forked from ISTI-ansible-roles/ansible-roles
library/roles/dnet_user_services_perms: Manage more directories. Logs in /var/log/dnet
library/roles/iptables/templates/iptables-rules.v6.j2: Fix the reject options library/roles/tomcat: Install a catalina.properties that matches the one used by the multiple instances role library/roles/tomcat/templates/tomcat-server.xml.j2: Do not generate a random password when the shutdown port is disabled
This commit is contained in:
parent
d9d908e1a2
commit
10441129fc
|
@ -4,3 +4,7 @@ dnet_group: dnet
|
||||||
|
|
||||||
dnet_data_directories:
|
dnet_data_directories:
|
||||||
- /var/lib/dnet
|
- /var/lib/dnet
|
||||||
|
|
||||||
|
dnet_log_directories:
|
||||||
|
- /var/log/dnet
|
||||||
|
- /var/log/dnet/search
|
||||||
|
|
|
@ -13,18 +13,95 @@
|
||||||
with_items: dnet_data_directories
|
with_items: dnet_data_directories
|
||||||
tags: [ 'tomcat', 'dnet', 'users' ]
|
tags: [ 'tomcat', 'dnet', 'users' ]
|
||||||
|
|
||||||
# Note: the default is a default only. We need two commands to add acl effectively on the root dir and set the default
|
- name: Create the dnet log dirs
|
||||||
- name: Set the read/write permissions on the tomcat webapps and common/classes directories and on a set of dnet data dirs
|
file: name={{ item }} state=directory owner={{ tomcat_user }} group={{ dnet_group }} mode=0750
|
||||||
|
with_items: dnet_log_directories
|
||||||
|
tags: [ 'tomcat', 'dnet', 'users' ]
|
||||||
|
|
||||||
|
- name: Set the read/write permissions on the dnet data dirs
|
||||||
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rwx state=present
|
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rwx state=present
|
||||||
with_items:
|
with_items: dnet_data_directories
|
||||||
# - [ '{{ tomcat_webapps_dir }}', '{{ tomcat_common_classes_dir }}', '{{ dnet_data_directories }}' ]
|
|
||||||
- [ '{{ tomcat_webapps_dir }}', '{{ tomcat_common_classes_dir }}' ]
|
|
||||||
tags: [ 'tomcat', 'dnet', 'users' ]
|
tags: [ 'tomcat', 'dnet', 'users' ]
|
||||||
|
|
||||||
- name: Set the default read/write permissions on the tomcat webapps and common/classes directories and on a set of dnet data dirs
|
- name: Set the default read/write permissions on the dnet data dirs
|
||||||
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rwx state=present default=yes
|
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rwx state=present default=yes
|
||||||
with_items:
|
with_items: dnet_data_directories
|
||||||
# - [ '{{ tomcat_webapps_dir }}', '{{ tomcat_common_classes_dir }}', '{{ dnet_data_directories }}' ]
|
tags: [ 'tomcat', 'dnet', 'users' ]
|
||||||
- [ '{{ tomcat_webapps_dir }}', '{{ tomcat_common_classes_dir }}' ]
|
|
||||||
|
- name: Set the read permissions on the dnet log dirs
|
||||||
|
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rx state=present
|
||||||
|
with_items: dnet_log_directories
