Giter Club home page Giter Club logo

jws's Introduction

Ansible Collection - middleware_automation.jws

Build Status

This repository contains the Ansible roles and playbooks to set up an automated installation of Red Hat JBoss Web Server (JWS).

Ansible version compatibility

This collection has been tested against Ansible versions 2.14.0 or later.

The plug-ins and modules that are within a collection might be tested with specific Ansible versions only. A collection can contain metadata that identifies these Ansible versions.

Content included in this collection

Roles

  • The jws role contains the Ansible playbook and handles the following automated tasks:
    • Ensures that a Java Development Kit (JDK) is installed on your target hosts
    • Installs the basic packages that a JBoss Web Server installation requires
    • Creates a JBoss Web Server user account and group
    • Installs JBoss Web Server from product archive files or RPM packages
    • Assigns ownership of the JBoss Web Server directories to the appropriate user account and group
    • Deploys the server.xml, web.xml, and context.xml files

Collection setup

For demonstration purposes, you can run the collection directly from this folder. However, the proper setup is to install the collection by using Ansible Galaxy:

$ ansible-galaxy collection install middleware_automation.jws

For development purposes, if you want to test changes to the collection, you can build and install the collection by using the following commands:

$ ansible-galaxy collection build .
$ ansible-galaxy collection install middleware_automation-jws-*.tar.gz

Collection usage for installing JBoss Web Server

You can enable the collection to use any of the following installation methods when performing an automated installation of JBoss Web Server:

  • Local archive files
  • RPM packages
  • Custom URL for downloading the archive files

Using local archive files

To enable the collection to install JBoss Web Server from local archive files:

  1. If copies of the archive files are not already on your system, download the appropriate archive files from the Red Hat Customer Portal:

    • Red Hat JBoss Web Server X.Y.0 Application Server (the application server)
    • Red Hat JBoss Web Server X.Y.0 Application Server for RHEL 8 x86_64 (the native components)

    In the preceding file names, replace X.Y.0 with the JBoss Web Server version that you want to install (for example, 5.7.0 or 6.0.0).

  2. Copy the archive files to your Ansible control node.

  3. On your Ansible control node, set the following variables, as appropriate:

     vars:
   ...
   jws_install_method: zipfiles
   jws_version: 6.0.0
   jws_native: True
   zipfile_name: <application_server_filename>.zip
   native_zipfile: <native_filename>.zip

    Consider the following guidelines:

    Variable Details
    jws_install_method Specifies the installation method (by default, zipfiles)
    jws_version Specifies the version of JBoss Web Server that you want to install (for example, 5.7.0 or 6.0.0)
    jws_native Indicates whether you also want to install the native archive file (by default, False)
    zipfile_name Specifies the name of the application server archive file on your control node
    native_zipfile Specifies the name of the native archive file on your control node
    jws_offline_install Indicates whether to execute a completely offline install

Note: By default, the collection installs the main application server archive only. If you also want to install the native archive, ensure that you copy the native archive file to your control node and set the jws_native variable to True.

Note: If you did not change the archive file names, you do not need to set the zipfile_name and native_zipfile variables. The collection uses the JBoss Web Server version to determine the default file names automatically.

  1. If you also want to install the latest cumulative patches for the appropriate JBoss Web Server version, copy the archive files for the latest patch updates to your Ansible control node. Then set the jws_apply_patches variable to True:

     vars:
   ...
   jws_apply_patches: True

Note: Even when local file are present on the controller, the role tries to contact the download server to verify is new cumulative patches are available. To completely turn off any remote access, set the parameter jws_offline_install: True

Using RPM packages

If you want the collection to install JBoss Web Server from RPM packages, you must first ensure that your system complies with the following prerequisites:

Note: When you enable the RPM installation method, the collection always installs the latest available RPM packages for the latest JBoss Web Server version, including any patch updates.

To enable the collection to install JBoss Web Server from RPM packages, set the jws_install_method variable to rpm on your Ansible control node:

vars:
  ...
  jws_install_method: rpm

Note: By default, the collection installs JBoss Web Server in the /opt/rh/jws6/root/usr/share/tomcat/ directory. If you want to use a different installation directory, you can manually create a symbolic link to /opt/rh/jws6/root/usr/share/tomcat/.

Using a custom URL to download the archive files

To enable the collection to download and install the JBoss Web Server archive files from a custom URL, set the following variables on your Ansible control node:

vars:
   ...
   jws_install_method: zipfiles
   zipfile_name: <archive_file_name>.zip
   zipfile_name_url: <URL_path/archive_file_name>.zip

In the preceding example, ensure that the zipfile_name and zipfile_name_url variables specify the correct archive file name and URL path, respectively.

Running the playbook

To run the playbook:

  1. Set the jws_install_method variable to the appropriate installation method, as described in the preceding sections.

  2. Update the inventory for your target hosts. For example:

[jws]
192.168.0.1      # Remote host to act on

  1. If you want the collection to install a supported OpenJDK version on your target hosts, set the jws_java_version variable to the appropriate value (for example, 1.8.0, 11, or 17). The collection is not configured to install a JDK by default.

  2. Set the jws_listen_http_port and jws_listen_https_port variables to specify which HTTP and HTTPS ports you want JBoss Web Server to listen on. The default HTTP port is 8080. The default HTTPS port is 8443.

  3. Run the playbook. For more information, see Running the Playbook.

Note: If you are using a remote user account that is not the root user, set the username and enable sudo privileges:

become: True
become_method: sudo

Using the collection to configure the mod_cluster listener

The mod_cluster listener enables communication between JBoss Web Server and the mod_proxy_cluster module on the Apache HTTP Server. The mod_proxy_cluster module enables use of the Apache HTTP Server as an intelligent load-balancing solution for sending requests to JBoss Web Server. For information about configuring mod_proxy_cluster and alternative load balancers such as mod_jk and mod_proxy, see the Apache HTTP Server Connectors and Load Balancing Guide.

To enable the collection to configure the mod_cluster listener, set the following variables on your Ansible control node:

vars:
  ...
  jws_modcluster_enabled: True
  jws_modcluster_ip: <ip_address>
  jws_modcluster_port: <port>

Consider the following guidelines:

Variable Details
jws_modcluster_enabled Indicates whether you want to enable mod_cluster (by default, False)
jws_modcluster_ip Specifies the bind address for the mod_cluster instance on each target host (by default, 127.0.0.1)
jws_modcluster_port Specifies the port that the mod_cluster instance uses to listen for incoming requests (by default, 6666)

The following Molecule scenario supports the validation and testing of this feature.

Using the collection to configure the password vault for JBoss Web Server

You can use the password vault for JBoss Web Server, which is named tomcat-vault, to mask passwords and other sensitive strings, and to store sensitive information in an encrypted Java keystore. When you use the password vault, you can stop storing clear-text passwords in your JBoss Web Server configuration files. JBoss Web Server can use the password vault to search for passwords and other sensitive strings from a keystore.

Note: If you want to use the password vault feature, you must first create the required vault.keystore, VAULT.dat, and vault.properties files as a prerequisite. For more information about creating these files, see the Red Hat JBoss Web Server Installation Guide: Using a password vault with Red Hat JBoss Web Server.

To enable the collection to configure the password vault, set the following variables on your Ansible control node:

vars:
  ...
  jws_vault_name: ./vault_files/vault.keystore
  jws_vault_data: ./vault_files/VAULT.dat
  jws_vault_properties: ./vault_files/vault.properties
  jws_tomcat_vault_enabled: True
  jws_tomcat_vault_alias: <keystore_alias>
  jws_tomcat_vault_storepass: <keystore_password>
  jws_tomcat_vault_iteration: <iteration_count>
  jws_tomcat_vault_salt: <salt>

Consider the following guidelines:

Variable Details
jws_vault_name Specifies the path to the vault.keystore file
jws_vault_data Specifies the path to the VAULT.dat file
jws_vault_properties Specifies the path to the vault.properties file
jws_tomcat_vault_enabled Indicates whether you want to enable the password vault (by default, False)
jws_tomcat_vault_alias Specifies the keystore alias that you configured when creating the required files
jws_tomcat_vault_storepass Specifies the keystore password that you configured when creating the required files
jws_tomcat_vault_iteration Specifies the iteration count that you configured when creating the required files
jws_tomcat_vault_salt Specifies the salt value that you configured when creating the required files

Using the collection to enable HTTPS support

The collection provides a default template for the server.xml file that already includes the required configuration to use HTTPS. To enable HTTPS support, you only need to set the appropriate variables. However, the collection does not build or provide the required Java Keystore. In this situation, you must ensure that a Java keystore already exists on each target host.

