library/roles/dnet_user_services_perms: Manage more directories. Logs in /var/log/dnet

library/roles/iptables/templates/iptables-rules.v6.j2: Fix the reject options
library/roles/tomcat: Install a catalina.properties that matches the one used by the multiple instances role
library/roles/tomcat/templates/tomcat-server.xml.j2: Do not generate a random password when the shutdown port is disabled
This commit is contained in:
Andrea Dell'Amico 2015-07-16 13:25:02 +02:00
parent d9d908e1a2
commit 10441129fc
9 changed files with 282 additions and 46 deletions

View File

@ -4,3 +4,7 @@ dnet_group: dnet
dnet_data_directories: dnet_data_directories:
- /var/lib/dnet - /var/lib/dnet
dnet_log_directories:
- /var/log/dnet
- /var/log/dnet/search

View File

@ -13,18 +13,95 @@
with_items: dnet_data_directories with_items: dnet_data_directories
tags: [ 'tomcat', 'dnet', 'users' ] tags: [ 'tomcat', 'dnet', 'users' ]
# Note: the default is a default only. We need two commands to add acl effectively on the root dir and set the default - name: Create the dnet log dirs
- name: Set the read/write permissions on the tomcat webapps and common/classes directories and on a set of dnet data dirs file: name={{ item }} state=directory owner={{ tomcat_user }} group={{ dnet_group }} mode=0750
with_items: dnet_log_directories
tags: [ 'tomcat', 'dnet', 'users' ]
- name: Set the read/write permissions on the dnet data dirs
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rwx state=present acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rwx state=present
with_items: with_items: dnet_data_directories
# - [ '{{ tomcat_webapps_dir }}', '{{ tomcat_common_classes_dir }}', '{{ dnet_data_directories }}' ]
- [ '{{ tomcat_webapps_dir }}', '{{ tomcat_common_classes_dir }}' ]
tags: [ 'tomcat', 'dnet', 'users' ] tags: [ 'tomcat', 'dnet', 'users' ]
- name: Set the default read/write permissions on the tomcat webapps and common/classes directories and on a set of dnet data dirs - name: Set the default read/write permissions on the dnet data dirs
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rwx state=present default=yes acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rwx state=present default=yes
with_items: with_items: dnet_data_directories
# - [ '{{ tomcat_webapps_dir }}', '{{ tomcat_common_classes_dir }}', '{{ dnet_data_directories }}' ] tags: [ 'tomcat', 'dnet', 'users' ]
- [ '{{ tomcat_webapps_dir }}', '{{ tomcat_common_classes_dir }}' ]
- name: Set the read permissions on the dnet log dirs
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rx state=present
with_items: dnet_log_directories
tags: [ 'tomcat', 'dnet', 'users' ]
- name: Set the default read permissions on the dnet log dirs
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rx state=present default=yes
with_items: dnet_log_directories
tags: [ 'tomcat', 'dnet', 'users' ]
#
# Acls for the single tomcat instance
#
# Note: the default is a default only. We need two commands to add acl effectively on the root dir and set the default
- name: Set the read/write permissions on the tomcat webapps and common/classes directories. single tomcat instance
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rwx state=present
when: tomcat_m_instances is not defined
with_items:
- [ '{{ tomcat_webapps_dir }}', '{{ tomcat_common_classes_dir }}', '{{ tomcat_common_dir }}' ]
tags: [ 'tomcat', 'dnet', 'users' ]
- name: Set the default read/write permissions on the tomcat webapps and common/classes directories. single tomcat instance
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rwx state=present default=yes
when: tomcat_m_instances is not defined
with_items:
- [ '{{ tomcat_webapps_dir }}', '{{ tomcat_common_classes_dir }}', '{{ tomcat_common_dir }}' ]
tags: [ 'tomcat', 'dnet', 'users' ]
# Note: the default is a default only. We need two commands to add acl effectively on the root dir and set the default
- name: Set the read permissions on the tomcat log directory. single tomcat instance
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rx state=present
when: tomcat_m_instances is not defined
with_items:
- [ '{{ tomcat_logdir }}' ]
tags: [ 'tomcat', 'dnet', 'users' ]
- name: Set the default read permissions on the tomcat log directory. single tomcat instance
acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rx state=present default=yes
when: tomcat_m_instances is not defined
with_items:
- [ '{{ tomcat_logdir }}' ]
tags: [ 'tomcat', 'dnet', 'users' ]
#
# Same steps, but when we are using multiple tomcat instances
#
# Note: the default is a default only. We need two commands to add acl effectively on the root dir and set the default
- name: Set the read/write permissions on the tomcat webapps and common/classes directories. multiple tomcat instances
acl: name={{ item.0.instance_path }}/{{ item.1 }} entity={{ dnet_group }} etype=group permissions=rwx state=present
when: tomcat_m_instances is defined
with_nested:
- ' {{ tomcat_m_instances }}'
- [ 'webapps', 'common', 'common/classes' ]
tags: [ 'tomcat', 'dnet', 'users' ]
- name: Set the default read/write permissions on the tomcat webapps and common/classes directories. multiple tomcat instances
acl: name={{ item.0.instance_path }}/{{ item.1 }} entity={{ dnet_group }} etype=group permissions=rwx state=present default=yes
when: tomcat_m_instances is not defined
when: tomcat_m_instances is defined
with_nested:
- ' {{ tomcat_m_instances }}'
- [ 'webapps', 'common', 'common/classes' ]
tags: [ 'tomcat', 'dnet', 'users' ]
# Note: the default is a default only. We need two commands to add acl effectively on the root dir and set the default
- name: Set the read permissions on the tomcat log directory. multiple tomcat instances
acl: name={{ tomcat_m_instances_logdir_base }}/{{ item.http_port }} entity={{ dnet_group }} etype=group permissions=rx state=present
when: tomcat_m_instances is defined
with_items: tomcat_m_instances
tags: [ 'tomcat', 'dnet', 'users' ]
- name: Set the default read permissions on the tomcat log directory. multiple tomcat instances
acl: name={{ tomcat_m_instances_logdir_base }}/{{ item.http_port }} entity={{ dnet_group }} etype=group permissions=rx state=present default=yes
when: tomcat_m_instances is defined
with_items: tomcat_m_instances
tags: [ 'tomcat', 'dnet', 'users' ] tags: [ 'tomcat', 'dnet', 'users' ]