|
||||||
|
tags: [ 'tomcat', 'dnet', 'users' ]
|
||||||
|
|
||||||
|
- name: Set the default read permissions on the dnet log dirs
|
||||||
|
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rx state=present default=yes
|
||||||
|
with_items: dnet_log_directories
|
||||||
|
tags: [ 'tomcat', 'dnet', 'users' ]
|
||||||
|
|
||||||
|
#
|
||||||
|
# Acls for the single tomcat instance
|
||||||
|
#
|
||||||
|
# Note: the default is a default only. We need two commands to add acl effectively on the root dir and set the default
|
||||||
|
- name: Set the read/write permissions on the tomcat webapps and common/classes directories. single tomcat instance
|
||||||
|
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rwx state=present
|
||||||
|
when: tomcat_m_instances is not defined
|
||||||
|
with_items:
|
||||||
|
- [ '{{ tomcat_webapps_dir }}', '{{ tomcat_common_classes_dir }}', '{{ tomcat_common_dir }}' ]
|
||||||
|
tags: [ 'tomcat', 'dnet', 'users' ]
|
||||||
|
|
||||||
|
- name: Set the default read/write permissions on the tomcat webapps and common/classes directories. single tomcat instance
|
||||||
|
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rwx state=present default=yes
|
||||||
|
when: tomcat_m_instances is not defined
|
||||||
|
with_items:
|
||||||
|
- [ '{{ tomcat_webapps_dir }}', '{{ tomcat_common_classes_dir }}', '{{ tomcat_common_dir }}' ]
|
||||||
|
tags: [ 'tomcat', 'dnet', 'users' ]
|
||||||
|
|
||||||
|
# Note: the default is a default only. We need two commands to add acl effectively on the root dir and set the default
|
||||||
|
- name: Set the read permissions on the tomcat log directory. single tomcat instance
|
||||||
|
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rx state=present
|
||||||
|
when: tomcat_m_instances is not defined
|
||||||
|
with_items:
|
||||||
|
- [ '{{ tomcat_logdir }}' ]
|
||||||
|
tags: [ 'tomcat', 'dnet', 'users' ]
|
||||||
|
|
||||||
|
- name: Set the default read permissions on the tomcat log directory. single tomcat instance
|
||||||
|
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rx state=present default=yes
|
||||||
|
when: tomcat_m_instances is not defined
|
||||||
|
with_items:
|
||||||
|
- [ '{{ tomcat_logdir }}' ]
|
||||||
|
tags: [ 'tomcat', 'dnet', 'users' ]
|
||||||
|
|
||||||
|
#
|
||||||
|
# Same steps, but when we are using multiple tomcat instances
|
||||||
|
#
|
||||||
|
# Note: the default is a default only. We need two commands to add acl effectively on the root dir and set the default
|
||||||
|
- name: Set the read/write permissions on the tomcat webapps and common/classes directories. multiple tomcat instances
|
||||||
|
acl: name={{ item.0.instance_path }}/{{ item.1 }} entity={{ dnet_group }} etype=group permissions=rwx state=present
|
||||||
|
when: tomcat_m_instances is defined
|
||||||
|
with_nested:
|
||||||
|
- ' {{ tomcat_m_instances }}'
