library/roles/d4s_user_services_perms: Manage the manually installed tomcat, providing a logrotate rule for catalina and a sudoers configuration that permits to manage the instance by the unprivileged user.
This commit is contained in:
parent
b02841191c
commit
883a8b0826
|
@ -4,6 +4,19 @@ d4science_user_create_home: True
|
||||||
d4science_user_home: '/home/{{ d4science_user }}'
|
d4science_user_home: '/home/{{ d4science_user }}'
|
||||||
d4science_user_shell: /bin/bash
|
d4science_user_shell: /bin/bash
|
||||||
|
|
||||||
|
d4science_sudoers_commands:
|
||||||
|
- /etc/init.d/tomcat-instance-*
|
||||||
|
|
||||||
d4science_tomcat_options_files:
|
d4science_tomcat_options_files:
|
||||||
- '/etc/default/tomcat-instance-{{ item.0.http_port }}'
|
- '/etc/default/tomcat-instance-{{ item.0.http_port }}'
|
||||||
- '/etc/default/tomcat-instance-{{ item.0.http_port }}.local'
|
- '/etc/default/tomcat-instance-{{ item.0.http_port }}.local'
|
||||||
|
|
||||||
|
d4science_manual_tomcat_inst_dir: '{{ d4science_user_home }}/tomcat'
|
||||||
|
d4science_manual_tomcat_log_dir: '{{ d4science_manual_tomcat_inst_dir }}/logs'
|
||||||
|
d4science_manual_tomcat_rotate_copies: 15
|
||||||
|
d4science_manual_tomcat_rotate_access_log: False
|
||||||
|
d4science_manual_tomcat_access_log: localhost_access.log
|
||||||
|
|
||||||
|
d4science_tomcat_start_command:
|
||||||
|
|
||||||
|
d4science_tomcat_stop_command:
|
||||||
|
|
|
@ -1,19 +1,41 @@
|
||||||
---
|
---
|
||||||
- name: Install the sudoers config that permits the tomcat user to restart the service
|
|
||||||
template: src=tomcat-sudoers.j2 dest=/etc/sudoers.d/tomcat-d4science owner=root group=root mode=0440
|
|
||||||
tags: [ 'tomcat', 'd4science', 'sudo' ]
|
|
||||||
|
|
||||||
- name: Install the script that allows the tomcat user to start and stop the service without using the full path
|
- name: Install the script that allows the tomcat user to start and stop the service without using the full path
|
||||||
template: src={{ item.1 }}.j2 dest={{ item.0.user_home }}/{{ item.1 }} owner={{ item.0.user }} group={{ item.0.user }} mode=0755
|
template: src={{ item.1 }}.j2 dest={{ item.0.user_home }}/{{ item.1 }} owner={{ item.0.user }} group={{ item.0.user }} mode=0755
|
||||||
with_nested:
|
with_nested:
|
||||||
- '{{ tomcat_m_instances }}'
|
- '{{ tomcat_m_instances | default ([]) }}'
|
||||||
- [ 'startContainer.sh', 'stopContainer.sh' ]
|
- [ 'startContainer.sh', 'stopContainer.sh' ]
|
||||||
tags: [ 'tomcat', 'd4science', 'sudo' ]
|
when: tomcat_m_instances is defined
|
||||||
|
tags: [ 'tomcat', 'd4science', 'sudo', 'startup_cmd' ]
|
||||||
|
|
||||||
- name: Install the README file that explains where the options files are placed and how start/stop the service
|
- name: Install the README file that explains where the options files are placed and how start/stop the service
|
||||||
template: src={{ item.1 }}.j2 dest={{ item.0.user_home }}/{{ item.1 }} owner={{ item.0.user }} group={{ item.0.user }} mode=0444
|
template: src={{ item.1 }}.j2 dest={{ item.0.user_home }}/{{ item.1 }} owner={{ item.0.user }} group={{ item.0.user }} mode=0444
|
||||||
with_nested:
|
with_nested:
|
||||||
- '{{ tomcat_m_instances }}'
|
- '{{ tomcat_m_instances }}'
|
||||||
- [ 'README-tomcat' ]
|
- [ 'README-tomcat' ]
|
||||||
|
when: tomcat_m_instances is defined
|
||||||
tags: [ 'tomcat', 'd4science', 'd4s_readme' ]
|