View File

@ -3,8 +3,8 @@
:FORWARD ACCEPT [0:0] :FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0]
{% if iptables_default_policy == 'REJECT' %} {% if iptables_default_policy == 'REJECT' %}
-A INPUT -j REJECT --reject-with icmp-host-prohibited -A INPUT -j REJECT --reject-with icmp6-addr-unreachable
-A FORWARD -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp6-addr-unreachable
{% else %} {% else %}
-A INPUT -j {{ iptables_default_policy }} -A INPUT -j {{ iptables_default_policy }}
-A FORWARD -j {{ iptables_default_policy }} -A FORWARD -j {{ iptables_default_policy }}

View File

@ -11,6 +11,18 @@ openldap_slapd_tcp_port: 389
openldap_slapd_ssl_port: 636 openldap_slapd_ssl_port: 636
openldap_slapd_ssl_only: False openldap_slapd_ssl_only: False
# Set slapd_admin_pwd in a vault file
slapd_debconf_params:
- { question: 'slapd/password1', value: '{{ slapd_admin_pwd }}', vtype: 'password' }
- { question: 'slapd/password2', value: '{{ slapd_admin_pwd }}', vtype: 'password' }
- { question: 'slapd/internal/adminpw', value: '{{ slapd_admin_pwd }}', vtype: 'password' }
- { question: 'slapd/no_configuration', value: 'false', vtype: 'boolean' }
- { question: 'shared/organization', value: 'Organization', vtype: 'text' }
- { question: 'slapd/purge_database', value: 'false', vtype: 'boolean' }
- { question: 'slapd/allow_ldap_v2', value: 'true', vtype: 'boolean' }
- { question: 'slapd/backend', value: 'HDB', vtype: 'select' }
- { question: 'slapd/domain', value: 'DNS Domain Name', vtype: 'text' }
# openldap_allowed_clients: # openldap_allowed_clients:
# - ip/32 # - ip/32
# - net/24 # - net/24

