Skip to content
This repository has been archived by the owner on Oct 9, 2024. It is now read-only.

breaking change: path + generated tomcat-users #36

Open
wants to merge 7 commits into
base: next
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 16 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,22 @@ instance. The following variables are legit to configure per instance.
* ``service_file``: Init system configuration file per instance, e.g. tomcat.conf for Upstart (string, default: ``{{ tomcat_default_service_file }}`` (see ``vars/service/*.yml``))
* ``service_name``: Init system service name per instance, e.g. [email protected] for Systemd (string, default: ``{{ tomcat_default_service_name }}`` (see ``vars/service/*.yml``))
* ``umask``: Allow to configure umask for Tomcat instance (oct, default: ``|default('')``)
* ``systemd_default_instance``: Allow to configure default instance for Systemd templated service (string, default: ``None`` }}
* ``systemd_default_instance``: Allow to configure default instance for Systemd templated service (string, default: ``None``
* ``proxy_header``: header from proxy to determine real-ip (string, default ``x-forwared-for``)
* ``proxy_ip_internal_regex``: java-regexp which proxies are internal to evaluate real-ip (string. default ``10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}`` )
* ``proxy_protocol_header``: header from proxy to determine HTTP/HTTPS connction (string, default ``x-forwarded-proto``)
* ``proxy_protocol_https_value``: value for the header if conection is secure (string, default: ``https``)
* ``server_xml_add1``: additional text to put in server.xml, e.g. Valves configs (string, default empty)
* ``auth_roles``: which roles should be created in tomcat-users.xml (list of strings, default: [])
* ``auth_users``: which users should be created in tomcat-users.xml (list of auth_users, see below. default: [])

### auth_users

Users to be configured in tomcat_users.xml

* ``name``: username
* ``password``: password in plaintext
* ``roles``: which roles should be configured

Configuring more than one instance requires to configure some of the
variables documented above per instance. Please see example playbooks
Expand Down
2 changes: 1 addition & 1 deletion VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
241
242
9 changes: 8 additions & 1 deletion defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,12 @@
tomcat_default_version: '8.0.37'
tomcat_version: "{{ ansible_local['tomcat']['general']['version'] if ansible_local['tomcat'] is defined else tomcat_default_version }}"

# abstract Tomcat major version
tomcat_version_major: "{{ tomcat_version|truncate(1, True, '') }}"

# filename of Tomcat redistributable package
tomcat_redis_filename: apache-tomcat-{{ tomcat_version }}.tar.gz

# Mirror where to dowload Tomcat redistributable package from
tomcat_mirror: http://archive.apache.org/dist/tomcat
# Allow to override where to download Tomcat from
Expand All @@ -27,6 +33,8 @@ tomcat_default_user_system: false
# Tomcat configuration
# Default template for configuration file server.xml
tomcat_default_server_xml_template: server.xml.j2
# Default template for configuration file tomcat-users.xml
tomcat_default_tomcatusers_xml_template: tomcat-users.xml.j2
# Default template for configuration file web.xml
tomcat_default_web_xml_template: web.xml.j2
# Default shutdown port (per instance name: item.port_shutdown)
Expand Down Expand Up @@ -60,7 +68,6 @@ tomcat_server_sysvinit_template: service_sysvinit.j2
# template for systemd
tomcat_server_systemd_template: service_systemd.j2


# Whether to allow or deny restarting Tomcat instances automatically
tomcat_service_allow_restart: true

Expand Down
2 changes: 1 addition & 1 deletion tasks/8.5-acls.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
- name: Update installation executables access controls
tags: tomcat
become: true
when: ((((ansible_local|default([])).util|default([])).init|default([])).system|default('')) != "systemd" }}'
when: ((((ansible_local|default([])).util|default([])).init|default([])).system|default('')) != "systemd"
with_items:
- catalina.sh
- setclasspath.sh
Expand Down
24 changes: 18 additions & 6 deletions tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,7 @@
- "{{ tomcat_instance_dirs }}"
file:
state: directory
dest: "{{ item.0.path|default(tomcat_default_instance_path) }}/catalina/{{ item.0.name }}/{{ item.1 }}"
dest: "{{ item.0.path|default(tomcat_default_instance_path) }}/{{ item.1 }}"
owner: "{{ item.0.user|default(tomcat_default_user_name) }}"
group: "{{ item.0.group|default(tomcat_default_user_group) }}"
mode: 0755
Expand All @@ -161,6 +161,7 @@
-1
--ignore=web.xml
--ignore=server.xml
--ignore=tomcat-users.xml
{{ tomcat_env_catalina_home }}/conf

