22 @@ instance. The following variables are legit to configure per instance.
* ``service_file``: Init system configuration file per instance, e.g. tomcat.conf for Upstart (string, default: ``{{ tomcat_default_service_file }}`` (see ``vars/service/*.yml``))
* ``service_name``: Init system service name per instance, e.g. tomcat@foo.service for Systemd (string, default: ``{{ tomcat_default_service_name }}`` (see ``vars/service/*.yml``))
* ``umask``: Allow to configure umask for Tomcat instance (oct, default: ``|default('')``)
-* ``systemd_default_instance``: Allow to configure default instance for Systemd templated service (string, default: ``None`` }}
+* ``systemd_default_instance``: Allow to configure default instance for Systemd templated service (string, default: ``None``
+* ``proxy_header``: header from proxy to determine real-ip (string, default ``x-forwared-for``)
+* ``proxy_ip_internal_regex``: java-regexp which proxies are internal to evaluate real-ip (string. default ``10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}`` )
+* ``proxy_protocol_header``: header from proxy to determine HTTP/HTTPS connction (string, default ``x-forwarded-proto``)
+* ``proxy_protocol_https_value``: value for the header if conection is secure (string, default: ``https``)
+* ``server_xml_add1``: additional text to put in server.xml, e.g. Valves configs (string, default empty)
+* ``auth_roles``: which roles should be created in tomcat-users.xml (list of strings, default: [])
+* ``auth_users``: which users should be created in tomcat-users.xml (list of auth_users, see below. default: [])
+
+### auth_users
+
+Users to be configured in tomcat_users.xml
+
+* ``name``: username
+* ``password``: password in plaintext
+* ``roles``: which roles should be configured
Configuring more than one instance requires to configure some of the
variables documented above per instance. Please see example playbooks
diff --git a/VERSION b/VERSION
index f06fa6c..bfd03ab 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-241
+242
diff --git a/defaults/main.yml b/defaults/main.yml
index 1b4f8a1..08b8b59 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -3,6 +3,12 @@
tomcat_default_version: '8.0.37'
tomcat_version: "{{ ansible_local['tomcat']['general']['version'] if ansible_local['tomcat'] is defined else tomcat_default_version }}"
+# abstract Tomcat major version
+tomcat_version_major: "{{ tomcat_version|truncate(1, True, '') }}"
+
+# filename of Tomcat redistributable package
+tomcat_redis_filename: apache-tomcat-{{ tomcat_version }}.tar.gz
+
# Mirror where to dowload Tomcat redistributable package from
tomcat_mirror: http://archive.apache.org/dist/tomcat
# Allow to override where to download Tomcat from
@@ -27,6 +33,8 @@ tomcat_default_user_system: false
# Tomcat configuration
# Default template for configuration file server.xml
tomcat_default_server_xml_template: server.xml.j2
+# Default template for configuration file tomcat-users.xml
+tomcat_default_tomcatusers_xml_template: tomcat-users.xml.j2
# Default template for configuration file web.xml
tomcat_default_web_xml_template: web.xml.j2
# Default shutdown port (per instance name: item.port_shutdown)
@@ -60,7 +68,6 @@ tomcat_server_sysvinit_template: service_sysvinit.j2
# template for systemd
tomcat_server_systemd_template: service_systemd.j2
-
# Whether to allow or deny restarting Tomcat instances automatically
tomcat_service_allow_restart: true
diff --git a/tasks/8.5-acls.yml b/tasks/8.5-acls.yml
index 9126237..bdf3540 100644
--- a/tasks/8.5-acls.yml
+++ b/tasks/8.5-acls.yml
@@ -28,7 +28,7 @@
- name: Update installation executables access controls
tags: tomcat
become: true
- when: ((((ansible_local|default([])).util|default([])).init|default([])).system|default('')) != "systemd" }}'
+ when: ((((ansible_local|default([])).util|default([])).init|default([])).system|default('')) != "systemd"
with_items:
- catalina.sh