View File

@ -87,13 +87,15 @@ shared.loader=${catalina.base}/shared/classes,${catalina.base}/shared/*.jar
# - Apple JDK JARs # - Apple JDK JARs
tomcat.util.scan.DefaultJarScanner.jarsToSkip=\ tomcat.util.scan.DefaultJarScanner.jarsToSkip=\
bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,\ bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,\
annotations-api.jar,el-api.jar,jsp-api.jar,servlet-api.jar,\ annotations-api.jar,el-api.jar,jsp-api.jar,servlet-api.jar,websocket-api.jar,\
catalina.jar,catalina-ant.jar,catalina-ha.jar,catalina-tribes.jar,\ catalina.jar,catalina-ant.jar,catalina-ha.jar,catalina-tribes.jar,\
jasper.jar,jasper-el.jar,ecj-*.jar,\ jasper.jar,jasper-el.jar,ecj-*.jar,\
tomcat-api.jar,tomcat-util.jar,tomcat-coyote.jar,tomcat-dbcp.jar,\ tomcat-api.jar,tomcat-util.jar,tomcat-coyote.jar,tomcat-dbcp.jar,\
tomcat-jni.jar,tomcat-spdy.jar,\
tomcat-i18n-en.jar,tomcat-i18n-es.jar,tomcat-i18n-fr.jar,tomcat-i18n-ja.jar,\ tomcat-i18n-en.jar,tomcat-i18n-es.jar,tomcat-i18n-fr.jar,tomcat-i18n-ja.jar,\
tomcat-juli-adapters.jar,catalina-jmx-remote.jar,catalina-ws.jar,\ tomcat-juli-adapters.jar,catalina-jmx-remote.jar,catalina-ws.jar,\
tomcat-jdbc.jar,\ tomcat-jdbc.jar,\
tools.jar,\
commons-beanutils*.jar,commons-codec*.jar,commons-collections*.jar,\ commons-beanutils*.jar,commons-codec*.jar,commons-collections*.jar,\
commons-dbcp*.jar,commons-digester*.jar,commons-fileupload*.jar,\ commons-dbcp*.jar,commons-digester*.jar,commons-fileupload*.jar,\
commons-httpclient*.jar,commons-io*.jar,commons-lang*.jar,commons-logging*.jar,\ commons-httpclient*.jar,commons-io*.jar,commons-lang*.jar,commons-logging*.jar,\
@ -101,15 +103,22 @@ commons-math*.jar,commons-pool*.jar,\
jstl.jar,\ jstl.jar,\
geronimo-spec-jaxrpc*.jar,wsdl4j*.jar,\ geronimo-spec-jaxrpc*.jar,wsdl4j*.jar,\
ant.jar,ant-junit*.jar,aspectj*.jar,jmx.jar,h2*.jar,hibernate*.jar,httpclient*.jar,\ ant.jar,ant-junit*.jar,aspectj*.jar,jmx.jar,h2*.jar,hibernate*.jar,httpclient*.jar,\
jmx-tools.jar,jta*.jar,log4j*.jar,mail*.jar,slf4j*.jar,\ jmx-tools.jar,jta*.jar,log4j.jar,log4j-1*.jar,mail*.jar,slf4j*.jar,\
xercesImpl.jar,xmlParserAPIs.jar,xml-apis.jar,\ xercesImpl.jar,xmlParserAPIs.jar,xml-apis.jar,\
dnsns.jar,ldapsec.jar,localedata.jar,sunjce_provider.jar,sunmscapi.jar,\ junit.jar,junit-*.jar,hamcrest*.jar,org.hamcrest*.jar,ant-launcher.jar,\
sunpkcs11.jar,jhall.jar,tools.jar,\ cobertura-*.jar,asm-*.jar,dom4j-*.jar,icu4j-*.jar,jaxen-*.jar,jdom-*.jar,\
sunec.jar,zipfs.jar,\ jetty-*.jar,oro-*.jar,servlet-api-*.jar,tagsoup-*.jar,xmlParserAPIs-*.jar,\
apple_provider.jar,AppleScriptEngine.jar,CoreAudio.jar,dns_sd.jar,\ xom-*.jar
j3daudio.jar,j3dcore.jar,j3dutils.jar,jai_core.jar,jai_codec.jar,\
mlibwrapper_jai.jar,MRJToolkit.jar,vecmath.jar,\ # Additional JARs (over and above the default JARs listed above) to skip when
junit.jar,junit-*.jar,ant-launcher.jar # scanning for Servlet 3.0 pluggability features. These features include web
# fragments, annotations, SCIs and classes that match @HandlesTypes. The list
# must be a comma separated list of JAR file names.
org.apache.catalina.startup.ContextConfig.jarsToSkip=
# Additional JARs (over and above the default JARs listed above) to skip when
# scanning for TLDs. The list must be a comma separated list of JAR file names.
org.apache.catalina.startup.TldConfig.jarsToSkip=tomcat7-websocket.jar
# #
# String cache configuration. # String cache configuration.

