Skip to content

Instantly share code, notes, and snippets.

@alanfranz
Last active August 29, 2015 14:06
Show Gist options
  • Save alanfranz/691579b4c68becd5b88c to your computer and use it in GitHub Desktop.
Save alanfranz/691579b4c68becd5b88c to your computer and use it in GitHub Desktop.
Apache Tomcat 7 latest version with puppet.
#!/usr/bin/env python
# add as fact, drop this into /etc/facter/facts.d/
# requires python with lxml installed,(usually a python-lxml package is available in most distributions)
from lxml.etree import HTML
import re
import sys
import urllib
pattern = re.compile("^7\.0\.\d\d\d?$")
root = HTML(urllib.urlopen("http://tomcat.apache.org/download-70.cgi").read())
for e in root.iterdescendants():
if isinstance(e.text, basestring) and pattern.match(e.text.strip()):
print "tomcat7_latest_version={0}".format(e.text.strip())
break
<!-- this should go inside <Server><Service><Engine> -->
<Host name="localhost" appBase="/opt/tomcat7/webapps"
unpackWARs="false" autoDeploy="true" workDir="/opt/tomcat7/work">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="/opt/tomcat7/logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t &quot;%r&quot; %s %b" />
</Host>
description "tomcat7"
start on runlevel [2345]
stop on runlevel [!2345]
respawn
respawn limit 10 5
# run as non privileged user
# add user with this command:
## adduser --system --ingroup www-data --home /opt/apache-tomcat apache-tomcat
# Ubuntu 12.04: (use 'exec sudo -u apache-tomcat' when using 10.04)
setuid tomcat
setgid tomcat
# adapt paths:
env JAVA_HOME=/usr/lib/jvm/java-7-oracle
env CATALINA_HOME=/opt/tomcat7/latest
env CATALINA_TMPDIR=/opt/tomcat7/temp
env HOME=/home/tomcat
# adapt java options to suit your needs:
env JAVA_OPTS="-Djava.awt.headless=true"
env CATALINA_OPTS="-Xmx1536M -server"
exec $CATALINA_HOME/bin/catalina.sh run
# cleanup temp directory after stop
post-stop script
rm -rf /opt/tomcat7/temp/*
end script
# this will install latest tomcat7 from apache website, and yet retain your
# config from /etc/tomcat7/conf
# tested with puppet 3.6
class tomcat7 {
$tomcat_full_version = $tomcat7_latest_version
exec { "/bin/tar xvf apache-tomcat-archive.tar.gz":
creates =>"/opt/tomcat7/apache-tomcat7-${tomcat_full_version}",
cwd => "/opt/tomcat7",
refreshonly => true,
alias => "tomcat7_unpack",
require => File["/opt/tomcat"]
}
file { "/opt/tomcat":
ensure => "directory",
mode => 0755,
owner => "root",
group => "root"
}
file { "/opt/tomcat7/apache-tomcat-archive.tar.gz":
ensure => "present",
source => "/tmp/apache-tomcat-${tomcat_full_version}.tar.gz",
require => Exec["tomcat7_download_latest"],
notify => Exec["tomcat7_unpack"]
}
exec { "/usr/bin/wget --timestamping http://www.eu.apache.org/dist/tomcat/tomcat-7/v${tomcat_full_version}/bin/apache-tomcat-${tomcat_full_version}.tar.gz":
alias => "tomcat7_download_latest",
cwd => "/tmp"
}
exec { "/bin/ln -sf --no-target-directory apache-tomcat-${tomcat_full_version} latest":
refreshonly => true,
subscribe => Exec["tomcat7_unpack"],
cwd => "/opt/tomcat7",
alias => "tomcat7_symlink"
}
exec { "/bin/rm -rf conf.orig && /bin/mv -f conf conf.orig && /bin/ln -sf --no-target-directory /etc/tomcat7/conf conf":
refreshonly => true,
cwd => "/opt/tomcat7/latest",
subscribe => Exec["tomcat7_symlink"],
notify => Service["tomcat7"],
alias => "tomcat7_config_move"
}
# first-time only executions. I might like to abstract some logic if I were a bit less lazy than I am.
# in order to stay on the safe side, we never let the normal user to access our files; this may be relaxed,
# depending on your context.
# this contains our config. our servlet container should be able to read it, but never write it.
exec { "/bin/mkdir -p /etc/tomcat7 && /bin/cp -r /opt/tomcat7/latest/conf.orig /etc/tomcat7/conf && /bin/chmod 0750 /etc/tomcat7/conf && /bin/chown root:tomcat /etc/tomcat7/conf ":
creates => "/etc/tomcat7/conf",
subscribe => Exec["tomcat7_config_move"]
}
# this will contain the actual code of our webapps. Again, the container must be able to read them,
# never write to them.
exec { "/bin/mkdir -p -m 0750 /opt/tomcat7/webapps && /bin/chown root:tomcat /opt/tomcat7/webapps":
creates => "/etc/tomcat7/webapps",
}
# those are working directories where the container must be able to write.
exec { "/bin/mkdir -p -m 0770 /opt/tomcat7/work && /bin/chown root:tomcat /opt/tomcat7/work":
creates => "/etc/tomcat7/work",
}
exec { "/bin/mkdir -p -m 0770 /opt/tomcat7/temp && /bin/chown root:tomcat /opt/tomcat7/temp":
creates => "/etc/tomcat7/temp",
}
exec { "/bin/mkdir -p -m 0770 /opt/tomcat7/logs && /bin/chown root:tomcat /opt/tomcat7/logs":
creates => "/etc/tomcat7/logs",
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment