First import of the old role.

This commit is contained in:
Andrea Dell'Amico 2020-06-01 18:55:11 +02:00
parent c6346bdc61
commit a031904751
27 changed files with 5336 additions and 68 deletions

View File

@ -1,31 +1,41 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
A role that installs the tomcat packages
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
The most important variables are listed below:
``` yaml
tomcat_min_heap_size: 2048m
tomcat_heap_size: '{{ tomcat_min_heap_size }}'
tomcat_other_java_opts: ""
tomcat_javamelody: False
tomcat_install_admin: False
tomcat_manager_gui_user_enabled: True
tomcat_manager_gui_user: guiadmin
tomcat_manager_gui_r: "manager-gui"
#tomcat_manager_gui_pwd: *See the vault file*
tomcat_manager_script_user_enabled: False
tomcat_manager_script_user: scriptadmin
tomcat_manager_script_r: "manager-script"
#tomcat_manager_script_pwd: *See the vault file*
tomcat_manager_jmx_user_enabled: False
tomcat_manager_jmx_user: jmxadmin
tomcat_manager_jmx_r: "manager-jmx"
#tomcat_manager_jmx_pwd: *See the vault file*
tomcat_manager_status_user_enabled: False
tomcat_manager_status_user: statusadmin
tomcat_manager_status_r: "manager-status"
#tomcat_manager_status_pwd: *See the vault file*
```
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
openjdk, <git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-openjdk.git>
License
-------
@ -35,4 +45,4 @@ EUPL-1.2
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
Andrea Dell'Amico, <andrea.dellamico@isti.cnr.it>

View File

@ -1,2 +1,135 @@
---
# defaults file for ansible-role-template
# The tomcat version is set at runtime. It changes from one distribution to the other.
#tomcat_version: 7
# To force a tomcat version set the following variable:
# tomcat_fixed_version: 9
tomcat_pkg_state: present
tomcat_service_enabled: True
tomcat_pkgs:
- 'tomcat{{ tomcat_version }}'
- 'libtomcat{{ tomcat_version }}-java'
- 'tomcat{{ tomcat_version }}-common'
- libapr1
tomcat8_additional_pkgs:
- jsvc
- libcommons-daemon-java
tomcat_user: 'tomcat{{ tomcat_version }}'
tomcat_max_threads: 200
tomcat_min_heap_size: 2048m
tomcat_permgen_defined: True
tomcat_heap_size: '{{ tomcat_min_heap_size }}'
tomcat_permgen_size: 512m
tomcat_file_encoding: 'UTF-8'
tomcat_java_opts: "-Xms{{ tomcat_min_heap_size }} -Xmx{{ tomcat_heap_size }}"
tomcat_additional_java_8_opts: "-XX:+CrashOnOutOfMemoryError"
tomcat_java_gc_opts: "-XX:+UseConcMarkSweepGC"
#tomcat_other_java_opts: "-Djsse.enableSNIExtension=false"
tomcat_proxy_enabled: False
tomcat_proxy_http_host: 'localhost'
tomcat_proxy_http_port: '3128'
tomcat_proxy_https_host: '{{ tomcat_proxy_http_host }}'
tomcat_proxy_https_port: '{{ tomcat_proxy_http_port }}'
tomcat_proxy_opts: "-DproxySet=true -Dhttp.proxyHost={{ tomcat_proxy_http_host }} -Dhttp.proxyPort={{ tomcat_proxy_http_port }} -Dhttps.proxyHost={{ tomcat_proxy_https_host }} -Dhttps.proxyPort={{ tomcat_proxy_https_port }}"
tomcat_other_java_opts: ""
tomcat_install_server_xml: True
tomcat_install_default_conf: True
tomcat_load_additional_default_conf: True
tomcat_http_enabled: True
tomcat_http_port: 8080
tomcat_http_address: 0.0.0.0
tomcat_webapps_autodeploy: False
tomcat_webapps_unpack: False
tomcat_ajp_enabled: False
tomcat_ajp_port: 8009
tomcat_ajp_address: 127.0.0.1
