| 1 |
--- |
| 2 |
|
| 3 |
# Install tomcat |
| 4 |
|
| 5 |
- name: install tomcat |
| 6 |
yum: |
| 7 |
name: "{{ item }}" |
| 8 |
state: present |
| 9 |
with_items: "{{ tomcat_packages }}" |
| 10 |
register: tomcat_install |
| 11 |
|
| 12 |
- name: add CATALINA_HOME to bashrc |
| 13 |
lineinfile: |
| 14 |
dest: /etc/bashrc |
| 15 |
state: present |
| 16 |
line: "export CATALINA_HOME={{ catalina_home }}" |
| 17 |
regexp: "^export CATALINA_HOME=.*" |
| 18 |
insertafter: EOF |
| 19 |
backup: yes |
| 20 |
|
| 21 |
#- name: install javamail (for javax.mail) |
| 22 |
# yum: name={{ item }} state=present |
| 23 |
# with_items: "{{ tomcat_extra_packages }}" |
| 24 |
|
| 25 |
#- name: clean up webapps directory |
| 26 |
# command: /bin/rm -rf "{{ catalina_home }}/webapps/*" |
| 27 |
# when: tomcat_install.changed |
| 28 |
|
| 29 |
# Install jglobus-jsse and globus-ssl-proxies (this is only needed for limited proxies!) |
| 30 |
#- name: install jglobus |
| 31 |
# yum: name={{ item }} state=present |
| 32 |
# with_items: "{{ tomcat_jglobus_packages }}" |
| 33 |
|
| 34 |
#- name: find extra jar libraries for linking |
| 35 |
# command: find "{{ tomcat_extra_libs }}" -maxdepth 1 -type f -name '*.jar' -exec basename {} \; |
| 36 |
# register: extra_libs |
| 37 |
|
| 38 |
#- name: make a link to the jglobus jars |
| 39 |
# file: |
| 40 |
# src: "{{ tomcat_extra_libs }}/{{ item }}" |
| 41 |
# dest: "{{ catalina_home }}/lib/{{ item }}" |
| 42 |
# owner: root |
| 43 |
# group: root |
| 44 |
# state: link |
| 45 |
# with_items: "{{ extra_libs.stdout_lines }}" |
| 46 |
|
| 47 |
# configurations |
| 48 |
|
| 49 |
# close unused ports? |
| 50 |
|
| 51 |
# set tomcatAuthentication="false" so REMOTE_USER will be taken over from apache |
| 52 |
# and only listen on localhost |
| 53 |
|
| 54 |
- name: check if tomcat authentication is disabled (ignore errors) |
| 55 |
command: grep 'Connector.*port="8009".*address="127.0.0.1" tomcatAuthentication="false"' "{{ catalina_home }}/conf/server.xml" |
| 56 |
ignore_errors: True |
| 57 |
changed_when: False |
| 58 |
register: tomcat_auth |
| 59 |
|
| 60 |
- name: disable tomcat authnetication |
| 61 |
lineinfile: |
| 62 |
dest: "{{ catalina_home }}/conf/server.xml" |
| 63 |
regexp: '^(.*)<Connector port="8009"(.*)$' |
| 64 |
line: '\1<Connector port="8009" address="127.0.0.1" tomcatAuthentication="false"\2' |
| 65 |
backrefs: yes |
| 66 |
owner: "{{ tomcat_user }}" |
| 67 |
group: "{{ tomcat_user }}" |
| 68 |
mode: 0664 |
| 69 |
backup: yes |
| 70 |
when: tomcat_auth.rc != 0 |
| 71 |
notify: restart tomcat |
| 72 |
|
| 73 |
# only listen on localhost on 8080 |
| 74 |
|
| 75 |
- name: check if listening address is set to localhost |
| 76 |
command: grep 'Connector.*port="8080".*address="127.0.0.1"' "{{ catalina_home }}/conf/server.xml" |
| 77 |
ignore_errors: True |