- name: Install static/unmanaged conf files
Expand All @@ -175,10 +176,21 @@
--group {{ item.0.group|default(tomcat_default_user_group) }}
--mode 0640
{{ tomcat_env_catalina_home }}/conf/{{ item.1 }}
{{ item.0.path|default(tomcat_default_instance_path) }}/catalina/{{ item.0.name }}/conf/{{ item.1 }}
{{ item.0.path|default(tomcat_default_instance_path) }}/conf/{{ item.1 }}
args:
creates: "{{ item.0.path|default(tomcat_default_instance_path) }}/catalina/{{ item.0.name }}/conf/{{ item.1 }}"
creates: "{{ item.0.path|default(tomcat_default_instance_path) }}/conf/{{ item.1 }}"

- name: Install instance tomcat-users.xml
tags: tomcat
become: true
with_items: "{{ tomcat_instances }}"
register: tomcat_registered_install_tomcatusers_xml
template:
src: "{{ item.tomcatusers_xml_template|default(tomcat_default_tomcatusers_xml_template) }}"
dest: "{{ item.path|default(tomcat_default_instance_path) }}/conf/tomcat-users.xml"
owner: "{{ item.user|default(tomcat_default_user_name) }}"
group: "{{ item.group|default(tomcat_default_user_group) }}"
mode: 0640

- name: Install instance server.xml
tags: tomcat
Expand All @@ -187,7 +199,7 @@
register: tomcat_registered_install_server_xml
template:
src: "{{ item.server_xml_template|default(tomcat_default_server_xml_template) }}"
dest: "{{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/conf/server.xml"
dest: "{{ item.path|default(tomcat_default_instance_path) }}/conf/server.xml"
owner: "{{ item.user|default(tomcat_default_user_name) }}"
group: "{{ item.group|default(tomcat_default_user_group) }}"
mode: 0640
Expand All @@ -199,7 +211,7 @@
register: tomcat_registered_install_web_xml
template:
src: "{{ item.web_xml_template|default(tomcat_default_web_xml_template) }}"
dest: "{{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/conf/web.xml"
dest: "{{ item.path|default(tomcat_default_instance_path) }}/conf/web.xml"
owner: "{{ item.user|default(tomcat_default_user_name) }}"
group: "{{ item.group|default(tomcat_default_user_group) }}"
mode: 0640
Expand All @@ -215,7 +227,7 @@
register: tomcat_registered_install_instance_environment_files
template:
src: service_systemd_envfile.j2
dest: "{{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/.systemd.conf"
dest: "{{ item.path|default(tomcat_default_instance_path) }}/.systemd.conf"
owner: "{{ item.user|default(tomcat_default_user_name) }}"
group: "{{ item.group|default(tomcat_default_user_group) }}"
mode: 0644
Expand Down
2 changes: 1 addition & 1 deletion templates/facts.j2
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
"instances": {
{% for instance in tomcat_instances %}
"{{ instance.name }}": {
"catalina_base": "{{ instance.path|default(tomcat_default_instance_path) }}/catalina/{{ instance.name }}",
"catalina_base": "{{ instance.path|default(tomcat_default_instance_path) }}",
"port": {
"shutdown": {{ instance.port_shutdown|default(tomcat_default_port_shutdown) }},
"connector": {{ instance.port_connector|default(tomcat_default_port_connector) }},
Expand Down
15 changes: 10 additions & 5 deletions templates/server.xml.j2
Original file line number Diff line number Diff line change
Expand Up @@ -61,12 +61,17 @@
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t &quot;%r&quot; %s %b" />
requestAttributesEnabled="true"
prefix="access_log." suffix=".log"
pattern="%h %l %u %t &quot;%r&quot; %s %B %T %D %F %X %I" />
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="{{ item.proxy_header|default('x-forwarded-for') }}"
internalProxies="{{ item.proxy_ip_internal_regex|default('10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}') }}"
protocolHeader="{{ item.proxy_protocol_header|default('x-forwarded-proto') }}"
protocolHeaderHttpsValue="{{ item.proxy_protocol_https_value|default('https') }}"
/>
{{ item.server_xml_add1|default('') }}
</Host>

