From e49379ebd0891a32904426cc03a709787425880f Mon Sep 17 00:00:00 2001 From: Mathieu Trossevin Date: Tue, 23 Nov 2021 16:31:43 +0100 Subject: [PATCH] tomcat: Use system units instead of user units This massively reduce the output of `systemctl status` (which is usefull when checking what is running on a server), remove the need of enable-linger (which is always good when possible) and allows to check the status of the service much more easily. (It also enable more sandboxing options if wanted but we don't enable any in this commit.) --- CHANGELOG.md | 2 ++ tomcat-instance/tasks/main.yml | 1 - tomcat-instance/tasks/systemd.yml | 14 --------- tomcat-instance/tasks/user.yml | 33 ++++++++++++++++++++ tomcat-instance/templates/bin/disable.sh | 2 +- tomcat-instance/templates/bin/enable.sh | 2 +- tomcat-instance/templates/bin/shutdown.sh | 2 +- tomcat-instance/templates/bin/startup.sh | 2 +- tomcat-instance/templates/bin/status.sh | 2 +- tomcat/tasks/packages.yml | 4 +-- tomcat/templates/check_tomcat_instance.sh.j2 | 2 +- tomcat/templates/tomcat.service.j2 | 15 --------- tomcat/templates/tomcat@.service.j2 | 19 +++++++++++ 13 files changed, 62 insertions(+), 38 deletions(-) delete mode 100644 tomcat-instance/tasks/systemd.yml delete mode 100644 tomcat/templates/tomcat.service.j2 create mode 100644 tomcat/templates/tomcat@.service.j2 diff --git a/CHANGELOG.md b/CHANGELOG.md index 5f21ad6a..dc538233 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,8 @@ The **patch** part changes is incremented if multiple releases happen the same m * mongodb: Deny the install on Debian 11 « Bullseye » when the version is unsupported * mongodb: Support version 5.0 (for buster) * mongodb: Allow to specify a mongodb version for buster & bullseye +* tomcat: Use a system service for tomcat instances instead of user services. +* tomcat-instance: Changes to use the system service instead of user services. ### Fixed diff --git a/tomcat-instance/tasks/main.yml b/tomcat-instance/tasks/main.yml index 1da21794..c2dbedaa 100644 --- a/tomcat-instance/tasks/main.yml +++ b/tomcat-instance/tasks/main.yml @@ -1,6 +1,5 @@ --- - include: check.yml - include: user.yml -- include: systemd.yml - include: alias.yml - include: bootstrap.yml diff --git a/tomcat-instance/tasks/systemd.yml b/tomcat-instance/tasks/systemd.yml deleted file mode 100644 index 7558bbaa..00000000 --- a/tomcat-instance/tasks/systemd.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: Enable systemd user mode - command: "loginctl enable-linger {{ tomcat_instance_name }}" - changed_when: false - -- name: Set systemd conf var - lineinfile: - dest: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}/.profile" - state: present - owner: "{{ tomcat_instance_name }}" - group: "{{ tomcat_instance_name }}" - mode: "0640" - create: yes - line: 'export XDG_RUNTIME_DIR=/run/user/$UID' diff --git a/tomcat-instance/tasks/user.yml b/tomcat-instance/tasks/user.yml index d4fc8521..5197c1a6 100644 --- a/tomcat-instance/tasks/user.yml +++ b/tomcat-instance/tasks/user.yml @@ -77,3 +77,36 @@ line: "{{ tomcat_instance_deploy_user }} ALL = ({{ tomcat_instance_name }}) NOPASSWD: SETENV: ALL" validate: 'visudo -cf %s' when: tomcat_instance_deploy_user is defined + +- name: Enable sudo right for service management + lineinfile: + dest: '/etc/sudoers.d/tomcat' + state: present + mode: "0440" + create: yes + line: "%{{ tomcat_instance_name }} ALL = (root) NOPASSWD: {{ item }}" + validate: 'visudo -cf %s' + loop: + - "/bin/systemctl start tomcat@{{ tomcat_instance_name }}.service" + - "/bin/systemctl stop tomcat@{{ tomcat_instance_name }}.service" + - "/bin/systemctl status tomcat@{{ tomcat_instance_name }}.service" + - "/bin/systemctl status -l tomcat@{{ tomcat_instance_name }}.service" + - "/bin/systemctl enable tomcat@{{ tomcat_instance_name }}.service" + - "/bin/systemctl disable tomcat@{{ tomcat_instance_name }}.service" + +- name: Enable sudo right for deploy user for service management + lineinfile: + dest: '/etc/sudoers.d/tomcat' + state: present + mode: "0440" + create: yes + line: "{{ tomcat_instance_deploy_user }} ALL = (root) NOPASSWD: {{ item }}" + validate: 'visudo -cf %s' + when: tomcat_instance_deploy_user is defined + loop: + - "/bin/systemctl start tomcat@{{ tomcat_instance_name }}.service" + - "/bin/systemctl stop tomcat@{{ tomcat_instance_name }}.service" + - "/bin/systemctl status tomcat@{{ tomcat_instance_name }}.service" + - "/bin/systemctl status -l tomcat@{{ tomcat_instance_name }}.service" + - "/bin/systemctl enable tomcat@{{ tomcat_instance_name }}.service" + - "/bin/systemctl disable tomcat@{{ tomcat_instance_name }}.service" diff --git a/tomcat-instance/templates/bin/disable.sh b/tomcat-instance/templates/bin/disable.sh index 4ff9b70e..689c3c30 100755 --- a/tomcat-instance/templates/bin/disable.sh +++ b/tomcat-instance/templates/bin/disable.sh @@ -1,4 +1,4 @@ #!