forked from evolix/ansible-roles
This massively reduce the output of `systemctl status` (which is usefull when checking what is running on a server), remove the need of enable-linger (which is always good when possible) and allows to check the status of the service much more easily. (It also enable more sandboxing options if wanted but we don't enable any in this commit.)
113 lines
3.7 KiB
YAML
113 lines
3.7 KiB
YAML
---
|
|
|
|
- fail:
|
|
msg: "You must provide a value for the 'tomcat_instance_port' variable."
|
|
when: tomcat_instance_port is not defined or tomcat_instance_port | length == 0
|
|
|
|
|
|
- name: "Test if uid '{{ tomcat_instance_port }}' exists"
|
|
command: 'id -un -- "{{ tomcat_instance_port }}"'
|
|
register: get_login_from_id
|
|
failed_when: False
|
|
changed_when: False
|
|
check_mode: no
|
|
|
|
- name: "Fail if uid already exists for another user"
|
|
fail:
|
|
msg: "Uid '{{ tomcat_instance_port }}' is already used by '{{ get_login_from_id.stdout }}'. You must change uid for '{{ tomcat_instance_name }}'"
|
|
when:
|
|
- get_login_from_id.rc == 0
|
|
- get_login_from_id.stdout != tomcat_instance_name
|
|
|
|
- name: Create group instance
|
|
group:
|
|
name: "{{ tomcat_instance_name }}"
|
|
gid: "{{ tomcat_instance_port }}"
|
|
|
|
- name: Create user instance
|
|
user:
|
|
name: "{{ tomcat_instance_name }}"
|
|
group: "{{ tomcat_instance_name }}"
|
|
uid: "{{ tomcat_instance_port }}"
|
|
home: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}"
|
|
shell: '/bin/bash'
|
|
createhome: no
|
|
|
|
- name: Create home dir
|
|
file:
|
|
path: "{{ tomcat_instance_root }}/{{ tomcat_instance_name }}"
|
|
state: directory
|
|
owner: "{{ tomcat_instance_name }}"
|
|
group: "{{ tomcat_instance_name }}"
|
|
mode: "u=rwx,g=rwxs,o="
|
|
|
|
- name: Is /etc/aliases present?
|
|
stat:
|
|
path: /etc/aliases
|
|
register: etc_aliases
|
|
|
|
- name: Set mail alias for user
|
|
lineinfile:
|
|
dest: '/etc/aliases'
|
|
state: present
|
|
line: "{{ tomcat_instance_name }}: {{ tomcat_instance_mail }}"
|
|
regexp: "{{ tomcat_instance_name }}:"
|
|
when: etc_aliases.stat.exists and tomcat_instance_mail is defined
|
|
register: tomcat_instance_mail_alias
|
|
|
|
- name: Run newaliases
|
|
command: newaliases
|
|
when: tomcat_instance_mail_alias is changed
|
|
|
|
- name: Enable sudo right
|
|
lineinfile:
|
|
dest: '/etc/sudoers.d/tomcat'
|
|
state: present
|
|
mode: "0440"
|
|
create: yes
|
|
line: "%{{ tomcat_instance_name }} ALL = ({{ tomcat_instance_name }}) SETENV: ALL"
|
|
validate: 'visudo -cf %s'
|
|
|
|
- name: Enable sudo right for deploy user
|
|
lineinfile:
|
|
dest: '/etc/sudoers.d/tomcat'
|
|
state: present
|
|
mode: "0440"
|
|
create: yes
|
|
line: "{{ tomcat_instance_deploy_user }} ALL = ({{ tomcat_instance_name }}) NOPASSWD: SETENV: ALL"
|
|
validate: 'visudo -cf %s'
|
|
when: tomcat_instance_deploy_user is defined
|
|
|
|
- name: Enable sudo right for service management
|
|
lineinfile:
|
|
dest: '/etc/sudoers.d/tomcat'
|
|
state: present
|
|
mode: "0440"
|
|
create: yes
|
|
line: "%{{ tomcat_instance_name }} ALL = (root) NOPASSWD: {{ item }}"
|
|
validate: 'visudo -cf %s'
|
|
loop:
|
|
- "/bin/systemctl start tomcat@{{ tomcat_instance_name }}.service"
|
|
- "/bin/systemctl stop tomcat@{{ tomcat_instance_name }}.service"
|
|
- "/bin/systemctl status tomcat@{{ tomcat_instance_name }}.service"
|
|
- "/bin/systemctl status -l tomcat@{{ tomcat_instance_name }}.service"
|
|
- "/bin/systemctl enable tomcat@{{ tomcat_instance_name }}.service"
|
|
- "/bin/systemctl disable tomcat@{{ tomcat_instance_name }}.service"
|
|
|
|
- name: Enable sudo right for deploy user for service management
|
|
lineinfile:
|
|
dest: '/etc/sudoers.d/tomcat'
|
|
state: present
|
|
mode: "0440"
|
|
create: yes
|
|
line: "{{ tomcat_instance_deploy_user }} ALL = (root) NOPASSWD: {{ item }}"
|
|
validate: 'visudo -cf %s'
|
|
when: tomcat_instance_deploy_user is defined
|
|
loop:
|
|
- "/bin/systemctl start tomcat@{{ tomcat_instance_name }}.service"
|
|
- "/bin/systemctl stop tomcat@{{ tomcat_instance_name }}.service"
|
|
- "/bin/systemctl status tomcat@{{ tomcat_instance_name }}.service"
|
|
- "/bin/systemctl status -l tomcat@{{ tomcat_instance_name }}.service"
|
|
- "/bin/systemctl enable tomcat@{{ tomcat_instance_name }}.service"
|
|
- "/bin/systemctl disable tomcat@{{ tomcat_instance_name }}.service"
|