View File

@ -2,6 +2,11 @@
tomcat_version: 7 tomcat_version: 7
tomcat_pkg_state: installed tomcat_pkg_state: installed
tomcat_service_enabled: True tomcat_service_enabled: True
tomcat_pkgs:
- tomcat'{{ tomcat_version }}'
- libtomcat'{{ tomcat_version }}'-java
- tomcat'{{ tomcat_version }}'-common
- libapr1
tomcat_user: tomcat7 tomcat_user: tomcat7
tomcat_max_threads: 200 tomcat_max_threads: 200
tomcat_min_heap_size: 2048m tomcat_min_heap_size: 2048m
@ -31,6 +36,7 @@ tomcat_catalina_home_dir: '/usr/share/tomcat{{ tomcat_version }}'
tomcat_catalina_base_dir: '/var/lib/tomcat{{ tomcat_version }}' tomcat_catalina_base_dir: '/var/lib/tomcat{{ tomcat_version }}'
tomcat_conf_dir: '/etc/tomcat{{ tomcat_version }}' tomcat_conf_dir: '/etc/tomcat{{ tomcat_version }}'
tomcat_webapps_dir: '{{ tomcat_catalina_base_dir }}/webapps' tomcat_webapps_dir: '{{ tomcat_catalina_base_dir }}/webapps'
tomcat_common_dir: '{{ tomcat_catalina_base_dir }}/common/'
tomcat_common_classes_dir: '{{ tomcat_catalina_base_dir }}/common/classes' tomcat_common_classes_dir: '{{ tomcat_catalina_base_dir }}/common/classes'
tomcat_tmp_dir: '{{ tomcat_catalina_base_dir }}/tmp/tomcat' tomcat_tmp_dir: '{{ tomcat_catalina_base_dir }}/tmp/tomcat'

