parent
7d8f6c018d
commit
2c9037a11b
@ -0,0 +1,29 @@ |
|||||||
|
## Standalone Tomcat Deployment |
||||||
|
|
||||||
|
- Requires Ansible 1.2 or newer |
||||||
|
- Expects CentOS/RHEL 6.x hosts |
||||||
|
|
||||||
|
These playbooks deploy a very basic implementation of Tomcat Application Server, |
||||||
|
version 7. To use them, first edit the "hosts" inventory file to contain the |
||||||
|
hostnames of the machines on which you want Tomcat deployed, and edit the |
||||||
|
group_vars/tomcat-servers file to set any Tomcat configuration parameters you need. |
||||||
|
|
||||||
|
Then run the playbook, like this: |
||||||
|
|
||||||
|
ansible-playbook -i hosts site.yml |
||||||
|
|
||||||
|
When the playbook run completes, you should be able to see the Tomcat |
||||||
|
Application Server running on the ports you chose, on the target machines. |
||||||
|
|
||||||
|
This is a very simple playbook and could serve as a starting point for more |
||||||
|
complex Tomcat-based projects. |
||||||
|
|
||||||
|
### Ideas for Improvement |
||||||
|
|
||||||
|
Here are some ideas for ways that these playbooks could be extended: |
||||||
|
|
||||||
|
- Write a playbook to deploy an actual application into the server. |
||||||
|
- Deploy Tomcat clustered with a load balancer in front. |
||||||
|
|
||||||
|
We would love to see contributions and improvements, so please fork this |
||||||
|
repository on GitHub and send us your changes via pull requests. |
@ -0,0 +1,9 @@ |
|||||||
|
# Here are variables related to the Tomcat installation |
||||||
|
|
||||||
|
http_port: 8080 |
||||||
|
https_port: 8443 |
||||||
|
|
||||||
|
# This will configure a default manager-gui user: |
||||||
|
|
||||||
|
admin_username: admin |
||||||
|
admin_password: adminsecret |
@ -0,0 +1,2 @@ |
|||||||
|
[tomcat-servers] |
||||||
|
webserver1 |
@ -0,0 +1,131 @@ |
|||||||
|
#!/bin/bash |
||||||
|
# |
||||||
|
# chkconfig: 345 99 28 |
||||||
|
# description: Starts/Stops Apache Tomcat |
||||||
|
# |
||||||
|
# Tomcat 7 start/stop/status script |
||||||
|
# Forked from: https://gist.github.com/valotas/1000094 |
||||||
|
# @author: Miglen Evlogiev <bash@miglen.com> |
||||||
|
# |
||||||
|
# Release updates: |
||||||
|
# Updated method for gathering pid of the current proccess |
||||||
|
# Added usage of CATALINA_BASE |
||||||
|
# Added coloring and additional status |
||||||
|
# Added check for existence of the tomcat user |
||||||
|
# |
||||||
|
|
||||||
|
#Location of JAVA_HOME (bin files) |
||||||
|
export JAVA_HOME=/usr/lib/jvm/jre |
||||||
|
|
||||||
|
#Add Java binary files to PATH |
||||||
|
export PATH=$JAVA_HOME/bin:$PATH |
||||||
|
|
||||||
|
#CATALINA_HOME is the location of the bin files of Tomcat |
||||||
|
export CATALINA_HOME=/usr/share/tomcat |
||||||
|
|
||||||
|
#CATALINA_BASE is the location of the configuration files of this instance of Tomcat |
||||||
|
export CATALINA_BASE=/usr/share/tomcat |
||||||
|
|
||||||
|
#TOMCAT_USER is the default user of tomcat |
||||||
|
export TOMCAT_USER=tomcat |
||||||
|
|
||||||
|
#TOMCAT_USAGE is the message if this script is called without any options |
||||||
|
TOMCAT_USAGE="Usage: $0 {\e[00;32mstart\e[00m|\e[00;31mstop\e[00m|\e[00;32mstatus\e[00m|\e[00;31mrestart\e[00m}" |
||||||
|
|
||||||
|
#SHUTDOWN_WAIT is wait time in seconds for java proccess to stop |
||||||
|
SHUTDOWN_WAIT=20 |
||||||
|
|
||||||
|
tomcat_pid() { |
||||||
|
echo `ps -fe | grep $CATALINA_BASE | grep -v grep | tr -s " "|cut -d" " -f2` |
||||||
|
} |
||||||
|
|
||||||
|
start() { |
||||||
|
pid=$(tomcat_pid) |