|
||||||
|
- [ 'webapps', 'common', 'common/classes' ]
|
||||||
|
tags: [ 'tomcat', 'dnet', 'users' ]
|
||||||
|
|
||||||
|
- name: Set the default read/write permissions on the tomcat webapps and common/classes directories. multiple tomcat instances
|
||||||
|
acl: name={{ item.0.instance_path }}/{{ item.1 }} entity={{ dnet_group }} etype=group permissions=rwx state=present default=yes
|
||||||
|
when: tomcat_m_instances is not defined
|
||||||
|
when: tomcat_m_instances is defined
|
||||||
|
with_nested:
|
||||||
|
- ' {{ tomcat_m_instances }}'
|
||||||
|
- [ 'webapps', 'common', 'common/classes' ]
|
||||||
|
tags: [ 'tomcat', 'dnet', 'users' ]
|
||||||
|
|
||||||
|
# Note: the default is a default only. We need two commands to add acl effectively on the root dir and set the default
|
||||||
|
- name: Set the read permissions on the tomcat log directory. multiple tomcat instances
|
||||||
|
acl: name={{ tomcat_m_instances_logdir_base }}/{{ item.http_port }} entity={{ dnet_group }} etype=group permissions=rx state=present
|
||||||
|
when: tomcat_m_instances is defined
|
||||||
|
with_items: tomcat_m_instances
|
||||||
|
tags: [ 'tomcat', 'dnet', 'users' ]
|
||||||
|
|
||||||
|
- name: Set the default read permissions on the tomcat log directory. multiple tomcat instances
|
||||||
|
acl: name={{ tomcat_m_instances_logdir_base }}/{{ item.http_port }} entity={{ dnet_group }} etype=group permissions=rx state=present default=yes
|
||||||
|
when: tomcat_m_instances is defined
|
||||||
|
with_items: tomcat_m_instances
|
||||||
tags: [ 'tomcat', 'dnet', 'users' ]
|
tags: [ 'tomcat', 'dnet', 'users' ]
|
||||||
|
|
||||||
|
|
|
@ -3,8 +3,8 @@
|
||||||
:FORWARD ACCEPT [0:0]
|
:FORWARD ACCEPT [0:0]
|
||||||
:OUTPUT ACCEPT [0:0]
|
:OUTPUT ACCEPT [0:0]
|
||||||
{% if iptables_default_policy == 'REJECT' %}
|
{% if iptables_default_policy == 'REJECT' %}
|
||||||
-A INPUT -j REJECT --reject-with icmp-host-prohibited
|
-A INPUT -j REJECT --reject-with icmp6-addr-unreachable
|
||||||
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
|
-A FORWARD -j REJECT --reject-with icmp6-addr-unreachable
|
||||||
{% else %}
|
{% else %}
|
||||||
-A INPUT -j {{ iptables_default_policy }}
|
-A INPUT -j {{ iptables_default_policy }}
|
||||||
-A FORWARD -j {{ iptables_default_policy }}
|
-A FORWARD -j {{ iptables_default_policy }}
|
||||||
|
|
|
@ -11,6 +11,18 @@ openldap_slapd_tcp_port: 389
|
||||||
openldap_slapd_ssl_port: 636
|
openldap_slapd_ssl_port: 636
|
||||||
openldap_slapd_ssl_only: False
|
openldap_slapd_ssl_only: False
|
||||||
|
|
||||||
|
# Set slapd_admin_pwd in a vault file
|
||||||
|
slapd_debconf_params:
|
||||||
|
- { question: 'slapd/password1', value: '{{ slapd_admin_pwd }}', vtype: 'password' }
|
||||||
|
- { question: 'slapd/password2', value: '{{ slapd_admin_pwd }}', vtype: 'password' }
|
||||||
|
- { question: 'slapd/internal/adminpw', value: '{{ slapd_admin_pwd }}', vtype: 'password' }
|
||||||
|
- { question: 'slapd/no_configuration', value: 'false', vtype: 'boolean' }
|
||||||
|
- { question: 'shared/organization', value: 'Organization', vtype: 'text' }
|
||||||
|
- { question: 'slapd/purge_database', value: 'false', vtype: 'boolean' }
|
||||||
|
- { question: 'slapd/allow_ldap_v2', value: 'true', vtype: 'boolean' }
|
||||||
|
- { question: 'slapd/backend', value: 'HDB', vtype: 'select' }
|
||||||
|
- { question: 'slapd/domain', value: 'DNS Domain Name', vtype: 'text' }
|
||||||
|
|
||||||
# openldap_allowed_clients:
|
# openldap_allowed_clients:
|
||||||
# - ip/32
|
# - ip/32
|
||||||
# - net/24
|
# - net/24
|
||||||
|
|
|
@ -87,13 +87,15 @@ shared.loader=${catalina.base}/shared/classes,${catalina.base}/shared/*.jar
|
||||||
# - Apple JDK JARs
|
# - Apple JDK JARs
|
||||||
tomcat.util.scan.DefaultJarScanner.jarsToSkip=\
|
tomcat.util.scan.DefaultJarScanner.jarsToSkip=\
|
||||||
bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,\
|
bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,\
|
||||||
annotations-api.jar,el-api.jar,jsp-api.jar,servlet-api.jar,\
|
annotations-api.jar,el-api.jar,jsp-api.jar,servlet-api.jar,websocket-api.jar,\
|
||||||
catalina.jar,catalina-ant.jar,catalina-ha.jar,catalina-tribes.jar,\
|
catalina.jar,catalina-ant.jar,catalina-ha.jar,catalina-tribes.jar,\
|
||||||
jasper.jar,jasper-el.jar,ecj-*.jar,\
|
jasper.jar,jasper-el.jar,ecj-*.jar,\
|
||||||
tomcat-api.jar,tomcat-util.jar,tomcat-coyote.jar,tomcat-dbcp.jar,\
|
tomcat-api.jar,tomcat-util.jar,tomcat-coyote.jar,tomcat-dbcp.jar,\
|
||||||
|
tomcat-jni.jar,tomcat-spdy.jar,\
|
||||||
tomcat-i18n-en.jar,tomcat-i18n-es.jar,tomcat-i18n-fr.jar,tomcat-i18n-ja.jar,\
|
tomcat-i18n-en.jar,tomcat-i18n-es.jar,tomcat-i18n-fr.jar,tomcat-i18n-ja.jar,\
|
||||||
tomcat-juli-adapters.jar,catalina-jmx-remote.jar,catalina-ws.jar,\
|
tomcat-juli-adapters.jar,catalina-jmx-remote.jar,catalina-ws.jar,\
|
||||||
tomcat-jdbc.jar,\
|
tomcat-jdbc.jar,\
|
||||||
|
tools.jar,\
|
||||||
commons-beanutils*.jar,commons-codec*.jar,commons-collections*.jar,\
|
commons-beanutils*.jar,commons-codec*.jar,commons-collections*.jar,\
|
||||||
commons-dbcp*.jar,commons-digester*.jar,commons-fileupload*.jar,\
|
commons-dbcp*.jar,commons-digester*.jar,commons-fileupload*.jar,\
|
||||||
commons-httpclient*.jar,commons-io*.jar,commons-lang*.jar,commons-logging*.jar,\
|
commons-httpclient*.jar,commons-io*.jar,commons-lang*.jar,commons-logging*.jar,\
|
||||||
|
@ -101,15 +103,22 @@ commons-math*.jar,commons-pool*.jar,\
|
||||||
jstl.jar,\
|
jstl.jar,\
|
||||||
geronimo-spec-jaxrpc*.jar,wsdl4j*.jar,\
|
geronimo-spec-jaxrpc*.jar,wsdl4j*.jar,\
|
||||||
ant.jar,ant-junit*.jar,aspectj*.jar,jmx.jar,h2*.jar,hibernate*.jar,httpclient*.jar,\
|
ant.jar,ant-junit*.jar,aspectj*.jar,jmx.jar,h2*.jar,hibernate*.jar,httpclient*.jar,\