tomcat_direct_access: False
tomcat_reverse_proxy_name_enabled: False
tomcat_reverse_proxy_name: '{{ ansible_fqdn }}'
tomcat_reverse_proxy_port: '{{ http_port | default(80) }}'
# There is a bug that kills tomcat after 50 days if the shutdown port is enabled
# Disable the shutdown port by default
#tomcat_shutdown_port: 8005
tomcat_shutdown_port: -1
tomcat_shutdown_pwd: "{{ lookup('password', '/tmp/passwordfile chars=ascii_letters,digits') }}"
tomcat_restart_timeout: 300
tomcat_max_post_size: 1000000
tomcat_catalina_home_dir: '/usr/share/tomcat{{ tomcat_version }}'
tomcat_catalina_base_dir: '/var/lib/tomcat{{ tomcat_version }}'
tomcat_conf_dir: '/etc/tomcat{{ tomcat_version }}'
tomcat_webapps_dir: '{{ tomcat_catalina_base_dir }}/webapps'
tomcat_common_dir: '{{ tomcat_catalina_base_dir }}/common/'
tomcat_common_classes_dir: '{{ tomcat_catalina_base_dir }}/common/classes'
tomcat_tmp_dir: '{{ tomcat_catalina_base_dir }}/tmp/tomcat'
# JMX and debugging
tomcat_enable_remote_debugging: False
tomcat_remote_debugging_host: '0.0.0.0'
tomcat_remote_debugging_port: ':8100'
tomcat_remote_debugging_uri: '{{ tomcat_remote_debugging_host }}:{{ tomcat_remote_debugging_port }}'
#
tomcat_jmx_enabled: False
tomcat_jmx_auth_enabled: False
tomcat_jmx_port: 8082
tomcat_jmx_auth_dir: '{{ tomcat_conf_dir }}'
tomcat_jmx_use_ssl: False
# The following work with jdk >= 7.0.25 only
tomcat_jmx_disable_additional_ports: True
tomcat_jmx_localhost_only: False
# tomcat_jmx_monitorpass: define_in_a_vault_file
# tomcat_jmx_controlpass: define_in_a_vault_file
# Metrics monitoring via javamelody
tomcat_javamelody: False
#tomcat_javamelody_version: latest
tomcat_javamelody_version: 1.82.0
# tomcat logging
tomcat_logdir: '/var/log/tomcat{{ tomcat_version }}'
tomcat_use_log4j: True
tomcat_install_the_log4j_properties: True
tomcat_retain_old_logs: 30
tomcat_log_rotation_threshold: "ALL"
tomcat_log_max_file_size: "100MB"
tomcat_log_level: INFO
tomcat_log_logger: CATALINA
tomcat_access_log_enabled: True
tomcat_access_log_rotation_freq: "daily"
#
# Define them if you want to send all the logs to an ELK installation
tomcat_send_to_logstash: False
tomcat_logstash_collector_host: logstash
tomcat_logstash_collector_socketappender_port: 4560
tomcat_logstash_collector_socketappender_reconndelay: 10000
# Set to LOGSTASH only if you do not want local logs
tomcat_logstash_logger: CATALINA, LOGSTASH
#tomcat_access_log_file_name: localhost_access.log
#
# Administrative interface
tomcat_install_admin: False
tomcat_manager_gui_user_enabled: True
tomcat_manager_gui_user: guiadmin
tomcat_manager_gui_r: "manager-gui"
#tomcat_manager_gui_pwd: *See the vault file*
tomcat_manager_script_user_enabled: False
tomcat_manager_script_user: scriptadmin
tomcat_manager_script_r: "manager-script"
#tomcat_manager_script_pwd: *See the vault file*
tomcat_manager_jmx_user_enabled: False
tomcat_manager_jmx_user: jmxadmin
tomcat_manager_jmx_r: "manager-jmx"
#tomcat_manager_jmx_pwd: *See the vault file*
tomcat_manager_status_user_enabled: False
tomcat_manager_status_user: statusadmin
tomcat_manager_status_r: "manager-status"
#tomcat_manager_status_pwd: *See the vault file*
#
tomcat_install_jdbc: False
tomcat_install_pg_jdbc: '{{ tomcat_install_jdbc }}'
# Not used yet
tomcat_install_mysql_jdbc: False