||||||
|
if [ -n "$pid" ] |
||||||
|
then |
||||||
|
echo -e "\e[00;31mTomcat is already running (pid: $pid)\e[00m" |
||||||
|
else |
||||||
|
# Start tomcat |
||||||
|
echo -e "\e[00;32mStarting tomcat\e[00m" |
||||||
|
#ulimit -n 100000 |
||||||
|
#umask 007 |
||||||
|
#/bin/su -p -s /bin/sh tomcat |
||||||
|
if [ `user_exists $TOMCAT_USER` = "1" ] |
||||||
|
then |
||||||
|
su $TOMCAT_USER -c $CATALINA_HOME/bin/startup.sh |
||||||
|
else |
||||||
|
sh $CATALINA_HOME/bin/startup.sh |
||||||
|
fi |
||||||
|
status |
||||||
|
fi |
||||||
|
return 0 |
||||||
|
} |
||||||
|
|
||||||
|
status(){ |
||||||
|
pid=$(tomcat_pid) |
||||||
|
if [ -n "$pid" ]; then echo -e "\e[00;32mTomcat is running with pid: $pid\e[00m" |
||||||
|
else echo -e "\e[00;31mTomcat is not running\e[00m" |
||||||
|
fi |
||||||
|
} |
||||||
|
|
||||||
|
stop() { |
||||||
|
pid=$(tomcat_pid) |
||||||
|
if [ -n "$pid" ] |
||||||
|
then |
||||||
|
echo -e "\e[00;31mStoping Tomcat\e[00m" |
||||||
|
#/bin/su -p -s /bin/sh tomcat |
||||||
|
sh $CATALINA_HOME/bin/shutdown.sh |
||||||
|
|
||||||
|
let kwait=$SHUTDOWN_WAIT |
||||||
|
count=0; |
||||||
|
until [ `ps -p $pid | grep -c $pid` = '0' ] || [ $count -gt $kwait ] |
||||||
|
do |
||||||
|
echo -n -e "\n\e[00;31mwaiting for processes to exit\e[00m"; |
||||||
|
sleep 1 |
||||||
|
let count=$count+1; |
||||||
|
done |
||||||
|
|
||||||
|
if [ $count -gt $kwait ]; then |
||||||
|
echo -n -e "\n\e[00;31mkilling processes which didn't stop after $SHUTDOWN_WAIT seconds\e[00m" |
||||||
|
kill -9 $pid |
||||||
|
fi |
||||||
|
else |
||||||
|
echo -e "\e[00;31mTomcat is not running\e[00m" |
||||||
|
fi |
||||||
|
|
||||||
|
return 0 |
||||||
|
} |
||||||
|
|
||||||
|
user_exists(){ |
||||||
|
if id -u $1 >/dev/null 2>&1; then |
||||||
|
echo "1" |
||||||
|
else |
||||||
|
echo "0" |
||||||
|
fi |
||||||
|
} |
||||||
|
|
||||||
|
case $1 in |
||||||
|
|
||||||
|
start) |
||||||
|
start |
||||||
|
;; |
||||||
|
|
||||||
|
stop) |
||||||
|
stop |
||||||
|
;; |
||||||
|
|
||||||
|
restart) |
||||||
|
stop |
||||||
|
start |
||||||
|
;; |
||||||
|
|
||||||
|
status) |
||||||
|
status |
||||||
|
|
||||||
|
;; |
||||||
|
|
||||||
|
*) |
||||||
|
echo -e $TOMCAT_USAGE |
||||||
|
;; |
||||||
|
esac |
||||||
|
exit 0 |
@ -0,0 +1,6 @@ |
|||||||
|
--- |
||||||
|
- name: restart tomcat |
||||||
|
service: name=tomcat state=restarted |
||||||
|
|
||||||
|
- name: restart iptables |
||||||
|
service: name=iptables state=restarted |
@ -0,0 +1,42 @@ |
|||||||
|
--- |
||||||
|
- name: Install Java 1.7 |
||||||
|
yum: name=java-1.7.0-openjdk state=present |
||||||
|
|
||||||
|
- name: Download Tomcat |
||||||
|
get_url: url=http://mirror.symnds.com/software/Apache/tomcat/tomcat-7/v7.0.41/bin/apache-tomcat-7.0.41.tar.gz dest=/opt/apache-tomcat-7.0.41.tar.gz |
||||||
|
|
||||||
|
- name: Extract archive |
||||||
|
command: chdir=/usr/share /bin/tar xvf /opt/apache-tomcat-7.0.41.tar.gz -C /usr/share/ creates=/usr/share/tomcat |
||||||
|
|
||||||
|
- name: Symlink install directory |
||||||
|
file: src=/usr/share/apache-tomcat-7.0.41 path=/usr/share/tomcat state=link |
||||||
|
|
||||||
|
- name: Add group "tomcat" |
||||||
|
group: name=tomcat |
||||||
|
|
||||||
|
- name: Add user "tomcat" |
||||||
|
user: name=tomcat group=tomcat home=/usr/share/tomcat |
||||||
|
|
||||||
|
- name: Change ownership of Tomcat installation |
||||||
|
file: path=/usr/share/tomcat/ owner=tomcat group=tomcat state=directory recurse=yes |
||||||
|
|
||||||
|
- name: Configure Tomcat server |
||||||
|