|
||||||
jmx-tools.jar,jta*.jar,log4j*.jar,mail*.jar,slf4j*.jar,\
|
jmx-tools.jar,jta*.jar,log4j.jar,log4j-1*.jar,mail*.jar,slf4j*.jar,\
|
||||||
xercesImpl.jar,xmlParserAPIs.jar,xml-apis.jar,\
|
xercesImpl.jar,xmlParserAPIs.jar,xml-apis.jar,\
|
||||||
dnsns.jar,ldapsec.jar,localedata.jar,sunjce_provider.jar,sunmscapi.jar,\
|
junit.jar,junit-*.jar,hamcrest*.jar,org.hamcrest*.jar,ant-launcher.jar,\
|
||||||
sunpkcs11.jar,jhall.jar,tools.jar,\
|
cobertura-*.jar,asm-*.jar,dom4j-*.jar,icu4j-*.jar,jaxen-*.jar,jdom-*.jar,\
|
||||||
sunec.jar,zipfs.jar,\
|
jetty-*.jar,oro-*.jar,servlet-api-*.jar,tagsoup-*.jar,xmlParserAPIs-*.jar,\
|
||||||
apple_provider.jar,AppleScriptEngine.jar,CoreAudio.jar,dns_sd.jar,\
|
xom-*.jar
|
||||||
j3daudio.jar,j3dcore.jar,j3dutils.jar,jai_core.jar,jai_codec.jar,\
|
|
||||||
mlibwrapper_jai.jar,MRJToolkit.jar,vecmath.jar,\
|
# Additional JARs (over and above the default JARs listed above) to skip when
|
||||||
junit.jar,junit-*.jar,ant-launcher.jar
|
# scanning for Servlet 3.0 pluggability features. These features include web
|
||||||
|
# fragments, annotations, SCIs and classes that match @HandlesTypes. The list
|
||||||
|
# must be a comma separated list of JAR file names.
|
||||||
|
org.apache.catalina.startup.ContextConfig.jarsToSkip=
|
||||||
|
|
||||||
|
# Additional JARs (over and above the default JARs listed above) to skip when
|
||||||
|
# scanning for TLDs. The list must be a comma separated list of JAR file names.
|
||||||
|
org.apache.catalina.startup.TldConfig.jarsToSkip=tomcat7-websocket.jar
|
||||||
|
|
||||||
#
|
#
|
||||||
# String cache configuration.
|
# String cache configuration.
|
||||||
|
|
|
@ -2,6 +2,11 @@
|
||||||
tomcat_version: 7
|
tomcat_version: 7
|
||||||
tomcat_pkg_state: installed
|
tomcat_pkg_state: installed
|
||||||
tomcat_service_enabled: True
|
tomcat_service_enabled: True
|
||||||
|
tomcat_pkgs:
|
||||||
|
- tomcat'{{ tomcat_version }}'
|
||||||
|
- libtomcat'{{ tomcat_version }}'-java
|
||||||
|
- tomcat'{{ tomcat_version }}'-common
|
||||||
|
- libapr1
|
||||||
tomcat_user: tomcat7
|
tomcat_user: tomcat7
|
||||||
tomcat_max_threads: 200
|
tomcat_max_threads: 200
|
||||||
tomcat_min_heap_size: 2048m
|
tomcat_min_heap_size: 2048m
|
||||||
|
@ -31,6 +36,7 @@ tomcat_catalina_home_dir: '/usr/share/tomcat{{ tomcat_version }}'
|
||||||
tomcat_catalina_base_dir: '/var/lib/tomcat{{ tomcat_version }}'
|
tomcat_catalina_base_dir: '/var/lib/tomcat{{ tomcat_version }}'
|
||||||
tomcat_conf_dir: '/etc/tomcat{{ tomcat_version }}'
|
tomcat_conf_dir: '/etc/tomcat{{ tomcat_version }}'
|
||||||
tomcat_webapps_dir: '{{ tomcat_catalina_base_dir }}/webapps'
|
tomcat_webapps_dir: '{{ tomcat_catalina_base_dir }}/webapps'
|
||||||
|
tomcat_common_dir: '{{ tomcat_catalina_base_dir }}/common/'
|
||||||
tomcat_common_classes_dir: '{{ tomcat_catalina_base_dir }}/common/classes'
|
tomcat_common_classes_dir: '{{ tomcat_catalina_base_dir }}/common/classes'
|
||||||
tomcat_tmp_dir: '{{ tomcat_catalina_base_dir }}/tmp/tomcat'
|
tomcat_tmp_dir: '{{ tomcat_catalina_base_dir }}/tmp/tomcat'
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,131 @@
|
||||||
|
# Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
|
# contributor license agreements. See the NOTICE file distributed with
|
||||||
|
# this work for additional information regarding copyright ownership.
|
||||||
|
# The ASF licenses this file to You under the Apache License, Version 2.0
|
||||||
|
# (the "License"); you may not use this file except in compliance with
|
||||||
|
# the License. You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
#
|
||||||
|
# List of comma-separated packages that start with or equal this string
|
||||||
|
# will cause a security exception to be thrown when
|
||||||
|
# passed to checkPackageAccess unless the
|
||||||
|
# corresponding RuntimePermission ("accessClassInPackage."+package) has
|
||||||
|
# been granted.
|
||||||
|
package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.
|
||||||
|
#
|
||||||
|
# List of comma-separated packages that start with or equal this string
|
||||||
|
# will cause a security exception to be thrown when
|
||||||
|
# passed to checkPackageDefinition unless the
|
||||||
|
# corresponding RuntimePermission ("defineClassInPackage."+package) has
|
||||||
|
# been granted.
|
||||||
|
#
|
||||||
|
# by default, no packages are restricted for definition, and none of
|
||||||
|
# the class loaders supplied with the JDK call checkPackageDefinition.
|
||||||
|
#
|
||||||
|
package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.
|
||||||
|
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# List of comma-separated paths defining the contents of the "common"
|
||||||
|
# classloader. Prefixes should be used to define what is the repository type.
|
||||||
|
# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute.
