Add some tasks that add a systemd unit when it's not part of the package.
This commit is contained in:
parent
5251a37035
commit
39f3a8b96e
|
@ -5,6 +5,10 @@
|
||||||
# tomcat_fixed_version: 9
|
# tomcat_fixed_version: 9
|
||||||
tomcat_pkg_state: present
|
tomcat_pkg_state: present
|
||||||
tomcat_service_enabled: true
|
tomcat_service_enabled: true
|
||||||
|
tomcat_use_systemd_unit: "{% if ansible_distribution_major_version is version_compare('18.04', '>=') %}true{{ tomcat_version }}{% else %}false{% endif %}"
|
||||||
|
tomcat_systemd_security_enhanced: false
|
||||||
|
tomcat_systemd_security: "{% if tomcat_systemd_security_enhanced %}true{% else %}false{% endif %}"
|
||||||
|
|
||||||
tomcat_pkgs:
|
tomcat_pkgs:
|
||||||
- 'tomcat{{ tomcat_version }}'
|
- 'tomcat{{ tomcat_version }}'
|
||||||
- 'libtomcat{{ tomcat_version }}-java'
|
- 'libtomcat{{ tomcat_version }}-java'
|
||||||
|
@ -60,6 +64,7 @@ tomcat_catalina_base_dir: '/var/lib/tomcat{{ tomcat_version }}'
|
||||||
tomcat_conf_dir: '/etc/tomcat{{ tomcat_version }}'
|
tomcat_conf_dir: '/etc/tomcat{{ tomcat_version }}'
|
||||||
tomcat_webapps_dir: '{{ tomcat_catalina_base_dir }}/webapps'
|
tomcat_webapps_dir: '{{ tomcat_catalina_base_dir }}/webapps'
|
||||||
tomcat_common_dir: '{{ tomcat_catalina_base_dir }}/common/'
|
tomcat_common_dir: '{{ tomcat_catalina_base_dir }}/common/'
|
||||||
|
tomcat_work_dir: '{{ tomcat_catalina_base_dir }}/work'
|
||||||
tomcat_common_classes_dir: '{{ tomcat_catalina_base_dir }}/common/classes'
|
tomcat_common_classes_dir: '{{ tomcat_catalina_base_dir }}/common/classes'
|
||||||
tomcat_tmp_dir: '{{ tomcat_catalina_base_dir }}/tmp/tomcat'
|
tomcat_tmp_dir: '{{ tomcat_catalina_base_dir }}/tmp/tomcat'
|
||||||
tomcat_enable_catalina_shared_loader: true
|
tomcat_enable_catalina_shared_loader: true
|
||||||
|
|
|
@ -1,92 +1,165 @@
|
||||||
---
|
---
|
||||||
- name: Set the tomcat version for ubuntu Trusy
|
- name: tomcat-pkgs | Set the tomcat version for ubuntu Trusy
|
||||||
set_fact:
|
ansible.builtin.set_fact:
|
||||||
tomcat_version: 7
|
tomcat_version: 7
|
||||||
when:
|
when:
|
||||||
- ansible_distribution_major_version is version_compare('16.04', '<')
|
- ansible_distribution_major_version is version_compare('16.04', '<')
|
||||||
- tomcat_fixed_version is not defined
|
- tomcat_fixed_version is not defined
|
||||||
tags: ['tomcat', 'tomcat_ver', 'tomcat_conf', 'tomcat_javamelody']
|
tags: ['tomcat', 'tomcat_ver', 'tomcat_conf', 'tomcat_javamelody']
|
||||||
|
|
||||||
- name: Set the tomcat version for Ubuntu bionic
|
- name: tomcat-pkgs | Set the tomcat version for Ubuntu bionic
|
||||||
set_fact:
|
ansible.builtin.set_fact:
|
||||||
tomcat_version: 8
|
tomcat_version: 8
|
||||||
when:
|
when:
|
||||||
- ansible_distribution_major_version is version_compare('18.04', '==')
|
- ansible_distribution_major_version is version_compare('18.04', '==')
|
||||||
- tomcat_fixed_version is not defined
|
- tomcat_fixed_version is not defined
|
||||||
tags: ['tomcat', 'tomcat_ver', 'tomcat_conf', 'tomcat_javamelody']