131
files/catalina.properties Normal file
View File

@ -0,0 +1,131 @@
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when
# passed to checkPackageAccess unless the
# corresponding RuntimePermission ("accessClassInPackage."+package) has
# been granted.
package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.
#
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when
# passed to checkPackageDefinition unless the
# corresponding RuntimePermission ("defineClassInPackage."+package) has
# been granted.
#
# by default, no packages are restricted for definition, and none of
# the class loaders supplied with the JDK call checkPackageDefinition.
#
package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.
#
#
# List of comma-separated paths defining the contents of the "common"
# classloader. Prefixes should be used to define what is the repository type.
# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute.
# If left as blank,the JVM system loader will be used as Catalina's "common"
# loader.
# Examples:
# "foo": Add this folder as a class repository
# "foo/*.jar": Add all the JARs of the specified folder as class
# repositories
# "foo/bar.jar": Add bar.jar as a class repository
common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar,${catalina.home}/common/classes,${catalina.home}/common/*.jar,${catalina.base}/common/classes,${catalina.base}/common/*.jar
#
# List of comma-separated paths defining the contents of the "server"
# classloader. Prefixes should be used to define what is the repository type.
# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute.
# If left as blank, the "common" loader will be used as Catalina's "server"
# loader.
# Examples:
# "foo": Add this folder as a class repository
# "foo/*.jar": Add all the JARs of the specified folder as class
# repositories
# "foo/bar.jar": Add bar.jar as a class repository
server.loader=${catalina.home}/server/classes,${catalina.home}/server/*.jar,${catalina.base}/server/classes,${catalina.base}/server/*.jar
#
# List of comma-separated paths defining the contents of the "shared"
# classloader. Prefixes should be used to define what is the repository type.
# Path may be relative to the CATALINA_BASE path or absolute. If left as blank,
# the "common" loader will be used as Catalina's "shared" loader.
# Examples:
# "foo": Add this folder as a class repository
# "foo/*.jar": Add all the JARs of the specified folder as class
# repositories
# "foo/bar.jar": Add bar.jar as a class repository
# Please note that for single jars, e.g. bar.jar, you need the URL form
# starting with file:.
shared.loader=${catalina.home}/shared/classes,${catalina.home}/shared/*.jar,${catalina.base}/shared/classes,${catalina.base}/shared/*.jar
# List of JAR files that should not be scanned using the JarScanner
# functionality. This is typically used to scan JARs for configuration
# information. JARs that do not contain such information may be excluded from
# the scan to speed up the scanning process. This is the default list. JARs on
# this list are excluded from all scans. Scan specific lists (to exclude JARs
# from individual scans) follow this. The list must be a comma separated list of
# JAR file names.
# The JARs listed below include:
# - Tomcat Bootstrap JARs
# - Tomcat API JARs
# - Catalina JARs
# - Jasper JARs
# - Tomcat JARs
# - Common non-Tomcat JARs
# - Test JARs (JUnit, Cobertura and dependencies)
tomcat.util.scan.DefaultJarScanner.jarsToSkip=\
bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,\
annotations-api.jar,el-api.jar,jsp-api.jar,servlet-api.jar,websocket-api.jar,\
catalina.jar,catalina-ant.jar,catalina-ha.jar,catalina-tribes.jar,\
jasper.jar,jasper-el.jar,ecj-*.jar,\
tomcat-api.jar,tomcat-util.jar,tomcat-coyote.jar,tomcat-dbcp.jar,\
tomcat-jni.jar,tomcat-spdy.jar,\
tomcat-i18n-en.jar,tomcat-i18n-es.jar,tomcat-i18n-fr.jar,tomcat-i18n-ja.jar,\
tomcat-juli-adapters.jar,catalina-jmx-remote.jar,catalina-ws.jar,\
tomcat-jdbc.jar,\
tools.jar,\
commons-beanutils*.jar,commons-codec*.jar,commons-collections*.jar,\
commons-dbcp*.jar,commons-digester*.jar,commons-fileupload*.jar,\
commons-httpclient*.jar,commons-io*.jar,commons-lang*.jar,commons-logging*.jar,\
commons-math*.jar,commons-pool*.jar,\
jstl.jar,\
geronimo-spec-jaxrpc*.jar,wsdl4j*.jar,\
ant.jar,ant-junit*.jar,aspectj*.jar,jmx.jar,h2*.jar,hibernate*.jar,httpclient*.jar,\
jmx-tools.jar,jta*.jar,log4j.jar,log4j-1*.jar,mail*.jar,slf4j*.jar,\
xercesImpl.jar,xmlParserAPIs.jar,xml-apis.jar,\
junit.jar,junit-*.jar,hamcrest*.jar,org.hamcrest*.jar,ant-launcher.jar,\
cobertura-*.jar,asm-*.jar,dom4j-*.jar,icu4j-*.jar,jaxen-*.jar,jdom-*.jar,\
jetty-*.jar,oro-*.jar,servlet-api-*.jar,tagsoup-*.jar,xmlParserAPIs-*.jar,\
xom-*.jar
# Additional JARs (over and above the default JARs listed above) to skip when
# scanning for Servlet 3.0 pluggability features. These features include web
# fragments, annotations, SCIs and classes that match @HandlesTypes. The list
# must be a comma separated list of JAR file names.
org.apache.catalina.startup.ContextConfig.jarsToSkip=
# Additional JARs (over and above the default JARs listed above) to skip when
# scanning for TLDs. The list must be a comma separated list of JAR file names.
org.apache.catalina.startup.TldConfig.jarsToSkip=tomcat7-websocket.jar
#
# String cache configuration.
tomcat.util.buf.StringCache.byte.enabled=true
#tomcat.util.buf.StringCache.char.enabled=true
#tomcat.util.buf.StringCache.trainThreshold=500000
#tomcat.util.buf.StringCache.cacheSize=5000

2
files/jmxremote.access Normal file
View File

@ -0,0 +1,2 @@
monitorRole readonly
controlRole readwrite

49
files/logging.properties Normal file
View File

@ -0,0 +1,49 @@
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
handlers = 1catalina.org.apache.juli.FileHandler, 2localhost.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler
.handlers = 1catalina.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler
############################################################
# Handler specific properties.
# Describes specific configuration info for Handlers.
############################################################
1catalina.org.apache.juli.FileHandler.level = FINE
1catalina.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
1catalina.org.apache.juli.FileHandler.prefix = catalina.
2localhost.org.apache.juli.FileHandler.level = FINE
2localhost.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
2localhost.org.apache.juli.FileHandler.prefix = localhost.
java.util.logging.ConsoleHandler.level = FINE
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
############################################################
# Facility specific properties.
# Provides extra control for each logger.
############################################################
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers = 2localhost.org.apache.juli.FileHandler
# For example, set the com.xyz.foo logger to only log SEVERE
# messages:
#org.apache.catalina.startup.ContextConfig.level = FINE
#org.apache.catalina.startup.HostConfig.level = FINE
#org.apache.catalina.session.ManagerBase.level = FINE
#org.apache.catalina.core.AprLifecycleListener.level=FINE

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -1,2 +1,12 @@
---
# handlers file for ansible-role-template
- name: tomcat restart
service: name='tomcat{{ tomcat_version }}' state=restarted sleep=20
when: tomcat_service_enabled
- name: enable tomcat
service: name='tomcat{{ tomcat_version }}' state=started enabled=yes
when: tomcat_service_enabled
- name: disable tomcat
service: name='tomcat{{ tomcat_version }}' state=started enabled=no
when: not tomcat_service_enabled

