init tomcat-instance role
This commit is contained in:
parent
e2460c10d1
commit
04ccca18f2
4
tomcat-instance/defaults/main.yml
Normal file
4
tomcat-instance/defaults/main.yml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
tomcat_instance_root: '/srv/tomcat'
|
||||||
|
tomcat_instance_port: 8080
|
||||||
|
tomcat_instance_ram: 512
|
16
tomcat-instance/files/tomcat.service
Normal file
16
tomcat-instance/files/tomcat.service
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Tomcat %u.
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
WorkingDirectory=%h
|
||||||
|
Environment="CATALINA_BASE=%h"
|
||||||
|
EnvironmentFile=%h/conf/env
|
||||||
|
UMask=0002
|
||||||
|
ExecStart=/usr/share/tomcat7/bin/startup.sh
|
||||||
|
ExecStop=/usr/share/tomcat7/bin/shutdown.sh
|
||||||
|
ExecStopPost=/bin/sh -c date | /usr/bin/mail -s "%H/%u : Shutdown instance" %u
|
||||||
|
Type=forking
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=default.target
|
6
tomcat-instance/handlers/main.yml
Normal file
6
tomcat-instance/handlers/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
- name: new aliases
|
||||||
|
command: newaliases
|
||||||
|
|
||||||
|
- name: systemd reload
|
||||||
|
shell: systemctl daemon-reload
|
18
tomcat-instance/tasks/alias.yml
Normal file
18
tomcat-instance/tasks/alias.yml
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
---
|
||||||
|
- name: Create bin dir for alias
|
||||||
|
file:
|
||||||
|
path: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/bin"
|
||||||
|
state: directory
|
||||||
|
mode: 0770
|
||||||
|
owner: "{{ tomcat_instance_name }}"
|
||||||
|
group: "{{ tomcat_instance_name }}"
|
||||||
|
|
||||||
|
- name: Copy alias script for systemctl --user
|
||||||
|
template:
|
||||||
|
src: "{{ item }}"
|
||||||
|
dest: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/bin/"
|
||||||
|
mode: 0770
|
||||||
|
owner: "{{ tomcat_instance_name }}"
|
||||||
|
group: "{{ tomcat_instance_name }}"
|
||||||
|
with_fileglob:
|
||||||
|
- 'templates/bin/*'
|
36
tomcat-instance/tasks/bootstrap.yml
Normal file
36
tomcat-instance/tasks/bootstrap.yml
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
---
|
||||||
|
- name: Create tomcat dirs
|
||||||
|
file:
|
||||||
|
path: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/{{ item }}"
|
||||||
|
state: directory
|
||||||
|
mode: 02770
|
||||||
|
with_items:
|
||||||
|
- 'conf'
|
||||||
|
- 'logs'
|
||||||
|
- 'webapps'
|
||||||
|
- 'work'
|
||||||
|
- 'temp'
|
||||||
|
- 'lib'
|
||||||
|
|
||||||
|
- name: Copy conf dir
|
||||||
|
shell: "cp /usr/share/tomcat7/skel/conf/* {{ tomcat_instance_root }}/{{ tomcat_instance_name }}/conf/"
|
||||||
|
|
||||||
|
- name: Copy server.xml
|
||||||
|
template:
|
||||||
|
src: 'templates/server.xml.j2'
|
||||||
|
dest: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/conf/server.xml"
|
