library/roles/d4s_user_services_perms: Manage the manually installed tomcat, providing a logrotate rule for catalina and a sudoers configuration that permits to manage the instance by the unprivileged user.

2016-07-11 17:57:45 +02:00 · 2016-07-11 17:57:45 +02:00 · 883a8b0826
parent b02841191c
commit 883a8b0826
6 changed files with 70 additions and 7 deletions
--- a/d4s_user_services_perms/defaults/main.yml
+++ b/d4s_user_services_perms/defaults/main.yml
@ -4,6 +4,19 @@ d4science_user_create_home: True
 d4science_user_home: '/home/{{ d4science_user }}'
 d4science_user_shell: /bin/bash

+d4science_sudoers_commands:
+  - /etc/init.d/tomcat-instance-*
+
 d4science_tomcat_options_files:
  - '/etc/default/tomcat-instance-{{ item.0.http_port }}'
  - '/etc/default/tomcat-instance-{{ item.0.http_port }}.local'
+
+d4science_manual_tomcat_inst_dir: '{{ d4science_user_home }}/tomcat'
+d4science_manual_tomcat_log_dir: '{{ d4science_manual_tomcat_inst_dir }}/logs'
+d4science_manual_tomcat_rotate_copies: 15
+d4science_manual_tomcat_rotate_access_log: False
+d4science_manual_tomcat_access_log: localhost_access.log
+
+d4science_tomcat_start_command:
+
+d4science_tomcat_stop_command:
--- a/d4s_user_services_perms/tasks/d4s-tomcat-node.yml
+++ b/d4s_user_services_perms/tasks/d4s-tomcat-node.yml
@ -1,19 +1,41 @@
 ---
- name: Install the sudoers config that permits the tomcat user to restart the service
-  template: src=tomcat-sudoers.j2 dest=/etc/sudoers.d/tomcat-d4science owner=root group=root mode=0440
-  tags: [ 'tomcat', 'd4science', 'sudo' ]
-
 - name: Install the script that allows the tomcat user to start and stop the service without using the full path
  template: src={{ item.1 }}.j2 dest={{ item.0.user_home }}/{{ item.1 }} owner={{ item.0.user }} group={{ item.0.user }} mode=0755
  with_nested:
-    - '{{ tomcat_m_instances }}'
+    - '{{ tomcat_m_instances | default ([]) }}'
    - [ 'startContainer.sh', 'stopContainer.sh' ]
-  tags: [ 'tomcat', 'd4science', 'sudo' ]
+  when: tomcat_m_instances is defined
+  tags: [ 'tomcat', 'd4science', 'sudo', 'startup_cmd' ]

 - name: Install the README file that explains where the options files are placed and how start/stop the service
  template: src={{ item.1 }}.j2 dest={{ item.0.user_home }}/{{ item.1 }} owner={{ item.0.user }} group={{ item.0.user }} mode=0444
  with_nested:
    - '{{ tomcat_m_instances }}'
    - [ 'README-tomcat' ]
+  when: tomcat_m_instances is defined
  tags: [ 'tomcat', 'd4science', 'd4s_readme' ]

+# A manual tomcat installation. We try to fix it in some way
+- name: Create the d4science tomcat user
+  user: name={{ d4science_user }} home={{ d4science_user_home }} createhome={{ d4science_user_create_home }} shell={{ d4science_user_shell }}
+  when: tomcat_m_instances is not defined
+  tags: [ 'tomcat', 'd4science', 'users' ]
+
+- name: Install the script that allows the tomcat user to start and stop the service without using the full path
+  template: src={{ item }}.j2 dest=/home/{{ d4science_user }}/{{ item }} owner={{ d4science_user }} group={{ d4science_user }} mode=0755
+  with_items:
+    - 'startContainer.sh'
+    - 'stopContainer.sh'
+  when: tomcat_m_instances is not defined
+  tags: [ 'tomcat', 'd4science', 'sudo', 'startup_cmd' ]
+
+- name: Install a logrotate rule for catalina.out and access_log
+  template: src=catalina-logrotate.j2 dest=/etc/logrotate.d/catalina_access owner=root group=root mode=0644
+  when: tomcat_m_instances is not defined
+  tags: [ 'tomcat', 'd4science', 'startup_cmd' ]
+
+# We always install the sudoers file
+- name: Install the sudoers config that permits the tomcat user to restart the service
+  template: src=tomcat-sudoers.j2 dest=/etc/sudoers.d/tomcat-d4science owner=root group=root mode=0440
+  tags: [ 'tomcat', 'd4science', 'sudo', 'startup_cmd' ]
+
--- a/d4s_user_services_perms/templates/catalina-logrotate.j2
+++ b/d4s_user_services_perms/templates/catalina-logrotate.j2
@ -0,0 +1,20 @@
+{{ d4science_manual_tomcat_log_dir }}/catalina.out {
+  copytruncate
+  daily
+  rotate {{ d4science_manual_tomcat_rotate_copies }}
+  compress
+  missingok
+  create 640 {{ d4science_user }} {{ d4science_user }}
+}
+
+{% if d4science_manual_tomcat_rotate_access_log %}
+{{ d4science_manual_tomcat_log_dir }}/localhost_access.log {
+  copytruncate
+  daily
+  rotate {{ d4science_manual_tomcat_rotate_copies }}
+  compress
+  missingok
+  create 640 {{ d4science_user }} {{ d4science_user }}
+}
+{% endif %}
+
--- a/d4s_user_services_perms/templates/startContainer.sh.j2
+++ b/d4s_user_services_perms/templates/startContainer.sh.j2
@ -1,5 +1,9 @@
 #!/bin/bash

+{% if tomcat_m_instances is defined %}
 sudo /etc/init.d/tomcat-instance-{{ item.0.http_port }} start
+{% else %}
+sudo {{ d4science_tomcat_start_command }}
+{% endif %}

 exit $?
--- a/d4s_user_services_perms/templates/stopContainer.sh.j2
+++ b/d4s_user_services_perms/templates/stopContainer.sh.j2
@ -1,5 +1,9 @@
 #!/bin/bash

+{% if tomcat_m_instances is defined %}
 sudo /etc/init.d/tomcat-instance-{{ item.0.http_port }} stop
+{% else %}
+sudo {{ d4science_tomcat_stop_command }}
+{% endif %}

 exit $?
--- a/d4s_user_services_perms/templates/tomcat-sudoers.j2
+++ b/d4s_user_services_perms/templates/tomcat-sudoers.j2
@ -1,2 +1,2 @@
-{{ d4science_user }}  ALL=(ALL) NOPASSWD:  /etc/init.d/tomcat-instance-*
+{{ d4science_user }}  ALL=(ALL) NOPASSWD:  {% for cmd in d4science_sudoers_commands %}{{ cmd }}{% if not loop.last %},{% endif %}{% endfor %}