Note: To automate the creation of Java keystore files, you can use other collections and modules, such as the Ansible OpenSSH Keypair collection, the Ansible Collection Community Crypto and the Java Keystore module. For more information about automating the creation of a Java keystore, refer to the available documentation for these collections or modules.

To enable the collection to configure HTTPS support, set the following variables on your Ansible control node, as appropriate:

vars:
  ...
  jws_listen_https_enabled: True
  jws_listen_https_port: <port>
  jws_listen_https_bind_address: <ip_address>
  jws_listen_https_keystore_file: <keystore_path>
  jws_listen_https_keystore_password: <keystore_password>

Consider the following guidelines:

Variable Details
jws_listen_https_enabled Indicates whether you want to enable HTTPS support (by default, False)
jws_listen_https_port Specifies the port that JBoss Web Server uses to listen for HTTPS requests (by default, 8443)
jws_listen_https_bind_address Specifies the bind address for HTTPS requests on each target host (by default, localhost)
jws_listen_https_keystore_file Specifies the path to the Java keystore on each target host (by default, /etc/ssl/keystore.jks)
jws_listen_https_keystore_password Specifies the Java keystore password on each target host (by default, changeit)

Refer to the Apache Tomcat documentation for more information about setting up and configuring HTTPS support.

The following Molecule scenario supports the validation and testing of this feature.

Using the collection to override the default template for server.xml

The collection provides a default server.xml.j2 template that covers the most basic server configuration only. To ensure a more fine-tuned configuration that suits your requirements, you can override the default template with your own customized template.

To override the default template, set the following variable on your Ansible control node:

vars:
  ...
  jws_conf_templates_server: <path_to_custom_template>.j2

The following Molecule scenario supports the validation and testing of this feature.

Using the collection to deploy web applications

Ansible provides various modules and features to facilitate the deployment of web applications on your target hosts.

For example:

  • To deploy an application by downloading the .war file from a repository, use the get_url: module:

      - name: Download App
    get_url:
      url: https://repo1.maven.org/maven2/org/jolokia/jolokia-war/1.7.1/jolokia-war-1.7.1.war
      dest: "{{ jws_home }}/tomcat/webapps/"

  • To deploy an application by copying the .war file from your control node to the target host, use the copy: module:

      - ansible.builtin.copy:
     src: files/jolokia-war-1.7.1.war
     dest: "{{ jws_home }}/tomcat/webapps/"

  • To deploy an application when the .war file already exists on the target host, use the copy: module with the remote_src parameter:

      - ansible.builtin.copy:
     src: files/jolokia-war-1.7.1.war
     dest: "{{ jws_home }}/tomcat/webapps/"
     remote_src: yes

  • To deploy an application by using a symbolic link or hard link to the .war file, which avoids duplicating the file, use the file: module:

      - ansible.builtin.file:
      src: /apps/jolokia-war-1.7.1.war
      dest: "{{ jws_home }}/tomcat/webapps/jolokia-war-1.7.1.war"
      state: link

Running the playbook

After you define the appropriate variables and settings, you can run the playbook on your Ansible control node to begin the automated installation process. Ansible supports various ways to run the playbook.

For example:

  • To run the playbook as the root user with a secure shell (SSH) key:

    $ ansible-playbook -i hosts playbooks/playbook.yml

  • To run the playbook as the root user with a password:

    $ ansible-playbook -i hosts playbooks/playbook.yml --ask-pass

  • To run the playbook as a user with sudo privileges and a password:

    $ ansible-playbook -i hosts playbooks/playbook.yml --ask-pass --ask-become-pass

  • To run the playbook as a user with sudo privileges, an SSH key, and a sudo password:

    $ ansible-playbook -i hosts playbooks/playbook.yml --ask-become-pass

  • To run the playbook as a user with sudo privileges and an SSH key but without a sudo password:

    $ ansible-playbook -i hosts playbooks/playbook.yml --ask-become-pass

Ensure that the playbook runs successfully without any errors.

Support

For Red Hat customers, this collection is released as the Red Hat Ansible certified content collection for JBoss Web Server with Production Support.

If you have any issues or questions related to this collection, please contact [email protected] or open an issue at https://github.com/ansible-middleware/jws/issues.

For more information about using this collection, see the Product Documentation for Red Hat JBoss Web Server.

License

Apache License v2.0 or later

See LICENSE to view the full text.

jws's People

Contributors

ansible-middleware-core avatar csutherl avatar dsoumis avatar guidograzioli avatar gzaronikas avatar hcherukuri avatar khosford68 avatar ranabirchakraborty avatar rpelisse avatar sabre1041 avatar thedoubl3j avatar vassilismourikis avatar

Stargazers

avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

hcherukuri rpelisse sabre1041 guidograzioli thedoubl3j csutherl vassilismourikis swathi2alla khosford68 dsoumis jajik ranabirchakraborty mklee786

jws's Issues

Add log file check to jws_validation role

SUMMARY

The current roles/jws_validation/tasks/catalina_out.yml just slurps and prints the output of the file, but it could also check for SEVERE or WARNING being present just to ensure something isn't broken on startup. Examples of the line structure for both are below:

06-May-2022 14:51:43.559 WARNING [main] org.apache.catalina.core.AprLifecycleListener.init The Apache Tomcat Native library failed to load. The error reported was [/home/tomcat/lib/libtcnative-1.so.0.2.30: libssl.so.3: cannot open shared object file: No such file or directory]
    java.lang.UnsatisfiedLinkError: /home/tomcat/lib/libtcnative-1.so.0.2.30: libssl.so.3: cannot open shared object file: No such file or directory
    ....
....
06-May-2022 14:51:43.853 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[HTTP/1.1-8080]]
    org.apache.catalina.LifecycleException: Protocol handler initialization failed
    ....
ISSUE TYPE
  • Feature Idea

local_zipfiles doesn't work with JWS zips

SUMMARY

Reading the commented out use case 4 in the sample playbook reads as if you can use local_zipfiles method to install your JWS zips. I tried it and it fails :(

ISSUE TYPE
  • Bug Report
ANSIBLE VERSION
ansible 2.9.27
  config file = /root/.ansible/collections/ansible_collections/middleware_automation/jws/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.10/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.10.4 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)]
COLLECTION VERSION

Using a local build of the collection based on commit 127406b.

STEPS TO REPRODUCE

Download JWS zips and drop them into /opt.
Update playbook to use local_zipfiles and specify jws_version (see sample below).
Execute playbook.

    # Use Case 4 - install JWS from local zipfiles
    tomcat_install_method: local_zipfiles
    tomcat_home: "{{ tomcat_install_dir }}/jws-5.6/tomcat"
    jws_version: 5.6.0
EXPECTED RESULTS

I expect that the JWS zips will be installed as they are locally available.

ACTUAL RESULTS

The execution fails. It appears that even though I set jws_version it still expects me to define tomcat_zipfile (it uses the default tomcat_zipfile).

TASK [middleware_automation.jws.jws : Install Tomcat and required binaries from local zipfiles (install method: local_zipfiles] **********************************************************************************************************************************************************************************************
failed: [localhost] (item={'src': 'apache-tomcat-9.0.60.zip', 'creates': '/opt/jws-5.6/tomcat/bin'}) => {"ansible_loop_var": "item", "changed": false, "item": {"creates": "/opt/jws-5.6/tomcat/bin", "src": "apache-tomcat-9.0.60.zip"}, "msg": "Source '/opt/apache-tomcat-9.0.60.zip' does not exist"}

apply_cp.yml doesn't apply native zips

SUMMARY

I was working on developing molecule tests for JWS scenarios and found that unlike JWS 5.6.1, JWS 5.6.2 has fixes in the native libraries so there's a native zip in addition to the java only zip. There isn't any logic in apply_cp.yml to account for that so the native zip doesn't get applied, even if you set tomcat_native: True.

ISSUE TYPE
  • Bug Report
ANSIBLE VERSION
ansible 2.9.27
  config file = /home/csutherl/source/jws-ansible-playbook/ansible.cfg
  configured module search path = ['/home/csutherl/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)]
COLLECTION VERSION

Dev collection based on commit 012e83a.

