Add a systemd unit.
This commit is contained in:
parent
99b8ca35d6
commit
8a8375f80f
|
@ -47,7 +47,7 @@
|
||||||
state: directory
|
state: directory
|
||||||
with_nested:
|
with_nested:
|
||||||
- '{{ tomcat_m_instances }}'
|
- '{{ tomcat_m_instances }}'
|
||||||
- ['common/classes', 'conf/Catalina/localhost', 'conf/policy.d', 'lib', 'server/classes', 'shared/classes', 'webapps']
|
- ['common/classes', 'conf/Catalina/localhost', 'conf/policy.d', 'lib', 'server/classes', 'shared/classes', 'webapps', policy]
|
||||||
register: tomcat_first_install
|
register: tomcat_first_install
|
||||||
|
|
||||||
- name: Create the tomcat logs base directory
|
- name: Create the tomcat logs base directory
|
||||||
|
@ -237,7 +237,7 @@
|
||||||
notify: tomcat multiple-instances restart
|
notify: tomcat multiple-instances restart
|
||||||
tags: ['tomcat', 'tomcat_instances', 'tomcat_conf', 'tomcat_host_manager', 'tomcat_manager']
|
tags: ['tomcat', 'tomcat_instances', 'tomcat_conf', 'tomcat_host_manager', 'tomcat_manager']
|
||||||
|
|
||||||
- name: Install the instances startup scripts
|
- name: Install the instances SYSV startup scripts
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: tomcat-instance.init.j2
|
src: tomcat-instance.init.j2
|
||||||
dest: "/etc/init.d/tomcat-instance-{{ item.http_port }}"
|
dest: "/etc/init.d/tomcat-instance-{{ item.http_port }}"
|
||||||
|
@ -245,9 +245,43 @@
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
loop: '{{ tomcat_m_instances }}'
|
loop: '{{ tomcat_m_instances }}'
|
||||||
|
when: not tomcat_use_systemd_unit
|
||||||
register: reload_systemd
|
register: reload_systemd
|
||||||
tags: ['tomcat', 'tomcat_instances', 'tomcat_init']
|
tags: ['tomcat', 'tomcat_instances', 'tomcat_init']
|
||||||
|
|
||||||
|
- name: Remove the instances SYSV startup scripts when we prefer the systemd unit
|
||||||
|
ansible.builtin.file:
|
||||||
|
dest: "/etc/init.d/tomcat-instance-{{ item.http_port }}"
|
||||||
|
state: absent
|
||||||
|
loop: '{{ tomcat_m_instances }}'
|
||||||
|
when: tomcat_use_systemd_unit
|
||||||
|
tags: ['tomcat', 'tomcat_instances', 'tomcat_init']
|
||||||
|
|
||||||
|
- name: Install the instances systemd unit
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: tomcat-service.j2
|
||||||
|
dest: "/etc/systemd/system//tomcat-instance-{{ item.http_port }}"
|
||||||
|
mode: "0644"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
loop: '{{ tomcat_m_instances }}'
|
||||||
|
when: tomcat_use_systemd_unit
|
||||||
|
register: reload_systemd
|
||||||
|
notify: tomcat multiple-instances restart
|
||||||
|
tags: ['tomcat', 'tomcat_instances', 'tomcat_init']
|
||||||
|
|
||||||
|
- name: Install the helper script used by the systemd unit
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: tomcat-start.sh.j2
|
||||||
|
dest: "/usr/libexec/tomcat{{ tomcat_version }}/tomcat-instance-{{ item.http_port }}-start.sh"
|
||||||
|
mode: "0755"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
loop: '{{ tomcat_m_instances }}'
|
||||||
|
when: tomcat_use_systemd_unit
|
||||||
|
notify: tomcat multiple-instances restart
|
||||||
|
tags: ['tomcat', 'tomcat_instances', 'tomcat_init']
|
||||||
|
|
||||||
- name: Install the tomcat instances default file
|
- name: Install the tomcat instances default file
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: tomcat-default.j2
|
src: tomcat-default.j2
|
||||||
|
@ -264,7 +298,7 @@
|
||||||
daemon-reload: true
