Add a systemd unit.

This commit is contained in:
Andrea Dell'Amico 2024-07-31 19:12:46 +02:00
parent 99b8ca35d6
commit 8a8375f80f
Signed by: adellam
GPG Key ID: 147ABE6CEB9E20FF
3 changed files with 113 additions and 3 deletions

View File

@ -47,7 +47,7 @@
state: directory state: directory
with_nested: with_nested:
- '{{ tomcat_m_instances }}' - '{{ tomcat_m_instances }}'
- ['common/classes', 'conf/Catalina/localhost', 'conf/policy.d', 'lib', 'server/classes', 'shared/classes', 'webapps'] - ['common/classes', 'conf/Catalina/localhost', 'conf/policy.d', 'lib', 'server/classes', 'shared/classes', 'webapps', policy]
register: tomcat_first_install register: tomcat_first_install
- name: Create the tomcat logs base directory - name: Create the tomcat logs base directory
@ -237,7 +237,7 @@
notify: tomcat multiple-instances restart notify: tomcat multiple-instances restart
tags: ['tomcat', 'tomcat_instances', 'tomcat_conf', 'tomcat_host_manager', 'tomcat_manager'] tags: ['tomcat', 'tomcat_instances', 'tomcat_conf', 'tomcat_host_manager', 'tomcat_manager']
- name: Install the instances startup scripts - name: Install the instances SYSV startup scripts
ansible.builtin.template: ansible.builtin.template:
src: tomcat-instance.init.j2 src: tomcat-instance.init.j2
dest: "/etc/init.d/tomcat-instance-{{ item.http_port }}" dest: "/etc/init.d/tomcat-instance-{{ item.http_port }}"
@ -245,9 +245,43 @@
owner: root owner: root
group: root group: root
loop: '{{ tomcat_m_instances }}' loop: '{{ tomcat_m_instances }}'
when: not tomcat_use_systemd_unit
register: reload_systemd register: reload_systemd
tags: ['tomcat', 'tomcat_instances', 'tomcat_init'] tags: ['tomcat', 'tomcat_instances', 'tomcat_init']
- name: Remove the instances SYSV startup scripts when we prefer the systemd unit
ansible.builtin.file:
dest: "/etc/init.d/tomcat-instance-{{ item.http_port }}"
state: absent
loop: '{{ tomcat_m_instances }}'
when: tomcat_use_systemd_unit
tags: ['tomcat', 'tomcat_instances', 'tomcat_init']
- name: Install the instances systemd unit
ansible.builtin.template:
src: tomcat-service.j2
dest: "/etc/systemd/system//tomcat-instance-{{ item.http_port }}"
mode: "0644"
owner: root
group: root
loop: '{{ tomcat_m_instances }}'
when: tomcat_use_systemd_unit
register: reload_systemd
notify: tomcat multiple-instances restart
tags: ['tomcat', 'tomcat_instances', 'tomcat_init']
- name: Install the helper script used by the systemd unit
ansible.builtin.template:
src: tomcat-start.sh.j2
dest: "/usr/libexec/tomcat{{ tomcat_version }}/tomcat-instance-{{ item.http_port }}-start.sh"
mode: "0755"
owner: root
group: root
loop: '{{ tomcat_m_instances }}'
when: tomcat_use_systemd_unit
notify: tomcat multiple-instances restart
tags: ['tomcat', 'tomcat_instances', 'tomcat_init']
- name: Install the tomcat instances default file - name: Install the tomcat instances default file
ansible.builtin.template: ansible.builtin.template:
src: tomcat-default.j2 src: tomcat-default.j2
@ -264,7 +298,7 @@
daemon-reload: true daemon-reload: true
when: when:
- ansible_service_mgr == 'systemd' - ansible_service_mgr == 'systemd'
- reload_systemd | bool - tomcat_use_systemd_unit
- name: Install a custom context.xml file - name: Install a custom context.xml file
ansible.builtin.template: ansible.builtin.template:

View File

@ -0,0 +1,51 @@
#
# Systemd unit file for Apache Tomcat
#
[Unit]
Description=Apache Tomcat {{ tomcat_version}} Web Application Server
After=syslog.target network.target
StartLimitIntervalSec=500
StartLimitBurst=5
RequiresMountsFor={{ tomcat_m_instances_logdir_base }}/{{ item.http_port }} /var/lib/tomcat{{ tomcat_version }}
[Service]
Environment="CATALINA_HOME=/usr/share/tomcat{{ tomcat_version }}"
Environment="CATALINA_BASE={{ item.instance_path }}"
Environment="CATALINA_TMPDIR={{ item.catalina_tmp_directory }}"
Type=simple
ExecStartPre=+/usr/libexec/tomcat{{ tomcat_version}}/tomcat-update-policy.sh
ExecStart=/bin/sh /usr/libexec/tomcat{{ tomcat_version }}/tomcat-instance-{{ item.http_port }}-start.sh
SuccessExitStatus=143
RestartSec=10
Restart=on-failure on-abort
# Logging
SyslogIdentifier=tomcat{{ tomcat_version }}
User={{ item.user }}
Group={{ item.user }}
{% if tomcat_systemd_security %}
PrivateTmp=yes
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
CacheDirectory={{ tomcat_m_cache_base }}/{{ item.http_port }}
CacheDirectoryMode=750
ProtectSystem=strict
ReadWritePaths={{ item.instance_path }}/conf/Catalina/
ReadWritePaths={{ item.instance_path }}/webapps
ReadWritePaths={{ tomcat_m_instances_logdir_base }}/{{ item.http_port }}
{% endif %}
{% if tomcat_systemd_security_enhanced %}
ProtectSystem=strict
ProtectHome=yes
PrivateDevices=yes
PrivateUsers=yes
ProtectKernelTunables=yes
ProtectKernelLogs=yes
RestrictAddressFamilies=AF_INET6 AF_INET
SystemCallArchitectures=native
SystemCallFilter=@system-service
{% endif %}
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,25 @@
#!/bin/sh
#
# Startup script for Apache Tomcat with systemd
#
set -e
# Load the service settings
. /etc/default/tomcat-instance-{{ item.http_port }}
# Find the Java runtime and set JAVA_HOME
. /usr/libexec/tomcat{{ tomcat_version }}/tomcat-locate-java.sh
# Set the JSP compiler if configured in the /etc/default/tomcat10 file
[ -n "$JSP_COMPILER" ] && JAVA_OPTS="$JAVA_OPTS -Dbuild.compiler=\"$JSP_COMPILER\""
export JAVA_OPTS
# Enable the Java security manager?
SECURITY=""
[ "$SECURITY_MANAGER" = "true" ] && SECURITY="-security"
# Start Tomcat
cd $CATALINA_BASE && exec $CATALINA_HOME/bin/catalina.sh run $SECURITY