View File

@ -1,61 +1,28 @@
galaxy_info:
author: your name
description: your description
author: Andrea Dell'Amico
description: Systems Architect
company: ISTI-CNR
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
issue_tracker_url: https://redmine-s2i2s.isti.cnr.it/projects/provisioning
# Some suggested licenses:
# - BSD (default)
# - MIT
# - GPLv2
# - GPLv3
# - Apache
# - CC-BY
license: EUPL-1.2
license: EUPL 1.2+
min_ansible_version: 2.8
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
# Optionally specify the branch Galaxy will use when accessing the GitHub
# repo for this role. During role install, if no tags are available,
# Galaxy will use this branch. During import Galaxy will access files on
# this branch. If Travis integration is configured, only notifications for this
# branch will be accepted. Otherwise, in all cases, the repo's default branch
# (usually master) will be used.
#github_branch:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
platforms:
- name: Ubuntu
versions:
- bionic
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
galaxy_tags:
- tomcat
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.
dependencies:
- src: git+https://gitea-s2i2s.isti.cnr.it/ISTI-ansible-roles/ansible-role-openjdk.git
version: master
name: openjdk
state: latest

6
tasks/access_log.yml Normal file
View File

@ -0,0 +1,6 @@
---
- name: Install a logrotate entry for the access log file
template: src=tomcat_access.logrotate.j2 dest=/etc/logrotate.d/tomcat_access owner=root group=root mode=0644
when: tomcat_access_log_enabled
tags: tomcat

View File

@ -1,2 +1,24 @@
---
# tasks file for ansible-role-template
- import_tasks: tomcat-pkgs.yml
- import_tasks: tomcat-admin.yml
when: tomcat_install_admin
- import_tasks: tomcat-jmx.yml
when:
- tomcat_jmx_enabled
- tomcat_jmx_auth_enabled
tags: [ 'tomcat', 'jmx' ]
- import_tasks: tomcat-log4j-logging.yml
when:
- tomcat_use_log4j
- tomcat_version <= 7
tags: [ 'tomcat', 'tomcat_log4j' ]
- import_tasks: tomcat-logger-logging.yml
when: not tomcat_use_log4j or tomcat_version > 7
- import_tasks: access_log.yml
when: tomcat_access_log_enabled
- import_tasks: pgsql_jdbc.yml
when: tomcat_install_pg_jdbc
- import_tasks: not_pgsql_jdbc.yml
when: not tomcat_install_pg_jdbc

9
tasks/not_pgsql_jdbc.yml Normal file
View File

@ -0,0 +1,9 @@
---
- name: Do not load the postgresql jdbc driver on tomcat if not needed
file: dest={{ tomcat_catalina_home_dir }}/lib/{{ item }} state=absent
with_items:
- postgresql-jdbc4.jar
when: not tomcat_install_pg_jdbc
notify: tomcat restart
tags: tomcat

16
tasks/pgsql_jdbc.yml Normal file
View File

@ -0,0 +1,16 @@
---
# Postgresql JDBC
- name: Install the jdbc package if needed
apt: pkg=libpostgresql-jdbc-java state=present
when: tomcat_install_pg_jdbc
tags: [ 'tomcat', 'tomcat_jdbc' ]
- name: Configure tomcat to use the global postgresql jdbc driver
file: src=/usr/share/java/{{ item }} dest=/usr/share/tomcat{{ tomcat_version }}/lib/{{ item }} state=link
with_items:
- postgresql-jdbc4.jar
when: tomcat_install_pg_jdbc
notify:
tomcat restart
tags: [ 'tomcat', 'tomcat_jdbc' ]

10
tasks/tomcat-admin.yml Normal file
View File

@ -0,0 +1,10 @@
---
- name: Install the tomcat console management package
apt: pkg=tomcat{{ tomcat_version }}-admin state={{ tomcat_pkg_state }}
tags: tomcat
- name: Install the tomcat users file
template: src=tomcat-users.xml.j2 dest={{ tomcat_conf_dir }}/tomcat-users.xml owner=root group={{ tomcat_user }} mode=0640
notify: tomcat restart
tags: tomcat

16
tasks/tomcat-jmx.yml Normal file
View File

@ -0,0 +1,16 @@
---
- name: Distribute the jmx authorization file
template: src=jmxremote.passwd.j2 dest={{ tomcat_jmx_auth_dir }}/jmxremote.passwd owner={{ tomcat_user }} mode=0600
when:
- tomcat_jmx_enabled
- tomcat_jmx_auth_enabled
notify: tomcat restart
tags: [ 'tomcat', 'jmx' ]
- name: Distribute the jmx role file
copy: src=jmxremote.access dest={{ tomcat_jmx_auth_dir }}/jmxremote.access owner=root mode=0644
when:
- tomcat_jmx_enabled
- tomcat_jmx_auth_enabled
notify: tomcat restart
tags: [ 'tomcat', 'jmx' ]

View File

@ -0,0 +1,41 @@
---
# Manage tomcat internal logs with log4j
- name: Install log4j
apt: pkg=liblog4j1.2-java state={{ tomcat_pkg_state }}
notify: tomcat restart
tags: [ 'tomcat', 'tomcat_log4j' ]
- name: Install tomcat-juli-adapters
copy: src=tomcat{{ tomcat_version }}-juli-adapters.jar dest=/usr/share/java/tomcat-juli-adapters.jar
tags: [ 'tomcat', 'tomcat_log4j' ]
- name: Install tomcat-juli
copy: src=tomcat{{ tomcat_version }}-juli-log4j.jar dest=/usr/share/java/tomcat-juli-log4j.jar
tags: [ 'tomcat', 'tomcat_log4j' ]
- name: Configure tomcat to use the log4j system library
file: src=/usr/share/java/{{ item }} dest={{ tomcat_catalina_home_dir }}/lib/{{ item }} state=link
with_items:
- log4j-1.2.jar
- tomcat-juli-adapters.jar
notify: tomcat restart
tags: [ 'tomcat', 'tomcat_log4j' ]
- name: Configure tomcat to use the log4j version of the juli library
file: src=/usr/share/java/{{ item }} dest={{ tomcat_catalina_home_dir }}/bin/tomcat-juli.jar state=link
with_items:
- tomcat-juli-log4j.jar
notify: tomcat restart
tags: [ 'tomcat', 'tomcat_log4j' ]
- name: Install log4j.properties
template: src=log4j.properties.j2 dest={{ tomcat_catalina_home_dir }}/lib/log4j.properties mode=0644 owner=root group=root
when: tomcat_install_the_log4j_properties
notify: tomcat restart
tags: [ 'tomcat', 'tomcat_log4j' ]
- name: Remove logging.properties
file: dest=/etc/tomcat{{ tomcat_version }}/logging.properties state=absent
notify: tomcat restart
tags: [ 'tomcat', 'tomcat_log4j' ]