STEPS TO REPRODUCE

Set jws_apply_patches: True and tomcat_install_method: rhn_zipfile, then run the playbook. Notice that the native zips are not applied.

EXPECTED RESULTS

The JWS 5.6.2 native SP zip will be applied.

ACTUAL RESULTS

The JWS 5.6.2 native SP zip is not applied.

Missing documentation for enabling HTTPS connector

SUMMARY

There isn't any documentation for how to use the HTTPS connector configuration that is available on the tomcat role and it doesn't work out of the box. Setting tomcat_listen_https_enabled to True enables the connector configuration, but expect a keystore that may not exist. The connector fails to start by default.

If you run the command from Tomcat's SSL/TLS Configuration How-To and drop the keystore that creates into /etc/ssl/keystore.jks then it works fine. Could we create a default keystore, or maybe set some variable that fails when it's not present to save users from not completing the HTTPS Connector config? Or we can solve the problem through docs.

ISSUE TYPE
  • Bug Report
ANSIBLE VERSION
ansible 2.9.27
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.10/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.10.4 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)]
COLLECTION VERSION

ansible-galaxy collection list is not a valid command in my version.

STEPS TO REPRODUCE

Using the default playbook, set tomcat_listen_https_enabled: True and execute.

EXPECTED RESULTS

I expect that Tomcat would start and be accessible with HTTPS requests via port 8443.

ACTUAL RESULTS

Tomcat did no bind to 8443 due to the Connector init failing; there is no keystore added by default. You have to check the log to find out that it failed.

Ungraceful failure when trying a JWS version that isn't 5.6.0

SUMMARY

When executing the playbook to install JWS, when you provide a jws_version that isn't equal to 5.6.0, you get a failure that isn't very informative. See below:

TASK [middleware_automation.jws.jws : Check that tomcat.home has been defined.] **********************************************************************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"msg": "The conditional check 'tomcat.home is defined' failed. The error was: error while evaluating conditional (tomcat.home is defined): {'supported_install_method': ['local_zipfiles', 'rhn_zipfiles', 'zipfiles', 'rpm'], 'install_method': '{{ tomcat_install_method }}', 'install_dir': '{{ tomcat_install_dir }}', 'rpm': '{{ tomcat_rpm }}', 'rpm_root_dir': '{{ tomcat_rpm_root_dir }}', 'rhn': {'server_zipfile_url': '{{ jws_rhn_base_url }}{{ jws.rhn_ids[jws_version].id }}', 'native_zipfile_url': '{{ jws_rhn_base_url }}{{ jws.rhn_ids[jws_version].native }}', 'cpatch_zipfile_url': '{{ jws_rhn_base_url }}{{ jws.rhn_ids[jws_version].latest_cp.id }}', 'patch_bundle': 'jws-{{ jws.rhn_ids[jws_version].latest_cp.v }}-application-server.zip', 'username': \"{{ rhn_username | default('') }}\", 'password': \"{{ rhn_password | default('') }}\"}, 'user': '{{ tomcat_user }}', 'uid': '{{ tomcat_uid }}', 'group': '{{ tomcat_group }}', 'gid': '{{ tomcat_gid }}', 'home': '{{ tomcat_home }}', 'base': '{{ tomcat_catalina_base }}', 'conf': {'properties': '{{ tomcat_conf_properties  }}', 'policy': '{{ tomcat_conf_policy }}', 'logging': '{{ tomcat_conf_loggging }}', 'context': '{{ tomcat_conf_context }}', 'server': '{{ tomcat_conf_server }}', 'web': '{{ tomcat_conf_web }}', 'templates': {'context': '{{ tomcat_conf_templates_context }}', 'server': '{{ tomcat_conf_templates_server }}', 'web': '{{ tomcat_conf_templates_web }}'}}, 'apps': {'to_remove': \"{{ tomcat_apps_to_remove.split(',') }}\"}, 'shutdown': {'port': '{{ tomcat_shutdown_port }}'}, 'listen': {'http': {'port': '{{ tomcat_listen_http_port }}', 'bind_address': '{{ tomcat_listen_http_bind_address }}', 'enabled': '{{ tomcat_listen_http_enabled }}'}, 'https': {'port': '{{ tomcat_listen_https_port }}', 'bind_address': '{{ tomcat_listen_https_bind_address }}', 'enabled': '{{ tomcat_listen_https_enabled }}', 'servername': '{{ tomcat_listen_https_servername }}', 'threads': {'max': '{{ tomcat_listen_https_threads_max }}'}, 'connection': {'timeout': '{{ tomcat_listen_https_connection_timeout }}'}, 'headers': {'max_size': '{{ tomcat_listen_https_headers_size }}'}, 'keystore': {'file': '{{ tomcat_listen_https_keystore_file }}', 'password': '{{ tomcat_listen_https_keystore_password }}'}, 'client': {'auth': '{{ tomcat_listen_https_client_auth }}'}}, 'ajp': {'enabled': '{{ tomcat_listen_ajp_enabled }}', 'address': '{{ tomcat_listen_ajp_address }}', 'port': '{{ tomcat_listen_ajp_port }}', 'secretRequired': '{{ tomcat_listen_ajp_secretRequired }}', 'secret': '{{ tomcat_listen_ajp_secret }}'}}, 'vault': {'name': '{{ tomcat_vault_name }}', 'enable': '{{ tomcat_vault_enable }}', 'alias': '{{ tomcat_vault_alias }}', 'storepass': '{{ tomcat_vault_storepass }}', 'iteration': '{{ tomcat_vault_iteration }}', 'salt': '{{ tomcat_vault_salt }}', 'properties': '{{ tomcat_vault_properties }}'}, 'mod_cluster': {'enable': '{{ tomcat_modcluster_enable }}', 'ip': '{{ tomcat_modcluster_ip }}', 'port': '{{ tomcat_modcluster_port }}', 'connector_port': '{{ tomcat_modcluster_connector_port }}', 'advertise': '{{ tomcat_modcluster_advertise }}', 'stickySession': '{{ tomcat_modcluster_stickySession }}', 'stickySessionForce': '{{ tomcat_modcluster_stickySessionForce }}', 'stickySessionRemove': '{{ tomcat_modcluster_stickySessionRemove }}'}, 'service': {'enabled': '{{ tomcat_systemd_enabled }}', 'name': '{{ tomcat_service_name }}', 'conf': '{{ tomcat_service_conf }}', 'script': '{{ tomcat_service_script }}', 'systemd': '{{ tomcat_service_systemd }}', 'pidfile': '{{ tomcat_service_systemd_pidfile }}', 'type': '{{ tomcat_service_systemd_type }}', 'hr_name': \"{{ 'Jboss Web Server' if tomcat_install_method is defined and tomcat_install_method in ['rhn_zipfiles','rpm'] else 'Tomcat' }}\"}}: 'dict object' has no attribute '5.5.0'"}

Can we add a check somewhere to give a better message here? The failure happens when trying to gather the JWS zipfile information in roles/jws/vars/main.yml so I'm not sure how much we can do.

ISSUE TYPE
  • Feature Idea

Download from URL

There should be an ability to download the installation media from a remote location (such as an artifact server [Nexus/Artifactory])

Remove, as much as possible, reference to Tomcat

SUMMARY

The handler to restart the service is named "Restart tomcat service" should be renamed to "Restart JBoss Web Server service" (or an even more generic name if possible). We should also look for other occurrences of this issue.

ISSUE TYPE
  • Bug Report
ANSIBLE VERSION
COLLECTION VERSION
STEPS TO REPRODUCE


EXPECTED RESULTS


ACTUAL RESULTS











JWS native zip install is missing dependencies



SUMMARY


When developing molecule tests for JWS I found that the tomcat_native logic works and correctly unpacks the native zipfile, however it does not install the required dependencies for it to be loaded successfully. Section 2.1.3 of the JWS installation guide has more details, but basically you need to install openssl and apr, and remove (if installed, it shouldn't be) tomcatjss as it conflicts with tomcat-native.


ISSUE TYPE


    

  • Bug Report
    • 



ANSIBLE VERSION


You know :D


COLLECTION VERSION


Dev build of latest commit.


STEPS TO REPRODUCE


Execute playbook using rhn_zipfiles and tomcat_native: True, then observe the log.