|
tags: ['tomcat', 'tomcat_ver', 'tomcat_conf', 'tomcat_javamelody']
|
||||||
|
|
||||||
- name: Set the tomcat version for Ubuntu bionic
|
- name: tomcat-pkgs | Set the tomcat version for Ubuntu bionic
|
||||||
set_fact:
|
ansible.builtin.set_fact:
|
||||||
tomcat_version: 10
|
tomcat_version: 10
|
||||||
when:
|
when:
|
||||||
- ansible_distribution_major_version is version_compare('24.04', '==')
|
- ansible_distribution_major_version is version_compare('24.04', '==')
|
||||||
- tomcat_fixed_version is not defined
|
- tomcat_fixed_version is not defined
|
||||||
tags: ['tomcat', 'tomcat_ver', 'tomcat_conf', 'tomcat_javamelody']
|
tags: ['tomcat', 'tomcat_ver', 'tomcat_conf', 'tomcat_javamelody']
|
||||||
|
|
||||||
- name: Impose a tomcat version
|
- name: tomcat-pkgs | Impose a tomcat version
|
||||||
set_fact:
|
ansible.builtin.set_fact:
|
||||||
tomcat_version: '{{ tomcat_fixed_version }}'
|
tomcat_version: '{{ tomcat_fixed_version }}'
|
||||||
when: tomcat_fixed_version is defined
|
when: tomcat_fixed_version is defined
|
||||||
tags: ['tomcat', 'tomcat_ver', 'tomcat_conf', 'tomcat_javamelody']
|
tags: ['tomcat', 'tomcat_ver', 'tomcat_conf', 'tomcat_javamelody']
|
||||||
|
|
||||||
- name: Print the Tomcat version
|
- name: tomcat-pkgs | Print the Tomcat version
|
||||||
debug:
|
ansible.builtin.debug:
|
||||||
msg: "The Tomcat version we are going to install is {{ tomcat_version }}"
|
msg: "The Tomcat version we are going to install is {{ tomcat_version }}"
|
||||||
tags: ['tomcat', 'tomcat_ver', 'tomcat_conf', 'tomcat_javamelody']
|
tags: ['tomcat', 'tomcat_ver', 'tomcat_conf', 'tomcat_javamelody']
|
||||||
|
|
||||||
- name: Install the tomcat packages
|
- name: tomcat-pkgs | Install the tomcat packages
|
||||||
apt: pkg={{ tomcat_pkgs }} state={{ tomcat_pkg_state }} cache_valid_time=1800
|
ansible.builtin.apt:
|
||||||
|
pkg: "{{ tomcat_pkgs }}"
|
||||||
|
state: "{{ tomcat_pkg_state }}"
|
||||||
|
cache_valid_time: 1800
|
||||||
tags: tomcat
|
tags: tomcat
|
||||||
|
|
||||||
- name: Install additional packages needed by tomcat 8+
|
- name: tomcat-pkgs | Install additional packages needed by tomcat 8+
|
||||||
apt: pkg={{ tomcat8_additional_pkgs }} state={{ tomcat_pkg_state }} cache_valid_time=1800
|
ansible.builtin.apt:
|
||||||
|
pkg: "{{ tomcat8_additional_pkgs }}"
|
||||||
|
state: "{{ tomcat_pkg_state }}"
|
||||||
|
cache_valid_time: 1800
|
||||||
when: tomcat_version is version_compare('8', '>=')
|
when: tomcat_version is version_compare('8', '>=')
|
||||||
tags: ['tomcat', 'tomcat_javamelody', 'tomcat_conf', 'tomcat_javamelody']
|
tags: ['tomcat', 'tomcat_javamelody', 'tomcat_conf', 'tomcat_javamelody']
|
||||||
|
|
||||||
- name: Create the tomcat tmp directory
|
- name: tomcat-pkgs | Create the tomcat tmp directory
|
||||||
file: dest={{ tomcat_tmp_dir }} state=directory owner={{ tomcat_user }} group={{ tomcat_user }}
|
ansible.builtin.file:
|
||||||
|
dest: "{{ tomcat_tmp_dir }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ tomcat_user }}"