template: src=server.xml dest=/usr/share/tomcat/conf/ |
||||||
|
notify: restart tomcat |
||||||
|
|
||||||
|
- name: Configure Tomcat users |
||||||
|
template: src=tomcat-users.xml dest=/usr/share/tomcat/conf/ |
||||||
|
notify: restart tomcat |
||||||
|
|
||||||
|
- name: Install Tomcat init script |
||||||
|
copy: src=tomcat-initscript.sh dest=/etc/init.d/tomcat mode=0755 |
||||||
|
|
||||||
|
- name: Start Tomcat |
||||||
|
service: name=tomcat state=started enabled=yes |
||||||
|
|
||||||
|
- name: deploy iptables rules |
||||||
|
template: src=iptables-save dest=/etc/sysconfig/iptables |
||||||
|
notify: restart iptables |
||||||
|
|
||||||
|
- name: wait for tomcat to start |
||||||
|
wait_for: port={{http_port}} |
@ -0,0 +1,14 @@ |
|||||||
|
# {{ ansible_managed }} |
||||||
|
*filter |
||||||
|
:INPUT ACCEPT [0:0] |
||||||
|
:FORWARD ACCEPT [0:0] |
||||||
|
:OUTPUT ACCEPT [4:512] |
||||||
|
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT |
||||||
|
-A INPUT -p icmp -j ACCEPT |
||||||
|
-A INPUT -i lo -j ACCEPT |
||||||
|
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT |
||||||
|
-A INPUT -p tcp -m state --state NEW -m tcp --dport {{ http_port }} -j ACCEPT |
||||||
|
-A INPUT -p tcp -m state --state NEW -m tcp --dport {{ https_port }} -j ACCEPT |
||||||
|
-A INPUT -j REJECT --reject-with icmp-host-prohibited |
||||||
|
-A FORWARD -j REJECT --reject-with icmp-host-prohibited |
||||||
|
COMMIT |
@ -0,0 +1,145 @@ |
|||||||
|
<?xml version='1.0' encoding='utf-8'?> |
||||||
|
|
||||||
|
<!-- {{ ansible_managed }} --> |
||||||
|
|
||||||
|
<!-- |
||||||
|
Licensed to the Apache Software Foundation (ASF) under one or more |
||||||
|
contributor license agreements. See the NOTICE file distributed with |
||||||
|
this work for additional information regarding copyright ownership. |
||||||
|
The ASF licenses this file to You under the Apache License, Version 2.0 |
||||||
|
(the "License"); you may not use this file except in compliance with |
||||||
|
the License. You may obtain a copy of the License at |
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0 |
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software |
||||||
|
distributed under the License is distributed on an "AS IS" BASIS, |
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||||
|
See the License for the specific language governing permissions and |
||||||
|
limitations under the License. |
||||||
|
--> |
||||||
|
<!-- Note: A "Server" is not itself a "Container", so you may not |
||||||
|
define subcomponents such as "Valves" at this level. |
||||||
|
Documentation at /docs/config/server.html |
||||||
|
--> |
||||||
|
<Server port="8005" shutdown="SHUTDOWN"> |
||||||
|
<!-- Security listener. Documentation at /docs/config/listeners.html |
||||||
|
<Listener className="org.apache.catalina.security.SecurityListener" /> |
||||||
|
--> |
||||||
|
<!--APR library loader. Documentation at /docs/apr.html --> |
||||||
|
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> |
||||||
|
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html --> |
||||||
|
<Listener className="org.apache.catalina.core.JasperListener" /> |
||||||
|
<!-- Prevent memory leaks due to use of particular java/javax APIs--> |
||||||
|
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> |
||||||
|
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> |
||||||
|
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> |
||||||
|
|
||||||
|
<!-- Global JNDI resources |
||||||
|
Documentation at /docs/jndi-resources-howto.html |
||||||
|
--> |
||||||
|