EXPECTED RESULTS


The tomcat-native library is successfully loaded. Example log line below.


INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache Tomcat Native library [1.2.23] using APR version [1.7.0].



ACTUAL RESULTS


Failure to load the tomcat-native library due to missing libapr-1.so.


WARNING [main] org.apache.catalina.core.AprLifecycleListener.init The Apache Tomcat Native library failed to load. The error reported was [/opt/jws-5.6/tomcat/lib/libtcnative-1.so.0.2.30: libapr-1.so.0: cannot open shared object file: No such file or directory]
        java.lang.UnsatisfiedLinkError: /opt/jws-5.6/tomcat/lib/libtcnative-1.so.0.2.30: libapr-1.so.0: cannot open shared object file: No such file or directory
    ....








Derive JWS jws_rhn_server_zipfile_url & jws_native_zipfile_url from jws_version



SUMMARY


When running the playbooks using jws_version has no impact on which zips are downloaded, it just uses the default URLs (which currently point to JWS 5.4.0) unless you update them. Rather than putting that on the user to do, could we enumerate them in a separate file and have the URL be derived from jws_version? I don't see a way to do it in the redhat-csp-download collection, so we'd have to manually create that...


ISSUE TYPE


    

  • Feature Idea
    • 














JWS feature jws_apply_patches fails when there's no latest SP



SUMMARY


Some JWS versions have only the base version and no minor releases (i.e. JWS 5.2.0). Trying to install those version results in an error when executing the playbook.


The problem is that here we assume that there is an ID when there isn't (see the empty dict here).


ISSUE TYPE


    

  • Bug Report
    • 



ANSIBLE VERSION


ansible 2.9.27
  config file = /home/csutherl/source/jws-ansible-playbook/ansible.cfg
  configured module search path = ['/home/csutherl/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)]



COLLECTION VERSION


Dev build based on latest commit in main.


STEPS TO REPRODUCE


jws_version: 5.2.0
tomcat_install_method: rhn_zipfiles
jws_apply_patches: True


EXPECTED RESULTS


JWS 5.2.0 is installed successfully.


ACTUAL RESULTS


Execution fails with the following output:


TASK [jws : Check that tomcat.home has been defined.] ************************************************************************************************************************************************************************************************************************************************************************
fatal: [instance]: FAILED! => {"msg": "The conditional check 'tomcat.home is defined' failed. The error was: error while evaluating conditional (tomcat.home is defined): {'supported_install_method': ['local_zipfiles', 'rhn_zipfiles', 'zipfiles', 'rpm'], 'install_method': '{{ tomcat_install_method }}', 'install_dir': '{{ tomcat_install_dir }}', 'rpm': '{{ tomcat_rpm }}', 'rpm_root_dir': '{{ tomcat_rpm_root_dir }}', 'rhn': {'server_zipfile_url': '{{ jws_rhn_base_url }}{{ jws.rhn_ids[jws_version].id }}', 'native_zipfile_url': '{{ jws_rhn_base_url }}{{ jws.rhn_ids[jws_version].native }}', 'cpatch_zipfile_url': '{{ jws_rhn_base_url }}{{ jws.rhn_ids[jws_version].latest_cp.id }}', 'patch_bundle': 'jws-{{ jws.rhn_ids[jws_version].latest_cp.v }}-application-server.zip', 'username': \"{{ rhn_username | default('') }}\", 'password': \"{{ rhn_password | default('') }}\"}, 'user': '{{ tomcat_user }}', 'uid': '{{ tomcat_uid }}', 'group': '{{ tomcat_group }}', 'gid': '{{ tomcat_gid }}', 'home': '{{ tomcat_home }}', 'base': '{{ tomcat_catalina_base }}', 'conf': {'properties': '{{ tomcat_conf_properties  }}', 'policy': '{{ tomcat_conf_policy }}', 'logging': '{{ tomcat_conf_loggging }}', 'context': '{{ tomcat_conf_context }}', 'server': '{{ tomcat_conf_server }}', 'web': '{{ tomcat_conf_web }}', 'templates': {'context': '{{ tomcat_conf_templates_context }}', 'server': '{{ tomcat_conf_templates_server }}', 'web': '{{ tomcat_conf_templates_web }}', 'catalina_properties': '{{ tomcat_conf_templates_catalina_properties }}'}}, 'apps': {'to_remove': \"{{ tomcat_apps_to_remove.split(',') }}\"}, 'shutdown': {'port': '{{ tomcat_shutdown_port }}'}, 'listen': {'http': {'port': '{{ tomcat_listen_http_port }}', 'bind_address': '{{ tomcat_listen_http_bind_address }}', 'enabled': '{{ tomcat_listen_http_enabled }}'}, 'https': {'port': '{{ tomcat_listen_https_port }}', 'bind_address': '{{ tomcat_listen_https_bind_address }}', 'enabled': '{{ tomcat_listen_https_enabled }}', 'servername': '{{ tomcat_listen_https_servername }}', 'threads': {'max': '{{ tomcat_listen_https_threads_max }}'}, 'connection': {'timeout': '{{ tomcat_listen_https_connection_timeout }}'}, 'headers': {'max_size': '{{ tomcat_listen_https_headers_size }}'}, 'keystore': {'file': '{{ tomcat_listen_https_keystore_file }}', 'password': '{{ tomcat_listen_https_keystore_password }}'}, 'client': {'auth': '{{ tomcat_listen_https_client_auth }}'}}, 'ajp': {'enabled': '{{ tomcat_listen_ajp_enabled }}', 'address': '{{ tomcat_listen_ajp_address }}', 'port': '{{ tomcat_listen_ajp_port }}', 'secretRequired': '{{ tomcat_listen_ajp_secretRequired }}', 'secret': '{{ tomcat_listen_ajp_secret }}'}}, 'vault': {'name': '{{ tomcat_vault_name }}', 'enable': '{{ tomcat_vault_enable }}', 'alias': '{{ tomcat_vault_alias }}', 'storepass': '{{ tomcat_vault_storepass }}', 'iteration': '{{ tomcat_vault_iteration }}', 'salt': '{{ tomcat_vault_salt }}', 'properties': '{{ tomcat_vault_properties }}', 'data': '{{ tomcat_vault_data }}'}, 'mod_cluster': {'enable': '{{ tomcat_modcluster_enable }}', 'ip': '{{ tomcat_modcluster_ip }}', 'port': '{{ tomcat_modcluster_port }}', 'connector_port': '{{ tomcat_modcluster_connector_port }}', 'advertise': '{{ tomcat_modcluster_advertise }}', 'stickySession': '{{ tomcat_modcluster_stickySession }}', 'stickySessionForce': '{{ tomcat_modcluster_stickySessionForce }}', 'stickySessionRemove': '{{ tomcat_modcluster_stickySessionRemove }}'}, 'service': {'enabled': '{{ tomcat_systemd_enabled }}', 'name': '{{ tomcat_service_name }}', 'conf': '{{ tomcat_service_conf }}', 'script': '{{ tomcat_service_script }}', 'systemd': '{{ tomcat_service_systemd }}', 'pidfile': '{{ tomcat_service_systemd_pidfile }}', 'type': '{{ tomcat_service_systemd_type }}', 'hr_name': \"{{ 'Jboss Web Server' if tomcat_install_method is defined and tomcat_install_method in ['rhn_zipfiles','rpm'] else 'Tomcat' }}\"}}: 'None' has no attribute 'id'"}








Error message "Process owned by Tomcat" can be misleading.



SUMMARY


In the following execution, the issue is that useradd: cannot create the homedir, not that the process is owned by Tomcat:


ISSUE TYPE


    

  • Bug Report
    • 



ANSIBLE VERSION


# ansible --version
ansible [core 2.12.2]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.8/site-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.8.12 (default, Sep 16 2021, 10:46:05) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]
  jinja version = 2.10.3
  libyaml = True




COLLECTION VERSION


commit 248381598e2c7370caefbbf7058b0fb694bea5ec



STEPS TO REPRODUCE


1. Make /opt unwriteable (or readonly) on target
2. Run default playbook



EXPECTED RESULTS


Not a misleading error message :)


ACTUAL RESULTS


TASK [jws : Create user for tomcat: tomcat] ************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "useradd: cannot create directory /opt/apache-tomcat-9.0.60\n", "name": "tomcat", "rc": 12}

TASK [jws : Inform of process owned by tomcat already running] *****************
fatal: [localhost]: FAILED! => {
    "assertion": "tomcat_force_install",
    "changed": false,
    "evaluated_to": false,
    "msg": "Found a process owned by tomcat and tomcat_force_install is false, aborting installation"
}`








Add a molecule testing for aplly cp



SUMMARY


Note: maybe this could be added to the default scenario to avoid extending again the molecule test run duration...