|
||||||
|
group: "{{ tomcat_user }}"
|
||||||
|
mode: "0750"
|
||||||
notify: tomcat restart
|
notify: tomcat restart
|
||||||
tags: tomcat
|
tags: tomcat
|
||||||
|
|
||||||
- name: Create the catalina temp directory, if different from the default
|
- name: tomcat-pkgs | Create the catalina temp directory, if different from the default
|
||||||
file: dest={{ catalina_tmp_directory }} state=directory owner={{ tomcat_user }} group={{ tomcat_user }}
|
ansible.builtin.file:
|
||||||
|
dest: "{{ catalina_tmp_directory }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ tomcat_user }}"
|
||||||
|
group: "{{ tomcat_user }}"
|
||||||
|
mode: "0750"
|
||||||
when: catalina_tmp_directory is defined
|
when: catalina_tmp_directory is defined
|
||||||
notify: tomcat restart
|
notify: tomcat restart
|
||||||
tags: tomcat
|
tags: tomcat
|
||||||
|
|
||||||
- name: Configure tomcat defaults
|
- name: tomcat-pkgs | Configure tomcat defaults
|
||||||
template: src=tomcat-default.j2 dest=/etc/default/tomcat{{ tomcat_version }}
|
ansible.builtin.template:
|
||||||
|
src: tomcat-default.j2
|
||||||
|
dest: "/etc/default/tomcat{{ tomcat_version }}"
|
||||||
|
owner: root
|
||||||
|
group: "{{ tomcat_user }}"
|
||||||
|
mode: "0640"
|
||||||
when: tomcat_install_default_conf | bool
|
when: tomcat_install_default_conf | bool
|
||||||
notify: tomcat restart
|
notify: tomcat restart
|
||||||
tags: ['tomcat', 'tomcat_default', 'tomcat_conf']
|
tags: ['tomcat', 'tomcat_default', 'tomcat_conf']
|
||||||
|
|
||||||
- name: Configure tomcat server.xml
|
- name: tomcat-pkgs | Configure tomcat server.xml
|
||||||
template: src=tomcat-server.xml.j2 dest={{ tomcat_conf_dir }}/server.xml
|
ansible.builtin.template:
|
||||||
|
src: tomcat-server.xml.j2
|
||||||
|
dest: "{{ tomcat_conf_dir }}/server.xml"
|
||||||
|
owner: root
|
||||||
|
group: "{{ tomcat_user }}"
|
||||||
|
mode: "0640"
|
||||||
when: tomcat_install_server_xml | bool
|
when: tomcat_install_server_xml | bool
|
||||||
notify: tomcat restart
|
notify: tomcat restart
|
||||||
tags: ['tomcat', 'tomcat_serverxml', 'tomcat_conf']
|
tags: ['tomcat', 'tomcat_serverxml', 'tomcat_conf']
|
||||||
|
|
||||||
- name: Configure tomcat web.xml
|
- name: tomcat-pkgs | Configure tomcat web.xml
|
||||||
template: src=tomcat-web.xml.j2 dest={{ tomcat_conf_dir }}/web.xml
|
ansible.builtin.template:
|
||||||
|
src: tomcat-web.xml.j2
|
||||||
|
dest: "{{ tomcat_conf_dir }}/web.xml"
|
||||||
|
owner: root
|
||||||
|
group: "{{ tomcat_user }}"
|
||||||
|
mode: "0640"
|
||||||
notify: tomcat restart
|
notify: tomcat restart
|
||||||
tags: ['tomcat', 'tomcat_serverxml', 'tomcat_conf']
|
tags: ['tomcat', 'tomcat_serverxml', 'tomcat_conf']
|
||||||
|
|
||||||
- name: Install a slightly modified catalina.properties
|
- name: tomcat-pkgs | Install the startup script used by the systemd unit
|
||||||
template: src=catalina.properties.j2 dest={{ tomcat_conf_dir }}/catalina.properties owner=root group={{ tomcat_user }} mode=0644
|
ansible.builtin.template:
|