View File

@ -0,0 +1,26 @@
---
- name: Remove the system log4j library from the tomcat libdir
file: dest={{ tomcat_catalina_home_dir }}/lib/{{ item }} state=absent
with_items:
- log4j-1.2.jar
- tomcat-juli-adapters.jar
notify: tomcat restart
tags: tomcat
- name: Configure tomcat to use the standard version of the juli library
file: src=/usr/share/java/{{ item }} dest={{ tomcat_catalina_home_dir }}/bin/{{ item }} state=link
with_items:
- 'tomcat{{ tomcat_version }}-juli.jar'
notify: tomcat restart
tags: tomcat
- name: Remove the system log4j.properties
file: dest={{ tomcat_catalina_home_dir }}/lib/log4j.properties state=absent
notify: tomcat restart
tags: tomcat
- name: Install logging.properties
copy: src=logging.properties dest=/etc/tomcat{{ tomcat_version }}/logging.properties owner=root group=root mode=0644
notify: tomcat restart
tags: tomcat

111
tasks/tomcat-pkgs.yml Normal file
View File

@ -0,0 +1,111 @@
---
- name: Set the tomcat version for ubuntu Trusy
set_fact:
tomcat_version: 7
when:
- ansible_distribution_major_version <= '16'
- tomcat_fixed_version is not defined
tags: [ 'tomcat', 'tomcat_ver', 'tomcat_conf', 'tomcat_javamelody' ]
- name: Set the tomcat version for Ubuntu bionic
set_fact:
tomcat_version: 8
when:
- ansible_distribution_major_version == '18'
- tomcat_fixed_version is not defined
tags: [ 'tomcat', 'tomcat_ver', 'tomcat_conf', 'tomcat_javamelody' ]
- name: Impose a tomcat version
set_fact:
tomcat_version: '{{ tomcat_fixed_version }}'
when: tomcat_fixed_version is defined
tags: [ 'tomcat', 'tomcat_ver', 'tomcat_conf', 'tomcat_javamelody' ]
- name: Print the Tomcat version
debug:
msg: "The Tomcat version we are going to install is {{ tomcat_version }}"
tags: [ 'tomcat', 'tomcat_ver', 'tomcat_conf', 'tomcat_javamelody' ]
- name: Install the tomcat packages
apt: pkg={{ tomcat_pkgs }} state={{ tomcat_pkg_state }} cache_valid_time=1800
tags: tomcat
- name: Install additional packages needed by tomcat 8+
apt: pkg={{ tomcat8_additional_pkgs }} state={{ tomcat_pkg_state }} cache_valid_time=1800
when: tomcat_version >= 8
tags: [ 'tomcat', 'tomcat_javamelody', 'tomcat_conf', 'tomcat_javamelody' ]
- name: Create the tomcat tmp directory
file: dest={{ tomcat_tmp_dir }} state=directory owner={{ tomcat_user }} group={{ tomcat_user }}
notify: tomcat restart
tags: tomcat
- name: Create the catalina temp directory, if different from the default
file: dest={{ catalina_tmp_directory }} state=directory owner={{ tomcat_user }} group={{ tomcat_user }}
when: catalina_tmp_directory is defined
notify: tomcat restart
tags: tomcat
- name: Configure tomcat defaults
template: src=tomcat-default.j2 dest=/etc/default/tomcat{{ tomcat_version }}
when: tomcat_install_default_conf | bool
notify: tomcat restart
tags: [ 'tomcat', 'tomcat_default' ]
- name: Configure tomcat server.xml
template: src=tomcat-server.xml.j2 dest={{ tomcat_conf_dir }}/server.xml
when: tomcat_install_server_xml | bool
notify: tomcat restart
tags: [ 'tomcat', 'tomcat_serverxml' ]
- name: Configure tomcat web.xml
template: src=tomcat-web.xml.j2 dest={{ tomcat_conf_dir }}/web.xml
notify: tomcat restart
tags: [ 'tomcat', 'tomcat_serverxml' ]
- name: Install a slightly modified catalina.properties
copy: src=catalina.properties dest={{ tomcat_conf_dir }}/catalina.properties owner=root group={{ tomcat_user }} mode=0644
when: tomcat_install_default_conf | bool
notify: tomcat restart
tags: [ 'tomcat', 'tomcat_catalinaprops' ]
- name: Create some directories that the package do not creates itself
file: dest={{ tomcat_catalina_home_dir }}/{{ item }} state=directory owner={{ tomcat_user }} group={{ tomcat_user }} mode=0755
with_items:
- common/classes
- server/classes
- shared/classes
tags: tomcat
- name: On tomcat8, create a link to commons-daemon.jar to avoid exceptions at startup
file: src=/usr/share/java/{{ item }} dest={{ tomcat_catalina_home_dir }}/bin/{{ item }} state=link owner=root group=root mode=0644
with_items:
- commons-daemon.jar
when: tomcat_version >= 8
tags: [ 'tomcat', 'tomcat_conf' ]
- name: Install the javamelody dependency jar into the Java shared libs directory
maven_artifact: artifact_id=jrobin version=latest group_id=org.jrobin extension=jar dest=/usr/share/java/jrobin.jar verify_checksum=always mode=0644 owner=root group=root repository_url=https://repo1.maven.org/maven2
when: tomcat_javamelody | bool
tags: [ 'tomcat', 'tomcat_javamelody', 'tomcat_conf' ]
- name: Install the javamelody-core jar into the Java shared libs directory
maven_artifact: artifact_id=javamelody-core version={{ tomcat_javamelody_version }} group_id=net.bull.javamelody extension=jar dest=/usr/share/java/javamelody-core.jar verify_checksum=always mode=0644 owner=root group=root repository_url=https://repo1.maven.org/maven2
when: tomcat_javamelody | bool
tags: [ 'tomcat', 'tomcat_javamelody', 'tomcat_conf' ]
- name: Create a link to the the javamelody jar and its dependencies if the javamelody support is enabled
file: src=../../java/{{ item }} dest={{ tomcat_catalina_home_dir }}/lib/{{ item }} state=link owner=root group=root mode=0644
with_items:
- javamelody-core.jar
- jrobin.jar
when: tomcat_javamelody | bool
tags: [ 'tomcat', 'tomcat_javamelody', 'tomcat_conf' ]
- name: Remove the javamelody jar and its dependencies if the javamelody support is disabled
file: dest={{ tomcat_catalina_home_dir }}/lib/{{ item }} state=absent
with_items:
- javamelody-core.jar
- jrobin.jar
when: not tomcat_javamelody | bool
tags: [ 'tomcat', 'tomcat_javamelody', 'tomcat_conf' ]

