sig-ansible / tomcat Goto Github PK
View Code? Open in Web Editor NEWTomcat Role
Tomcat Role
Running with the tomcat_conf
tag might fail if a timezone isn't provided because detect_timezone doesn't run. Add the always
tag to it's include_tasks
and to the the tasks in detect_timezone.yml
.
Remove -XX:+UseParallelGC
from this line in defaults/main.yml
:
tomcat_catalina_opts: "{{ tomcat_memory_args }} {{ '-Djava.security.egd=file:/dev/../dev/urandom' if tomcat_urandom else '' }} -server -XX:+UseParallelGC {{ tomcat_catalina_extra_opts | default('') }}"
Data source setup fails on Python3
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: TypeError: a bytes-like object is required, not 'str'
failed: [localhost] (item={'name': 'jdbc/bannerDataSource', 'attrs': {'auth': 'Container', 'type': 'javax.sql.DataSource', 'url': 'jdbc:oracle:thin:@db.school.edu:1521:PROD', 'username': 'banproxy', 'password': 'super_secret', 'driverClassName': 'oracle.jdbc.OracleDriver', 'initialSize': 25, 'maxIdle': 10, 'maxTotal': 400, 'maxWaitMillis': 30000, 'minIdle': 10, 'timeBetweenEvictionRunsMillis': 1800000, 'testOnBorrow': True, 'testWhileIdle': True, 'accessToUnderlyingConnectionAllowed': True, 'validationQuery': 'select * from dual', 'validationQueryTimeout': 300}}) => changed=false
ansible_loop_var: item
item:
attrs:
accessToUnderlyingConnectionAllowed: true
auth: Container
driverClassName: oracle.jdbc.OracleDriver
initialSize: 25
maxIdle: 10
maxTotal: 400
maxWaitMillis: 30000
minIdle: 10
password: super_secret
testOnBorrow: true
testWhileIdle: true
timeBetweenEvictionRunsMillis: 1800000
type: javax.sql.DataSource
url: jdbc:oracle:thin:@db.school.edu:1521:PROD
username: banproxy
validationQuery: select * from dual
validationQueryTimeout: 300
name: jdbc/bannerDataSource
module_stderr: |-
Traceback (most recent call last):
File "~banproxy/.ansible/tmp/ansible-tmp-1624454424.6911378-275-268111921290993/AnsiballZ_tomcat_resource.py", line 102, in <module>
_ansiballz_main()
File "~banproxy/.ansible/tmp/ansible-tmp-1624454424.6911378-275-268111921290993/AnsiballZ_tomcat_resource.py", line 94, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "~banproxy/.ansible/tmp/ansible-tmp-1624454424.6911378-275-268111921290993/AnsiballZ_tomcat_resource.py", line 40, in invoke_module
runpy.run_module(mod_name='ansible.modules.tomcat_resource', init_globals=None, run_name='__main__', alter_sys=True)
File "/usr/lib/python3.7/runpy.py", line 205, in run_module
return _run_module_code(code, init_globals, run_name, mod_spec)
File "/usr/lib/python3.7/runpy.py", line 96, in _run_module_code
mod_name, mod_spec, pkg_name, script_name)
File "/usr/lib/python3.7/runpy.py", line 85, in _run_code
exec(code, run_globals)
File "/tmp/ansible_tomcat_resource_payload_dz78szld/ansible_tomcat_resource_payload.zip/ansible/modules/tomcat_resource.py", line 131, in <module>
File "/tmp/ansible_tomcat_resource_payload_dz78szld/ansible_tomcat_resource_payload.zip/ansible/modules/tomcat_resource.py", line 76, in go
File "/usr/lib/python3.7/xml/dom/minidom.py", line 853, in writexml
writer.write(indent+"<" + self.tagName)
TypeError: a bytes-like object is required, not 'str'
module_stdout: ''
msg: |-
MODULE FAILURE
See stdout/stderr for the exact error
rc: 1
The current usage of the setting the CATALINA_PID variable is done via the tomcat/templates/setenv.sh:
CATALINA_PID="${CATALINA_HOME}/pid"; export CATALINA_PID
However during a recent deployment using release v0.11.4, I received the following error message during startup:
Using CATALINA_PID: /u01/app/esmadmin-9.0.84/pid
/u01/app/esmadmin/bin/catalina.sh: line 516: /u01/app/esmadmin-9.0.84/pid: Permission denied
Since the PID never gets created, executing the shutdown down produces this error:
./shutdown.sh && tail -f ../logs/catalina.out
Using CATALINA_BASE: /u01/app/esmadmin
Using CATALINA_HOME: /u01/app/esmadmin-9.0.84
Using CATALINA_TMPDIR: /u01/app/esmadmin/temp
Using JRE_HOME: /etc/alternatives/java_sdk_11
Using CLASSPATH: /u01/app/esmadmin-9.0.84/bin/bootstrap.jar:/u01/app/esmadmin/bin/tomcat-juli.jar
Using CATALINA_OPTS: -Djava.awt.headless=true -Djava.security.egd=file:/dev/../dev/urandom -Dfile.encoding=UTF-8 -server -Xms2560m -Xmx2560m -XX:NewSize=512m -XX:MaxNewSize=512m -XX:+DisableExplicitGC
Using CATALINA_PID: /u01/app/esmadmin-9.0.84/pid
$CATALINA_PID was set but the specified file does not exist. Is Tomcat running? Stop aborted.
This requires a kill command on the tomcat process.
Since files cannot be created on the CATALINA_HOME directory, there needs to be a provision for changing the value of the CATALINA_PID variable. Based on what I'm seeing in the template file, the variable seems to be hardcoded to be a certain value. This is fine if the tomcat instance is being run as root inside a container, however, in the case of ESM where it's run on an VM as the tomcat or esmadmin user, it's an issue.
Changing the location to the logs directory was more successful
CATALINA_PID="${CATALINA_HOME}/logs/pid"; export CATALINA_PID
./startup.sh && tail -f ../logs/catalina.out
Using CATALINA_BASE: /u01/app/esmadmin
Using CATALINA_HOME: /u01/app/esmadmin-9.0.84
Using CATALINA_TMPDIR: /u01/app/esmadmin/temp
Using JRE_HOME: /etc/alternatives/java_sdk_11
Using CLASSPATH: /u01/app/esmadmin-9.0.84/bin/bootstrap.jar:/u01/app/esmadmin/bin/tomcat-juli.jar
Using CATALINA_OPTS: -Djava.awt.headless=true -Djava.security.egd=file:/dev/../dev/urandom -Dfile.encoding=UTF-8 -server -Xms2560m -Xmx2560m -XX:NewSize=512m -XX:MaxNewSize=512m -XX:+DisableExplicitGC
Using CATALINA_PID: /u01/app/esmadmin-9.0.84/logs/pid
Tomcat started.
./shutdown.sh && tail -f ../logs/catalina.out
Using CATALINA_BASE: /u01/app/esmadmin
Using CATALINA_HOME: /u01/app/esmadmin-9.0.84
Using CATALINA_TMPDIR: /u01/app/esmadmin/temp
Using JRE_HOME: /etc/alternatives/java_sdk_11
Using CLASSPATH: /u01/app/esmadmin-9.0.84/bin/bootstrap.jar:/u01/app/esmadmin/bin/tomcat-juli.jar
Using CATALINA_OPTS: -Djava.awt.headless=true -Djava.security.egd=file:/dev/../dev/urandom -Dfile.encoding=UTF-8 -server -Xms2560m -Xmx2560m -XX:NewSize=512m -XX:MaxNewSize=512m -XX:+DisableExplicitGC
Using CATALINA_PID: /u01/app/esmadmin-9.0.84/logs/pid
NOTE: Picked up JDK_JAVA_OPTIONS:....
While containerizing the BannerAdmin pages, the ability to display images was lost due to the missing docBase statement in the server.xml similar to this:
<Context docBase="/mnt/ban_appdata_test/photos" path="/banneridimages" reloadable="true" allowLinking="true" />
Provide the option to add this if needed, unless there is a better way to do this.
We currently only support for self-signed certificates. Add the ability to provide a certificate and key via Ansible Vault variable.
The library scripts include a shebang for "python" which is sometimes not available (where python3 is). It turns out removing those lines avoids the error.
Receiving a warning when updating a password via the tomcat_users_xml.yml:
TASK [sig-ansible.tomcat : Add Tomcat users] ***********************************
changed: [localhost] => (item={'name': 'cashconnector', 'password': '', 'roles': 'cashnetinterface', 'append': True})
[WARNING]: Module did not set no_log for update_password
[WARNING]: Module did not set no_log for obfuscate_password
Possible update would be to add the no_log option to the tomcat_user creation:
- name: Add Tomcat users
tomcat_user:
catalina_home: "{{ tomcat_root }}"
name: "{{ item.name }}"
password: "{{ item.password }}"
roles: "{{ item.roles }}"
append: "{{ item.append }}"
no_log: true
with_items: "{{ tomcat_users }}"
tags: tomcat_conf
Currently the role does not offer an option to use a staged zip. This may be necessary at sites without outbound internet.
When Tomcat makes a new official release, it should be immediately available in this role. Create a job to:
The timedatectl utility doesn't exist in the Docker tomcat image and appears to only be installed with systemd which seems to carry a lot of overhead. A possible low cost option would be to use the /usr/share/zoneinfo to relink the localtime. It would look something like this:
ln -sf /usr/share/zoneinfo/US/Central /etc/localtime
or
ln -sf /usr/share/zoneinfo/America/Chicago /etc/localtime
Since most of our tomcat servers are behind a load balancer, it would be immensely helpful if the role supported the http.proxy settings in the Connector tag
If the user provides an unrecognized version fail early with a sensible error message.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.