||||||
|
mode: 0660
|
||||||
|
|
||||||
|
- name: Copy env file
|
||||||
|
template:
|
||||||
|
src: 'templates/env.j2'
|
||||||
|
dest: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/conf/env"
|
||||||
|
mode: 0660
|
||||||
|
|
||||||
|
- name: Fix owner
|
||||||
|
file:
|
||||||
|
name: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ tomcat_instance_name }}"
|
||||||
|
group: "{{ tomcat_instance_name }}"
|
||||||
|
recurse: yes
|
37
tomcat-instance/tasks/check.yml
Normal file
37
tomcat-instance/tasks/check.yml
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
---
|
||||||
|
- name: Check tomcat_instance_name
|
||||||
|
debug:
|
||||||
|
msg: "{{ tomcat_instance_name }}"
|
||||||
|
|
||||||
|
- name: Check use of gid
|
||||||
|
shell: id -ng "{{ tomcat_instance_port }}"
|
||||||
|
register: check_port_gid
|
||||||
|
changed_when: false
|
||||||
|
failed_when:
|
||||||
|
- check_port_gid|succeeded
|
||||||
|
- check_port_gid.stdout != "{{ tomcat_instance_name }}"
|
||||||
|
|
||||||
|
- name: Check use of uid
|
||||||
|
shell: id -nu "{{ tomcat_instance_port }}"
|
||||||
|
register: check_port_uid
|
||||||
|
changed_when: false
|
||||||
|
failed_when:
|
||||||
|
- check_port_uid|succeeded
|
||||||
|
- check_port_uid.stdout != "{{ tomcat_instance_name }}"
|
||||||
|
|
||||||
|
#- name: Check use of http port
|
||||||
|
# shell: grep '<Connector port="{{ tomcat_instance_port }}" protocol="HTTP/1.1"' $(ls {{ tomcat_instance_root }}/*/conf/server.xml|grep -v {{ tomcat_instance_name }})
|
||||||
|
|
||||||
|
- name: Set shutdown port (default=http port + 1)
|
||||||
|
set_fact:
|
||||||
|
tomcat_instance_shutdown: "{{ tomcat_instance_port | int + 1 }}"
|
||||||
|
when: tomcat_instance_shutdown is undefined
|
||||||
|
|
||||||
|
- name: Set tomcat mps (default=ram/2)
|
||||||
|
set_fact:
|
||||||
|
tomcat_instance_mps: "{{ tomcat_instance_ram | int / 2 }}"
|
||||||
|
when: tomcat_instance_mps is undefined
|
||||||
|
|
||||||
|
- name: Fix mps type
|
||||||
|
set_fact:
|
||||||
|
tomcat_instance_mps: "{{ tomcat_instance_mps | int }}"
|
13
tomcat-instance/tasks/main.yml
Normal file
13
tomcat-instance/tasks/main.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
- stat:
|
||||||
|
path: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}"
|
||||||
|
register: tomcat_instance_stat
|
||||||
|
|
||||||
|
- include: tomcat.yml
|
||||||
|
- include: check.yml
|
||||||
|
- include: user.yml
|
||||||
|
- include: systemd.yml
|
||||||
|
- include: alias.yml
|
||||||
|
when: tomcat_instance_stat.stat.exists != True
|
||||||
|
- include: bootstrap.yml
|
||||||
|
when: tomcat_instance_stat.stat.exists != True
|
12
tomcat-instance/tasks/systemd.yml
Normal file
12
tomcat-instance/tasks/systemd.yml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
- name: Enable systemd user mode
|
||||||
|