|
||||||
|
# If left as blank,the JVM system loader will be used as Catalina's "common"
|
||||||
|
# loader.
|
||||||
|
# Examples:
|
||||||
|
# "foo": Add this folder as a class repository
|
||||||
|
# "foo/*.jar": Add all the JARs of the specified folder as class
|
||||||
|
# repositories
|
||||||
|
# "foo/bar.jar": Add bar.jar as a class repository
|
||||||
|
common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar,${catalina.home}/common/classes,${catalina.home}/common/*.jar,${catalina.base}/common/classes,${catalina.base}/common/*.jar
|
||||||
|
|
||||||
|
#
|
||||||
|
# List of comma-separated paths defining the contents of the "server"
|
||||||
|
# classloader. Prefixes should be used to define what is the repository type.
|
||||||
|
# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute.
|
||||||
|
# If left as blank, the "common" loader will be used as Catalina's "server"
|
||||||
|
# loader.
|
||||||
|
# Examples:
|
||||||
|
# "foo": Add this folder as a class repository
|
||||||
|
# "foo/*.jar": Add all the JARs of the specified folder as class
|
||||||
|
# repositories
|
||||||
|
# "foo/bar.jar": Add bar.jar as a class repository
|
||||||
|
server.loader=${catalina.home}/server/classes,${catalina.home}/server/*.jar,${catalina.base}/server/classes,${catalina.base}/server/*.jar
|
||||||
|
|
||||||
|
#
|
||||||
|
# List of comma-separated paths defining the contents of the "shared"
|
||||||
|
# classloader. Prefixes should be used to define what is the repository type.
|
||||||
|
# Path may be relative to the CATALINA_BASE path or absolute. If left as blank,
|
||||||
|
# the "common" loader will be used as Catalina's "shared" loader.
|
||||||
|
# Examples:
|
||||||
|
# "foo": Add this folder as a class repository
|
||||||
|
# "foo/*.jar": Add all the JARs of the specified folder as class
|
||||||
|
# repositories
|
||||||
|
# "foo/bar.jar": Add bar.jar as a class repository
|
||||||
|
# Please note that for single jars, e.g. bar.jar, you need the URL form
|
||||||
|
# starting with file:.
|
||||||
|
shared.loader=${catalina.home}/shared/classes,${catalina.home}/shared/*.jar,${catalina.base}/shared/classes,${catalina.base}/shared/*.jar
