tomcat: Use system units instead of user units

This massively reduce the output of `systemctl status` (which is usefull when checking what is running on a server), remove the need of enable-linger (which is always good when possible) and allows to check the status of the service much more easily. (It also enable more sandboxing options if wanted but we don't enable any in this commit.)
2021-11-24 11:28:23 +01:00
13 changed files with 62 additions and 38 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -25,6 +25,8 @@ The **patch** part changes is incremented if multiple releases happen the same m
 * mongodb: Deny the install on Debian 11 « Bullseye » when the version is unsupported
 * mongodb: Support version 5.0 (for buster)
 * mongodb: Allow to specify a mongodb version for buster & bullseye
+* tomcat: Use a system service for tomcat instances instead of user services.
+* tomcat-instance: Changes to use the system service instead of user services.

 ### Fixed

--- a/tomcat-instance/tasks/main.yml
+++ b/tomcat-instance/tasks/main.yml
@ -1,6 +1,5 @@
 ---
 - include: check.yml
 - include: user.yml
- include: systemd.yml
 - include: alias.yml
 - include: bootstrap.yml
--- a/tomcat-instance/tasks/systemd.yml
+++ b/tomcat-instance/tasks/systemd.yml
@ -1,14 +0,0 @@
---
- name: Enable systemd user mode
-  command: "loginctl enable-linger {{ tomcat_instance_name }}"
-  changed_when: false
-
- name: Set systemd conf var
-  lineinfile:
-    dest: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/.profile"
-    state: present
-    owner: "{{ tomcat_instance_name }}"
-    group: "{{ tomcat_instance_name }}"
-    mode: "0640"
-    create: yes
-    line: 'export XDG_RUNTIME_DIR=/run/user/$UID'
--- a/tomcat-instance/tasks/user.yml
+++ b/tomcat-instance/tasks/user.yml
@ -77,3 +77,36 @@
    line: "{{ tomcat_instance_deploy_user }} ALL = ({{ tomcat_instance_name }}) NOPASSWD: SETENV: ALL"
    validate: 'visudo -cf %s'
  when: tomcat_instance_deploy_user is defined
+
+- name: Enable sudo right for service management
+  lineinfile:
+    dest: '/etc/sudoers.d/tomcat'
+    state: present
+    mode: "0440"
+    create: yes
+    line: "%{{ tomcat_instance_name }} ALL = (root) NOPASSWD: {{ item }}"
+    validate: 'visudo -cf %s'
+  loop:
+    - "/bin/systemctl start tomcat@{{ tomcat_instance_name }}.service"
+    - "/bin/systemctl stop tomcat@{{ tomcat_instance_name }}.service"
+    - "/bin/systemctl status tomcat@{{ tomcat_instance_name }}.service"
+    - "/bin/systemctl status -l tomcat@{{ tomcat_instance_name }}.service"
+    - "/bin/systemctl enable tomcat@{{ tomcat_instance_name }}.service"
+    - "/bin/systemctl disable tomcat@{{ tomcat_instance_name }}.service"
+
+- name: Enable sudo right for deploy user for service management
+  lineinfile:
+    dest: '/etc/sudoers.d/tomcat'
+    state: present
+    mode: "0440"
+    create: yes
+    line: "{{ tomcat_instance_deploy_user }} ALL = (root) NOPASSWD: {{ item }}"
+    validate: 'visudo -cf %s'
+  when: tomcat_instance_deploy_user is defined
+  loop:
+    - "/bin/systemctl start tomcat@{{ tomcat_instance_name }}.service"
+    - "/bin/systemctl stop tomcat@{{ tomcat_instance_name }}.service"
+    - "/bin/systemctl status tomcat@{{ tomcat_instance_name }}.service"
+    - "/bin/systemctl status -l tomcat@{{ tomcat_instance_name }}.service"
+    - "/bin/systemctl enable tomcat@{{ tomcat_instance_name }}.service"
+    - "/bin/systemctl disable tomcat@{{ tomcat_instance_name }}.service"
--- a/tomcat-instance/templates/bin/disable.sh
+++ b/tomcat-instance/templates/bin/disable.sh
@ -1,4 +1,4 @@
 #!/bin/sh
 # alias for compatibility

-sudo -iu {{ tomcat_instance_name }} systemctl --user disable tomcat
+sudo systemctl disable tomcat@{{ tomcat_instance_name }}.service
--- a/tomcat-instance/templates/bin/enable.sh
+++ b/tomcat-instance/templates/bin/enable.sh
@ -1,4 +1,4 @@
 #!/bin/sh
 # alias for compatibility