command: "loginctl enable-linger {{ tomcat_instance_name }}"
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
|
- name: Set systemd conf var
|
||||||
|
lineinfile:
|
||||||
|
dest: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/.profile"
|
||||||
|
state: present
|
||||||
|
mode: 0640
|
||||||
|
create: yes
|
||||||
|
line: 'export XDG_RUNTIME_DIR=/run/user/$UID'
|
24
tomcat-instance/tasks/tomcat.yml
Normal file
24
tomcat-instance/tasks/tomcat.yml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
- name: Install dependancy
|
||||||
|
apt:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
with_items:
|
||||||
|
- 'tomcat7'
|
||||||
|
- 'tomcat7-user'
|
||||||
|
- 'libpam-systemd'
|
||||||
|
|
||||||
|
- name: Create tomcat root dir
|
||||||
|
file:
|
||||||
|
path: "{{ tomcat_instance_root }}"
|
||||||
|
state: directory
|
||||||
|
owner: 'root'
|
||||||
|
group: 'root'
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: Copy systemd unit
|
||||||
|
copy:
|
||||||
|
src: 'files/tomcat.service'
|
||||||
|
dest: "/etc/systemd/user/tomcat.service"
|
||||||
|
mode: 0755
|
||||||
|
notify: systemd reload
|
47
tomcat-instance/tasks/user.yml
Normal file
47
tomcat-instance/tasks/user.yml
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
---
|
||||||
|
- name: Create group instance
|
||||||
|
group:
|
||||||
|
name: "{{ tomcat_instance_name }}"
|
||||||
|
gid: "{{ tomcat_instance_port }}"
|
||||||
|
|
||||||
|
- name: Create user instance
|
||||||
|
user:
|
||||||
|
name: "{{ tomcat_instance_name }}"
|
||||||
|
group: "{{ tomcat_instance_name }}"
|
||||||
|
uid: "{{ tomcat_instance_port }}"
|
||||||
|
home: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}"
|
||||||
|
shell: '/bin/bash'
|
||||||
|
createhome: no
|
||||||
|
|
||||||
|
- name: Create home dir
|
||||||
|
file:
|
||||||
|
path: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}"
|
||||||
|
state: directory
|
||||||
|
mode: 02770
|
||||||
|
|
||||||
|
- name: Set mail alias for user
|
||||||
|
lineinfile:
|
||||||
|
dest: '/etc/aliases'
|
||||||
|
state: present
|
||||||
|
line: "{{ tomcat_instance_name }}: {{ tomcat_instance_mail }}"
|
||||||
|
when: tomcat_instance_mail is defined
|
||||||
|
notify: new aliases
|
||||||
|
|
||||||
|
- name: Enable sudo right
|
||||||
|
lineinfile:
|
||||||
|
dest: '/etc/sudoers.d/tomcat'
|
||||||
|
state: present
|
||||||
|
mode: 0440
|
||||||
|
create: yes
|
||||||
|
line: "%{{ tomcat_instance_name }} ALL = ({{ tomcat_instance_name }}) SETENV: ALL"
|
||||||
|
validate: 'visudo -cf %s'
|
||||||
|
|
||||||
|
- name: Enable sudo right for deploy user
|
||||||
|
lineinfile:
|
||||||
|
dest: '/etc/sudoers.d/tomcat'
|
||||||
|
state: present
|
||||||
|
mode: 0440
|
||||||
|
create: yes
|
||||||
|
line: "{{ tomcat_instance_deploy_user }} ALL = ({{ tomcat_instance_name }}) NOPASSWD: SETENV: ALL"
|
||||||
|
validate: 'visudo -cf %s'
