tomcat-ansible-role

This is an Ansible role for installing and configuring Apache Tomcat on CentOS/RHEL systems.

Requirements

Make sure you have the following:

• Supported Tomcat versions: 7.0, 8.0, 8.5, and 9.0 (version 9.0.1 or higher)
• CentOS/RHEL 7
• SELinux should be turned off

Installation

Run this command to install the role:

$ ansible-galaxy install zaxos.tomcat-ansible-role

Example Playbook

Here’s a simple playbook example:

- hosts: servers
  become: true
  vars:
    tomcat_version: 8.5.23
    tomcat_permissions_production: True
    tomcat_users:
      - username: "tomcat"
        password: "t3mpp@ssw0rd"
        roles: "tomcat,admin,manager,manager-gui"
      - username: "exampleuser"
        password: "us3rp@ssw0rd"
        roles: "tomcat"        
  roles:
    - role: zaxos.tomcat-ansible-role

Role Variables

Main Variable

• tomcat_version: Specify the Tomcat version you want to install.

Review These Variables

• tomcat_install_java: Set to True to install OpenJDK Java. Set to False if you don’t want it installed.
• tomcat_java_version: Java version to install (default is 1.8).
• tomcat_install_path: Directory for Tomcat installation (default is /opt).
• Memory settings for JVM:
  • tomcat_jvm_memory_percentage_xms: Minimum heap size percentage (default is 15%).
  • tomcat_jvm_memory_percentage_xmx: Maximum heap size percentage (default is 55%).
• Security Settings:
  • tomcat_allow_manager_access_only_from_localhost: Set to True for localhost-only access to the manager app for security.
  • tomcat_allow_host_manager_access_only_from_localhost: Set to True for localhost-only access to the host manager app for security.
• tomcat_users: A list of users you want to create in Tomcat.
• tomcat_debug_mode: Set to True to enable remote debugging.

File Permissions

• tomcat_permissions_production: Set to True for stricter security in production environments.
• tomcat_webapps_auto_deployment: Set to True to enable auto-deployment; for production use, it's safer to disable.
• tomcat_permissions_ensure_on_every_run: Set to True to ensure file permissions are checked on every playbook run.

Tomcat Ports

• tomcat_port_connector: 8080
• tomcat_port_shutdown: 8005
• tomcat_port_redirect: 8443
• tomcat_port_ajp: 8009
• tomcat_port_debug: 8000

Additional Defaults

A few other default settings you might not need to change:

• tomcat_service_name: tomcat
• tomcat_service_enabled_on_startup: True
• tomcat_java_home: /usr/lib/jvm/jre
• tomcat_downloadURL: https://archive.apache.org/dist
• tomcat_user: tomcat
• tomcat_group: tomcat
• tomcat_listen_address: 0.0.0.0
• tomcat_temp_download_path: /tmp/ansibletomcattempdir

Custom Templates

If you need custom configurations, use your templates by specifying:

• tomcat_template_server
• tomcat_template_users
• tomcat_template_systemd_service
• tomcat_template_manager_context
• tomcat_template_host_manager_context

Optional Variables

You can set specific user IDs and group IDs for consistency across servers:

• tomcat_user_uid: 500
• tomcat_group_gid: 500

Uninstallation

To uninstall Tomcat, set:

• tomcat_state: absent
• tomcat_uninstall_create_backup: True (creates a backup before deletion)
• tomcat_uninstall_remove_java: False (change to True to also remove Java)
• Control removal of user and group with:
  • tomcat_uninstall_remove_user: True
  • tomcat_uninstall_remove_group: True
• tomcat_uninstall_remove_all: False (set to True to remove everything)

For Offline Environments

If your remote host cannot access the internet, set:

• tomcat_remote_is_disconnected: True

This summary simplifies installation and configuration of Tomcat using Ansible, ensuring clarity in setup and management.