ISSUE TYPE


    

  • Feature Idea
    • 













JWS zips in playbook directory



SUMMARY


In chapter Using JWS local zipfiles, it's mentioned that zipfiles need to be in playbook directory. That statement is incorrect as the zipfiles have to be in $PWD, not where the playbook resides.


ISSUE TYPE


    

  • Bug Report
    • 



ANSIBLE VERSION


ansible 2.9.27



COLLECTION VERSION


1.1.1



STEPS TO REPRODUCE


Create host file with managed nodes, create playbook and run it.


ansible-playbook -i hosts playbooks/jws.yml



---

- name: "Install JWS with natives from controller zip files"
  hosts: managed-nodes
  vars:
    tomcat_install_method: rhn_zipfiles
    jws_version: 5.6.0
    tomcat_setup: true
  roles:
    - jws


EXPECTED RESULTS


Playbook passes.


ACTUAL RESULTS


TASK [github.jws.jws : Check downloaded archive /home/akrajcik/workspaces/ansible/github/jws/jws-5.6.0-application-server.zip] ************************************************************************************************************
ok: [managed-node-one -> localhost]

TASK [github.jws.jws : Install JWS with zipfile from RHN: https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId=103663] **************************************************************************************
fatal: [managed-node-one -> localhost]: FAILED! => {"changed": false, "msg": "An error occurred retrieving content"}

PLAY RECAP ********************************************************************************************************************************************************************************************************************************
managed-node-one           : ok=30   changed=1    unreachable=0    failed=1    skipped=2    rescued=0    ignored=0








Add testing in Molecule for update and upgrade



SUMMARY


If provided a newer version of the server, the collection should detect the update, deploy the new version and restart the server. The strategy should be to stop the service, rename the current deployment, decompress the new one, finish running the playbook and restart the service with the new server. If this fail, rescue and automate setting up the old version.


ISSUE TYPE


    

  • Feature Idea
    • 








item variable is used within remove app task name



When running the collection, you see the following output for the remove webapps task:


TASK [middleware_automation.jws.jws : Remove app: {{ item }}] ********************************************
changed: [localhost] => (item=docs)  
changed: [localhost] => (item=ROOT)  
ok: [localhost] => (item=examples)  



Note that the variable item isn't interpolated, which seems to be due to the fact that the scope of the variable is inside the task. We should either change the task name to use {{ tomcat.apps.to_remove }} to print the list of apps to remove, or change it to something like "Remove applications". We don't need to print for each iteration since Ansible does that for us here noting what changed or not.







rhn_zipfiles can't configure redhat_csp_download



SUMMARY


The playbook fails when attempting to install JWS by downloading it from RHN. There's no documentation about how to configure a playbook to download from RHN, so I looked into roles/jws/tasks/install/rhn.yml and attempted to set the required variables.


ISSUE TYPE


    

  • Bug Report
    • 



ANSIBLE VERSION


ansible 2.9.27
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.10/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.10.4 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)]



COLLECTION VERSION


Development build of commit 127406b.


STEPS TO REPRODUCE


Configure a playbook to install JWS using the rhn_zipfiles method. Playbook snippet below.

Execute playbook and observe failure.


    # Use Case 3 - Using JWS, installed from zipfiles downloaded from RHN (JWS)
    tomcat_install_method: rhn_zipfiles
    jws_version: 5.6.0
    tomcat_home: "{{ tomcat_install_dir }}/jws-{{ jws_version.split('.')[0] }}.{{ jws_version.split('.')[1] }}/tomcat"
    tomcat.rhn.username: username
    tomcat.rhn.password: password


EXPECTED RESULTS


Successful installation of JWS downloaded from RHN.


ACTUAL RESULTS


ERROR! Invalid variable name in vars specified for Play: 'tomcat.rhn.username' is not a valid variable name

The error appears to be in '/root/.ansible/collections/ansible_collections/middleware_automation/jws/playbook.yml': line 5, column 5, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

  vars:
    tomcat_setup: true
    ^ here













Naming yet unnamed tasks



SUMMARY


Some executed tasks are not named which causes confusion on what is being executed and what is skipped. E.g. include_tasks in install.yml.


ISSUE TYPE


    

  • Feature Idea
    • 








Running the playbook with a running Tomcat server fails



SUMMARY


If you run the playbook on a target which has Tomcat already running the check for the tomcat user causes a failure with the following output:


TASK [middleware_automation.jws.jws : Create user for tomcat: tomcat] ******************************************************************************************************************************************************************************************************************************************************** fatal: [localhost]: FAILED! => {"changed": false, "msg": "usermod: user tomcat is currently used by process 8915\n", "name": "tomcat", "rc": 8}


The problem is clear in the message, but it seems that we don't have a way to handle this situation. I think that we could add a feature to behave differently when Tomcat is already running on the host and fail a bit more gracefully, or replace the currently running instance with the new one (the latter option seems the more Ansible-like thing to do IMO).


ISSUE TYPE


    

  • Feature Idea
    • 








tomcat-vault documentation is missing



SUMMARY


There is currently no documentation on how to utilize the tomcat-vault feature. I've walked through setting it up with the tomcat-vault instructions and we're missing the instruction to tell users to create the initial keystore, if you don't do that then the copy step will cause failure.


ISSUE TYPE


    

  • Feature Idea
    • 








The JWS installation option should allow you to exclude natives



SUMMARY


Not everyone wants to deploy the natives zip in their environment, so we should easily allow you to disable that requirement. I don't see an easy way to do so in the current setup. I've tried setting the jws_native_zipfile_url to an empty string but it still tries.


TASK [middleware_automation.jws.jws : Install JWS native dependencies with zipfile from RHN:] ********************************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [middleware_automation.jws.jws : Copy archives to target nodes] *********************************************************************************************************************************************************************************************************************************************************
ok: [localhost] => (item=jws-5.6.0-application-server.zip)
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: If you are using a module and expect the file to exist on the remote, see the remote_src option
failed: [localhost] (item=jws-5.6.0-application-server-RHEL35-x86_64.zip) => {"ansible_loop_var": "item", "changed": false, "item": "jws-5.6.0-application-server-RHEL35-x86_64.zip", "msg": "Could not find or access '/root/jws-5.6.0-application-server-RHEL35-x86_64.zip' on the Ansible Controller.\nIf you are using a module and expect the file to exist on the remote, see the remote_src option"}



Note that I'm testing on Fedora and even though it's an unsupported configuration I expected the JWS java only zip to install and run correctly.


ISSUE TYPE


    

  • Feature Idea
    • 








You can't install JWS SPs



SUMMARY


I'm attempting to install JWS 5.6.1 which is a service pack release on top of JWS 5.6.0, but I can't. The execution fails because the version number isn't in the dict with it's URL, etc. The problem appears to be that the version 5.6.1 is not a key in the jws dict in roles/jws/vars/main.yml. Furthermore, I see that in 5.6.0 there is a latest_cp key with the information for 5.6.1's URL, however it doesn't seem to do anything?


ISSUE TYPE


    

  • Bug Report
    • 



ANSIBLE VERSION


ansible 2.9.27
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.10/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.10.4 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)]



COLLECTION VERSION


Development build of the collection based on commit 127406b.


STEPS TO REPRODUCE


Update playbook to try to install JWS 5.6.1 (playbook snippet below).

Execute and observe failure.


    # Use Case 3 - Using JWS, installed from zipfiles downloaded from RHN (JWS)
    jws_version: 5.6.1
    tomcat_install_method: rhn_zipfiles
    tomcat_home: "{{ tomcat_install_dir }}/jws-5.6/tomcat"


EXPECTED RESULTS


I expect for JWS 5.6.1 to be installed.