/bin/sh # alias for compatibility -sudo -iu {{ tomcat_instance_name }} systemctl --user disable tomcat +sudo systemctl disable tomcat@{{ tomcat_instance_name }}.service diff --git a/tomcat-instance/templates/bin/enable.sh b/tomcat-instance/templates/bin/enable.sh index 8ef8df3d..a9d4afbb 100755 --- a/tomcat-instance/templates/bin/enable.sh +++ b/tomcat-instance/templates/bin/enable.sh @@ -1,4 +1,4 @@ #!/bin/sh # alias for compatibility -sudo -iu {{ tomcat_instance_name }} systemctl --user enable tomcat +sudo systemctl enable tomcat@{{ tomcat_instance_name }}.service diff --git a/tomcat-instance/templates/bin/shutdown.sh b/tomcat-instance/templates/bin/shutdown.sh index 7ccfc0db..6fac2cb6 100755 --- a/tomcat-instance/templates/bin/shutdown.sh +++ b/tomcat-instance/templates/bin/shutdown.sh @@ -1,7 +1,7 @@ #!/bin/sh # alias for compatibility -sudo -iu {{ tomcat_instance_name }} systemctl --user stop tomcat +sudo systemctl stop tomcat@{{ tomcat_instance_name }}.service {% if tomcat_instance_mail is defined %} /bin/sh -c date | /usr/bin/mail -s "{{ inventory_hostname }}/{{ tomcat_instance_name }} : Shutdown instance" {{ tomcat_instance_mail }} {% endif %} diff --git a/tomcat-instance/templates/bin/startup.sh b/tomcat-instance/templates/bin/startup.sh index 2d627534..4cb52db0 100755 --- a/tomcat-instance/templates/bin/startup.sh +++ b/tomcat-instance/templates/bin/startup.sh @@ -1,4 +1,4 @@ #!/bin/sh # alias for compatibility -sudo -iu {{ tomcat_instance_name }} systemctl --user start tomcat +sudo systemctl start tomcat@{{ tomcat_instance_name }}.service diff --git a/tomcat-instance/templates/bin/status.sh b/tomcat-instance/templates/bin/status.sh index 614f91fe..2b590583 100755 --- a/tomcat-instance/templates/bin/status.sh +++ b/tomcat-instance/templates/bin/status.sh @@ -1,4 +1,4 @@ #!/bin/sh # alias for compatibility -sudo -iu {{ tomcat_instance_name }} systemctl --user status -l tomcat +sudo systemctl status -l tomcat@{{ tomcat_instance_name }}.service diff --git a/tomcat/tasks/packages.yml b/tomcat/tasks/packages.yml index 9b7995cc..c141e740 100644 --- a/tomcat/tasks/packages.yml +++ b/tomcat/tasks/packages.yml @@ -46,8 +46,8 @@ - name: Copy systemd unit template: - src: 'tomcat.service.j2' - dest: "/etc/systemd/user/tomcat.service" + src: 'tomcat@.service.j2' + dest: "/etc/systemd/system/tomcat@.service" mode: "0755" - name: Disable default tomcat service diff --git a/tomcat/templates/check_tomcat_instance.sh.j2 b/tomcat/templates/check_tomcat_instance.sh.j2 index 60fe0ef3..a2a29753 100644 --- a/tomcat/templates/check_tomcat_instance.sh.j2 +++ b/tomcat/templates/check_tomcat_instance.sh.j2 @@ -14,7 +14,7 @@ output="" instances=$(ls "${TOMCAT_ROOT}") for instance in ${instances}; do port=$(id -u "${instance}") - if [ -h "${TOMCAT_ROOT}/${instance}/.config/systemd/user/default.target.wants/tomcat.service" ]; then + if [ -h "/etc/systemd/system/multi-user.target.wants/tomcat@${instance}.service" ] || [ -h "${TOMCAT_ROOT}/${instance}/.config/systemd/user/default.target.wants/tomcat.service" ]; then /usr/lib/nagios/plugins/check_tcp -p "${port}" >/dev/null 2>&1 ret="${?}" if [ "${ret}" -ge 2 ]; then diff --git a/tomcat/templates/tomcat.service.j2 b/tomcat/templates/tomcat.service.j2 deleted file mode 100644 index e82bfca9..00000000 --- a/tomcat/templates/tomcat.service.j2 +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Tomcat %u. -After=network.target - -[Service] -WorkingDirectory=%h -Environment="CATALINA_BASE=%h" -EnvironmentFile=%h/conf/env -UMask=0002 -ExecStart=/usr/share/tomcat{{ tomcat_version }}/bin/startup.sh -ExecStop=/usr/share/tomcat{{ tomcat_version }}/bin/shutdown.sh -Type=forking - -[Install] -WantedBy=default.target diff --git a/tomcat/templates/tomcat@.service.j2 b/tomcat/templates/tomcat@.service.j2 new file mode 100644 index 00000000..fec5fb90 --- /dev/null +++ b/tomcat/templates/tomcat@.service.j2 @@ -0,0 +1,19 @@ +[Unit] +Description=Tomcat %i. +After=network.target + +[Service] +User=%i +Group=%i +WorkingDirectory={{ tomcat_instance_root }}/%i +Environment="CATALINA_BASE={{ tomcat_instance_root }}/%i" +EnvironmentFile={{ tomcat_instance_root }}/%i/conf/env +UMask=0002 +ExecStart=/usr/share/tomcat{{ tomcat_version }}/bin/catalina.sh run + +SyslogIdentifier=tomcat-%i + +Restart=always + +[Install] +WantedBy=multi-user.target -- 2.39.2