/[pdpsoft]/trunk/novalocal-test-delegserver/DS/roles/delegserver/tasks/dep-tomcat.yml
ViewVC logotype

Contents of /trunk/novalocal-test-delegserver/DS/roles/delegserver/tasks/dep-tomcat.yml

Parent Directory Parent Directory | Revision Log Revision Log


Revision 3234 - (show annotations) (download) (as text)
Fri Apr 20 14:03:43 2018 UTC (4 years, 1 month ago) by msalle
File MIME type: text/x-yaml
File size: 4590 byte(s)
Syncing with RCauth CA

1 ---
2
3 # Install tomcat
4
5 - name: install tomcat
6 yum:
7 name: "{{ item }}"
8 state: present
9 with_items: "{{ tomcat_packages }}"
10 register: tomcat_install
11
12 - name: add CATALINA_HOME to bashrc
13 lineinfile:
14 dest: /etc/bashrc
15 state: present
16 line: "export CATALINA_HOME={{ catalina_home }}"
17 regexp: "^export CATALINA_HOME=.*"
18 insertafter: EOF
19 backup: yes
20
21 #- name: install javamail (for javax.mail)
22 # yum: name={{ item }} state=present
23 # with_items: "{{ tomcat_extra_packages }}"
24
25 #- name: clean up webapps directory
26 # command: /bin/rm -rf "{{ catalina_home }}/webapps/*"
27 # when: tomcat_install.changed
28
29 # Install jglobus-jsse and globus-ssl-proxies (this is only needed for limited proxies!)
30 #- name: install jglobus
31 # yum: name={{ item }} state=present
32 # with_items: "{{ tomcat_jglobus_packages }}"
33
34 #- name: find extra jar libraries for linking
35 # command: find "{{ tomcat_extra_libs }}" -maxdepth 1 -type f -name '*.jar' -exec basename {} \;
36 # register: extra_libs
37
38 #- name: make a link to the jglobus jars
39 # file:
40 # src: "{{ tomcat_extra_libs }}/{{ item }}"
41 # dest: "{{ catalina_home }}/lib/{{ item }}"
42 # owner: root
43 # group: root
44 # state: link
45 # with_items: "{{ extra_libs.stdout_lines }}"
46
47 # configurations
48
49 # close unused ports?
50
51 # set tomcatAuthentication="false" so REMOTE_USER will be taken over from apache
52 # and only listen on localhost
53
54 - name: check if tomcat authentication is disabled (ignore errors)
55 command: grep 'Connector.*port="8009".*address="127.0.0.1" tomcatAuthentication="false"' "{{ catalina_home }}/conf/server.xml"
56 ignore_errors: True
57 changed_when: False
58 register: tomcat_auth
59
60 - name: disable tomcat authnetication
61 lineinfile:
62 dest: "{{ catalina_home }}/conf/server.xml"
63 regexp: '^(.*)<Connector port="8009"(.*)$'
64 line: '\1<Connector port="8009" address="127.0.0.1" tomcatAuthentication="false"\2'
65 backrefs: yes
66 owner: "{{ tomcat_user }}"
67 group: "{{ tomcat_user }}"
68 mode: 0664
69 backup: yes
70 when: tomcat_auth.rc != 0
71 notify: restart tomcat
72
73 # only listen on localhost on 8080
74
75 - name: check if listening address is set to localhost
76 command: grep 'Connector.*port="8080".*address="127.0.0.1"' "{{ catalina_home }}/conf/server.xml"
77 ignore_errors: True
78 changed_when: False
79 register: tomcat_local_listen
80
81 - name: set listening address to localhost
82 lineinfile:
83 dest: "{{ catalina_home }}/conf/server.xml"
84 regexp: '^(.*)<Connector port="8080"(.*)$'
85 line: '\1<Connector port="8080" address="127.0.0.1" \2'
86 backrefs: yes
87 owner: "{{ tomcat_user }}"
88 group: "{{ tomcat_user }}"
89 mode: 0664
90 backup: yes
91 when: tomcat_local_listen.rc != 0
92 notify: restart tomcat
93
94 # add oa4mp configuration parameters
95
96 - name: add oa4mp config parameters to web.xml
97 blockinfile:
98 dest: "{{ catalina_home }}/conf/web.xml"
99 marker: "<!-- {mark} ANSIBLE MANAGED BLOCK -->"
100 insertbefore: "</web-app>"
101 owner: "{{ tomcat_user }}"
102 group: "{{ tomcat_user }}"
103 mode: 0664
104 block: |
105 <context-param>
106 <param-name>oa4mp:oauth2.server.config.file</param-name>
107 <param-value>{{ oa4mp_server_conf_file }}</param-value>
108 </context-param>
109 <context-param>
110 <param-name>oa4mp:oauth2.server.config.name</param-name>
111 <param-value>default</param-value>
112 </context-param>
113 notify: restart tomcat
114
115 # add javax.mail jar
116 # Note: we could use the RPM for javamail, but is ancient and only for CentOS7
117
118 - name: download javax.mail jar
119 get_url:
120 url: "{{ javax_mail_url }}"
121 dest: "{{ catalina_home }}/lib/javax.mail.jar"
122 - name: set permission on javax.mail
123 file:
124 path: "{{ catalina_home }}/lib/javax.mail.jar"
125 owner: root
126 group: root
127 mode: 0644
128
129 # add mail resource to context.xml
130
131 - name: add mail resource to context.xml
132 lineinfile:
133 dest: "{{ catalina_home }}/conf/context.xml"
134 state: present
135 line: "<Resource name=\"mail/Session\" type=\"javax.mail.Session\" auth=\"Container\"></Resource>"
136 insertbefore: "</Context>"
137 mode: 0664
138 owner: "{{ tomcat_user }}"
139 group: "{{ tomcat_user }}"
140 backup: yes
141 notify: restart tomcat
142
143 # configure the private X509_CERT_DIR as an environmental variable
144
145 - name: set private X509_CERT_DIR variable
146 lineinfile:
147 dest: "{{ catalina_home }}/conf/tomcat.conf"
148 state: present
149 line: "X509_CERT_DIR=\"{{ oa4mp_server_certificates_dir }}\""
150 mode: 0664
151 owner: "{{ tomcat_user }}"
152 group: "{{ tomcat_user }}"
153 backup: yes
154 notify: restart tomcat
155

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28