| 78 |
changed_when: False |
| 79 |
register: tomcat_local_listen |
| 80 |
|
| 81 |
- name: set listening address to localhost |
| 82 |
lineinfile: |
| 83 |
dest: "{{ catalina_home }}/conf/server.xml" |
| 84 |
regexp: '^(.*)<Connector port="8080"(.*)$' |
| 85 |
line: '\1<Connector port="8080" address="127.0.0.1" \2' |
| 86 |
backrefs: yes |
| 87 |
owner: "{{ tomcat_user }}" |
| 88 |
group: "{{ tomcat_user }}" |
| 89 |
mode: 0664 |
| 90 |
backup: yes |
| 91 |
when: tomcat_local_listen.rc != 0 |
| 92 |
notify: restart tomcat |
| 93 |
|
| 94 |
# add oa4mp configuration parameters |
| 95 |
|
| 96 |
- name: add oa4mp config parameters to web.xml |
| 97 |
blockinfile: |
| 98 |
dest: "{{ catalina_home }}/conf/web.xml" |
| 99 |
marker: "<!-- {mark} ANSIBLE MANAGED BLOCK -->" |
| 100 |
insertbefore: "</web-app>" |
| 101 |
owner: "{{ tomcat_user }}" |
| 102 |
group: "{{ tomcat_user }}" |
| 103 |
mode: 0664 |
| 104 |
block: | |
| 105 |
<context-param> |
| 106 |
<param-name>oa4mp:oauth2.server.config.file</param-name> |
| 107 |
<param-value>{{ oa4mp_server_conf_file }}</param-value> |
| 108 |
</context-param> |
| 109 |
<context-param> |
| 110 |
<param-name>oa4mp:oauth2.server.config.name</param-name> |
| 111 |
<param-value>default</param-value> |
| 112 |
</context-param> |
| 113 |
notify: restart tomcat |
| 114 |
|
| 115 |
# add javax.mail jar |
| 116 |
# Note: we could use the RPM for javamail, but is ancient and only for CentOS7 |
| 117 |
|
| 118 |
- name: download javax.mail jar |
| 119 |
get_url: |
| 120 |
url: "{{ javax_mail_url }}" |
| 121 |
dest: "{{ catalina_home }}/lib/javax.mail.jar" |
| 122 |
- name: set permission on javax.mail |
| 123 |
file: |
| 124 |
path: "{{ catalina_home }}/lib/javax.mail.jar" |
| 125 |
owner: root |
| 126 |
group: root |
| 127 |
mode: 0644 |
| 128 |
|
| 129 |
# add mail resource to context.xml |
| 130 |
|
| 131 |
- name: add mail resource to context.xml |
| 132 |
lineinfile: |
| 133 |
dest: "{{ catalina_home }}/conf/context.xml" |
| 134 |
state: present |
| 135 |
line: "<Resource name=\"mail/Session\" type=\"javax.mail.Session\" auth=\"Container\"></Resource>" |
| 136 |
insertbefore: "</Context>" |
| 137 |
mode: 0664 |
| 138 |
owner: "{{ tomcat_user }}" |
| 139 |
group: "{{ tomcat_user }}" |
| 140 |
backup: yes |
| 141 |
notify: restart tomcat |
| 142 |
|
| 143 |
# configure the private X509_CERT_DIR as an environmental variable |
| 144 |
|
| 145 |
- name: set private X509_CERT_DIR variable |
| 146 |
lineinfile: |
| 147 |
dest: "{{ catalina_home }}/conf/tomcat.conf" |
| 148 |
state: present |
| 149 |
line: "X509_CERT_DIR=\"{{ oa4mp_server_certificates_dir }}\"" |
| 150 |
mode: 0664 |
| 151 |
owner: "{{ tomcat_user }}" |
| 152 |
group: "{{ tomcat_user }}" |
| 153 |
backup: yes |
| 154 |
notify: restart tomcat |
| 155 |
|
Parent Directory
| 
Revision Log