View File

@ -0,0 +1,131 @@
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when
# passed to checkPackageAccess unless the
# corresponding RuntimePermission ("accessClassInPackage."+package) has
# been granted.
package.access=sun.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.
#
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when
# passed to checkPackageDefinition unless the
# corresponding RuntimePermission ("defineClassInPackage."+package) has
# been granted.
#
# by default, no packages are restricted for definition, and none of
# the class loaders supplied with the JDK call checkPackageDefinition.
#
package.definition=sun.,java.,org.apache.catalina.,org.apache.coyote.,org.apache.tomcat.,org.apache.jasper.
#
#
# List of comma-separated paths defining the contents of the "common"
# classloader. Prefixes should be used to define what is the repository type.
# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute.
# If left as blank,the JVM system loader will be used as Catalina's "common"
# loader.
# Examples:
# "foo": Add this folder as a class repository
# "foo/*.jar": Add all the JARs of the specified folder as class
# repositories
# "foo/bar.jar": Add bar.jar as a class repository
common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar,${catalina.home}/common/classes,${catalina.home}/common/*.jar,${catalina.base}/common/classes,${catalina.base}/common/*.jar
#
# List of comma-separated paths defining the contents of the "server"
# classloader. Prefixes should be used to define what is the repository type.
# Path may be relative to the CATALINA_HOME or CATALINA_BASE path or absolute.
# If left as blank, the "common" loader will be used as Catalina's "server"
# loader.
# Examples:
# "foo": Add this folder as a class repository
# "foo/*.jar": Add all the JARs of the specified folder as class
# repositories
# "foo/bar.jar": Add bar.jar as a class repository
server.loader=${catalina.home}/server/classes,${catalina.home}/server/*.jar,${catalina.base}/server/classes,${catalina.base}/server/*.jar
#
# List of comma-separated paths defining the contents of the "shared"
# classloader. Prefixes should be used to define what is the repository type.
# Path may be relative to the CATALINA_BASE path or absolute. If left as blank,
# the "common" loader will be used as Catalina's "shared" loader.
# Examples:
# "foo": Add this folder as a class repository
# "foo/*.jar": Add all the JARs of the specified folder as class
# repositories
# "foo/bar.jar": Add bar.jar as a class repository
# Please note that for single jars, e.g. bar.jar, you need the URL form
# starting with file:.
shared.loader=${catalina.home}/shared/classes,${catalina.home}/shared/*.jar,${catalina.base}/shared/classes,${catalina.base}/shared/*.jar
# List of JAR files that should not be scanned using the JarScanner
# functionality. This is typically used to scan JARs for configuration
# information. JARs that do not contain such information may be excluded from
# the scan to speed up the scanning process. This is the default list. JARs on
# this list are excluded from all scans. Scan specific lists (to exclude JARs
# from individual scans) follow this. The list must be a comma separated list of
# JAR file names.
# The JARs listed below include:
# - Tomcat Bootstrap JARs
# - Tomcat API JARs
# - Catalina JARs
# - Jasper JARs
# - Tomcat JARs
# - Common non-Tomcat JARs
# - Test JARs (JUnit, Cobertura and dependencies)
tomcat.util.scan.DefaultJarScanner.jarsToSkip=\
bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,\
annotations-api.jar,el-api.jar,jsp-api.jar,servlet-api.jar,websocket-api.jar,\
catalina.jar,catalina-ant.jar,catalina-ha.jar,catalina-tribes.jar,\
jasper.jar,jasper-el.jar,ecj-*.jar,\
tomcat-api.jar,tomcat-util.jar,tomcat-coyote.jar,tomcat-dbcp.jar,\
tomcat-jni.jar,tomcat-spdy.jar,\
tomcat-i18n-en.jar,tomcat-i18n-es.jar,tomcat-i18n-fr.jar,tomcat-i18n-ja.jar,\
tomcat-juli-adapters.jar,catalina-jmx-remote.jar,catalina-ws.jar,\
tomcat-jdbc.jar,\
tools.jar,\
commons-beanutils*.jar,commons-codec*.jar,commons-collections*.jar,\
commons-dbcp*.jar,commons-digester*.jar,commons-fileupload*.jar,\
commons-httpclient*.jar,commons-io*.jar,commons-lang*.jar,commons-logging*.jar,\
commons-math*.jar,commons-pool*.jar,\
jstl.jar,\
geronimo-spec-jaxrpc*.jar,wsdl4j*.jar,\
ant.jar,ant-junit*.jar,aspectj*.jar,jmx.jar,h2*.jar,hibernate*.jar,httpclient*.jar,\
jmx-tools.jar,jta*.jar,log4j.jar,log4j-1*.jar,mail*.jar,slf4j*.jar,\
xercesImpl.jar,xmlParserAPIs.jar,xml-apis.jar,\
junit.jar,junit-*.jar,hamcrest*.jar,org.hamcrest*.jar,ant-launcher.jar,\
cobertura-*.jar,asm-*.jar,dom4j-*.jar,icu4j-*.jar,jaxen-*.jar,jdom-*.jar,\
jetty-*.jar,oro-*.jar,servlet-api-*.jar,tagsoup-*.jar,xmlParserAPIs-*.jar,\
xom-*.jar
# Additional JARs (over and above the default JARs listed above) to skip when
# scanning for Servlet 3.0 pluggability features. These features include web
# fragments, annotations, SCIs and classes that match @HandlesTypes. The list
# must be a comma separated list of JAR file names.
org.apache.catalina.startup.ContextConfig.jarsToSkip=
# Additional JARs (over and above the default JARs listed above) to skip when
# scanning for TLDs. The list must be a comma separated list of JAR file names.
org.apache.catalina.startup.TldConfig.jarsToSkip=tomcat7-websocket.jar
#
# String cache configuration.
tomcat.util.buf.StringCache.byte.enabled=true
#tomcat.util.buf.StringCache.char.enabled=true
#tomcat.util.buf.StringCache.trainThreshold=500000
#tomcat.util.buf.StringCache.cacheSize=5000