|
||||||
|
when: tomcat_instance_deploy_user is defined
|
4
tomcat-instance/templates/bin/disable.sh
Executable file
4
tomcat-instance/templates/bin/disable.sh
Executable file
|
@ -0,0 +1,4 @@
|
||||||
|
#!/bin/sh
|
||||||
|
# alias for compatibility
|
||||||
|
|
||||||
|
sudo -iu {{ tomcat_instance_name }} systemctl --user disable tomcat
|
4
tomcat-instance/templates/bin/enable.sh
Executable file
4
tomcat-instance/templates/bin/enable.sh
Executable file
|
@ -0,0 +1,4 @@
|
||||||
|
#!/bin/sh
|
||||||
|
# alias for compatibility
|
||||||
|
|
||||||
|
sudo -iu {{ tomcat_instance_name }} systemctl --user enable tomcat
|
4
tomcat-instance/templates/bin/shutdown.sh
Executable file
4
tomcat-instance/templates/bin/shutdown.sh
Executable file
|
@ -0,0 +1,4 @@
|
||||||
|
#!/bin/sh
|
||||||
|
# alias for compatibility
|
||||||
|
|
||||||
|
sudo -iu {{ tomcat_instance_name }} systemctl --user stop tomcat
|
4
tomcat-instance/templates/bin/startup.sh
Executable file
4
tomcat-instance/templates/bin/startup.sh
Executable file
|
@ -0,0 +1,4 @@
|
||||||
|
#!/bin/sh
|
||||||
|
# alias for compatibility
|
||||||
|
|
||||||
|
sudo -iu {{ tomcat_instance_name }} systemctl --user start tomcat
|
4
tomcat-instance/templates/bin/status.sh
Executable file
4
tomcat-instance/templates/bin/status.sh
Executable file
|
@ -0,0 +1,4 @@
|
||||||
|
#!/bin/sh
|
||||||
|
# alias for compatibility
|
||||||
|
|
||||||
|
sudo -iu {{ tomcat_instance_name }} systemctl --user status -l tomcat
|
5
tomcat-instance/templates/env.j2
Normal file
5
tomcat-instance/templates/env.j2
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
# Memory allocation options.
|
||||||
|
# Xmx Max memory allocated to instance.
|
||||||
|
# Xms Allocated memory at startup.
|
||||||
|
# XX:MaxPermSize Memory allocated to internal objects.
|
||||||
|
JAVA_OPTS="-server -Xmx{{ tomcat_instance_ram }}m -Xms{{ tomcat_instance_ram }}m -XX:MaxPermSize={{ tomcat_instance_mps }}m -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:+CMSPermGenSweepingEnabled -XX:+CMSClassUnloadingEnabled -Xverify:none"
|
148
tomcat-instance/templates/server.xml.j2
Normal file
148
tomcat-instance/templates/server.xml.j2
Normal file
|
@ -0,0 +1,148 @@
|
||||||
|
<?xml version='1.0' encoding='utf-8'?>
|
||||||
|
<!--
|
||||||
|
Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
|
contributor license agreements. See the NOTICE file distributed with
|
||||||
|
this work for additional information regarding copyright ownership.
|
||||||
|
The ASF licenses this file to You under the Apache License, Version 2.0
|
||||||
|
(the "License"); you may not use this file except in compliance with
|
||||||
|
the License. You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
-->
|
||||||
|
<!-- Note: A "Server" is not itself a "Container", so you may not
|
||||||
|
define subcomponents such as "Valves" at this level.
|
||||||
|
Documentation at /docs/config/server.html
|
||||||
|
-->
|
||||||
|
<Server port="{{ tomcat_instance_shutdown }}" shutdown="SHUTDOWN">
|
||||||
|
<!-- Security listener. Documentation at /docs/config/listeners.html
|
||||||
|
<Listener className="org.apache.catalina.security.SecurityListener" />
|
||||||
|
-->
|
||||||
|
<!--APR library loader. Documentation at /docs/apr.html -->
|
||||||
|
<!--
|
||||||
|
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
|
||||||
|
-->
|
||||||
|
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
|
||||||
|
<Listener className="org.apache.catalina.core.JasperListener" />
|
||||||
|
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
|
||||||
|
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
|
||||||
|
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
|
||||||
|
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
|
||||||
|
|
||||||
|
<!-- Global JNDI resources
|
||||||
|
Documentation at /docs/jndi-resources-howto.html
|
||||||
|
-->
|
||||||
|
<GlobalNamingResources>
|
||||||
|
<!-- Editable user database that can also be used by
|
||||||
|
UserDatabaseRealm to authenticate users
|
||||||
|
-->
|
||||||
|
<Resource name="UserDatabase" auth="Container"
|
||||||
|
type="org.apache.catalina.UserDatabase"
|
||||||
|
description="User database that can be updated and saved"
|
||||||
|
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
|
||||||
|
pathname="conf/tomcat-users.xml" />
|
||||||
|
</GlobalNamingResources>
|
||||||
|
|
||||||
|
<!-- A "Service" is a collection of one or more "Connectors" that share
|
||||||
|
a single "Container" Note: A "Service" is not itself a "Container",
|
||||||
|
so you may not define subcomponents such as "Valves" at this level.
