Enterprise level automation deployment scheme -- ansible to realize tomcat automatic installation and configuration

More than 10 hours in total

Train of thought

overall design

Ansible playbook directory structure

[root@ansible ~]# tree /etc/ansible/roles/tomcat
├── files
│   ├── catalina.sh
│   ├── context.xml
│   └── setenv.sh
├── handlers
│   └── main.yaml
├── tasks
│   ├── install_jdk.yaml
│   ├── install_tomcat.yaml
│   └── main.yaml
├── templates
│   ├── catalina.sh
│   ├── server.xml
│   ├── tomcat.service
│   └── tomcat-users.xml
└── vars
    └── main.yaml

Entrance file

[root@ansible ~]# ll /etc/ansible/work_dir/tomcat.yaml
-rw-r--r-- 1 root root 55 Mar 29 19:58 /etc/ansible/work_dir/tomcat.yaml

Execution and results

[root@ansible work_dir]# pwd
[root@ansible work_dir]# ansible-playbook tomcat.yaml

Record of implementation process problems

Tomcat application is started by root user. There is a serious problem when root user starts tomcat, that is, Tomcat has root permission, which means that any page script (html/js) of you has root permission, so you can easily use page script to modify files in the whole hard disk, which is very dangerous.

[root@cilent apache-tomcat-8.5.53]# ll tomcat.pid
-rw-r----- 1 root root 6 Mar 30 13:47 tomcat.pid

Try to solve


[root@cilent ~]# grep "&& TOMCAT_USER" /usr/local/apache-tomcat-8.5.53/bin/daemon.sh
test ".$TOMCAT_USER" = . && TOMCAT_USER=tomcat

Most of the articles searched are solved in this way, but they are not applicable on CentOS7+Tomcat8

2. Rewrite the startup.sh and shutdown.sh scripts
Idea: switch to Tomcat user execution when starting and closing Tomcat application
The error is reported as follows:

[tomcat@cilent ~]# systemctl restart nginx
==== AUTHENTICATING FOR org.freedesktop.systemdl.manage-units ===
Authentication is required to manage system services or units.
Authenticating as: root

3. Successful solution
tomcat was installed in yum, with the standard startup mode of the system. Looking at its configuration file, we found a solution. tomcat has been struggling for more than 10 hours
Just add a User=tomcat in tomcat.service

[root@cilent apache-tomcat-8.5.53]# ll tomcat.pid
-rw-r----- 1 tomcat tomcat 6 Mar 30 17:38 tomcat.pid

Record of other problems

1. Deploy tomcat under Linux, start and stop using startup.sh and shutdown.sh respectively, which will call catalina.sh and then setenv.sh
2. Configure management user conf/tomcat-users.xml

<role rolename="manager-gui"/>
<user username="tomcat" password="123456" roles="manager-gui" />

3. Access Manager App 403 Access Denied
The search articles only mention the above statement in Tomcat users.xml, which can't be solved
Find a solution through the official document on page 403

By default the Host Manager is only accessible from a browser running on the same machine as Tomcat. If you wish to modify this restriction, you'll need to edit the Manager App's context.xml file

#cat webapps/manager/META-INF/context.xml
<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />

The function of this code is to restrict IP access. 127. D +. D + | 1| 0:0:0:0:0:0:0:0:0:1 is a regular expression that represents the local loopback address of IPv4 and IPv6, so other hosts cannot access it

Change to allow = "^. * $" or allow = "127 \. \ D + \. \ D + \. \ D + \:: 1| 0:0:0:0:0:0:0:1| \ D + \. \ D + \. \ D + \. \ D + \. \ D + \. \ D + \."

Train of thought II (failure)

Since tomcat is installed in yum, JAVA variables need to be configured, and there is a system standard startup mode, so do you want to be able to follow its configuration file for ansible automatic installation and configuration

JAVA variable is configured, configuration file / etc/tomcat and directory / usr/libexec/tomcat are copied (configured according to actual situation)
The error is reported as follows:
Guess the configuration file is missing

Keep exploring when you have time

Tags: Linux Tomcat ansible xml Apache

Posted on Mon, 30 Mar 2020 06:52:03 -0400 by daphreeek