|
daemon-reload: true
|
||||||
when:
|
when:
|
||||||
- ansible_service_mgr == 'systemd'
|
- ansible_service_mgr == 'systemd'
|
||||||
- reload_systemd | bool
|
- tomcat_use_systemd_unit
|
||||||
|
|
||||||
- name: Install a custom context.xml file
|
- name: Install a custom context.xml file
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
|
|
|
@ -0,0 +1,51 @@
|
||||||
|
#
|
||||||
|
# Systemd unit file for Apache Tomcat
|
||||||
|
#
|
||||||
|
|
||||||
|
[Unit]
|
||||||
|
Description=Apache Tomcat {{ tomcat_version}} Web Application Server
|
||||||
|
After=syslog.target network.target
|
||||||
|
StartLimitIntervalSec=500
|
||||||
|
StartLimitBurst=5
|
||||||
|
RequiresMountsFor={{ tomcat_m_instances_logdir_base }}/{{ item.http_port }} /var/lib/tomcat{{ tomcat_version }}
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Environment="CATALINA_HOME=/usr/share/tomcat{{ tomcat_version }}"
|
||||||
|
Environment="CATALINA_BASE={{ item.instance_path }}"
|
||||||
|
Environment="CATALINA_TMPDIR={{ item.catalina_tmp_directory }}"
|
||||||
|
Type=simple
|
||||||
|
ExecStartPre=+/usr/libexec/tomcat{{ tomcat_version}}/tomcat-update-policy.sh
|
||||||
|
ExecStart=/bin/sh /usr/libexec/tomcat{{ tomcat_version }}/tomcat-instance-{{ item.http_port }}-start.sh
|
||||||
|
SuccessExitStatus=143
|
||||||
|
RestartSec=10
|
||||||
|
Restart=on-failure on-abort
|
||||||
|
# Logging
|
||||||
|
SyslogIdentifier=tomcat{{ tomcat_version }}
|
||||||
|
|
||||||
|
User={{ item.user }}
|
||||||
|
Group={{ item.user }}
|
||||||
|
{% if tomcat_systemd_security %}
|
||||||
|
PrivateTmp=yes
|
||||||
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||||
|
NoNewPrivileges=true
|
||||||
|
CacheDirectory={{ tomcat_m_cache_base }}/{{ item.http_port }}
|
||||||
|
CacheDirectoryMode=750
|
||||||
|
ProtectSystem=strict
|
||||||
|
ReadWritePaths={{ item.instance_path }}/conf/Catalina/
|
||||||
|
ReadWritePaths={{ item.instance_path }}/webapps
|
||||||
|
ReadWritePaths={{ tomcat_m_instances_logdir_base }}/{{ item.http_port }}
|
||||||
|
{% endif %}
|
||||||
|
{% if tomcat_systemd_security_enhanced %}
|
||||||
|
ProtectSystem=strict
|
||||||
|
ProtectHome=yes
|
||||||
|
PrivateDevices=yes
|
||||||
|
PrivateUsers=yes
|
||||||
|
ProtectKernelTunables=yes
|
||||||
|
ProtectKernelLogs=yes
|
||||||
|
RestrictAddressFamilies=AF_INET6 AF_INET
|
||||||
|
SystemCallArchitectures=native
|
||||||
|
SystemCallFilter=@system-service
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -0,0 +1,25 @@
|
||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# Startup script for Apache Tomcat with systemd
|
||||||
|
#
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# Load the service settings
|
||||||
|
. /etc/default/tomcat-instance-{{ item.http_port }}
|
||||||
|
|
||||||
|
# Find the Java runtime and set JAVA_HOME
|
||||||
|
. /usr/libexec/tomcat{{ tomcat_version }}/tomcat-locate-java.sh
|
||||||
|
|
||||||
|
# Set the JSP compiler if configured in the /etc/default/tomcat10 file
|
||||||
|
[ -n "$JSP_COMPILER" ] && JAVA_OPTS="$JAVA_OPTS -Dbuild.compiler=\"$JSP_COMPILER\""
|
||||||
|
|
||||||
|
export JAVA_OPTS
|
||||||
|
|
||||||
|
# Enable the Java security manager?
|
||||||
|
SECURITY=""
|
||||||
|
[ "$SECURITY_MANAGER" = "true" ] && SECURITY="-security"
|
||||||
|
|
||||||
|
|
||||||
|
# Start Tomcat
|
||||||
|
cd $CATALINA_BASE && exec $CATALINA_HOME/bin/catalina.sh run $SECURITY
|
Loading…
Reference in New Issue