|
||||||
|
Documentation at /docs/config/service.html
|
||||||
|
-->
|
||||||
|
<Service name="Catalina">
|
||||||
|
|
||||||
|
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
|
||||||
|
<!--
|
||||||
|
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
|
||||||
|
maxThreads="150" minSpareThreads="4"/>
|
||||||
|
-->
|
||||||
|
|
||||||
|
|
||||||
|
<!-- A "Connector" represents an endpoint by which requests are received
|
||||||
|
and responses are returned. Documentation at :
|
||||||
|
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
|
||||||
|
Java AJP Connector: /docs/config/ajp.html
|
||||||
|
APR (HTTP/AJP) Connector: /docs/apr.html
|
||||||
|
Define a non-SSL HTTP/1.1 Connector on port 8080
|
||||||
|
-->
|
||||||
|
<Connector port="{{ tomcat_instance_port }}" protocol="HTTP/1.1"
|
||||||
|
connectionTimeout="20000"
|
||||||
|
URIEncoding="UTF-8"
|
||||||
|
redirectPort="8443" />
|
||||||
|
<!-- A "Connector" using the shared thread pool-->
|
||||||
|
<!--
|
||||||
|
<Connector executor="tomcatThreadPool"
|
||||||
|
port="8080" protocol="HTTP/1.1"
|
||||||
|
connectionTimeout="20000"
|
||||||
|
redirectPort="8443" />
|
||||||
|
-->
|
||||||
|
<!-- Define a SSL HTTP/1.1 Connector on port 8443
|
||||||
|
This connector uses the BIO implementation that requires the JSSE
|
||||||
|
style configuration. When using the APR/native implementation, the
|
||||||
|
OpenSSL style configuration is required as described in the APR/native
|
||||||
|
documentation -->
|
||||||
|
<!--
|
||||||
|
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
|
||||||
|
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
|
||||||
|
clientAuth="false" sslProtocol="TLS" />
|
||||||
|
-->
|
||||||
|
|
||||||
|
<!-- Define an AJP 1.3 Connector on port 8009 -->
|
||||||
|
<!--
|
||||||
|
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
|
||||||
|
-->
|
||||||
|
|
||||||
|
|
||||||
|
<!-- An Engine represents the entry point (within Catalina) that processes
|
||||||
|
every request. The Engine implementation for Tomcat stand alone
|
||||||
|
analyzes the HTTP headers included with the request, and passes them
|
||||||
|
on to the appropriate Host (virtual host).
|
||||||
|
Documentation at /docs/config/engine.html -->
|
||||||
|
|
||||||
|
<!-- You should set jvmRoute to support load-balancing via AJP ie :
|
||||||
|
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
|
||||||
|
-->
|
||||||
|
<Engine name="Catalina" defaultHost="localhost">
|
||||||
|
|
||||||
|
<!--For clustering, please take a look at documentation at:
|
||||||
|
/docs/cluster-howto.html (simple how to)
|
||||||
|
/docs/config/cluster.html (reference documentation) -->
|
||||||
|
<!--
|
||||||
|
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
|
||||||
|
-->
|
||||||
|
|
||||||
|
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
|
||||||
|
via a brute-force attack -->
|
||||||
|
<Realm className="org.apache.catalina.realm.LockOutRealm">
|
||||||
|
<!-- This Realm uses the UserDatabase configured in the global JNDI
|
||||||
|
resources under the key "UserDatabase". Any edits
|
||||||
|
that are performed against this UserDatabase are immediately
|
||||||
|
available for use by the Realm. -->
|
||||||
|
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
|
||||||
|
resourceName="UserDatabase"/>
|
||||||
|
</Realm>
|
||||||
|
|
||||||
|
<Host name="localhost" appBase="webapps"
|
||||||
|
unpackWARs="true" autoDeploy="true">
|
||||||
|
|
||||||
|
<!-- SingleSignOn valve, share authentication between web applications
|
||||||
|
Documentation at: /docs/config/valve.html -->
|
||||||
|
<!--
|
||||||
|
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
|
||||||
|
-->
|
||||||
|
|
||||||
|
<!-- Access log processes all example.
|
||||||
|
Documentation at: /docs/config/valve.html
|
||||||
|
Note: The pattern used is equivalent to using pattern="common" -->
|
||||||
|
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
|
||||||
|
prefix="localhost_access_log." suffix=".txt"
|
||||||
|
pattern="%h %l %u %t "%r" %s %b" />
|
||||||
|
|
||||||
|
</Host>
|
||||||
|
</Engine>
|
||||||
|
</Service>
|
||||||
|
</Server>
|
Loading…
Reference in a new issue