- setclasspath.sh
diff --git a/tasks/main.yml b/tasks/main.yml
index 2e5cb14..7f7536f 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -144,7 +144,7 @@
- "{{ tomcat_instance_dirs }}"
file:
state: directory
- dest: "{{ item.0.path|default(tomcat_default_instance_path) }}/catalina/{{ item.0.name }}/{{ item.1 }}"
+ dest: "{{ item.0.path|default(tomcat_default_instance_path) }}/{{ item.1 }}"
owner: "{{ item.0.user|default(tomcat_default_user_name) }}"
group: "{{ item.0.group|default(tomcat_default_user_group) }}"
mode: 0755
@@ -161,6 +161,7 @@
-1
--ignore=web.xml
--ignore=server.xml
+ --ignore=tomcat-users.xml
{{ tomcat_env_catalina_home }}/conf
- name: Install static/unmanaged conf files
@@ -175,10 +176,21 @@
--group {{ item.0.group|default(tomcat_default_user_group) }}
--mode 0640
{{ tomcat_env_catalina_home }}/conf/{{ item.1 }}
- {{ item.0.path|default(tomcat_default_instance_path) }}/catalina/{{ item.0.name }}/conf/{{ item.1 }}
+ {{ item.0.path|default(tomcat_default_instance_path) }}/conf/{{ item.1 }}
args:
- creates: "{{ item.0.path|default(tomcat_default_instance_path) }}/catalina/{{ item.0.name }}/conf/{{ item.1 }}"
+ creates: "{{ item.0.path|default(tomcat_default_instance_path) }}/conf/{{ item.1 }}"
+- name: Install instance tomcat-users.xml
+ tags: tomcat
+ become: true
+ with_items: "{{ tomcat_instances }}"
+ register: tomcat_registered_install_tomcatusers_xml
+ template:
+ src: "{{ item.tomcatusers_xml_template|default(tomcat_default_tomcatusers_xml_template) }}"
+ dest: "{{ item.path|default(tomcat_default_instance_path) }}/conf/tomcat-users.xml"
+ owner: "{{ item.user|default(tomcat_default_user_name) }}"
+ group: "{{ item.group|default(tomcat_default_user_group) }}"
+ mode: 0640
- name: Install instance server.xml
tags: tomcat
@@ -187,7 +199,7 @@
register: tomcat_registered_install_server_xml
template:
src: "{{ item.server_xml_template|default(tomcat_default_server_xml_template) }}"
- dest: "{{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/conf/server.xml"
+ dest: "{{ item.path|default(tomcat_default_instance_path) }}/conf/server.xml"
owner: "{{ item.user|default(tomcat_default_user_name) }}"
group: "{{ item.group|default(tomcat_default_user_group) }}"
mode: 0640
@@ -199,7 +211,7 @@
register: tomcat_registered_install_web_xml
template:
src: "{{ item.web_xml_template|default(tomcat_default_web_xml_template) }}"
- dest: "{{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/conf/web.xml"
+ dest: "{{ item.path|default(tomcat_default_instance_path) }}/conf/web.xml"
owner: "{{ item.user|default(tomcat_default_user_name) }}"
group: "{{ item.group|default(tomcat_default_user_group) }}"
mode: 0640
@@ -215,7 +227,7 @@
register: tomcat_registered_install_instance_environment_files
template:
src: service_systemd_envfile.j2
- dest: "{{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/.systemd.conf"
+ dest: "{{ item.path|default(tomcat_default_instance_path) }}/.systemd.conf"
owner: "{{ item.user|default(tomcat_default_user_name) }}"
group: "{{ item.group|default(tomcat_default_user_group) }}"
mode: 0644
diff --git a/templates/facts.j2 b/templates/facts.j2
index 25e8c1a..13b56b7 100644
--- a/templates/facts.j2
+++ b/templates/facts.j2
@@ -11,7 +11,7 @@
"instances": {
{% for instance in tomcat_instances %}
"{{ instance.name }}": {
- "catalina_base": "{{ instance.path|default(tomcat_default_instance_path) }}/catalina/{{ instance.name }}",
+ "catalina_base": "{{ instance.path|default(tomcat_default_instance_path) }}",
"port": {
"shutdown": {{ instance.port_shutdown|default(tomcat_default_port_shutdown) }},
"connector": {{ instance.port_connector|default(tomcat_default_port_connector) }},
diff --git a/templates/server.xml.j2 b/templates/server.xml.j2
index 8ee968e..61cc107 100644
--- a/templates/server.xml.j2
+++ b/templates/server.xml.j2
@@ -61,12 +61,17 @@
+ requestAttributesEnabled="true"
+ prefix="access_log." suffix=".log"
+ pattern="%h %l %u %t "%r" %s %B %T %D %F %X %I" />
+
+ {{ item.server_xml_add1|default('') }}
-
-
-
diff --git a/templates/service_systemd.j2 b/templates/service_systemd.j2
index 3433620..7f2a167 100644
--- a/templates/service_systemd.j2
+++ b/templates/service_systemd.j2
@@ -1,9 +1,10 @@
[Unit]
-Description=Tomcat servlet container
+Description=Tomcat servlet container {{ item.name|default('') }}
After=network.target
[Service]
User={{ item.user|default(tomcat_default_user_name) }}
+Group={{ item.group|default(tomcat_default_user_group) }}
{% if item.umask is defined %}
UMask={{ item.umask }}
{% endif %}
@@ -16,34 +17,23 @@ Environment=CATALINA_HOME={{ tomcat_env_catalina_home }}
{% if item.service_name|default(tomcat_default_service_name)|search('@') %}
EnvironmentFile=-{{ item.path|default(tomcat_default_instance_path) }}/catalina/%i/.systemd.conf
{% else %}
-EnvironmentFile=-{{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/.systemd.conf
+EnvironmentFile=-{{ item.path|default(tomcat_default_instance_path) }}/.systemd.conf
{% endif %}
ExecStart={{ ansible_local.java.general.java_home }}/bin/java \
-{% if item.service_name|default(tomcat_default_service_name)|search('@') %}
- -Djava.util.logging.config.file={{ item.path|default(tomcat_default_instance_path) }}/catalina/%i/conf/logging.properties \
-{% else %}
- -Djava.util.logging.config.file={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/conf/logging.properties \
-{% endif %}
+ -Djava.util.logging.config.file={{ item.path|default(tomcat_default_instance_path) }}/conf/logging.properties \
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
{% if item.prefer_urandom|default(tomcat_default_prefer_urandom) %}
-Djava.security.egd=file:/dev/./urandom \
{% endif %}
-Djava.endorsed.dirs={{ tomcat_env_catalina_home }}/endorsed \
-Dcatalina.home={{ tomcat_env_catalina_home }} \
-{% if item.service_name|default(tomcat_default_service_name)|search('@') %}
- -Dcatalina.base={{ item.path|default(tomcat_default_instance_path) }}/catalina/%i \
-{% else %}
- -Dcatalina.base={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }} \
-{% endif %}
-{% if item.service_name|default(tomcat_default_service_name)|search('@') %}
- -Djava.io.tmpdir={{ item.path|default(tomcat_default_instance_path) }}/catalina/%i/temp \
-{% else %}
- -Djava.io.tmpdir={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/temp \
-{% endif %}
+ -Dcatalina.base={{ item.path|default(tomcat_default_instance_path) }} \
+ -Djava.io.tmpdir={{ item.path|default(tomcat_default_instance_path) }}/temp \
{% if item.prefer_ipv4|default(tomcat_default_prefer_ipv4) %}
-Djava.net.preferIPv4Stack=true \
{% endif %}
+ $JAVA_OPTS $CATALINA_OPTS \
{% if tomcat_version|version_compare('8.5', '>=') %}
-Djava.protocol.handler.pkgs=org.apache.catalina.webresources \
{% endif %}
@@ -51,30 +41,19 @@ ExecStart={{ ansible_local.java.general.java_home }}/bin/java \
org.apache.catalina.startup.Bootstrap start
ExecStop={{ ansible_local.java.general.java_home }}/bin/java \
-{% if item.service_name|default(tomcat_default_service_name)|search('@') %}
- -Djava.util.logging.config.file={{ item.path|default(tomcat_default_instance_path) }}/catalina/%i/conf/logging.properties \
-{% else %}
- -Djava.util.logging.config.file={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/conf/logging.properties \
-{% endif %}
+ -Djava.util.logging.config.file={{ item.path|default(tomcat_default_instance_path) }}/conf/logging.properties \
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
{% if item.prefer_urandom|default(tomcat_default_prefer_urandom) %}
-Djava.security.egd=file:/dev/./urandom \
{% endif %}
-Djava.endorsed.dirs={{ tomcat_env_catalina_home }}/endorsed \
-Dcatalina.home={{ tomcat_env_catalina_home }} \
-{% if item.service_name|default(tomcat_default_service_name)|search('@') %}
- -Dcatalina.base={{ item.path|default(tomcat_default_instance_path) }}/catalina/%i \
