Add some tasks that add a systemd unit when it's not part of the package.

This commit is contained in:
Andrea Dell'Amico 2024-07-24 18:19:10 +02:00
parent 5251a37035
commit 39f3a8b96e
Signed by: adellam
GPG Key ID: 147ABE6CEB9E20FF
4 changed files with 203 additions and 45 deletions

View File

@ -5,6 +5,10 @@
# tomcat_fixed_version: 9
tomcat_pkg_state: present
tomcat_service_enabled: true
tomcat_use_systemd_unit: "{% if ansible_distribution_major_version is version_compare('18.04', '>=') %}true{{ tomcat_version }}{% else %}false{% endif %}"
tomcat_systemd_security_enhanced: false
tomcat_systemd_security: "{% if tomcat_systemd_security_enhanced %}true{% else %}false{% endif %}"
tomcat_pkgs:
- 'tomcat{{ tomcat_version }}'
- 'libtomcat{{ tomcat_version }}-java'
@ -60,6 +64,7 @@ tomcat_catalina_base_dir: '/var/lib/tomcat{{ tomcat_version }}'
tomcat_conf_dir: '/etc/tomcat{{ tomcat_version }}'
tomcat_webapps_dir: '{{ tomcat_catalina_base_dir }}/webapps'
tomcat_common_dir: '{{ tomcat_catalina_base_dir }}/common/'
tomcat_work_dir: '{{ tomcat_catalina_base_dir }}/work'
tomcat_common_classes_dir: '{{ tomcat_catalina_base_dir }}/common/classes'
tomcat_tmp_dir: '{{ tomcat_catalina_base_dir }}/tmp/tomcat'
tomcat_enable_catalina_shared_loader: true

