diff --git a/README.md b/README.md index f156af5..6c56cab 100644 --- a/README.md +++ b/README.md @@ -104,7 +104,22 @@ instance. The following variables are legit to configure per instance. * ``service_file``: Init system configuration file per instance, e.g. tomcat.conf for Upstart (string, default: ``{{ tomcat_default_service_file }}`` (see ``vars/service/*.yml``)) * ``service_name``: Init system service name per instance, e.g. tomcat@foo.service for Systemd (string, default: ``{{ tomcat_default_service_name }}`` (see ``vars/service/*.yml``)) * ``umask``: Allow to configure umask for Tomcat instance (oct, default: ``|default('')``) -* ``systemd_default_instance``: Allow to configure default instance for Systemd templated service (string, default: ``None`` }} +* ``systemd_default_instance``: Allow to configure default instance for Systemd templated service (string, default: ``None`` +* ``proxy_header``: header from proxy to determine real-ip (string, default ``x-forwared-for``) +* ``proxy_ip_internal_regex``: java-regexp which proxies are internal to evaluate real-ip (string. default ``10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}`` ) +* ``proxy_protocol_header``: header from proxy to determine HTTP/HTTPS connction (string, default ``x-forwarded-proto``) +* ``proxy_protocol_https_value``: value for the header if conection is secure (string, default: ``https``) +* ``server_xml_add1``: additional text to put in server.xml, e.g. Valves configs (string, default empty) +* ``auth_roles``: which roles should be created in tomcat-users.xml (list of strings, default: []) +* ``auth_users``: which users should be created in tomcat-users.xml (list of auth_users, see below. default: []) + +### auth_users + +Users to be configured in tomcat_users.xml + +* ``name``: username +* ``password``: password in plaintext +* ``roles``: which roles should be configured Configuring more than one instance requires to configure some of the variables documented above per instance. Please see example playbooks diff --git a/VERSION b/VERSION index f06fa6c..bfd03ab 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -241 +242 diff --git a/defaults/main.yml b/defaults/main.yml index 1b4f8a1..08b8b59 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -3,6 +3,12 @@ tomcat_default_version: '8.0.37' tomcat_version: "{{ ansible_local['tomcat']['general']['version'] if ansible_local['tomcat'] is defined else tomcat_default_version }}" +# abstract Tomcat major version +tomcat_version_major: "{{ tomcat_version|truncate(1, True, '') }}" + +# filename of Tomcat redistributable package +tomcat_redis_filename: apache-tomcat-{{ tomcat_version }}.tar.gz + # Mirror where to dowload Tomcat redistributable package from tomcat_mirror: http://archive.apache.org/dist/tomcat # Allow to override where to download Tomcat from @@ -27,6 +33,8 @@ tomcat_default_user_system: false # Tomcat configuration # Default template for configuration file server.xml tomcat_default_server_xml_template: server.xml.j2 +# Default template for configuration file tomcat-users.xml +tomcat_default_tomcatusers_xml_template: tomcat-users.xml.j2 # Default template for configuration file web.xml tomcat_default_web_xml_template: web.xml.j2 # Default shutdown port (per instance name: item.port_shutdown) @@ -60,7 +68,6 @@ tomcat_server_sysvinit_template: service_sysvinit.j2 # template for systemd tomcat_server_systemd_template: service_systemd.j2 - # Whether to allow or deny restarting Tomcat instances automatically tomcat_service_allow_restart: true diff --git a/tasks/8.5-acls.yml b/tasks/8.5-acls.yml index 9126237..bdf3540 100644 --- a/tasks/8.5-acls.yml +++ b/tasks/8.5-acls.yml @@ -28,7 +28,7 @@ - name: Update installation executables access controls tags: tomcat become: true - when: ((((ansible_local|default([])).util|default([])).init|default([])).system|default('')) != "systemd" }}' + when: ((((ansible_local|default([])).util|default([])).init|default([])).system|default('')) != "systemd" with_items: - catalina.sh - setclasspath.sh diff --git a/tasks/main.yml b/tasks/main.yml index 2e5cb14..7f7536f 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -144,7 +144,7 @@ - "{{ tomcat_instance_dirs }}" file: state: directory - dest: "{{ item.0.path|default(tomcat_default_instance_path) }}/catalina/{{ item.0.name }}/{{ item.1 }}" + dest: "{{ item.0.path|default(tomcat_default_instance_path) }}/{{ item.1 }}" owner: "{{ item.0.user|default(tomcat_default_user_name) }}" group: "{{ item.0.group|default(tomcat_default_user_group) }}" mode: 0755 @@ -161,6 +161,7 @@ -1 --ignore=web.xml --ignore=server.xml + --ignore=tomcat-users.xml {{ tomcat_env_catalina_home }}/conf - name: Install static/unmanaged conf files @@ -175,10 +176,21 @@ --group {{ item.0.group|default(tomcat_default_user_group) }} --mode 0640 {{ tomcat_env_catalina_home }}/conf/{{ item.1 }} - {{ item.0.path|default(tomcat_default_instance_path) }}/catalina/{{ item.0.name }}/conf/{{ item.1 }} + {{ item.0.path|default(tomcat_default_instance_path) }}/conf/{{ item.1 }} args: - creates: "{{ item.0.path|default(tomcat_default_instance_path) }}/catalina/{{ item.0.name }}/conf/{{ item.1 }}" + creates: "{{ item.0.path|default(tomcat_default_instance_path) }}/conf/{{ item.1 }}" +- name: Install instance tomcat-users.xml + tags: tomcat + become: true + with_items: "{{ tomcat_instances }}" + register: tomcat_registered_install_tomcatusers_xml + template: + src: "{{ item.tomcatusers_xml_template|default(tomcat_default_tomcatusers_xml_template) }}" + dest: "{{ item.path|default(tomcat_default_instance_path) }}/conf/tomcat-users.xml" + owner: "{{ item.user|default(tomcat_default_user_name) }}" + group: "{{ item.group|default(tomcat_default_user_group) }}" + mode: 0640 - name: Install instance server.xml tags: tomcat @@ -187,7 +199,7 @@ register: tomcat_registered_install_server_xml template: src: "{{ item.server_xml_template|default(tomcat_default_server_xml_template) }}" - dest: "{{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/conf/server.xml" + dest: "{{ item.path|default(tomcat_default_instance_path) }}/conf/server.xml" owner: "{{ item.user|default(tomcat_default_user_name) }}" group: "{{ item.group|default(tomcat_default_user_group) }}" mode: 0640 @@ -199,7 +211,7 @@ register: tomcat_registered_install_web_xml template: src: "{{ item.web_xml_template|default(tomcat_default_web_xml_template) }}" - dest: "{{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/conf/web.xml" + dest: "{{ item.path|default(tomcat_default_instance_path) }}/conf/web.xml" owner: "{{ item.user|default(tomcat_default_user_name) }}" group: "{{ item.group|default(tomcat_default_user_group) }}" mode: 0640 @@ -215,7 +227,7 @@ register: tomcat_registered_install_instance_environment_files template: src: service_systemd_envfile.j2 - dest: "{{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/.systemd.conf" + dest: "{{ item.path|default(tomcat_default_instance_path) }}/.systemd.conf" owner: "{{ item.user|default(tomcat_default_user_name) }}" group: "{{ item.group|default(tomcat_default_user_group) }}" mode: 0644 diff --git a/templates/facts.j2 b/templates/facts.j2 index 25e8c1a..13b56b7 100644 --- a/templates/facts.j2 +++ b/templates/facts.j2 @@ -11,7 +11,7 @@ "instances": { {% for instance in tomcat_instances %} "{{ instance.name }}": { - "catalina_base": "{{ instance.path|default(tomcat_default_instance_path) }}/catalina/{{ instance.name }}", + "catalina_base": "{{ instance.path|default(tomcat_default_instance_path) }}", "port": { "shutdown": {{ instance.port_shutdown|default(tomcat_default_port_shutdown) }}, "connector": {{ instance.port_connector|default(tomcat_default_port_connector) }}, diff --git a/templates/server.xml.j2 b/templates/server.xml.j2 index 8ee968e..61cc107 100644 --- a/templates/server.xml.j2 +++ b/templates/server.xml.j2 @@ -61,12 +61,17 @@ + requestAttributesEnabled="true" + prefix="access_log." suffix=".log" + pattern="%h %l %u %t "%r" %s %B %T %D %F %X %I" /> + + {{ item.server_xml_add1|default('') }} - - - diff --git a/templates/service_systemd.j2 b/templates/service_systemd.j2 index 3433620..7f2a167 100644 --- a/templates/service_systemd.j2 +++ b/templates/service_systemd.j2 @@ -1,9 +1,10 @@ [Unit] -Description=Tomcat servlet container +Description=Tomcat servlet container {{ item.name|default('') }} After=network.target [Service] User={{ item.user|default(tomcat_default_user_name) }} +Group={{ item.group|default(tomcat_default_user_group) }} {% if item.umask is defined %} UMask={{ item.umask }} {% endif %} @@ -16,34 +17,23 @@ Environment=CATALINA_HOME={{ tomcat_env_catalina_home }} {% if item.service_name|default(tomcat_default_service_name)|search('@') %} EnvironmentFile=-{{ item.path|default(tomcat_default_instance_path) }}/catalina/%i/.systemd.conf {% else %} -EnvironmentFile=-{{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/.systemd.conf +EnvironmentFile=-{{ item.path|default(tomcat_default_instance_path) }}/.systemd.conf {% endif %} ExecStart={{ ansible_local.java.general.java_home }}/bin/java \ -{% if item.service_name|default(tomcat_default_service_name)|search('@') %} - -Djava.util.logging.config.file={{ item.path|default(tomcat_default_instance_path) }}/catalina/%i/conf/logging.properties \ -{% else %} - -Djava.util.logging.config.file={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/conf/logging.properties \ -{% endif %} + -Djava.util.logging.config.file={{ item.path|default(tomcat_default_instance_path) }}/conf/logging.properties \ -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \ {% if item.prefer_urandom|default(tomcat_default_prefer_urandom) %} -Djava.security.egd=file:/dev/./urandom \ {% endif %} -Djava.endorsed.dirs={{ tomcat_env_catalina_home }}/endorsed \ -Dcatalina.home={{ tomcat_env_catalina_home }} \ -{% if item.service_name|default(tomcat_default_service_name)|search('@') %} - -Dcatalina.base={{ item.path|default(tomcat_default_instance_path) }}/catalina/%i \ -{% else %} - -Dcatalina.base={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }} \ -{% endif %} -{% if item.service_name|default(tomcat_default_service_name)|search('@') %} - -Djava.io.tmpdir={{ item.path|default(tomcat_default_instance_path) }}/catalina/%i/temp \ -{% else %} - -Djava.io.tmpdir={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/temp \ -{% endif %} + -Dcatalina.base={{ item.path|default(tomcat_default_instance_path) }} \ + -Djava.io.tmpdir={{ item.path|default(tomcat_default_instance_path) }}/temp \ {% if item.prefer_ipv4|default(tomcat_default_prefer_ipv4) %} -Djava.net.preferIPv4Stack=true \ {% endif %} + $JAVA_OPTS $CATALINA_OPTS \ {% if tomcat_version|version_compare('8.5', '>=') %} -Djava.protocol.handler.pkgs=org.apache.catalina.webresources \ {% endif %} @@ -51,30 +41,19 @@ ExecStart={{ ansible_local.java.general.java_home }}/bin/java \ org.apache.catalina.startup.Bootstrap start ExecStop={{ ansible_local.java.general.java_home }}/bin/java \ -{% if item.service_name|default(tomcat_default_service_name)|search('@') %} - -Djava.util.logging.config.file={{ item.path|default(tomcat_default_instance_path) }}/catalina/%i/conf/logging.properties \ -{% else %} - -Djava.util.logging.config.file={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/conf/logging.properties \ -{% endif %} + -Djava.util.logging.config.file={{ item.path|default(tomcat_default_instance_path) }}/conf/logging.properties \ -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \ {% if item.prefer_urandom|default(tomcat_default_prefer_urandom) %} -Djava.security.egd=file:/dev/./urandom \ {% endif %} -Djava.endorsed.dirs={{ tomcat_env_catalina_home }}/endorsed \ -Dcatalina.home={{ tomcat_env_catalina_home }} \ -{% if item.service_name|default(tomcat_default_service_name)|search('@') %} - -Dcatalina.base={{ item.path|default(tomcat_default_instance_path) }}/catalina/%i \ -{% else %} - -Dcatalina.base={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }} \ -{% endif %} -{% if item.service_name|default(tomcat_default_service_name)|search('@') %} - -Djava.io.tmpdir={{ item.path|default(tomcat_default_instance_path) }}/catalina/%i/temp \ -{% else %} - -Djava.io.tmpdir={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/temp \ -{% endif %} + -Dcatalina.base={{ item.path|default(tomcat_default_instance_path) }} \ + -Djava.io.tmpdir={{ item.path|default(tomcat_default_instance_path) }}/temp \ {% if item.prefer_ipv4|default(tomcat_default_prefer_ipv4) %} -Djava.net.preferIPv4Stack=true \ {% endif %} + $JAVA_OPTS \ {% if tomcat_version|version_compare('8.5', '>=') %} -Djava.protocol.handler.pkgs=org.apache.catalina.webresources \ {% endif %} diff --git a/templates/service_systemd_envfile.j2 b/templates/service_systemd_envfile.j2 index 433ce58..5f14c7d 100644 --- a/templates/service_systemd_envfile.j2 +++ b/templates/service_systemd_envfile.j2 @@ -1,2 +1,2 @@ -CATALINA_BASE={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }} +CATALINA_BASE={{ item.path|default(tomcat_default_instance_path) }} CATALINA_OPTS={{ item.catalina_opts|default(tomcat_default_catalina_opts) }} diff --git a/templates/service_sysvinit.j2 b/templates/service_sysvinit.j2 index 65b9ce8..a1213d8 100644 --- a/templates/service_sysvinit.j2 +++ b/templates/service_sysvinit.j2 @@ -13,8 +13,8 @@ export TOMCAT_GROUP={{ item.group|default(tomcat_default_user_group ) }} export JAVA_HOME={{ ansible_local.java.general.java_home }} export PATH=${PATH}:${JAVA_HOME}/bin export CATALINA_HOME={{ tomcat_env_catalina_home }} -export CATALINA_BASE={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }} -export CATALINA_PID={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/{{ item.name }}.pid +export CATALINA_BASE={{ item.path|default(tomcat_default_instance_path) }} +export CATALINA_PID={{ item.path|default(tomcat_default_instance_path) }}/{{ item.name }}.pid export CATALINA_OPTS="{{ item.catalina_opts|default(tomcat_default_catalina_opts) }}" {% if item.prefer_ipv4|default(tomcat_default_prefer_ipv4) %} export CATALINA_OPTS="${CATALINA_OPTS} -Djava.net.preferIPv4Stack=true" diff --git a/templates/service_upstart.j2 b/templates/service_upstart.j2 index faf4a12..cd20b5e 100644 --- a/templates/service_upstart.j2 +++ b/templates/service_upstart.j2 @@ -10,7 +10,7 @@ setgid {{ item.group|default(tomcat_default_user_group) }} env JAVA_HOME={{ ansible_local.java.general.java_home }} env CATALINA_HOME={{ tomcat_env_catalina_home }} -env CATALINA_BASE={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }} +env CATALINA_BASE={{ item.path|default(tomcat_default_instance_path) }} {% if item.prefer_ipv4|default(tomcat_default_prefer_ipv4) %} env CATALINA_OPTS="{{ item.catalina_opts|default(tomcat_default_catalina_opts) }} -Djava.net.preferIPv4Stack=true" {% else %} @@ -25,5 +25,5 @@ script end script post-stop script - rm -rf {{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/temp/* + rm -rf {{ item.path|default(tomcat_default_instance_path) }}/temp/* end script diff --git a/templates/tomcat-users.xml.j2 b/templates/tomcat-users.xml.j2 new file mode 100644 index 0000000..6407612 --- /dev/null +++ b/templates/tomcat-users.xml.j2 @@ -0,0 +1,9 @@ + + +{% for role in item.auth_roles|default([]) %} + +{% endfor %} +{% for user in item.auth_users|default([]) %} + +{% endfor %} + diff --git a/vars/main.yml b/vars/main.yml index 9a40fbc..c06d9cb 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -11,12 +11,6 @@ tomcat_supported_distributions: - RedHat - OracleLinux -# filename of Tomcat redistributable package -tomcat_redis_filename: apache-tomcat-{{ tomcat_version }}.tar.gz - -# abstract Tomcat major version -tomcat_version_major: "{{ tomcat_version|truncate(1, True, '') }}" - # instances base directory tomcat_instance_dirs: - conf