ACTUAL RESULTS


Failure with the following output:


TASK [middleware_automation.jws.jws : Check that tomcat.home has been defined.] **********************************************************************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"msg": "The conditional check 'tomcat.home is defined' failed. The error was: error while evaluating conditional (tomcat.home is defined): {'supported_install_method': ['local_zipfiles', 'rhn_zipfiles', 'zipfiles', 'rpm'], 'install_method': '{{ tomcat_install_method }}', 'install_dir': '{{ tomcat_install_dir }}', 'rpm': '{{ tomcat_rpm }}', 'rpm_root_dir': '{{ tomcat_rpm_root_dir }}', 'rhn': {'server_zipfile_url': '{{ jws_rhn_base_url }}{{ jws.rhn_ids[jws_version].id }}', 'native_zipfile_url': '{{ jws_rhn_base_url }}{{ jws.rhn_ids[jws_version].native }}', 'username': \"{{ rhn_username | default('') }}\", 'password': \"{{ rhn_password | default('') }}\"}, 'user': '{{ tomcat_user }}', 'uid': '{{ tomcat_uid }}', 'group': '{{ tomcat_group }}', 'gid': '{{ tomcat_gid }}', 'home': '{{ tomcat_home }}', 'base': '{{ tomcat_catalina_base }}', 'conf': {'properties': '{{ tomcat_conf_properties  }}', 'policy': '{{ tomcat_conf_policy }}', 'logging': '{{ tomcat_conf_loggging }}', 'context': '{{ tomcat_conf_context }}', 'server': '{{ tomcat_conf_server }}', 'web': '{{ tomcat_conf_web }}', 'templates': {'context': '{{ tomcat_conf_templates_context }}', 'server': '{{ tomcat_conf_templates_server }}', 'web': '{{ tomcat_conf_templates_web }}'}}, 'apps': {'to_remove': \"{{ tomcat_apps_to_remove.split(',') }}\"}, 'shutdown': {'port': '{{ tomcat_shutdown_port }}'}, 'listen': {'http': {'port': '{{ tomcat_listen_http_port }}', 'bind_address': '{{ tomcat_listen_http_bind_address }}', 'enabled': '{{ tomcat_listen_http_enabled }}'}, 'https': {'port': '{{ tomcat_listen_https_port }}', 'bind_address': '{{ tomcat_listen_https_bind_address }}', 'enabled': '{{ tomcat_listen_https_enabled }}', 'servername': '{{ tomcat_listen_https_servername }}', 'threads': {'max': '{{ tomcat_listen_https_threads_max }}'}, 'connection': {'timeout': '{{ tomcat_listen_https_connection_timeout }}'}, 'headers': {'max_size': '{{ tomcat_listen_https_headers_size }}'}, 'keystore': {'file': '{{ tomcat_listen_https_keystore_file }}', 'password': '{{ tomcat_listen_https_keystore_password }}'}, 'client': {'auth': '{{ tomcat_listen_https_client_auth }}'}}, 'ajp': {'enabled': '{{ tomcat_listen_ajp_enabled }}', 'address': '{{ tomcat_listen_ajp_address }}', 'port': '{{ tomcat_listen_ajp_port }}', 'secretRequired': '{{ tomcat_listen_ajp_secretRequired }}', 'secret': '{{ tomcat_listen_ajp_secret }}'}}, 'vault': {'name': '{{ tomcat_vault_name }}', 'enable': '{{ tomcat_vault_enable }}', 'alias': '{{ tomcat_vault_alias }}', 'storepass': '{{ tomcat_vault_storepass }}', 'iteration': '{{ tomcat_vault_iteration }}', 'salt': '{{ tomcat_vault_salt }}', 'properties': '{{ tomcat_vault_properties }}'}, 'mod_cluster': {'enable': '{{ tomcat_modcluster_enable }}', 'ip': '{{ tomcat_modcluster_ip }}', 'port': '{{ tomcat_modcluster_port }}', 'connector_port': '{{ tomcat_modcluster_connector_port }}', 'advertise': '{{ tomcat_modcluster_advertise }}', 'stickySession': '{{ tomcat_modcluster_stickySession }}', 'stickySessionForce': '{{ tomcat_modcluster_stickySessionForce }}', 'stickySessionRemove': '{{ tomcat_modcluster_stickySessionRemove }}'}, 'service': {'enabled': '{{ tomcat_systemd_enabled }}', 'name': '{{ tomcat_service_name }}', 'conf': '{{ tomcat_service_conf }}', 'script': '{{ tomcat_service_script }}', 'systemd': '{{ tomcat_service_systemd }}', 'pidfile': '{{ tomcat_service_systemd_pidfile }}', 'type': '{{ tomcat_service_systemd_type }}', 'hr_name': \"{{ 'Jboss Web Server' if tomcat_install_method in ['rhn_zipfiles','rpm'] else 'Tomcat' }}\"}}: 'dict object' has no attribute '5.6.1'"}












What is tomcat_setup variable?



SUMMARY


What is the usage of tomcat_setup variable? There is no mention of it in the documentation. Why is it needed?


ISSUE TYPE


    

  • Bug Report
    • 



ANSIBLE VERSION


ansible [core 2.12.2]



COLLECTION VERSION


1.1.1



STEPS TO REPRODUCE


---
- name: Install Tomcat
  hosts: instance
  vars:
    tomcat_version: 9.0.50
  tasks:
    - name: Import role
      import_role:
        name: "middleware_automation.jws.jws"



EXPECTED RESULTS


Collection should install Tomcat.


ACTUAL RESULTS


fatal: [instance]: FAILED! => {"msg": "The conditional check 'tomcat_setup' failed. The error was: error while evaluating conditional (tomcat_setup): 'tomcat_setup' is undefined\n\n
...









Unable to install natives with JWS zip files



SUMMARY


I wasn't able to install JWS with natives.


ISSUE TYPE


    

  • Bug Report
    • 



ANSIBLE VERSION


ansible 2.9.27



COLLECTION VERSION


1.1.1



STEPS TO REPRODUCE


---

- name: "Install JWS with natives from controller zip files"
  hosts: managed-nodes
  vars:
    tomcat_install_method: rhn_zipfiles
    tomcat_native: True
    jws_version: 5.6.0

    # required
    tomcat_setup: true
  roles:
    - jws


EXPECTED RESULTS


Playbook pass. Natives installed.


ACTUAL RESULTS


total 10464
drwxr-xr-x. 3 root   root         79 Jun 21 05:27 jws-5.6
-rw-r-----. 1 tomcat tomcat 10714738 Jun 21 05:27 jws-5.6.0-application-server.zip








Inconsistent deployment of files



SUMMARY


The collection doesn't have a consistent way of deploying files when configuring JWS. E.g. keystore to be used with the https connector needs to be present in the target hosts before the jws role is run. On the other hand, tomcat-vault files(vault.keystore, vault.properties, VAULT.DAT) are copied as part of the collection and need to be located on the controller in PWD.


ISSUE TYPE


    

  • Bug Report
    • 



ANSIBLE VERSION


ansible [core 2.12.2]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/akrajcik/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.8/site-packages/ansible
  ansible collection location = /home/akrajcik/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.8.12 (default, Sep 16 2021, 10:46:05) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]
  jinja version = 2.10.3
  libyaml = True




COLLECTION VERSION


1.1.1



STEPS TO REPRODUCE


---
- name: Install JWS with ZIPs
  hosts: instance
  vars:
    jws_version: "5.6.0"
    tomcat_install_dir: "/opt"
    tomcat_home: "/opt/jws-{{ ews_version[0:3] }}/tomcat"
    tomcat_zipfile: "jws-{{ ews_version }}-application-server.zip"
    tomcat_listen_https_enabled: True
    tomcat_vault_enabled: True
pre_tasks:
    - name: Copy keystore
      copy:
        src: "../resources/ssl/self_signed/server.jks"
        dest: "/etc/ssl/keystore.jks"  
tasks:
    - name: Import JWS role
      import_role:
        name: "redhat.jws.jws"







Inconsistency in variable naming



SUMMARY


Looking at the variables that we have to enable specific features, we are not consistent in whether or not we use 'enable' or 'enabled'. See:


$ grep -iR _enable roles/jws/defaults/main.yml 
tomcat_listen_http_enabled: 'yes'
tomcat_listen_https_enabled: False
tomcat_listen_ajp_enabled: False
tomcat_vault_enable: 'False'
tomcat_modcluster_enable: 'False'
tomcat_systemd_enabled: 'False'



ISSUE TYPE


    

  • Bug Report
    • 



STEPS TO REPRODUCE


Review variable names.