-sudo -iu {{ tomcat_instance_name }} systemctl --user enable tomcat
+sudo systemctl enable tomcat@{{ tomcat_instance_name }}.service
--- a/tomcat-instance/templates/bin/shutdown.sh
+++ b/tomcat-instance/templates/bin/shutdown.sh
@ -1,7 +1,7 @@
 #!/bin/sh
 # alias for compatibility

-sudo -iu {{ tomcat_instance_name }} systemctl --user stop tomcat
+sudo systemctl stop tomcat@{{ tomcat_instance_name }}.service
 {% if tomcat_instance_mail is defined %}
 /bin/sh -c date | /usr/bin/mail -s "{{ inventory_hostname }}/{{ tomcat_instance_name }} : Shutdown instance" {{ tomcat_instance_mail }}
 {% endif %}
--- a/tomcat-instance/templates/bin/startup.sh
+++ b/tomcat-instance/templates/bin/startup.sh
@ -1,4 +1,4 @@
 #!/bin/sh
 # alias for compatibility

-sudo -iu {{ tomcat_instance_name }} systemctl --user start tomcat
+sudo systemctl start tomcat@{{ tomcat_instance_name }}.service
--- a/tomcat-instance/templates/bin/status.sh
+++ b/tomcat-instance/templates/bin/status.sh
@ -1,4 +1,4 @@
 #!/bin/sh
 # alias for compatibility

-sudo -iu {{ tomcat_instance_name }} systemctl --user status -l tomcat
+sudo systemctl status -l tomcat@{{ tomcat_instance_name }}.service
--- a/tomcat/tasks/packages.yml
+++ b/tomcat/tasks/packages.yml
@ -46,8 +46,8 @@

 - name: Copy systemd unit
  template:
-    src: 'tomcat.service.j2'
-    dest: "/etc/systemd/user/tomcat.service"
+    src: 'tomcat@.service.j2'
+    dest: "/etc/systemd/system/tomcat@.service"
    mode: "0755"

 - name: Disable default tomcat service
--- a/tomcat/templates/check_tomcat_instance.sh.j2
+++ b/tomcat/templates/check_tomcat_instance.sh.j2
@ -14,7 +14,7 @@ output=""
 instances=$(ls "${TOMCAT_ROOT}")
 for instance in ${instances}; do
    port=$(id -u "${instance}")
-    if [ -h "${TOMCAT_ROOT}/${instance}/.config/systemd/user/default.target.wants/tomcat.service" ]; then
+    if [ -h "/etc/systemd/system/multi-user.target.wants/tomcat@${instance}.service" ] ||  [ -h "${TOMCAT_ROOT}/${instance}/.config/systemd/user/default.target.wants/tomcat.service" ]; then
        /usr/lib/nagios/plugins/check_tcp -p "${port}" >/dev/null 2>&1
        ret="${?}"
        if [ "${ret}" -ge 2 ]; then
--- a/tomcat/templates/tomcat.service.j2
+++ b/tomcat/templates/tomcat.service.j2
@ -1,15 +0,0 @@
-[Unit]
-Description=Tomcat %u.
-After=network.target
-
-[Service]
-WorkingDirectory=%h
-Environment="CATALINA_BASE=%h"
-EnvironmentFile=%h/conf/env
-UMask=0002
-ExecStart=/usr/share/tomcat{{ tomcat_version }}/bin/startup.sh
-ExecStop=/usr/share/tomcat{{ tomcat_version }}/bin/shutdown.sh
-Type=forking
-
-[Install]
-WantedBy=default.target
--- a/tomcat/templates/tomcat@.service.j2
+++ b/tomcat/templates/tomcat@.service.j2
@ -0,0 +1,19 @@
+[Unit]
+Description=Tomcat %i.
+After=network.target
+
+[Service]
+User=%i
+Group=%i
+WorkingDirectory={{ tomcat_instance_root }}/%i
+Environment="CATALINA_BASE={{ tomcat_instance_root }}/%i"
+EnvironmentFile={{ tomcat_instance_root }}/%i/conf/env
+UMask=0002
+ExecStart=/usr/share/tomcat{{ tomcat_version }}/bin/catalina.sh run
+
+SyslogIdentifier=tomcat-%i
+
+Restart=always
+
+[Install]
+WantedBy=multi-user.target