|
||||||
|
|
||||||
|
# List of JAR files that should not be scanned using the JarScanner
|
||||||
|
# functionality. This is typically used to scan JARs for configuration
|
||||||
|
# information. JARs that do not contain such information may be excluded from
|
||||||
|
# the scan to speed up the scanning process. This is the default list. JARs on
|
||||||
|
# this list are excluded from all scans. Scan specific lists (to exclude JARs
|
||||||
|
# from individual scans) follow this. The list must be a comma separated list of
|
||||||
|
# JAR file names.
|
||||||
|
# The JARs listed below include:
|
||||||
|
# - Tomcat Bootstrap JARs
|
||||||
|
# - Tomcat API JARs
|
||||||
|
# - Catalina JARs
|
||||||
|
# - Jasper JARs
|
||||||
|
# - Tomcat JARs
|
||||||
|
# - Common non-Tomcat JARs
|
||||||
|
# - Test JARs (JUnit, Cobertura and dependencies)
|
||||||
|
tomcat.util.scan.DefaultJarScanner.jarsToSkip=\
|
||||||
|
bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,\
|
||||||
|
annotations-api.jar,el-api.jar,jsp-api.jar,servlet-api.jar,websocket-api.jar,\
|
||||||
|
catalina.jar,catalina-ant.jar,catalina-ha.jar,catalina-tribes.jar,\
|
||||||
|
jasper.jar,jasper-el.jar,ecj-*.jar,\
|
||||||
|
tomcat-api.jar,tomcat-util.jar,tomcat-coyote.jar,tomcat-dbcp.jar,\
|
||||||
|
tomcat-jni.jar,tomcat-spdy.jar,\
|
||||||
|
tomcat-i18n-en.jar,tomcat-i18n-es.jar,tomcat-i18n-fr.jar,tomcat-i18n-ja.jar,\
|
||||||
|
tomcat-juli-adapters.jar,catalina-jmx-remote.jar,catalina-ws.jar,\
|
||||||
|
tomcat-jdbc.jar,\
|
||||||
|
tools.jar,\
|
||||||
|
commons-beanutils*.jar,commons-codec*.jar,commons-collections*.jar,\
|
||||||
|
commons-dbcp*.jar,commons-digester*.jar,commons-fileupload*.jar,\
|
||||||
|
commons-httpclient*.jar,commons-io*.jar,commons-lang*.jar,commons-logging*.jar,\
|
||||||
|
commons-math*.jar,commons-pool*.jar,\
|
||||||
|
jstl.jar,\
|
||||||
|
geronimo-spec-jaxrpc*.jar,wsdl4j*.jar,\
|
||||||
|
ant.jar,ant-junit*.jar,aspectj*.jar,jmx.jar,h2*.jar,hibernate*.jar,httpclient*.jar,\
|
||||||
|
jmx-tools.jar,jta*.jar,log4j.jar,log4j-1*.jar,mail*.jar,slf4j*.jar,\
|
||||||
|
xercesImpl.jar,xmlParserAPIs.jar,xml-apis.jar,\
|
||||||
|
junit.jar,junit-*.jar,hamcrest*.jar,org.hamcrest*.jar,ant-launcher.jar,\
|
||||||
|
cobertura-*.jar,asm-*.jar,dom4j-*.jar,icu4j-*.jar,jaxen-*.jar,jdom-*.jar,\
|
||||||
|
jetty-*.jar,oro-*.jar,servlet-api-*.jar,tagsoup-*.jar,xmlParserAPIs-*.jar,\
|
||||||
|
xom-*.jar
|
||||||
|
|
||||||
|
# Additional JARs (over and above the default JARs listed above) to skip when
|
||||||
|
# scanning for Servlet 3.0 pluggability features. These features include web
|
||||||
|
# fragments, annotations, SCIs and classes that match @HandlesTypes. The list
|
||||||
|
# must be a comma separated list of JAR file names.
|
||||||
|
org.apache.catalina.startup.ContextConfig.jarsToSkip=
|
||||||
|
|
||||||
|
# Additional JARs (over and above the default JARs listed above) to skip when
|
||||||
|
# scanning for TLDs. The list must be a comma separated list of JAR file names.
|
||||||
|
org.apache.catalina.startup.TldConfig.jarsToSkip=tomcat7-websocket.jar
|
||||||
|
|
||||||
|
#
|
||||||
|
# String cache configuration.
|
||||||
|
tomcat.util.buf.StringCache.byte.enabled=true
|
||||||
|
#tomcat.util.buf.StringCache.char.enabled=true
|
||||||
|
#tomcat.util.buf.StringCache.trainThreshold=500000
|
||||||
|
#tomcat.util.buf.StringCache.cacheSize=5000
|
|
@ -1,38 +1,31 @@
|
||||||
---
|
---
|
||||||
- name: Install the tomcat packages
|
- name: Install the tomcat packages
|
||||||
apt: pkg={{ item }} state={{ tomcat_pkg_state }}
|
apt: pkg={{ item }} state={{ tomcat_pkg_state }}
|
||||||
with_items:
|
with_items: tomcat_pkgs
|
||||||