||||||
|
src: tomcat-start.sh.j2
|
||||||
|
dest: "/usr/libexec/tomcat{{ tomcat_version }}/tomcat-start.sh"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0755"
|
||||||
|
notify: tomcat restart
|
||||||
|
when:
|
||||||
|
- tomcat_use_systemd_unit
|
||||||
|
- ansible_distribution_major_version is version_compare('24.04', '<')
|
||||||
|
tags: ['tomcat', 'tomcat_serverxml', 'tomcat_conf']
|
||||||
|
|
||||||
|
- name: tomcat-pkgs | Install the systemd unit
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: tomcat-service.j2
|
||||||
|
dest: "/etc/systemd/system/tomcat{{ tomcat_version }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
notify: tomcat restart
|
||||||
|
when:
|
||||||
|
- tomcat_use_systemd_unit
|
||||||
|
- ansible_distribution_major_version is version_compare('24.04', '<')
|
||||||
|
tags: ['tomcat', 'tomcat_serverxml', 'tomcat_conf']
|
||||||
|
|
||||||
|
- name: tomcat-pkgs | Install a slightly modified catalina.properties
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: catalina.properties.j2
|
||||||
|
dest: "{{ tomcat_conf_dir }}/catalina.properties"
|
||||||
|
owner: root
|
||||||
|
group: "{{ tomcat_user }}"
|
||||||
|
mode: "0644"
|
||||||
when: tomcat_install_default_conf | bool
|
when: tomcat_install_default_conf | bool
|
||||||
notify: tomcat restart
|
notify: tomcat restart
|
||||||
tags: ['tomcat', 'tomcat_catalinaprops']
|
tags: ['tomcat', 'tomcat_catalinaprops']
|
||||||
|
|
||||||
- name: Create some directories that the package do not creates itself
|
- name: tomcat-pkgs | Create some directories that the package do not creates itself
|
||||||
file: dest={{ tomcat_catalina_home_dir }}/{{ item }} state=directory owner={{ tomcat_user }} group={{ tomcat_user }} mode=0755
|
ansible.builtin.file:
|
||||||
|
dest: "{{ tomcat_catalina_home_dir }}/{{ item }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ tomcat_user }}"
|
||||||
|
group: "{{ tomcat_user }}"
|
||||||
|
mode: "0755"
|
||||||
with_items:
|
with_items:
|
||||||
- common/classes
|
- common/classes
|
||||||
- server/classes
|
- server/classes
|
||||||
- shared/classes
|
- shared/classes
|
||||||
tags: tomcat
|
tags: tomcat
|
||||||
|
|
||||||
- name: On tomcat8, create a link to commons-daemon.jar to avoid exceptions at startup
|
- name: tomcat-pkgs | On tomcat8, create a link to commons-daemon.jar to avoid exceptions at startup
|
||||||
file: src=/usr/share/java/{{ item }} dest={{ tomcat_catalina_home_dir }}/bin/{{ item }} state=link owner=root group=root mode=0644
|
ansible.builtin.file:
|
||||||
|
src: "/usr/share/java/{{ item }}"
|
||||||
|
dest: "{{ tomcat_catalina_home_dir }}/bin/{{ item }}"
|
||||||
|
state: link
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
with_items:
|
with_items:
|
||||||
- commons-daemon.jar
|
- commons-daemon.jar
|
||||||
when: tomcat_version is version_compare('8', '>=')
|
when: tomcat_version is version_compare('8', '>=')
|
||||||
|
|
|
@ -0,0 +1,55 @@
|
||||||
|
#
|
||||||
|
# Systemd unit file for Apache Tomcat
|
||||||
|
#
|