tags: [ 'tomcat', 'd4science', 'd4s_readme' ]
|
||||||
|
|
||||||
|
# A manual tomcat installation. We try to fix it in some way
|
||||||
|
- name: Create the d4science tomcat user
|
||||||
|
user: name={{ d4science_user }} home={{ d4science_user_home }} createhome={{ d4science_user_create_home }} shell={{ d4science_user_shell }}
|
||||||
|
when: tomcat_m_instances is not defined
|
||||||
|
tags: [ 'tomcat', 'd4science', 'users' ]
|
||||||
|
|
||||||
|
- name: Install the script that allows the tomcat user to start and stop the service without using the full path
|
||||||
|
template: src={{ item }}.j2 dest=/home/{{ d4science_user }}/{{ item }} owner={{ d4science_user }} group={{ d4science_user }} mode=0755
|
||||||
|
with_items:
|
||||||
|
- 'startContainer.sh'
|
||||||
|
- 'stopContainer.sh'
|
||||||
|
when: tomcat_m_instances is not defined
|
||||||
|
tags: [ 'tomcat', 'd4science', 'sudo', 'startup_cmd' ]
|
||||||
|
|
||||||
|
- name: Install a logrotate rule for catalina.out and access_log
|
||||||
|
template: src=catalina-logrotate.j2 dest=/etc/logrotate.d/catalina_access owner=root group=root mode=0644
|
||||||
|
when: tomcat_m_instances is not defined
|
||||||
|
tags: [ 'tomcat', 'd4science', 'startup_cmd' ]
|
||||||
|
|
||||||
|
# We always install the sudoers file
|
||||||
|
- name: Install the sudoers config that permits the tomcat user to restart the service
|
||||||
|
template: src=tomcat-sudoers.j2 dest=/etc/sudoers.d/tomcat-d4science owner=root group=root mode=0440
|
||||||
|
tags: [ 'tomcat', 'd4science', 'sudo', 'startup_cmd' ]
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
{{ d4science_manual_tomcat_log_dir }}/catalina.out {
|
||||||
|
copytruncate
|
||||||
|
daily
|
||||||
|
rotate {{ d4science_manual_tomcat_rotate_copies }}
|
||||||
|
compress
|
||||||
|
missingok
|
||||||
|
create 640 {{ d4science_user }} {{ d4science_user }}
|
||||||
|
}
|
||||||
|
|
||||||
|
{% if d4science_manual_tomcat_rotate_access_log %}
|
||||||
|
{{ d4science_manual_tomcat_log_dir }}/localhost_access.log {
|
||||||
|
copytruncate
|
||||||
|
daily
|
||||||
|
rotate {{ d4science_manual_tomcat_rotate_copies }}
|
||||||
|
compress
|
||||||
|
missingok
|
||||||
|
create 640 {{ d4science_user }} {{ d4science_user }}
|
||||||
|
}
|
||||||
|
{% endif %}
|
||||||
|
|
|
@ -1,5 +1,9 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
{% if tomcat_m_instances is defined %}
|
||||||
sudo /etc/init.d/tomcat-instance-{{ item.0.http_port }} start
|
sudo /etc/init.d/tomcat-instance-{{ item.0.http_port }} start
|
||||||
|
{% else %}
|
||||||
|
sudo {{ d4science_tomcat_start_command }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
exit $?
|
exit $?
|
||||||
|
|
|
@ -1,5 +1,9 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
{% if tomcat_m_instances is defined %}
|
||||||
sudo /etc/init.d/tomcat-instance-{{ item.0.http_port }} stop
|
sudo /etc/init.d/tomcat-instance-{{ item.0.http_port }} stop
|
||||||
|
{% else %}
|
||||||
|
sudo {{ d4science_tomcat_stop_command }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
exit $?
|
exit $?
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
{{ d4science_user }} ALL=(ALL) NOPASSWD: /etc/init.d/tomcat-instance-*
|
{{ d4science_user }} ALL=(ALL) NOPASSWD: {% for cmd in d4science_sudoers_commands %}{{ cmd }}{% if not loop.last %},{% endif %}{% endfor %}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue