library/roles/tomcat, library/roles/tomcat-multiple-instances: Fix https://issue.openaire.research-infrastructures.eu/issues/1059 providing a way to disable the jmx additional ports and permit to open the jmx interface on localhost only.

This commit is contained in:
Andrea Dell'Amico 2015-06-15 18:54:51 +02:00
parent a684f6f5fd
commit 6a092177ba
4 changed files with 25 additions and 6 deletions

View File

@ -36,6 +36,11 @@ tomcat_m_enable_remote_debugging: False
tomcat_m_remote_debugging_port: 8100 tomcat_m_remote_debugging_port: 8100
tomcat_m_jmx_enabled: False tomcat_m_jmx_enabled: False
tomcat_m_jmx_auth_enabled: False tomcat_m_jmx_auth_enabled: False
tomcat_m_jmx_use_ssl: False
# The following works with jdk >= 7.0.25 only
tomcat_m_jmx_disable_additional_ports: True
tomcat_m_jmx_localhost_only: False
#tomcat_m_jmx_auth_dir: '{{ tomcat_m_instances_base_path }}' #tomcat_m_jmx_auth_dir: '{{ tomcat_m_instances_base_path }}'
# tomcat_m_jmx_monitorpass: define_in_a_vault_file # tomcat_m_jmx_monitorpass: define_in_a_vault_file
# tomcat_m_jmx_controlpass: define_in_a_vault_file # tomcat_m_jmx_controlpass: define_in_a_vault_file

View File

@ -12,16 +12,27 @@ JAVA_OPTS="{{ item.java_gc_opts }} $JAVA_OPTS"
JAVA_OPTS="${JAVA_OPTS} {{ item.other_java_opts }}" JAVA_OPTS="${JAVA_OPTS} {{ item.other_java_opts }}"
{% endif %} {% endif %}
{% if item.jmx_enabled is defined and item.jmx_enabled %} {% if item.jmx_enabled is defined and item.jmx_enabled %}
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port={{ item.jmx_port }} -Dcom.sun.management.jmxremote.ssl=false" JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port={{ item.jmx_port }}"
{% if item.jmx_use_ssl is defined and item.jmx_use_ssl %}
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.ssl=true"
{% else %}
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.ssl=false"
{% endif %}
{% if item.jmx_localhost_only is defined and item.jmx_localhost_only %}
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.local.only=true"
{% endif %}
{% if item.jmx_auth_enabled is defined and item.jmx_auth_enabled %} {% if item.jmx_auth_enabled is defined and item.jmx_auth_enabled %}
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.password.file={{ item.jmx_auth_dir }}/jmxremote.password -Dcom.sun.management.jmxremote.access.file={{ item.jmx_auth_dir }}/jmxremote.access" JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.password.file={{ item.jmx_auth_dir }}/jmxremote.password -Dcom.sun.management.jmxremote.access.file={{ item.jmx_auth_dir }}/jmxremote.access"
{% else %} {% else %}
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.authenticate=false" JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.authenticate=false"
{% endif %} {% endif %}
{% if item.jmx_disable_additional_ports is defined and item.jmx_disable_additional_ports %}
JAVA_OPTS="${JAVA_OPTS} -XX:+DisableAttachMechanism -Dcom.sun.management.jmxremote.rmi.port={{ item.jmx_port }}"
{% endif %}
{% endif %} {% endif %}
{% if item.remote_debugging is defined and item.remote_debugging %} {% if item.remote_debugging is defined and item.remote_debugging %}
# To enable remote debugging uncomment the following line. # You will be able to use a java debugger on port {{ item.remote_debugging_port }}.
# You will then be able to use a java debugger on port {{ item.remote_debugging_port }}.
JAVA_OPTS="${JAVA_OPTS} -Xdebug -Xrunjdwp:transport=dt_socket,address={{ item.remote_debugging_port }},server=y,suspend=n" JAVA_OPTS="${JAVA_OPTS} -Xdebug -Xrunjdwp:transport=dt_socket,address={{ item.remote_debugging_port }},server=y,suspend=n"
{% endif %} {% endif %}
# WARNING: This directory will be destroyed and recreated at every startup ! # WARNING: This directory will be destroyed and recreated at every startup !

View File

@ -36,6 +36,7 @@ tomcat_tmp_dir: '{{ tomcat_catalina_base_dir }}/tmp/tomcat'
# JMX and debugging # JMX and debugging
tomcat_enable_remote_debugging: False tomcat_enable_remote_debugging: False
tomcat_remote_debugging_port: 8000 tomcat_remote_debugging_port: 8000
#
tomcat_jmx_enabled: False tomcat_jmx_enabled: False
tomcat_jmx_auth_enabled: False tomcat_jmx_auth_enabled: False
tomcat_jmx_port: 8082 tomcat_jmx_port: 8082

View File

@ -24,16 +24,18 @@ JAVA_OPTS="${JAVA_OPTS} {{ tomcat_java_gc_opts }}"
JAVA_OPTS="${JAVA_OPTS} {{ tomcat_other_java_opts }}" JAVA_OPTS="${JAVA_OPTS} {{ tomcat_other_java_opts }}"
{% endif %} {% endif %}
{% if tomcat_jmx_enabled %} {% if tomcat_jmx_enabled %}
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port={{ tomcat_jmx_port }} -Dcom.sun.management.jmxremote.ssl=false" JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port={{ tomcat_jmx_port }} -Dcom.sun.management.jmxremote.ssl={{ tomcat_jmx_use_ssl }} -Dcom.sun.management.jmxremote.local.only={{ tomcat_jmx_localhost_only }}"
{% if tomcat_jmx_auth_enabled %} {% if tomcat_jmx_auth_enabled %}
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.password.file={{ tomcat_jmx_auth_dir }}/jmxremote.password -Dcom.sun.management.jmxremote.access.file={{ tomcat_jmx_auth_dir }}/jmxremote.access" JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.password.file={{ tomcat_jmx_auth_dir }}/jmxremote.password -Dcom.sun.management.jmxremote.access.file={{ tomcat_jmx_auth_dir }}/jmxremote.access"
{% else %} {% else %}
JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.authenticate=false" JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.authenticate=false"
{% endif %} {% endif %}
{% if tomcat_jmx_disable_additional_ports %}
JAVA_OPTS="${JAVA_OPTS} -XX:+DisableAttachMechanism -Dcom.sun.management.jmxremote.rmi.port={{ tomcat_jmx_port }}"
{% endif %}
{% endif %} {% endif %}
{% if tomcat_enable_remote_debugging %} {% if tomcat_enable_remote_debugging %}
# To enable remote debugging uncomment the following line. # You will be able to use a java debugger on port {{ tomcat_remote_debugging_port }}.
# You will then be able to use a java debugger on port {{ tomcat_remote_debugging_port }}.
JAVA_OPTS="${JAVA_OPTS} -Xdebug -Xrunjdwp:transport=dt_socket,address={{ tomcat_remote_debugging_port }},server=y,suspend=n" JAVA_OPTS="${JAVA_OPTS} -Xdebug -Xrunjdwp:transport=dt_socket,address={{ tomcat_remote_debugging_port }},server=y,suspend=n"
{% endif %} {% endif %}
# Location of the JVM temporary directory # Location of the JVM temporary directory