View File

@ -0,0 +1,2 @@
monitorRole {{ tomcat_jmx_monitorpass }}
controlRole {{ tomcat_jmx_controlpass }}

View File

@ -0,0 +1,68 @@
{% if tomcat_send_to_logstash %}
log4j.rootLogger = {{ tomcat_log_level }}, {{ tomcat_logstash_logger }}
{% else %}
log4j.rootLogger = {{ tomcat_log_level }}, {{ tomcat_log_logger }}
{% endif %}
# Define all the appenders
log4j.appender.CATALINA = org.apache.log4j.RollingFileAppender
log4j.appender.CATALINA.File = ${catalina.base}/logs/catalina.log
log4j.appender.CATALINA.Append = true
log4j.appender.CATALINA.Encoding = UTF-8
log4j.appender.CATALINA.Threshold = {{ tomcat_log_rotation_threshold }}
log4j.appender.CATALINA.MaxFileSize = {{ tomcat_log_max_file_size }}
log4j.appender.CATALINA.MaxBackupIndex = {{ tomcat_retain_old_logs }}
log4j.appender.CATALINA.layout = org.apache.log4j.PatternLayout
log4j.appender.CATALINA.layout.ConversionPattern = %d [%t] %-5p %c- %m%n
log4j.appender.LOCALHOST = org.apache.log4j.RollingFileAppender
log4j.appender.LOCALHOST.File = ${catalina.base}/logs/localhost.log
log4j.appender.LOCALHOST.Append = true
log4j.appender.LOCALHOST.Encoding = UTF-8
log4j.appender.LOCALHOST.Threshold = {{ tomcat_log_rotation_threshold }}
log4j.appender.LOCALHOST.MaxFileSize = {{ tomcat_log_max_file_size }}
log4j.appender.LOCALHOST.MaxBackupIndex = {{ tomcat_retain_old_logs }}
log4j.appender.LOCALHOST.layout = org.apache.log4j.PatternLayout
log4j.appender.LOCALHOST.layout.ConversionPattern = %d [%t] %-5p %c- %m%n
log4j.appender.MANAGER = org.apache.log4j.RollingFileAppender
log4j.appender.MANAGER.File = ${catalina.base}/logs/manager.log
log4j.appender.MANAGER.Append = true
log4j.appender.MANAGER.Encoding = UTF-8
log4j.appender.MANAGER.Threshold = {{ tomcat_log_rotation_threshold }}
log4j.appender.MANAGER.MaxFileSize = {{ tomcat_log_max_file_size }}
log4j.appender.MANAGER.MaxBackupIndex = {{ tomcat_retain_old_logs }}
log4j.appender.MANAGER.layout = org.apache.log4j.PatternLayout
log4j.appender.MANAGER.layout.ConversionPattern = %d [%t] %-5p %c- %m%n
log4j.appender.HOST-MANAGER = org.apache.log4j.RollingFileAppender
log4j.appender.HOST-MANAGER.File = ${catalina.base}/logs/host-manager.log
log4j.appender.HOST-MANAGER.Append = true
log4j.appender.HOST-MANAGER.Encoding = UTF-8
log4j.appender.HOST-MANAGER.Threshold = {{ tomcat_log_rotation_threshold }}
log4j.appender.HOST-MANAGER.MaxFileSize = {{ tomcat_log_max_file_size }}
log4j.appender.HOST-MANAGER.MaxBackupIndex = {{ tomcat_retain_old_logs }}
log4j.appender.HOST-MANAGER.layout = org.apache.log4j.PatternLayout
log4j.appender.HOST-MANAGER.layout.ConversionPattern = %d [%t] %-5p %c- %m%n
{% if tomcat_send_to_logstash %}
log4j.appender.LOGSTASH=org.apache.log4j.net.SocketAppender
log4j.appender.LOGSTASH.remoteHost={{ tomcat_logstash_collector_host }}
log4j.appender.LOGSTASH.port={{ tomcat_logstash_collector_socketappender_port }}
log4j.appender.LOGSTASH.ReconnectionDelay={{ tomcat_logstash_collector_socketappender_reconndelay }}
log4j.appender.LOGSTASH.LocationInfo=true
log4j.appender.LOGSTASH.layout = org.apache.log4j.PatternLayout
log4j.appender.LOGSTASH.layout.ConversionPattern = %d [%t] %-5p %c- %m%n
{% endif %}
log4j.appender.CONSOLE = org.apache.log4j.ConsoleAppender
log4j.appender.CONSOLE.Encoding = UTF-8
log4j.appender.CONSOLE.layout = org.apache.log4j.PatternLayout
log4j.appender.CONSOLE.layout.ConversionPattern = %d [%t] %-5p %c- %m%n
# Configure which loggers log to which appenders
log4j.logger.org.apache.catalina.core.ContainerBase.[Catalina].[localhost] = {{ tomcat_log_level }}, LOCALHOST
log4j.logger.org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager] =\
{{ tomcat_log_level }}, MANAGER
log4j.logger.org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager] =\
{{ tomcat_log_level }}, HOST-MANAGER

