diff --git a/d4s_user_services_perms/defaults/main.yml b/d4s_user_services_perms/defaults/main.yml index 214c9185..e8d9279e 100644 --- a/d4s_user_services_perms/defaults/main.yml +++ b/d4s_user_services_perms/defaults/main.yml @@ -4,6 +4,19 @@ d4science_user_create_home: True d4science_user_home: '/home/{{ d4science_user }}' d4science_user_shell: /bin/bash +d4science_sudoers_commands: + - /etc/init.d/tomcat-instance-* + d4science_tomcat_options_files: - '/etc/default/tomcat-instance-{{ item.0.http_port }}' - '/etc/default/tomcat-instance-{{ item.0.http_port }}.local' + +d4science_manual_tomcat_inst_dir: '{{ d4science_user_home }}/tomcat' +d4science_manual_tomcat_log_dir: '{{ d4science_manual_tomcat_inst_dir }}/logs' +d4science_manual_tomcat_rotate_copies: 15 +d4science_manual_tomcat_rotate_access_log: False +d4science_manual_tomcat_access_log: localhost_access.log + +d4science_tomcat_start_command: + +d4science_tomcat_stop_command: diff --git a/d4s_user_services_perms/tasks/d4s-tomcat-node.yml b/d4s_user_services_perms/tasks/d4s-tomcat-node.yml index 2984ea6a..17a7a56c 100644 --- a/d4s_user_services_perms/tasks/d4s-tomcat-node.yml +++ b/d4s_user_services_perms/tasks/d4s-tomcat-node.yml @@ -1,19 +1,41 @@ --- -- name: Install the sudoers config that permits the tomcat user to restart the service - template: src=tomcat-sudoers.j2 dest=/etc/sudoers.d/tomcat-d4science owner=root group=root mode=0440 - tags: [ 'tomcat', 'd4science', 'sudo' ] - - name: Install the script that allows the tomcat user to start and stop the service without using the full path template: src={{ item.1 }}.j2 dest={{ item.0.user_home }}/{{ item.1 }} owner={{ item.0.user }} group={{ item.0.user }} mode=0755 with_nested: - - '{{ tomcat_m_instances }}' + - '{{ tomcat_m_instances | default ([]) }}' - [ 'startContainer.sh', 'stopContainer.sh' ] - tags: [ 'tomcat', 'd4science', 'sudo' ] + when: tomcat_m_instances is defined + tags: [ 'tomcat', 'd4science', 'sudo', 'startup_cmd' ] - name: Install the README file that explains where the options files are placed and how start/stop the service template: src={{ item.1 }}.j2 dest={{ item.0.user_home }}/{{ item.1 }} owner={{ item.0.user }} group={{ item.0.user }} mode=0444 with_nested: - '{{ tomcat_m_instances }}' - [ 'README-tomcat' ] + when: tomcat_m_instances is defined tags: [ 'tomcat', 'd4science', 'd4s_readme' ] +# A manual tomcat installation. We try to fix it in some way +- name: Create the d4science tomcat user + user: name={{ d4science_user }} home={{ d4science_user_home }} createhome={{ d4science_user_create_home }} shell={{ d4science_user_shell }} + when: tomcat_m_instances is not defined + tags: [ 'tomcat', 'd4science', 'users' ] + +- name: Install the script that allows the tomcat user to start and stop the service without using the full path + template: src={{ item }}.j2 dest=/home/{{ d4science_user }}/{{ item }} owner={{ d4science_user }} group={{ d4science_user }} mode=0755 + with_items: + - 'startContainer.sh' + - 'stopContainer.sh' + when: tomcat_m_instances is not defined + tags: [ 'tomcat', 'd4science', 'sudo', 'startup_cmd' ] + +- name: Install a logrotate rule for catalina.out and access_log + template: src=catalina-logrotate.j2 dest=/etc/logrotate.d/catalina_access owner=root group=root mode=0644 + when: tomcat_m_instances is not defined + tags: [ 'tomcat', 'd4science', 'startup_cmd' ] + +# We always install the sudoers file +- name: Install the sudoers config that permits the tomcat user to restart the service + template: src=tomcat-sudoers.j2 dest=/etc/sudoers.d/tomcat-d4science owner=root group=root mode=0440 + tags: [ 'tomcat', 'd4science', 'sudo', 'startup_cmd' ] + diff --git a/d4s_user_services_perms/templates/catalina-logrotate.j2 b/d4s_user_services_perms/templates/catalina-logrotate.j2 new file mode 100644 index 00000000..836a931c --- /dev/null +++ b/d4s_user_services_perms/templates/catalina-logrotate.j2 @@ -0,0 +1,20 @@ +{{ d4science_manual_tomcat_log_dir }}/catalina.out { + copytruncate + daily + rotate {{ d4science_manual_tomcat_rotate_copies }} + compress + missingok + create 640 {{ d4science_user }} {{ d4science_user }} +} + +{% if d4science_manual_tomcat_rotate_access_log %} +{{ d4science_manual_tomcat_log_dir }}/localhost_access.log { + copytruncate + daily + rotate {{ d4science_manual_tomcat_rotate_copies }} + compress + missingok + create 640 {{ d4science_user }} {{ d4science_user }} +} +{% endif %} + diff --git a/d4s_user_services_perms/templates/startContainer.sh.j2 b/d4s_user_services_perms/templates/startContainer.sh.j2 index 2d5fa86c..a4b2232f 100644 --- a/d4s_user_services_perms/templates/startContainer.sh.j2 +++ b/d4s_user_services_perms/templates/startContainer.sh.j2 @@ -1,5 +1,9 @@ #!/bin/bash +{% if tomcat_m_instances is defined %} sudo /etc/init.d/tomcat-instance-{{ item.0.http_port }} start +{% else %} +sudo {{ d4science_tomcat_start_command }} +{% endif %} exit $? diff --git a/d4s_user_services_perms/templates/stopContainer.sh.j2 b/d4s_user_services_perms/templates/stopContainer.sh.j2 index 2d22e531..da3407a2 100644 --- a/d4s_user_services_perms/templates/stopContainer.sh.j2 +++ b/d4s_user_services_perms/templates/stopContainer.sh.j2 @@ -1,5 +1,9 @@ #!/bin/bash +{% if tomcat_m_instances is defined %} sudo /etc/init.d/tomcat-instance-{{ item.0.http_port }} stop +{% else %} +sudo {{ d4science_tomcat_stop_command }} +{% endif %} exit $? diff --git a/d4s_user_services_perms/templates/tomcat-sudoers.j2 b/d4s_user_services_perms/templates/tomcat-sudoers.j2 index 8dc5cd9a..b10c66ab 100644 --- a/d4s_user_services_perms/templates/tomcat-sudoers.j2 +++ b/d4s_user_services_perms/templates/tomcat-sudoers.j2 @@ -1,2 +1,2 @@ -{{ d4science_user }} ALL=(ALL) NOPASSWD: /etc/init.d/tomcat-instance-* +{{ d4science_user }} ALL=(ALL) NOPASSWD: {% for cmd in d4science_sudoers_commands %}{{ cmd }}{% if not loop.last %},{% endif %}{% endfor %}