</Engine>

</Service>

</Server>
43 changes: 11 additions & 32 deletions templates/service_systemd.j2
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
[Unit]
Description=Tomcat servlet container
Description=Tomcat servlet container {{ item.name|default('') }}
After=network.target

[Service]
User={{ item.user|default(tomcat_default_user_name) }}
Group={{ item.group|default(tomcat_default_user_group) }}
{% if item.umask is defined %}
UMask={{ item.umask }}
{% endif %}
Expand All @@ -16,65 +17,43 @@ Environment=CATALINA_HOME={{ tomcat_env_catalina_home }}
{% if item.service_name|default(tomcat_default_service_name)|search('@') %}
EnvironmentFile=-{{ item.path|default(tomcat_default_instance_path) }}/catalina/%i/.systemd.conf
{% else %}
EnvironmentFile=-{{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/.systemd.conf
EnvironmentFile=-{{ item.path|default(tomcat_default_instance_path) }}/.systemd.conf
{% endif %}

ExecStart={{ ansible_local.java.general.java_home }}/bin/java \
{% if item.service_name|default(tomcat_default_service_name)|search('@') %}
-Djava.util.logging.config.file={{ item.path|default(tomcat_default_instance_path) }}/catalina/%i/conf/logging.properties \
{% else %}
-Djava.util.logging.config.file={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/conf/logging.properties \
{% endif %}
-Djava.util.logging.config.file={{ item.path|default(tomcat_default_instance_path) }}/conf/logging.properties \
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
{% if item.prefer_urandom|default(tomcat_default_prefer_urandom) %}
-Djava.security.egd=file:/dev/./urandom \
{% endif %}
-Djava.endorsed.dirs={{ tomcat_env_catalina_home }}/endorsed \
-Dcatalina.home={{ tomcat_env_catalina_home }} \
{% if item.service_name|default(tomcat_default_service_name)|search('@') %}
-Dcatalina.base={{ item.path|default(tomcat_default_instance_path) }}/catalina/%i \
{% else %}
-Dcatalina.base={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }} \
{% endif %}
{% if item.service_name|default(tomcat_default_service_name)|search('@') %}
-Djava.io.tmpdir={{ item.path|default(tomcat_default_instance_path) }}/catalina/%i/temp \
{% else %}
-Djava.io.tmpdir={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/temp \
{% endif %}
-Dcatalina.base={{ item.path|default(tomcat_default_instance_path) }} \
-Djava.io.tmpdir={{ item.path|default(tomcat_default_instance_path) }}/temp \
{% if item.prefer_ipv4|default(tomcat_default_prefer_ipv4) %}
-Djava.net.preferIPv4Stack=true \
{% endif %}
$JAVA_OPTS $CATALINA_OPTS \
{% if tomcat_version|version_compare('8.5', '>=') %}
-Djava.protocol.handler.pkgs=org.apache.catalina.webresources \
{% endif %}
-classpath "{{ tomcat_env_catalina_home }}/bin/bootstrap.jar:{{ tomcat_env_catalina_home }}/bin/tomcat-juli.jar" \
org.apache.catalina.startup.Bootstrap start