<GlobalNamingResources> |
||||||
|
<!-- Editable user database that can also be used by |
||||||
|
UserDatabaseRealm to authenticate users |
||||||
|
--> |
||||||
|
<Resource name="UserDatabase" auth="Container" |
||||||
|
type="org.apache.catalina.UserDatabase" |
||||||
|
description="User database that can be updated and saved" |
||||||
|
factory="org.apache.catalina.users.MemoryUserDatabaseFactory" |
||||||
|
pathname="conf/tomcat-users.xml" /> |
||||||
|
</GlobalNamingResources> |
||||||
|
|
||||||
|
<!-- A "Service" is a collection of one or more "Connectors" that share |
||||||
|
a single "Container" Note: A "Service" is not itself a "Container", |
||||||
|
so you may not define subcomponents such as "Valves" at this level. |
||||||
|
Documentation at /docs/config/service.html |
||||||
|
--> |
||||||
|
<Service name="Catalina"> |
||||||
|
|
||||||
|
<!--The connectors can use a shared executor, you can define one or more named thread pools--> |
||||||
|
<!-- |
||||||
|
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-" |
||||||
|
maxThreads="150" minSpareThreads="4"/> |
||||||
|
--> |
||||||
|
|
||||||
|
|
||||||
|
<!-- A "Connector" represents an endpoint by which requests are received |
||||||
|
and responses are returned. Documentation at : |
||||||
|
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking) |
||||||
|
Java AJP Connector: /docs/config/ajp.html |
||||||
|
APR (HTTP/AJP) Connector: /docs/apr.html |
||||||
|
Define a non-SSL HTTP/1.1 Connector on port 8080 |
||||||
|
--> |
||||||
|
<Connector port="{{ http_port }}" protocol="HTTP/1.1" |
||||||
|
connectionTimeout="20000" |
||||||
|
redirectPort="8443" /> |
||||||
|
<!-- A "Connector" using the shared thread pool--> |
||||||
|
<!-- |
||||||
|
<Connector executor="tomcatThreadPool" |
||||||
|
port="8080" protocol="HTTP/1.1" |
||||||
|
connectionTimeout="20000" |
||||||
|
redirectPort="8443" /> |
||||||
|
--> |
||||||
|
<!-- Define a SSL HTTP/1.1 Connector on port 8443 |
||||||
|
This connector uses the JSSE configuration, when using APR, the |
||||||
|
connector should be using the OpenSSL style configuration |
||||||
|
described in the APR documentation --> |
||||||
|
<!-- |
||||||
|
<Connector port="{{ https_port }}" protocol="HTTP/1.1" SSLEnabled="true" |
||||||
|
maxThreads="150" scheme="https" secure="true" |
||||||
|
clientAuth="false" sslProtocol="TLS" /> |
||||||
|
--> |
||||||
|
|
||||||
|
<!-- Define an AJP 1.3 Connector on port 8009 --> |
||||||
|
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> |
||||||
|
|
||||||
|
|
||||||
|
<!-- An Engine represents the entry point (within Catalina) that processes |
||||||
|
every request. The Engine implementation for Tomcat stand alone |
||||||
|
analyzes the HTTP headers included with the request, and passes them |
||||||
|
on to the appropriate Host (virtual host). |
||||||
|
Documentation at /docs/config/engine.html --> |
||||||
|
|
||||||
|
<!-- You should set jvmRoute to support load-balancing via AJP ie : |
||||||
|
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1"> |
||||||
|
--> |
||||||
|
<Engine name="Catalina" defaultHost="localhost"> |
||||||
|
|
||||||
|
<!--For clustering, please take a look at documentation at: |
||||||
|
/docs/cluster-howto.html (simple how to) |
||||||
|
/docs/config/cluster.html (reference documentation) --> |
||||||
|
<!-- |
||||||
|
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/> |
||||||
|
--> |
||||||
|
|
||||||
|
<!-- Use the LockOutRealm to prevent attempts to guess user passwords |
||||||
|
via a brute-force attack --> |