View File

@ -0,0 +1,71 @@
{% if limits_nofile_value is defined %}
ulimit -Hn {{ limits_nofile_value }}
ulimit -Sn {{ limits_nofile_value }}
{% endif %}
# Run Tomcat as this user ID. Not setting this or leaving it blank will use the
# default of tomcat{{ tomcat_version}}.
TOMCAT{{ tomcat_version}}_USER={{ tomcat_user }}
# Run Tomcat as this group ID. Not setting this or leaving it blank will use
# the default of tomcat{{ tomcat_version}}.
TOMCAT{{ tomcat_version}}_GROUP={{ tomcat_user }}
# The home directory of the Java development kit (JDK). You need at least
# JDK version 1.5. If JAVA_HOME is not set, some common directories for
# OpenJDK, the Sun JDK, and various J2SE 1.5 versions are tried.
{% if jdk_java_home is defined %}
JAVA_HOME={{ jdk_java_home }}
{% endif %}
JAVA_OPTS="-server -Djava.awt.headless=true -Dfile.encoding={{ tomcat_file_encoding }}"
{% if jdk_default <= 7 %}
{% if tomcat_permgen_defined %}
{% if tomcat_permgen_size is defined %}
JAVA_OPTS="-XX:MaxPermSize={{ tomcat_permgen_size }} $JAVA_OPTS"
{% endif %}
{% endif %}
{% endif %}
{% if jdk_default >= 8 %}
JAVA_OPTS="{{ tomcat_additional_java_8_opts }} $JAVA_OPTS"
{% endif %}
{% if tomcat_java_opts is defined %}
JAVA_OPTS="{{ tomcat_java_opts }} $JAVA_OPTS"
{% endif %}
{% if tomcat_java_gc_opts is defined %}
JAVA_OPTS="${JAVA_OPTS} {{ tomcat_java_gc_opts }}"
{% endif %}
{% if tomcat_proxy_enabled %}
JAVA_OPTS="${JAVA_OPTS} {{ tomcat_proxy_opts }}"
{% endif %}
{% if tomcat_other_java_opts is defined %}
JAVA_OPTS="${JAVA_OPTS} {{ tomcat_other_java_opts }}"
{% endif %}
{% if tomcat_jmx_enabled %}
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port={{ tomcat_jmx_port }} -Dcom.sun.management.jmxremote.ssl={{ tomcat_jmx_use_ssl }} -Dcom.sun.management.jmxremote.local.only={{ tomcat_jmx_localhost_only }}"
{% if tomcat_jmx_auth_enabled %}
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.password.file={{ tomcat_jmx_auth_dir }}/jmxremote.password -Dcom.sun.management.jmxremote.access.file={{ tomcat_jmx_auth_dir }}/jmxremote.access"
{% else %}
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.authenticate=false"
{% endif %}
{% if tomcat_jmx_disable_additional_ports %}
JAVA_OPTS="${JAVA_OPTS} -XX:+DisableAttachMechanism -Dcom.sun.management.jmxremote.rmi.port={{ tomcat_jmx_port }}"
{% endif %}
{% endif %}
{% if tomcat_enable_remote_debugging %}
# You will be able to use a java debugger on URI {{ tomcat_remote_debugging_uri }}.
JAVA_OPTS="${JAVA_OPTS} -agentlib:jdwp=transport=dt_socket,address={{ tomcat_remote_debugging_uri }},server=y,suspend=n"
# Obsolete
#JAVA_OPTS="${JAVA_OPTS} -Xdebug -Xrunjdwp:transport=dt_socket,address={{ tomcat_remote_debugging_uri }},server=y,suspend=n"
{% endif %}
# Location of the JVM temporary directory
# WARNING: This directory will be destroyed and recreated at every startup !
JVM_TMP={{ tomcat_tmp_dir }}
{% if catalina_tmp_directory is defined %}
export CATALINA_TMPDIR={{ catalina_tmp_directory }}
{% endif %}
{% if tomcat_load_additional_default_conf %}
if [ -f /etc/default/tomcat.local ] ; then
. /etc/default/tomcat.local
fi
{% endif %}

