tomcat-ansible-role

This is an Ansible role for installing and setting up Apache Tomcat on CentOS or RHEL systems.

Requirements

• Supported Tomcat versions:
  • 7.0
  • 8.0
  • 8.5
  • 9.0 (9.0.1 or later)
• CentOS/RHEL version 7 or 8
• SELinux must be turned off

Installation

To install this role, use the following command:

$ ansible-galaxy install zaxos.tomcat-ansible-role

Example Playbook

Here is an example of how to use this role in an Ansible playbook:

- hosts: servers
  become: true
  vars:
    tomcat_version: 8.5.23
    tomcat_permissions_production: True
    tomcat_users:
      - username: "tomcat"
        password: "t3mpp@ssw0rd"
        roles: "tomcat,admin,manager,manager-gui"
      - username: "exampleuser"
        password: "us3rp@ssw0rd"
        roles: "tomcat"        
  roles:
    - role: zaxos.tomcat-ansible-role

Role Variables

Main Variable

• tomcat_version: Specifies the Tomcat version to install.

Other Important Variables

• tomcat_install_java: Set to True to install OpenJDK Java. Set to False if you don’t want it.
• tomcat_java_version: The version of OpenJDK Java to install (default is 1.8).
• tomcat_install_path: Directory where Tomcat will be installed (default is /opt).
• Memory management for JVM:
  • tomcat_jvm_memory_percentage_xms: Minimum heap size as a percentage (default is 15%).
  • tomcat_jvm_memory_percentage_xmx: Maximum heap size as a percentage (default is 55%).
• Security settings:
  • tomcat_allow_manager_access_only_from_localhost: If set to True, only allows access from localhost.
  • tomcat_users: A list of users to create. See example for format.
• tomcat_debug_mode: Set to True to allow remote debugging.

File Permissions

• tomcat_permissions_production: Set to True for stricter security (default is False).
• tomcat_webapps_auto_deployment: Set to True for automatic deployment (default is True).
• tomcat_permissions_ensure_on_every_run: If True, ensures file permissions are correct each run.

Tomcat Ports

• tomcat_port_connector: 8080 (default port).
• tomcat_port_shutdown: 8005.
• Other ports include: 8443 (redirect), 8009 (AJP), 8000 (debug).

AJP Configuration

• tomcat_ajp_enabled: Set to True to enable AJP connector.
• tomcat_ajp_secret: Must be a secure value (default is "my-@jp-s3cr3t").
• tomcat_ajp_secret_required: Set to False if you don’t require a secret.

Defaults

• Some default settings include:
  • tomcat_service_name: tomcat
  • tomcat_service_enabled_on_startup: True
  • tomcat_java_home: /usr/lib/jvm/jre

Custom Templates

If default configurations don’t meet your needs, you can use custom templates by adjusting these variables:

• tomcat_template_server
• tomcat_template_users
• tomcat_template_systemd_service
• Other template variables available as needed.

Uninstallation Options

• tomcat_state: Set to absent to uninstall Tomcat.
• tomcat_uninstall_create_backup: Set to True to create a backup before uninstalling.
• tomcat_uninstall_remove_java: Set to True to remove Java upon Tomcat uninstallation.

Offline Mode

• tomcat_remote_is_disconnected: Set to True if the remote host cannot access the internet.

This role provides flexibility for managing Apache Tomcat installations, ensuring that you can customize settings to suit your environment while maintaining security.