ExecStop={{ ansible_local.java.general.java_home }}/bin/java \
{% if item.service_name|default(tomcat_default_service_name)|search('@') %}
-Djava.util.logging.config.file={{ item.path|default(tomcat_default_instance_path) }}/catalina/%i/conf/logging.properties \
{% else %}
-Djava.util.logging.config.file={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/conf/logging.properties \
{% endif %}
-Djava.util.logging.config.file={{ item.path|default(tomcat_default_instance_path) }}/conf/logging.properties \
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
{% if item.prefer_urandom|default(tomcat_default_prefer_urandom) %}
-Djava.security.egd=file:/dev/./urandom \
{% endif %}
-Djava.endorsed.dirs={{ tomcat_env_catalina_home }}/endorsed \
-Dcatalina.home={{ tomcat_env_catalina_home }} \
{% if item.service_name|default(tomcat_default_service_name)|search('@') %}
-Dcatalina.base={{ item.path|default(tomcat_default_instance_path) }}/catalina/%i \
{% else %}
-Dcatalina.base={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }} \
{% endif %}
{% if item.service_name|default(tomcat_default_service_name)|search('@') %}
-Djava.io.tmpdir={{ item.path|default(tomcat_default_instance_path) }}/catalina/%i/temp \
{% else %}
-Djava.io.tmpdir={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/temp \
{% endif %}
-Dcatalina.base={{ item.path|default(tomcat_default_instance_path) }} \
-Djava.io.tmpdir={{ item.path|default(tomcat_default_instance_path) }}/temp \
{% if item.prefer_ipv4|default(tomcat_default_prefer_ipv4) %}
-Djava.net.preferIPv4Stack=true \
{% endif %}
$JAVA_OPTS \
{% if tomcat_version|version_compare('8.5', '>=') %}
-Djava.protocol.handler.pkgs=org.apache.catalina.webresources \
{% endif %}
Expand Down
2 changes: 1 addition & 1 deletion templates/service_systemd_envfile.j2
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
CATALINA_BASE={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}
CATALINA_BASE={{ item.path|default(tomcat_default_instance_path) }}
CATALINA_OPTS={{ item.catalina_opts|default(tomcat_default_catalina_opts) }}
4 changes: 2 additions & 2 deletions templates/service_sysvinit.j2
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,8 @@ export TOMCAT_GROUP={{ item.group|default(tomcat_default_user_group ) }}
export JAVA_HOME={{ ansible_local.java.general.java_home }}
export PATH=${PATH}:${JAVA_HOME}/bin
export CATALINA_HOME={{ tomcat_env_catalina_home }}
export CATALINA_BASE={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}
export CATALINA_PID={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/{{ item.name }}.pid
export CATALINA_BASE={{ item.path|default(tomcat_default_instance_path) }}
export CATALINA_PID={{ item.path|default(tomcat_default_instance_path) }}/{{ item.name }}.pid
export CATALINA_OPTS="{{ item.catalina_opts|default(tomcat_default_catalina_opts) }}"
{% if item.prefer_ipv4|default(tomcat_default_prefer_ipv4) %}
export CATALINA_OPTS="${CATALINA_OPTS} -Djava.net.preferIPv4Stack=true"
Expand Down
4 changes: 2 additions & 2 deletions templates/service_upstart.j2
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ setgid {{ item.group|default(tomcat_default_user_group) }}

env JAVA_HOME={{ ansible_local.java.general.java_home }}
env CATALINA_HOME={{ tomcat_env_catalina_home }}
env CATALINA_BASE={{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}
env CATALINA_BASE={{ item.path|default(tomcat_default_instance_path) }}
{% if item.prefer_ipv4|default(tomcat_default_prefer_ipv4) %}
env CATALINA_OPTS="{{ item.catalina_opts|default(tomcat_default_catalina_opts) }} -Djava.net.preferIPv4Stack=true"
{% else %}
Expand All @@ -25,5 +25,5 @@ script
end script

post-stop script
rm -rf {{ item.path|default(tomcat_default_instance_path) }}/catalina/{{ item.name }}/temp/*
rm -rf {{ item.path|default(tomcat_default_instance_path) }}/temp/*
end script
9 changes: 9 additions & 0 deletions templates/tomcat-users.xml.j2
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
{% for role in item.auth_roles|default([]) %}
<role rolename="{{role}}"/>
{% endfor %}
{% for user in item.auth_users|default([]) %}
<user username="{{ user.name }}" password="{{ user.password }}" roles="{{ user.roles }}"/>
{% endfor %}
</tomcat-users>
6 changes: 0 additions & 6 deletions vars/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,6 @@ tomcat_supported_distributions:
- RedHat
- OracleLinux

# filename of Tomcat redistributable package
tomcat_redis_filename: apache-tomcat-{{ tomcat_version }}.tar.gz

# abstract Tomcat major version
tomcat_version_major: "{{ tomcat_version|truncate(1, True, '') }}"

# instances base directory
tomcat_instance_dirs:
- conf
Expand Down