View File

@ -0,0 +1,176 @@
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
{% if tomcat_shutdown_port == -1 %}
<Server port="{{ tomcat_shutdown_port }}"
shutdown="TOMCAT_SHUTDOWN_DISABLED">
{% else %}
<Server port="{{ tomcat_shutdown_port }}" shutdown="{{ tomcat_shutdown_pwd }}">
{% endif %}
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<!--
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
-->
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
{% if tomcat_http_enabled %}
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<Executor name="tomcatThreadPool"
namePrefix="catalina-exec-"
maxQueueSize="{{ tomcat_max_queue_size | default(32767) }}"
maxThreads="{{ tomcat_max_threads }}"
minSpareThreads="10"/>
{% endif %}
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
{% if tomcat_http_enabled %}
<!-- A http "Connector" using the shared thread pool-->
<Connector executor="tomcatThreadPool"
enableLookups="false"
maxQueueSize="{{ tomcat_max_queue_size | default(32767) }}"
maxThreads="{{ tomcat_max_threads }}" connectionTimeout="60000"
URIEncoding="UTF-8"
useBodyEncodingForURI="true"
bindOnInit="false" address="{{ tomcat_http_address }}"
port="{{ tomcat_http_port }}" protocol="HTTP/1.1"
maxPostSize="{{ tomcat_max_post_size | default(104857600) }}"
{% if tomcat_reverse_proxy_name_enabled %}
proxyName="{{ tomcat_reverse_proxy_name }}"
proxyPort="{{ tomcat_reverse_proxy_port }}"
{% endif %}
maxHttpHeaderSize="8192"
disableUploadTimeout="true"
/>
{% endif %}
{% if tomcat_ajp_enabled %}
<!-- Define an AJP 1.3 Connector on port {{ tomcat_ajp_port }} -->
<Connector port="{{ tomcat_ajp_port }}" protocol="AJP/1.3"
enableLookups="false" address="{{ tomcat_ajp_address }}"
maxQueueSize="{{ tomcat_max_queue_size | default(32767) }}"
URIEncoding="UTF-8"
useBodyEncodingForURI="true"
maxThreads="{{ tomcat_max_threads }}"
connectionTimeout="60000"
maxPostSize="{{ tomcat_max_post_size | default(104857600) }}"
{% if tomcat_reverse_proxy_name_enabled %}
proxyName="{{ tomcat_reverse_proxy_name }}"
proxyPort="{{ tomcat_reverse_proxy_port }}"
{% endif %}
maxHttpHeaderSize="8192"
disableUploadTimeout="true"
bindOnInit="false" />
{% endif %}
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="{{ tomcat_webapps_unpack }}" autoDeploy="{{ tomcat_webapps_autodeploy }}">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
{% if tomcat_access_log_enabled %}
<!-- Automatically substitutes the IP with the one contained
in the x-forwarded-for header if that header is set -->
<Valve className="org.apache.catalina.valves.RemoteIpValve" />
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="combined" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access." suffix="log"
{% if tomcat_direct_access %}
pattern="combined"
{% else %}
pattern="%t %{org.apache.catalina.AccessLog.RemoteAddr}r %{X-AUSERNAME}o %I %s &quot;%r&quot; %b %{User-Agent}i"
rotatable="False"
{% endif %}
/>
{% endif %}
</Host>
</Engine>
</Service>
</Server>

View File

@ -0,0 +1,40 @@
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<tomcat-users>
<!--
NOTE: By default, no user is included in the "manager-gui" role required
to operate the "/manager/html" web application. If you wish to use this app,
you must define such a user - the username and password are arbitrary.
-->
{% if tomcat_manager_gui_user_enabled %}
<role rolename="{{ tomcat_manager_gui_r }}"/>
<user username="{{ tomcat_manager_gui_user }}" password="{{ tomcat_manager_gui_pwd }}" roles="{{ tomcat_manager_gui_r }}"/>
{% endif %}
{% if tomcat_manager_script_user_enabled %}
<role rolename="{{ tomcat_manager_script_r }}"/>
<user username="{{ tomcat_manager_script_user }}" password="{{ tomcat_manager_script_pwd }}" roles="{{ tomcat_manager_script_r }}"/>
{% endif %}
{% if tomcat_manager_jmx_user_enabled %}
<role rolename="{{ tomcat_manager_jmx_r }}"/>
<user username="{{ tomcat_manager_jmx_user }}" password="{{ tomcat_manager_jmx_pwd }}" roles="{{ tomcat_manager_jmx_r }}"/>
{% endif %}
{% if tomcat_manager_status_user_enabled %}
<role rolename="{{ tomcat_manager_status_r }}"/>
<user username="{{ tomcat_manager_status_user }}" password="{{ tomcat_manager_status_pwd }}" roles="{{ tomcat_manager_status_r }}"/>
{% endif %}
</tomcat-users>

4344
templates/tomcat-web.xml.j2 Normal file

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,8 @@
{{ tomcat_logdir }}/localhost_access.log {
copytruncate
{{ tomcat_access_log_rotation_freq }}
rotate {{ tomcat_retain_old_logs }}
compress
missingok
create 640 {{ tomcat_user }} adm
}