||||||
|
<Realm className="org.apache.catalina.realm.LockOutRealm"> |
||||||
|
<!-- This Realm uses the UserDatabase configured in the global JNDI |
||||||
|
resources under the key "UserDatabase". Any edits |
||||||
|
that are performed against this UserDatabase are immediately |
||||||
|
available for use by the Realm. --> |
||||||
|
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" |
||||||
|
resourceName="UserDatabase"/> |
||||||
|
</Realm> |
||||||
|
|
||||||
|
<Host name="localhost" appBase="webapps" |
||||||
|
unpackWARs="true" autoDeploy="true"> |
||||||
|
|
||||||
|
<!-- SingleSignOn valve, share authentication between web applications |
||||||
|
Documentation at: /docs/config/valve.html --> |
||||||
|
<!-- |
||||||
|
<Valve className="org.apache.catalina.authenticator.SingleSignOn" /> |
||||||
|
--> |
||||||
|
|
||||||
|
<!-- Access log processes all example. |
||||||
|
Documentation at: /docs/config/valve.html |
||||||
|
Note: The pattern used is equivalent to using pattern="common" --> |
||||||
|
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" |
||||||
|
prefix="localhost_access_log." suffix=".txt" |
||||||
|
pattern="%h %l %u %t "%r" %s %b" /> |
||||||
|
|
||||||
|
</Host> |
||||||
|
</Engine> |
||||||
|
</Service> |
||||||
|
</Server> |
@ -0,0 +1,43 @@ |
|||||||
|
<?xml version='1.0' encoding='utf-8'?> |
||||||
|
|
||||||
|
<!-- {{ ansible_managed }} --> |
||||||
|
|
||||||
|
<!-- |
||||||
|
Licensed to the Apache Software Foundation (ASF) under one or more |
||||||
|
contributor license agreements. See the NOTICE file distributed with |
||||||
|
this work for additional information regarding copyright ownership. |
||||||
|
The ASF licenses this file to You under the Apache License, Version 2.0 |
||||||
|
(the "License"); you may not use this file except in compliance with |
||||||
|
the License. You may obtain a copy of the License at |
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0 |
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software |
||||||
|
distributed under the License is distributed on an "AS IS" BASIS, |
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||||
|
See the License for the specific language governing permissions and |
||||||
|
limitations under the License. |
||||||
|
--> |
||||||
|
<tomcat-users> |
||||||
|
<!-- |
||||||
|
NOTE: By default, no user is included in the "manager-gui" role required |
||||||
|
to operate the "/manager/html" web application. If you wish to use this app, |
||||||
|
you must define such a user - the username and password are arbitrary. |
||||||
|
--> |
||||||
|
<!-- |
||||||
|
NOTE: The sample user and role entries below are wrapped in a comment |
||||||
|
and thus are ignored when reading this file. Do not forget to remove |
||||||
|
<!.. ..> that surrounds them. |
||||||
|
--> |
||||||
|
|
||||||
|
<user username="{{ admin_username }}" password="{{ admin_password }}" roles="manager-gui" /> |
||||||
|
|
||||||
|
<!-- |
||||||
|
<role rolename="tomcat"/> |
||||||
|
<role rolename="role1"/> |
||||||
|
<user username="tomcat" password="tomcat" roles="tomcat"/> |
||||||
|
<user username="both" password="tomcat" roles="tomcat,role1"/> |
||||||
|
<user username="role1" password="tomcat" roles="role1"/> |
||||||
|
--> |
||||||
|
|
||||||
|
</tomcat-users> |
@ -0,0 +1,8 @@ |
|||||||
|
--- |
||||||
|
# This playbook deploys a simple standalone Tomcat 7 server. |
||||||
|
|
||||||
|
- hosts: tomcat-servers |
||||||
|
user: root |
||||||
|
|
||||||
|
roles: |
||||||
|
- tomcat |
Reference in new issue