View File

@ -1,38 +1,31 @@
--- ---
- name: Install the tomcat packages - name: Install the tomcat packages
apt: pkg={{ item }} state={{ tomcat_pkg_state }} apt: pkg={{ item }} state={{ tomcat_pkg_state }}
with_items: with_items: tomcat_pkgs
- tomcat'{{ tomcat_version }}' tags: tomcat
- libtomcat'{{ tomcat_version }}'-java
- tomcat'{{ tomcat_version }}'-common
- libapr1
tags:
- tomcat
- name: Create the tomcat tmp directory - name: Create the tomcat tmp directory
file: dest={{ tomcat_tmp_dir }} state=directory owner={{ tomcat_user }} group={{ tomcat_user }} file: dest={{ tomcat_tmp_dir }} state=directory owner={{ tomcat_user }} group={{ tomcat_user }}
notify: notify: tomcat restart
tomcat restart tags: tomcat
tags:
- tomcat
- name: Configure tomcat defaults - name: Configure tomcat defaults
template: src=tomcat-default.j2 dest=/etc/default/tomcat{{ tomcat_version }} template: src=tomcat-default.j2 dest=/etc/default/tomcat{{ tomcat_version }}
when: when: tomcat_install_default_conf
- tomcat_install_default_conf is defined and tomcat_install_default_conf notify: tomcat restart
notify: tags: tomcat
tomcat restart
tags:
- tomcat
- name: Configure tomcat server.xml - name: Configure tomcat server.xml
template: src=tomcat-server.xml.j2 dest={{ tomcat_conf_dir }}/server.xml template: src=tomcat-server.xml.j2 dest={{ tomcat_conf_dir }}/server.xml
when: when: tomcat_install_default_conf
- tomcat_install_default_conf is defined and tomcat_install_default_conf notify: tomcat restart
notify: tags: tomcat
tomcat restart
tags: - name: Install a slightly modified catalina.properties
- tomcat copy: src=catalina.properties dest={{ tomcat_conf_dir }}/catalina.properties owner=root group={{ tomcat_user }} mode=0644
when: tomcat_install_default_conf
notify: tomcat restart
tags: tomcat
- name: Create some directories that the package do not creates itself - name: Create some directories that the package do not creates itself
file: dest={{ tomcat_catalina_home_dir }}/{{ item }} state=directory owner={{ tomcat_user }} group={{ tomcat_user }} mode=0755 file: dest={{ tomcat_catalina_home_dir }}/{{ item }} state=directory owner={{ tomcat_user }} group={{ tomcat_user }} mode=0755
@ -40,5 +33,4 @@
- common/classes - common/classes
- server/classes - server/classes
- shared/classes - shared/classes
tags: tags: tomcat
- tomcat

View File

@ -18,8 +18,13 @@
<!-- Note: A "Server" is not itself a "Container", so you may not <!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level. define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html Documentation at /docs/config/server.html
--> -->
{% if tomcat_shutdown_port == -1 %}
<Server port="{{ tomcat_shutdown_port }}"
shutdown="TOMCAT_SHUTDOWN_DISABLED">
{% else %}
<Server port="{{ tomcat_shutdown_port }}" shutdown="{{ tomcat_shutdown_pwd }}"> <Server port="{{ tomcat_shutdown_port }}" shutdown="{{ tomcat_shutdown_pwd }}">
{% endif %}
<!-- Security listener. Documentation at /docs/config/listeners.html <!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" /> <Listener className="org.apache.catalina.security.SecurityListener" />
--> -->