EXPECTED RESULTS


Consistent use of 'enable' or 'enabled' for enabling features :)


ACTUAL RESULTS


Inconsistent naming of variables.











jws_version must always be a full release.



SUMMARY


Variable jws_version must be set to a full release. It can't be set to a patch release, otherwise installation will fail.


ISSUE TYPE


    

  • Bug Report
    • 



ANSIBLE VERSION


ansible [core 2.12.2]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/akrajcik/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.8/site-packages/ansible
  ansible collection location = /home/akrajcik/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.8.12 (default, Sep 16 2021, 10:46:05) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]
  jinja version = 2.10.3
  libyaml = True



COLLECTION VERSION


1.1.1



STEPS TO REPRODUCE


---
- name: Install JWS with ZIPs
  hosts: instance
  vars:
    tomcat_install_method: rhn_zipfiles
    jws_version: "5.6.2"
    tomcat_setup: True
    jws_selinux_enabled: False
  tasks:
    - name: Import JWS role
      import_role:
        name: "redhat.jws.jws"


ACTUAL RESULTS


fatal: [instance]: FAILED! => {"msg": "The conditional check 'tomcat.home is defined' failed. The error was: error while evaluating conditional (tomcat.home is defined): {'supported_install_method': ['local_zipfiles', 'rhn_zipfiles', 'zipfiles', 'rpm'], 'install_method': '{{ tomcat_install_method }}', 'install_dir': '{{ tomcat_install_dir }}', 'rpm': '{{ tomcat_rpm }}', 'rpm_root_dir': '{{ tomcat_rpm_root_dir }}', 'rhn': {'server_zipfile_url': '{{ jws_rhn_base_url }}{{ jws.rhn_ids[jws_version].id }}', 'native_zipfile_url': '{{ jws_rhn_base_url }}{{ jws.rhn_ids[jws_version].native }}', 'cpatch_zipfile_url': \"{{ jws_rhn_base_url }}{{ jws.rhn_ids[jws_version].latest_cp.id | default('') }}\", 'cpatch_native_zipfile_url': \"{{ jws_rhn_base_url }}{{ jws.rhn_ids[jws_version].latest_cp.native | default('') }}\", 'patch_bundle': 'jws-{{ jws.rhn_ids[jws_version].latest_cp.v }}-application-server.zip', 'patch_native_bundle': \"jws-{{ jws.rhn_ids[jws_version].latest_cp.v | default('') }}-application-server-RHEL8-x86_64.zip\", 'username': \"{{ rhn_username | default('') }}\", 'password': \"{{ rhn_password | default('') }}\"}, 'user': '{{ tomcat_user }}', 'uid': '{{ tomcat_uid }}', 'group': '{{ tomcat_group }}', 'gid': '{{ tomcat_gid }}', 'home': '{{ tomcat_home }}', 'base': '{{ tomcat_catalina_base }}', 'conf': {'properties': '{{ tomcat_conf_properties  }}', 'policy': '{{ tomcat_conf_policy }}', 'logging': '{{ tomcat_conf_loggging }}', 'context': '{{ tomcat_conf_context }}', 'server': '{{ tomcat_conf_server }}', 'web': '{{ tomcat_conf_web }}', 'templates': {'context': '{{ tomcat_conf_templates_context }}', 'server': '{{ tomcat_conf_templates_server }}', 'web': '{{ tomcat_conf_templates_web }}', 'catalina_properties': '{{ tomcat_conf_templates_catalina_properties }}'}}, 'apps': {'to_remove': \"{{ tomcat_apps_to_remove.split(',') }}\"}, 'shutdown': {'port': '{{ tomcat_shutdown_port }}'}, 'listen': {'http': {'port': '{{ tomcat_listen_http_port }}', 'bind_address': '{{ tomcat_listen_http_bind_address }}', 'enabled': '{{ tomcat_listen_http_enabled }}'}, 'https': {'port': '{{ tomcat_listen_https_port }}', 'bind_address': '{{ tomcat_listen_https_bind_address }}', 'enabled': '{{ tomcat_listen_https_enabled }}', 'servername': '{{ tomcat_listen_https_servername }}', 'threads': {'max': '{{ tomcat_listen_https_threads_max }}'}, 'connection': {'timeout': '{{ tomcat_listen_https_connection_timeout }}'}, 'headers': {'max_size': '{{ tomcat_listen_https_headers_size }}'}, 'keystore': {'file': '{{ tomcat_listen_https_keystore_file }}', 'password': '{{ tomcat_listen_https_keystore_password }}'}, 'client': {'auth': '{{ tomcat_listen_https_client_auth }}'}}, 'ajp': {'enabled': '{{ tomcat_listen_ajp_enabled }}', 'address': '{{ tomcat_listen_ajp_address }}', 'port': '{{ tomcat_listen_ajp_port }}', 'secretRequired': '{{ tomcat_listen_ajp_secret_required }}', 'secret': '{{ tomcat_listen_ajp_secret }}'}}, 'vault': {'name': '{{ tomcat_vault_name }}', 'enable': '{{ tomcat_vault_enabled }}', 'alias': '{{ tomcat_vault_alias }}', 'storepass': '{{ tomcat_vault_storepass }}', 'iteration': '{{ tomcat_vault_iteration }}', 'salt': '{{ tomcat_vault_salt }}', 'properties': '{{ tomcat_vault_properties }}', 'data': '{{ tomcat_vault_data }}'}, 'mod_cluster': {'enable': '{{ tomcat_modcluster_enabled }}', 'ip': '{{ tomcat_modcluster_ip }}', 'port': '{{ tomcat_modcluster_port }}', 'connector_port': '{{ tomcat_modcluster_connector_port }}', 'advertise': '{{ tomcat_modcluster_advertise | string | lower }}', 'stickySession': '{{ tomcat_modcluster_sticky_session | string | lower }}', 'stickySessionForce': '{{ tomcat_modcluster_sticky_session_force | string | lower }}', 'stickySessionRemove': '{{ tomcat_modcluster_sticky_session_remove | string | lower }}'}, 'service': {'enabled': '{{ tomcat_systemd_enabled }}', 'name': '{{ tomcat_service_name }}', 'conf': '{{ tomcat_service_conf }}', 'script': '{{ tomcat_service_script }}', 'systemd': '{{ tomcat_service_systemd }}', 'pidfile': '{{ tomcat_service_systemd_pidfile }}', 'type': '{{ tomcat_service_systemd_type }}', 'hr_name': \"{{ 'Jboss Web Server' if tomcat_install_method is defined and tomcat_install_method in ['rhn_zipfiles','rpm'] else 'Tomcat' }}\"}}: 'dict object' has no attribute '5.6.2'"}









Service patches don't always have base and native zips.



SUMMARY


Service patches don't always have both base and native zips. They don't have to have either. The apply patch functionality counts with both of them being present, even if only one is provided. While the example expects jws.rhn_ids['5.6.0'].latest_cp.id to be empty, I can provide example when can that happen, e.g. only natives are rebuild. If natives are missing, the collection tries to download them.


ISSUE TYPE


    

  • Bug Report
    • 



ANSIBLE VERSION


ansible [core 2.12.2]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/akrajcik/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.8/site-packages/ansible
  ansible collection location = /home/akrajcik/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.8.12 (default, Sep 16 2021, 10:46:05) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]
  jinja version = 2.10.3
  libyaml = True




COLLECTION VERSION


1.1.1



STEPS TO REPRODUCE


---
- name: Install JWS with ZIPs
  hosts: instance
  vars:
    tomcat_install_method: rhn_zipfiles
    jws_version: "5.6.0"
    tomcat_setup: True
    jws_apply_patches: True
    jws_selinux_enabled: False
  tasks:
    - name: Import JWS role
      import_role:
        name: "redhat.jws.jws"


ACTUAL RESULTS


Patch is not installed when id in main.yml is not set. 








Remove version specificity from Support paragraph in Readme



SUMMARY


In Support paragraph in Readme, a specific version of the collection is specified. There should be a more general statement that the collection is as Tech Preview rather than having a specific version there. Currently, the version specified does not match the released version.


ISSUE TYPE


    

  • Feature Idea
    • 









Cleaning up zips after installation.



SUMMARY


When zips are downloaded from RHN to control node and/or control node to the target hosts, the zips are left over in the target hosts after installation. Should they be kept there or be cleaned up?