||||||
|
|
||||||
|
[Unit]
|
||||||
|
Description=Apache Tomcat {{ tomcat_version}} Web Application Server
|
||||||
|
After=syslog.target network.target
|
||||||
|
StartLimitIntervalSec=500
|
||||||
|
StartLimitBurst=5
|
||||||
|
RequiresMountsFor=/var/log/tomcat{{ tomcat_version }} /var/lib/tomcat{{ tomcat_version }}
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Environment="CATALINA_HOME=/usr/share/tomcat{{ tomcat_version }}"
|
||||||
|
Environment="CATALINA_BASE=/var/lib/tomcat{{ tomcat_version }}"
|
||||||
|
Environment="CATALINA_TMPDIR={{ tomcat_tmp_dir }}"
|
||||||
|
Environment="JAVA_OPTS=-Djava.awt.headless=true"
|
||||||
|
|
||||||
|
Type=simple
|
||||||
|
ExecStartPre=+/usr/libexec/tomcat{{ tomcat_version}}/tomcat-update-policy.sh
|
||||||
|
ExecStart=/bin/sh /usr/libexec/tomcat{{ tomcat_version }}/tomcat-start.sh
|
||||||
|
SuccessExitStatus=143
|
||||||
|
RestartSec=10
|
||||||
|
Restart=on-failure on-abort
|
||||||
|
# Logging
|
||||||
|
SyslogIdentifier=tomcat{{ tomcat_version }}
|
||||||
|
|
||||||
|
User={{ tomcat_user }}
|
||||||
|
Group={{ tomcat_user }}
|
||||||
|
{% if tomcat_systemd_security %}
|
||||||
|
PrivateTmp=yes
|
||||||
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||||
|
NoNewPrivileges=true
|
||||||
|
CacheDirectory=tomcat{{ tomcat_version }}
|
||||||
|
CacheDirectoryMode=750
|
||||||
|
ProtectSystem=strict
|
||||||
|
ReadWritePaths=/etc/tomcat{{ tomcat_version }}/Catalina/
|
||||||
|
ReadWritePaths={{ tomcat_webapps_dir }}
|
||||||
|
ReadWritePaths={{ tomcat_logdir }}
|
||||||
|
{% endif %}
|
||||||
|
{% if tomcat_systemd_security_enhanced %}
|
||||||
|
ProtectSystem=strict
|
||||||
|
ProtectHome=yes
|
||||||
|
PrivateDevices=yes
|
||||||
|
PrivateUsers=yes
|
||||||
|
ProtectKernelTunables=yes
|
||||||
|
ProtectKernelLogs=yes
|
||||||
|
ReadWritePaths={{ tomcat_work_dir }}
|
||||||
|
ReadWritePaths={{ tomcat_tmp_dir }}
|
||||||
|
RestrictAddressFamilies=AF_INET6 AF_INET
|
||||||
|
SystemCallArchitectures=native
|
||||||
|
SystemCallFilter=@system-service
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -0,0 +1,25 @@
|
||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# Startup script for Apache Tomcat with systemd
|
||||||
|
#
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# Load the service settings
|
||||||
|
. /etc/default/tomcat{{ tomcat_version}}
|
||||||
|
|
||||||
|
# Find the Java runtime and set JAVA_HOME
|
||||||
|
. /usr/libexec/tomcat{{ tomcat_version }}/tomcat-locate-java.sh
|
||||||
|
|
||||||
|
# Set the JSP compiler if configured in the /etc/default/tomcat10 file
|
||||||
|
[ -n "$JSP_COMPILER" ] && JAVA_OPTS="$JAVA_OPTS -Dbuild.compiler=\"$JSP_COMPILER\""
|
||||||
|
|
||||||
|
export JAVA_OPTS
|
||||||
|
|
||||||
|
# Enable the Java security manager?
|
||||||
|
SECURITY=""
|
||||||
|
[ "$SECURITY_MANAGER" = "true" ] && SECURITY="-security"
|
||||||
|
|
||||||
|
|
||||||
|
# Start Tomcat
|
||||||
|
cd $CATALINA_BASE && exec $CATALINA_HOME/bin/catalina.sh run $SECURITY
|
Loading…
Reference in New Issue