/[pdpsoft]/trunk/novalocal-test-delegserver/DS/roles/delegserver/tasks/dep-tomcat.yml
ViewVC logotype

Annotation of /trunk/novalocal-test-delegserver/DS/roles/delegserver/tasks/dep-tomcat.yml

Parent Directory Parent Directory | Revision Log Revision Log


Revision 3234 - (hide annotations) (download) (as text)
Fri Apr 20 14:03:43 2018 UTC (4 years, 1 month ago) by msalle
File MIME type: text/x-yaml
File size: 4590 byte(s)
Syncing with RCauth CA

1 msalle 3079 ---
2    
3     # Install tomcat
4    
5     - name: install tomcat
6 msalle 3234 yum:
7 msalle 3079 name: "{{ item }}"
8     state: present
9     with_items: "{{ tomcat_packages }}"
10     register: tomcat_install
11    
12     - name: add CATALINA_HOME to bashrc
13     lineinfile:
14     dest: /etc/bashrc
15     state: present
16     line: "export CATALINA_HOME={{ catalina_home }}"
17     regexp: "^export CATALINA_HOME=.*"
18     insertafter: EOF
19 tamasb 3086 backup: yes
20 msalle 3079
21 msalle 3234 #- name: install javamail (for javax.mail)
22     # yum: name={{ item }} state=present
23     # with_items: "{{ tomcat_extra_packages }}"
24    
25 msalle 3079 #- name: clean up webapps directory
26     # command: /bin/rm -rf "{{ catalina_home }}/webapps/*"
27     # when: tomcat_install.changed
28    
29     # Install jglobus-jsse and globus-ssl-proxies (this is only needed for limited proxies!)
30     #- name: install jglobus
31     # yum: name={{ item }} state=present
32 msalle 3234 # with_items: "{{ tomcat_jglobus_packages }}"
33 msalle 3079
34     #- name: find extra jar libraries for linking
35     # command: find "{{ tomcat_extra_libs }}" -maxdepth 1 -type f -name '*.jar' -exec basename {} \;
36     # register: extra_libs
37    
38     #- name: make a link to the jglobus jars
39     # file:
40     # src: "{{ tomcat_extra_libs }}/{{ item }}"
41     # dest: "{{ catalina_home }}/lib/{{ item }}"
42     # owner: root
43     # group: root
44     # state: link
45     # with_items: "{{ extra_libs.stdout_lines }}"
46    
47     # configurations
48    
49     # close unused ports?
50    
51     # set tomcatAuthentication="false" so REMOTE_USER will be taken over from apache
52     # and only listen on localhost
53    
54 msalle 3234 - name: check if tomcat authentication is disabled (ignore errors)
55 msalle 3079 command: grep 'Connector.*port="8009".*address="127.0.0.1" tomcatAuthentication="false"' "{{ catalina_home }}/conf/server.xml"
56     ignore_errors: True
57     changed_when: False
58     register: tomcat_auth
59    
60     - name: disable tomcat authnetication
61     lineinfile:
62     dest: "{{ catalina_home }}/conf/server.xml"
63     regexp: '^(.*)<Connector port="8009"(.*)$'
64     line: '\1<Connector port="8009" address="127.0.0.1" tomcatAuthentication="false"\2'
65     backrefs: yes
66     owner: "{{ tomcat_user }}"
67     group: "{{ tomcat_user }}"
68     mode: 0664
69 tamasb 3086 backup: yes
70 msalle 3079 when: tomcat_auth.rc != 0
71     notify: restart tomcat
72    
73     # only listen on localhost on 8080
74    
75 msalle 3234 - name: check if listening address is set to localhost
76 msalle 3079 command: grep 'Connector.*port="8080".*address="127.0.0.1"' "{{ catalina_home }}/conf/server.xml"
77     ignore_errors: True
78     changed_when: False
79     register: tomcat_local_listen
80    
81 msalle 3234 - name: set listening address to localhost
82 msalle 3079 lineinfile:
83     dest: "{{ catalina_home }}/conf/server.xml"
84     regexp: '^(.*)<Connector port="8080"(.*)$'
85     line: '\1<Connector port="8080" address="127.0.0.1" \2'
86     backrefs: yes
87     owner: "{{ tomcat_user }}"
88     group: "{{ tomcat_user }}"
89     mode: 0664
90 tamasb 3086 backup: yes
91 msalle 3079 when: tomcat_local_listen.rc != 0
92     notify: restart tomcat
93    
94     # add oa4mp configuration parameters
95    
96     - name: add oa4mp config parameters to web.xml
97     blockinfile:
98     dest: "{{ catalina_home }}/conf/web.xml"
99     marker: "<!-- {mark} ANSIBLE MANAGED BLOCK -->"
100     insertbefore: "</web-app>"
101     owner: "{{ tomcat_user }}"
102     group: "{{ tomcat_user }}"
103     mode: 0664
104     block: |
105     <context-param>
106     <param-name>oa4mp:oauth2.server.config.file</param-name>
107     <param-value>{{ oa4mp_server_conf_file }}</param-value>
108     </context-param>
109     <context-param>
110     <param-name>oa4mp:oauth2.server.config.name</param-name>
111     <param-value>default</param-value>
112     </context-param>
113     notify: restart tomcat
114    
115     # add javax.mail jar
116 msalle 3234 # Note: we could use the RPM for javamail, but is ancient and only for CentOS7
117 msalle 3079
118     - name: download javax.mail jar
119     get_url:
120     url: "{{ javax_mail_url }}"
121     dest: "{{ catalina_home }}/lib/javax.mail.jar"
122     - name: set permission on javax.mail
123     file:
124     path: "{{ catalina_home }}/lib/javax.mail.jar"
125     owner: root
126     group: root
127     mode: 0644
128    
129     # add mail resource to context.xml
130    
131     - name: add mail resource to context.xml
132     lineinfile:
133     dest: "{{ catalina_home }}/conf/context.xml"
134     state: present
135     line: "<Resource name=\"mail/Session\" type=\"javax.mail.Session\" auth=\"Container\"></Resource>"
136     insertbefore: "</Context>"
137     mode: 0664
138     owner: "{{ tomcat_user }}"
139     group: "{{ tomcat_user }}"
140 tamasb 3086 backup: yes
141 msalle 3079 notify: restart tomcat
142    
143     # configure the private X509_CERT_DIR as an environmental variable
144    
145     - name: set private X509_CERT_DIR variable
146     lineinfile:
147     dest: "{{ catalina_home }}/conf/tomcat.conf"
148     state: present
149     line: "X509_CERT_DIR=\"{{ oa4mp_server_certificates_dir }}\""
150     mode: 0664
151     owner: "{{ tomcat_user }}"
152     group: "{{ tomcat_user }}"
153 tamasb 3086 backup: yes
154 msalle 3079 notify: restart tomcat
155    

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28