ISSUE TYPE


    

  • Feature Idea
    • 













Add a way to deploy your application(s)



SUMMARY


The playbook currently sets up Tomcat/JWS, but it doesn't have the ability to simply deploy applications to it. Can we add a variable which would allow for one or more war files to be deployed (copied) into the Tomcat webapps directory? We would expect that the user has already built their webapp and are ready to deploy it when they stand up a new instance with Ansible.


ISSUE TYPE


    

  • Feature Idea
    • 















item variable used in the zipfiles install task name



SUMMARY


The item variable doesn't appear to be scoped for use in the task name. Using the variable in the task name breaks the rest of the string interpolation. Removing the {{ item.src }} and {{ item.creates }} variables from the tasks name allows the other variables to be expanded correctly.


ISSUE TYPE


    

  • Bug Report
    • 



ANSIBLE VERSION


ansible 2.9.27
  config file = /root/.ansible/collections/ansible_collections/middleware_automation/jws/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.10/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.10.4 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)]



COLLECTION VERSION


I'm testing with the locally produced collection tarball, middleware_automation-jws-1.0.1.tar.gz.


STEPS TO REPRODUCE


Comment out Use Case 1, uncomment Use Case 4, set jws_version: 5.6.0.

Execute collection and observe output.


EXPECTED RESULTS


TASK [middleware_automation.jws.jws : Install Jboss Web Server and required binaries from local zipfiles (install method: rhn_zipfiles)]



ACTUAL RESULTS


TASK [middleware_automation.jws.jws : Install {{ tomcat.service.hr_name }} and required binaries from local zipfiles ({{ item.src }}) to {{ item.creates }} (install method: {{ tomcat.install_method }})]









jws_validation role fails when using non-default tomcat version



SUMMARY


If you update the tomcat version that you're using, but don't set tomcat_home, then the jws_validation role fails.


ISSUE TYPE


    

  • Bug Report
    • 



ANSIBLE VERSION


ansible 2.9.27
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/csutherl/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)]



COLLECTION VERSION


The latest tagged version, 1.1.1.


STEPS TO REPRODUCE


Update the sample playbook and change tomcat_version to 9.0.60 rather than 9.0.50 and execute the playbook. Everything runs smoothly until it gets to validation, which fails.


EXPECTED RESULTS


Successful execution of the molecule scenario.


ACTUAL RESULTS


molecule test
....
TASK [jws_validation : Read the content of catalina.out] *********************************************************************************************************************************************************************************************************************************************************************
fatal: [instance]: FAILED! => {"changed": false, "msg": "file not found: /opt/apache-tomcat-9.0.50/logs/catalina.out"}



It appears that we didn't replicate the logic from 5a5311a in the jws role to the jws_validation role, so now the dynamic setting of tomcat_home only happens within on role leaving the other to have a bad default value.







Unable to install JWS without natives.



SUMMARY


I'm unable to install JWS without natives.


ISSUE TYPE


    

  • Bug Report
    • 



ANSIBLE VERSION


ansible [core 2.12.2]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/akrajcik/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.8/site-packages/ansible
  ansible collection location = /home/akrajcik/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.8.12 (default, Sep 16 2021, 10:46:05) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]




COLLECTION VERSION


1.1.1



STEPS TO REPRODUCE


---
- name: "Install JWS without natives."
  hosts: managed-nodes
  vars:
    tomcat_setup: true
    jws_version: "5.6.0"
    tomcat_install_dir: "/opt"
    tomcat_home: "/opt/jws-5.6/tomcat"
    tomcat_zipfile: "jws-5.6.0-application-server.zip"
    tomcat_native: False
    tomcat_native_zipfile: "jws-5.6.0-application-server-RHEL8-x86_64.zip"
  collections:
    - redhat.jws
  roles:
    - jws


EXPECTED RESULTS


Install JWS without natives


ACTUAL RESULTS


fatal: [managed-node-one]: FAILED! => {"msg": "The conditional check 'not native_archive_path.stat.exists' failed. The error was: error while evaluating conditional (not native_archive_path.stat.exists): 'dict object' has no attribute 'stat'\n\nThe error appears to be in '/home/akrajcik/.ansible/collections/ansible_collections/redhat/jws/roles/jws/tasks/install/local.yml': line 54, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Copy native archive to target nodes\n  ^ here\n"}













JWS selinux step is incomplete



SUMMARY


The selinux step in roles/jws/tasks/systemd/selinux.yml builds and installs the policy correctly, but it doesn't allow acces to the ports with semanage as outlined in the documentation. Any ports being used by tomcat should be labeled as http_port_t with semanage port -a -t http_port_t -p tcp <port>.


Note: The step is only required if you use a port that isn't covered by http_port_t, default values (on RHEL 8) are:


# semanage port -l | grep ^http.*_port_t
http_cache_port_t              tcp      8080, 8118, 8123, 10001-10010
http_cache_port_t              udp      3130
http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000



ISSUE TYPE


    

  • Bug Report
    • 



ANSIBLE VERSION


ansible 2.9.27
  config file = /home/csutherl/source/jws-ansible-playbook/ansible.cfg
  configured module search path = ['/home/csutherl/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.9.12 (main, Mar 25 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)]



COLLECTION VERSION


Dev build of the collection based on commit 87238cc.


STEPS TO REPRODUCE


Install JWS using tomcat_listen_http_port: 8567 (not in http_port_t or any other port_t by default) and observe the log.


EXPECTED RESULTS


The Connector successfully starts and is accessible.


ACTUAL RESULTS


Connector failed to start with the following exception logged in catalina.out:


SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[HTTP/1.1-8567]]
        org.apache.catalina.LifecycleException: Protocol handler initialization failed
                at org.apache.catalina.connector.Connector.initInternal(Connector.java:1049)
                at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
                at org.apache.catalina.core.StandardService.initInternal(StandardService.java:561)
                at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
                at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1049)
                at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
                at org.apache.catalina.startup.Catalina.load(Catalina.java:724)
                at org.apache.catalina.startup.Catalina.load(Catalina.java:746)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                at java.lang.reflect.Method.invoke(Method.java:498)
                at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
                at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
        Caused by: java.net.SocketException: Permission denied
                at sun.nio.ch.Net.bind0(Native Method)
                at sun.nio.ch.Net.bind(Net.java:461)
                at sun.nio.ch.Net.bind(Net.java:453)
                at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:222)
                at org.apache.tomcat.util.net.NioEndpoint.initServerSocket(NioEndpoint.java:272)
                at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:227)
                at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1208)
                at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1221)
                at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:603)
                at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:80)
                at org.apache.catalina.connector.Connector.initInternal(Connector.java:1046)
                ... 13 more
















Recommend Projects


    

  • 

    • 

  • 

    

    

React photo
React


    

    A declarative, efficient, and flexible JavaScript library for building user interfaces.
    

    

    • 

  • 

    

    

Vue.js photo
Vue.js


    

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
    

    

    • 

  • 

    

    

Typescript photo
Typescript


    

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
    

    

    • 

  • 

    

    

TensorFlow photo
TensorFlow


    

    An Open Source Machine Learning Framework for Everyone
    

    

    • 

  • 

    

    

Django photo
Django


    

    The Web framework for perfectionists with deadlines.
    

    

    • 

  • 


    • 

  • 

    

    

D3 photo
D3


    

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰
    

    

    • 

  • 

    

    

    • 








Recommend Topics


    

  • 

    

    

javascript


    

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
    

    

    • 

  • 

    

    

web


    

    Some thing interesting about web. New door for the world.
    

    

    • 

  • 

    

    

server


    

    A server is a program made to process requests and deliver data to clients.
    

    

    • 

  • 

    

    

Machine learning


    

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
    

    

    • 

  • 


    • 

  • 

    

    

Game


    

    Some thing interesting about game, make everyone happy.
    

    

    • 

  • 

    • 








Recommend Org


    

  • 

    

    

Facebook photo
Facebook


    

    We are working to build community through open source technology. NB: members must have two-factor auth.
    

    

    • 

  • 

    

    

Microsoft photo
Microsoft


    

    Open source projects and samples from Microsoft.
    

    

    • 

  • 

    

    

Google photo
Google


    

    Google โค๏ธ Open Source for everyone.
    

    

    • 

  • 


    • 

  • 

    

    

D3 photo
D3


    

    Data-Driven Documents codes.
    

    

    • 

  • 


    • 

  • 

    •