-{% else %}
- -Dcatalina.base={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }} \
-{% endif %}
-{% if item.service_name|default(tomcat_default_service_name)|search('@') %}
- -Djava.io.tmpdir={{ item.path|default(tomcat_default_instance_path) }}/catalina/%i/temp \
-{% else %}
- -Djava.io.tmpdir={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/temp \
-{% endif %}
+ -Dcatalina.base={{ item.path|default(tomcat_default_instance_path) }} \
+ -Djava.io.tmpdir={{ item.path|default(tomcat_default_instance_path) }}/temp \
{% if item.prefer_ipv4|default(tomcat_default_prefer_ipv4) %}
-Djava.net.preferIPv4Stack=true \
{% endif %}
+ $JAVA_OPTS \
{% if tomcat_version|version_compare('8.5', '>=') %}
-Djava.protocol.handler.pkgs=org.apache.catalina.webresources \
{% endif %}
diff --git a/templates/service_systemd_envfile.j2 b/templates/service_systemd_envfile.j2
index 433ce58..5f14c7d 100644
--- a/templates/service_systemd_envfile.j2
+++ b/templates/service_systemd_envfile.j2
@@ -1,2 +1,2 @@
-CATALINA_BASE={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}
+CATALINA_BASE={{ item.path|default(tomcat_default_instance_path) }}
CATALINA_OPTS={{ item.catalina_opts|default(tomcat_default_catalina_opts) }}
diff --git a/templates/service_sysvinit.j2 b/templates/service_sysvinit.j2
index 65b9ce8..a1213d8 100644
--- a/templates/service_sysvinit.j2
+++ b/templates/service_sysvinit.j2
@@ -13,8 +13,8 @@ export TOMCAT_GROUP={{ item.group|default(tomcat_default_user_group ) }}
export JAVA_HOME={{ ansible_local.java.general.java_home }}
export PATH=${PATH}:${JAVA_HOME}/bin
export CATALINA_HOME={{ tomcat_env_catalina_home }}
-export CATALINA_BASE={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}
-export CATALINA_PID={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/{{ item.name }}.pid
+export CATALINA_BASE={{ item.path|default(tomcat_default_instance_path) }}
+export CATALINA_PID={{ item.path|default(tomcat_default_instance_path) }}/{{ item.name }}.pid
export CATALINA_OPTS="{{ item.catalina_opts|default(tomcat_default_catalina_opts) }}"
{% if item.prefer_ipv4|default(tomcat_default_prefer_ipv4) %}
export CATALINA_OPTS="${CATALINA_OPTS} -Djava.net.preferIPv4Stack=true"
diff --git a/templates/service_upstart.j2 b/templates/service_upstart.j2
index faf4a12..cd20b5e 100644
--- a/templates/service_upstart.j2
+++ b/templates/service_upstart.j2
@@ -10,7 +10,7 @@ setgid {{ item.group|default(tomcat_default_user_group) }}
env JAVA_HOME={{ ansible_local.java.general.java_home }}
env CATALINA_HOME={{ tomcat_env_catalina_home }}
-env CATALINA_BASE={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}
+env CATALINA_BASE={{ item.path|default(tomcat_default_instance_path) }}
{% if item.prefer_ipv4|default(tomcat_default_prefer_ipv4) %}
env CATALINA_OPTS="{{ item.catalina_opts|default(tomcat_default_catalina_opts) }} -Djava.net.preferIPv4Stack=true"
{% else %}
@@ -25,5 +25,5 @@ script
end script
post-stop script
- rm -rf {{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/temp/*
+ rm -rf {{ item.path|default(tomcat_default_instance_path) }}/temp/*
end script
diff --git a/templates/tomcat-users.xml.j2 b/templates/tomcat-users.xml.j2
new file mode 100644
index 0000000..6407612
--- /dev/null
+++ b/templates/tomcat-users.xml.j2
@@ -0,0 +1,9 @@
+
+
+{% for role in item.auth_roles|default([]) %}
+
+{% endfor %}
+{% for user in item.auth_users|default([]) %}
+
+{% endfor %}
+
diff --git a/vars/main.yml b/vars/main.yml
index 9a40fbc..c06d9cb 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -11,12 +11,6 @@ tomcat_supported_distributions:
- RedHat
- OracleLinux
-# filename of Tomcat redistributable package
-tomcat_redis_filename: apache-tomcat-{{ tomcat_version }}.tar.gz
-
-# abstract Tomcat major version
-tomcat_version_major: "{{ tomcat_version|truncate(1, True, '') }}"
-
# instances base directory
tomcat_instance_dirs:
- conf