View File

@ -1,93 +1,166 @@
---
- name: Set the tomcat version for ubuntu Trusy
set_fact:
- name: tomcat-pkgs | Set the tomcat version for ubuntu Trusy
ansible.builtin.set_fact:
tomcat_version: 7
when:
- ansible_distribution_major_version is version_compare('16.04', '<')
- tomcat_fixed_version is not defined
tags: [ 'tomcat', 'tomcat_ver', 'tomcat_conf', 'tomcat_javamelody' ]
tags: ['tomcat', 'tomcat_ver', 'tomcat_conf', 'tomcat_javamelody']
- name: Set the tomcat version for Ubuntu bionic
set_fact:
- name: tomcat-pkgs | Set the tomcat version for Ubuntu bionic
ansible.builtin.set_fact:
tomcat_version: 8
when:
- ansible_distribution_major_version is version_compare('18.04', '==')
- tomcat_fixed_version is not defined
tags: [ 'tomcat', 'tomcat_ver', 'tomcat_conf', 'tomcat_javamelody' ]
tags: ['tomcat', 'tomcat_ver', 'tomcat_conf', 'tomcat_javamelody']
- name: Set the tomcat version for Ubuntu bionic
set_fact:
- name: tomcat-pkgs | Set the tomcat version for Ubuntu bionic
ansible.builtin.set_fact:
tomcat_version: 10
when:
- ansible_distribution_major_version is version_compare('24.04', '==')
- tomcat_fixed_version is not defined
tags: [ 'tomcat', 'tomcat_ver', 'tomcat_conf', 'tomcat_javamelody' ]
tags: ['tomcat', 'tomcat_ver', 'tomcat_conf', 'tomcat_javamelody']
- name: Impose a tomcat version
set_fact:
- name: tomcat-pkgs | Impose a tomcat version
ansible.builtin.set_fact:
tomcat_version: '{{ tomcat_fixed_version }}'
when: tomcat_fixed_version is defined
tags: [ 'tomcat', 'tomcat_ver', 'tomcat_conf', 'tomcat_javamelody' ]
tags: ['tomcat', 'tomcat_ver', 'tomcat_conf', 'tomcat_javamelody']
- name: Print the Tomcat version
debug:
- name: tomcat-pkgs | Print the Tomcat version
ansible.builtin.debug:
msg: "The Tomcat version we are going to install is {{ tomcat_version }}"
tags: [ 'tomcat', 'tomcat_ver', 'tomcat_conf', 'tomcat_javamelody' ]
tags: ['tomcat', 'tomcat_ver', 'tomcat_conf', 'tomcat_javamelody']
- name: Install the tomcat packages
apt: pkg={{ tomcat_pkgs }} state={{ tomcat_pkg_state }} cache_valid_time=1800
- name: tomcat-pkgs | Install the tomcat packages
ansible.builtin.apt:
pkg: "{{ tomcat_pkgs }}"
state: "{{ tomcat_pkg_state }}"
cache_valid_time: 1800
tags: tomcat
- name: Install additional packages needed by tomcat 8+
apt: pkg={{ tomcat8_additional_pkgs }} state={{ tomcat_pkg_state }} cache_valid_time=1800
- name: tomcat-pkgs | Install additional packages needed by tomcat 8+
ansible.builtin.apt:
pkg: "{{ tomcat8_additional_pkgs }}"
state: "{{ tomcat_pkg_state }}"
cache_valid_time: 1800
when: tomcat_version is version_compare('8', '>=')
tags: [ 'tomcat', 'tomcat_javamelody', 'tomcat_conf', 'tomcat_javamelody' ]
tags: ['tomcat', 'tomcat_javamelody', 'tomcat_conf', 'tomcat_javamelody']
- name: Create the tomcat tmp directory
file: dest={{ tomcat_tmp_dir }} state=directory owner={{ tomcat_user }} group={{ tomcat_user }}
- name: tomcat-pkgs | Create the tomcat tmp directory
ansible.builtin.file:
dest: "{{ tomcat_tmp_dir }}"
state: directory
owner: "{{ tomcat_user }}"
group: "{{ tomcat_user }}"
mode: "0750"
notify: tomcat restart
tags: tomcat
- name: Create the catalina temp directory, if different from the default
file: dest={{ catalina_tmp_directory }} state=directory owner={{ tomcat_user }} group={{ tomcat_user }}
- name: tomcat-pkgs | Create the catalina temp directory, if different from the default
ansible.builtin.file:
dest: "{{ catalina_tmp_directory }}"
state: directory
owner: "{{ tomcat_user }}"
group: "{{ tomcat_user }}"
mode: "0750"
when: catalina_tmp_directory is defined
notify: tomcat restart
tags: tomcat
- name: Configure tomcat defaults
template: src=tomcat-default.j2 dest=/etc/default/tomcat{{ tomcat_version }}
- name: tomcat-pkgs | Configure tomcat defaults
ansible.builtin.template:
src: tomcat-default.j2
dest: "/etc/default/tomcat{{ tomcat_version }}"
owner: root
group: "{{ tomcat_user }}"
mode: "0640"
when: tomcat_install_default_conf | bool
notify: tomcat restart
tags: [ 'tomcat', 'tomcat_default', 'tomcat_conf' ]
tags: ['tomcat', 'tomcat_default', 'tomcat_conf']
- name: Configure tomcat server.xml
template: src=tomcat-server.xml.j2 dest={{ tomcat_conf_dir }}/server.xml
- name: tomcat-pkgs | Configure tomcat server.xml
ansible.builtin.template:
src: tomcat-server.xml.j2
dest: "{{ tomcat_conf_dir }}/server.xml"
owner: root
group: "{{ tomcat_user }}"
mode: "0640"
when: tomcat_install_server_xml | bool
notify: tomcat restart
tags: [ 'tomcat', 'tomcat_serverxml', 'tomcat_conf' ]
tags: ['tomcat', 'tomcat_serverxml', 'tomcat_conf']
- name: Configure tomcat web.xml
template: src=tomcat-web.xml.j2 dest={{ tomcat_conf_dir }}/web.xml
- name: tomcat-pkgs | Configure tomcat web.xml
ansible.builtin.template:
src: tomcat-web.xml.j2
dest: "{{ tomcat_conf_dir }}/web.xml"
owner: root
group: "{{ tomcat_user }}"
mode: "0640"
notify: tomcat restart
tags: [ 'tomcat', 'tomcat_serverxml', 'tomcat_conf' ]
tags: ['tomcat', 'tomcat_serverxml', 'tomcat_conf']
- name: Install a slightly modified catalina.properties
template: src=catalina.properties.j2 dest={{ tomcat_conf_dir }}/catalina.properties owner=root group={{ tomcat_user }} mode=0644
- name: tomcat-pkgs | Install the startup script used by the systemd unit
ansible.builtin.template:
src: tomcat-start.sh.j2
dest: "/usr/libexec/tomcat{{ tomcat_version }}/tomcat-start.sh"
owner: root
group: root
mode: "0755"
notify: tomcat restart
when:
- tomcat_use_systemd_unit
- ansible_distribution_major_version is version_compare('24.04', '<')
tags: ['tomcat', 'tomcat_serverxml', 'tomcat_conf']
- name: tomcat-pkgs | Install the systemd unit
ansible.builtin.template:
src: tomcat-service.j2
dest: "/etc/systemd/system/tomcat{{ tomcat_version }}"
owner: root
group: root
mode: "0644"
notify: tomcat restart
when:
- tomcat_use_systemd_unit
- ansible_distribution_major_version is version_compare('24.04', '<')
tags: ['tomcat', 'tomcat_serverxml', 'tomcat_conf']
- name: tomcat-pkgs | Install a slightly modified catalina.properties
ansible.builtin.template:
src: catalina.properties.j2
dest: "{{ tomcat_conf_dir }}/catalina.properties"
owner: root
group: "{{ tomcat_user }}"
mode: "0644"
when: tomcat_install_default_conf | bool
notify: tomcat restart
tags: [ 'tomcat', 'tomcat_catalinaprops' ]
tags: ['tomcat', 'tomcat_catalinaprops']
- name: Create some directories that the package do not creates itself
file: dest={{ tomcat_catalina_home_dir }}/{{ item }} state=directory owner={{ tomcat_user }} group={{ tomcat_user }} mode=0755
- name: tomcat-pkgs | Create some directories that the package do not creates itself
ansible.builtin.file:
dest: "{{ tomcat_catalina_home_dir }}/{{ item }}"
state: directory
owner: "{{ tomcat_user }}"
group: "{{ tomcat_user }}"
mode: "0755"
with_items:
- common/classes
- server/classes
- shared/classes
tags: tomcat
- name: On tomcat8, create a link to commons-daemon.jar to avoid exceptions at startup
file: src=/usr/share/java/{{ item }} dest={{ tomcat_catalina_home_dir }}/bin/{{ item }} state=link owner=root group=root mode=0644
- name: tomcat-pkgs | On tomcat8, create a link to commons-daemon.jar to avoid exceptions at startup
ansible.builtin.file:
src: "/usr/share/java/{{ item }}"
dest: "{{ tomcat_catalina_home_dir }}/bin/{{ item }}"
state: link
owner: root
group: root
mode: "0644"
with_items:
- commons-daemon.jar
when: tomcat_version is version_compare('8', '>=')
tags: [ 'tomcat', 'tomcat_conf' ]
tags: ['tomcat', 'tomcat_conf']

