zaxos / tomcat-ansible-role Goto Github PK
View Code? Open in Web Editor NEWAnsible role to install and configure Apache Tomcat on CentOS/RHEL
License: GNU General Public License v2.0
Ansible role to install and configure Apache Tomcat on CentOS/RHEL
License: GNU General Public License v2.0
It seems that as of version 2.4, the include module is deprecated, and as of 2023-05-16, it won't work at all. Using 2.16.4, I get this error message when using zaxos.tomcat-ansible-role:
ERROR! [DEPRECATED]: ansible.builtin.include has been removed. Use include_tasks or import_tasks instead. This feature was removed from ansible-core in a release after 2023-05-16. Please update your playbooks.
From ansible/ansible#76684 it seems that the fix may be a simple as changing "include" to "import_tasks".
Is there likely to be a version of this role that supports the current ansible?
The reason I added write-only support to the logs directory in my fork was because I read the recommendation on the OWASP page about Tomcat. After considering the practical limitations of 300 mode on RedHat Linux, it might be better to have a write-only partition somewhere and then be able to configure logging to use that instead via a logging.properties template (Tomcat 8.5) or via whatever the config file is used in other versions.
It's a shame there seem to be no out-of-the-box option to use a syslog server since version 8 apparently.
Typically you'd only want to include the become: true
where you need it making it dependent on the the task. The idea following the principal of least privilege to prevent everything running as root.
You may want to evaluate which tasks actually need to be run as root and update the role accordingly. At the very least you should mention that become: true
is needed to run the role in the documentation.
In some cases, managed hosts does have access to internet even HTTP proxy.
The only access is that the Ansible control node can communicate with the managed host (remote) thru SSH.
In this case, we need to delegate the download of Tomcat package to the control node (localhost of Ansible CLI), once download is done, we transfer (copy:) this package to the remote package.
Option to delete/ignore default webapps (list of default webapps to delete so we can pick and choose). If I delete them outside the role, it breaks idempotence because it expects manager and host-manager apps to exist.
will you provide un-install - role?
Hello,
Did you plan to support Red Hat EL8 soon ?
Thank you, Gilian.
Group execute permission is missing from bin/*.sh, so tomcat user can't run startup.sh or shutdown.sh. Here's the error in the playbook...
RUNNING HANDLER [zaxos.tomcat-ansible-role : restart tomcat] ********************************* fatal: [prod_host]: FAILED! => {"changed": false, "msg": "Unable to start service tomcat: Job for tomcat.service failed because the control process exited with error code. See \"systemctl status tomcat.service\" and \"journalctl -xe\" for details.\n"}
-- The error number returned by this process is 13.`
Hye,
Can you updates all templates with variables ?
We use TOMCAT 8.5 and the templates don't have variable:
for the file tomcat-server-8.5.xml.j2
Thanks
I appreciate the role setting/managing some sensible defaults. However, I'd like the option to use my own settings.xml file rather than using the ansible blockinfile to inject my stuff into your template.
perhaps it's just another variable like settings_file_path
where is could be a straight up copy or interpolated through jinja.
This one is not necessarily anything you did wrong but Ubuntu 14.04 uses upstart instead of ststemd. While, I wouldn't expect you to support a OS that is 10+ years old at this point this issue is more for posterity should someone else run into the "msg": "Destination directory /usr/lib/systemd/system does not exist"
error I ran into. I had to wrap the existing functionality in a block
- block:
- name: Configure service file {{ tomcat_service_name }}.service
template:
src: tomcat.service.j2
dest: /usr/lib/systemd/system/{{ tomcat_service_name }}.service
notify: restart tomcat
- name: Enable tomcat service on startup
systemd:
name: "{{ tomcat_service_name }}"
enabled: "{% if tomcat_service_enabled_on_startup %}yes{% else %}no{% endif %}"
daemon_reload: yes
when: ansible_facts['distribution'] != "Ubuntu" and ansible_facts['distribution_version'] != '14.04'
Hello,
Since CVE-2020-1938 vulnerability, Tomcat change/add some default settings for AJP connector.
By default, he listen only on localhost and we need to explicit add "address="{{ tomcat_listen_address }}"". Maybe you can add this in server.xml template file.
By default, Tomcat now require a secret for AJP connector. We add a static "secretRequired="false"" property because we run httpd 2.4. Only httpd 2.5 support AJP secret :( Maybe you can add a boolean var (false by default ?) and a optional secret var in ansible role.
Thank you for this usefull role.
Best regard, Gilian.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.