- tomcat'{{ tomcat_version }}'
|
tags: tomcat
|
||||||
- libtomcat'{{ tomcat_version }}'-java
|
|
||||||
- tomcat'{{ tomcat_version }}'-common
|
|
||||||
- libapr1
|
|
||||||
tags:
|
|
||||||
- tomcat
|
|
||||||
|
|
||||||
- name: Create the tomcat tmp directory
|
- name: Create the tomcat tmp directory
|
||||||
file: dest={{ tomcat_tmp_dir }} state=directory owner={{ tomcat_user }} group={{ tomcat_user }}
|
file: dest={{ tomcat_tmp_dir }} state=directory owner={{ tomcat_user }} group={{ tomcat_user }}
|
||||||
notify:
|
notify: tomcat restart
|
||||||
tomcat restart
|
tags: tomcat
|
||||||
tags:
|
|
||||||
- tomcat
|
|
||||||
|
|
||||||
- name: Configure tomcat defaults
|
- name: Configure tomcat defaults
|
||||||
template: src=tomcat-default.j2 dest=/etc/default/tomcat{{ tomcat_version }}
|
template: src=tomcat-default.j2 dest=/etc/default/tomcat{{ tomcat_version }}
|
||||||
when:
|
when: tomcat_install_default_conf
|
||||||
- tomcat_install_default_conf is defined and tomcat_install_default_conf
|
notify: tomcat restart
|
||||||
notify:
|
tags: tomcat
|
||||||
tomcat restart
|
|
||||||
tags:
|
|
||||||
- tomcat
|
|
||||||
|
|
||||||
- name: Configure tomcat server.xml
|
- name: Configure tomcat server.xml
|
||||||
template: src=tomcat-server.xml.j2 dest={{ tomcat_conf_dir }}/server.xml
|
template: src=tomcat-server.xml.j2 dest={{ tomcat_conf_dir }}/server.xml
|
||||||
when:
|
when: tomcat_install_default_conf
|
||||||
- tomcat_install_default_conf is defined and tomcat_install_default_conf
|
notify: tomcat restart
|
||||||
notify:
|
tags: tomcat
|
||||||
tomcat restart
|
|
||||||
tags:
|
- name: Install a slightly modified catalina.properties
|
||||||
- tomcat
|
copy: src=catalina.properties dest={{ tomcat_conf_dir }}/catalina.properties owner=root group={{ tomcat_user }} mode=0644
|
||||||
|
when: tomcat_install_default_conf
|
||||||
|
notify: tomcat restart
|
||||||
|
tags: tomcat
|
||||||
|
|
||||||
- name: Create some directories that the package do not creates itself
|
- name: Create some directories that the package do not creates itself
|
||||||
file: dest={{ tomcat_catalina_home_dir }}/{{ item }} state=directory owner={{ tomcat_user }} group={{ tomcat_user }} mode=0755
|
file: dest={{ tomcat_catalina_home_dir }}/{{ item }} state=directory owner={{ tomcat_user }} group={{ tomcat_user }} mode=0755
|
||||||
|
@ -40,5 +33,4 @@
|
||||||
- common/classes
|
- common/classes
|
||||||
- server/classes
|
- server/classes
|
||||||
- shared/classes
|
- shared/classes
|
||||||
tags:
|
tags: tomcat
|
||||||
- tomcat
|
|
||||||
|
|
|
@ -18,8 +18,13 @@
|
||||||
<!-- Note: A "Server" is not itself a "Container", so you may not
|
<!-- Note: A "Server" is not itself a "Container", so you may not
|
||||||
define subcomponents such as "Valves" at this level.
|
define subcomponents such as "Valves" at this level.
|
||||||
Documentation at /docs/config/server.html
|
Documentation at /docs/config/server.html
|
||||||
-->
|
-->
|
||||||
|
{% if tomcat_shutdown_port == -1 %}
|
||||||
|
<Server port="{{ tomcat_shutdown_port }}"
|
||||||
|
shutdown="TOMCAT_SHUTDOWN_DISABLED">
|
||||||
|
{% else %}
|
||||||
<Server port="{{ tomcat_shutdown_port }}" shutdown="{{ tomcat_shutdown_pwd }}">
|
<Server port="{{ tomcat_shutdown_port }}" shutdown="{{ tomcat_shutdown_pwd }}">
|
||||||
|
{% endif %}
|
||||||
<!-- Security listener. Documentation at /docs/config/listeners.html
|
<!-- Security listener. Documentation at /docs/config/listeners.html
|
||||||
<Listener className="org.apache.catalina.security.SecurityListener" />
|
<Listener className="org.apache.catalina.security.SecurityListener" />
|
||||||
-->
|
-->
|
||||||
|
|
Loading…
Reference in New Issue