View File

@ -0,0 +1,55 @@
#
# Systemd unit file for Apache Tomcat
#
[Unit]
Description=Apache Tomcat {{ tomcat_version}} Web Application Server
After=syslog.target network.target
StartLimitIntervalSec=500
StartLimitBurst=5
RequiresMountsFor=/var/log/tomcat{{ tomcat_version }} /var/lib/tomcat{{ tomcat_version }}
[Service]
Environment="CATALINA_HOME=/usr/share/tomcat{{ tomcat_version }}"
Environment="CATALINA_BASE=/var/lib/tomcat{{ tomcat_version }}"
Environment="CATALINA_TMPDIR={{ tomcat_tmp_dir }}"
Environment="JAVA_OPTS=-Djava.awt.headless=true"
Type=simple
ExecStartPre=+/usr/libexec/tomcat{{ tomcat_version}}/tomcat-update-policy.sh
ExecStart=/bin/sh /usr/libexec/tomcat{{ tomcat_version }}/tomcat-start.sh
SuccessExitStatus=143
RestartSec=10
Restart=on-failure on-abort
# Logging
SyslogIdentifier=tomcat{{ tomcat_version }}
User={{ tomcat_user }}
Group={{ tomcat_user }}
{% if tomcat_systemd_security %}
PrivateTmp=yes
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
CacheDirectory=tomcat{{ tomcat_version }}
CacheDirectoryMode=750
ProtectSystem=strict
ReadWritePaths=/etc/tomcat{{ tomcat_version }}/Catalina/
ReadWritePaths={{ tomcat_webapps_dir }}
ReadWritePaths={{ tomcat_logdir }}
{% endif %}
{% if tomcat_systemd_security_enhanced %}
ProtectSystem=strict
ProtectHome=yes
PrivateDevices=yes
PrivateUsers=yes
ProtectKernelTunables=yes
ProtectKernelLogs=yes
ReadWritePaths={{ tomcat_work_dir }}
ReadWritePaths={{ tomcat_tmp_dir }}
RestrictAddressFamilies=AF_INET6 AF_INET
SystemCallArchitectures=native
SystemCallFilter=@system-service
{% endif %}
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,25 @@
#!/bin/sh
#
# Startup script for Apache Tomcat with systemd
#
set -e
# Load the service settings
. /etc/default/tomcat{{ tomcat_version}}
# Find the Java runtime and set JAVA_HOME
. /usr/libexec/tomcat{{ tomcat_version }}/tomcat-locate-java.sh
# Set the JSP compiler if configured in the /etc/default/tomcat10 file
[ -n "$JSP_COMPILER" ] && JAVA_OPTS="$JAVA_OPTS -Dbuild.compiler=\"$JSP_COMPILER\""
export JAVA_OPTS
# Enable the Java security manager?
SECURITY=""
[ "$SECURITY_MANAGER" = "true" ] && SECURITY="-security"
# Start Tomcat
cd $CATALINA_BASE && exec $CATALINA_HOME/bin/catalina.sh run $SECURITY