alanfranz/find_apache_tomcat7_latest.py

## find_apache_tomcat7_latest.py
#!/usr/bin/env python
# add as fact, drop this into /etc/facter/facts.d/
# requires python with lxml installed,(usually a python-lxml package is available in most distributions)
from lxml.etree import HTML
import re
import sys
import urllib

pattern = re.compile("^7\.0\.\d\d\d?$")

root = HTML(urllib.urlopen("http://tomcat.apache.org/download-70.cgi").read())

for e in root.iterdescendants():
	if isinstance(e.text, basestring) and pattern.match(e.text.strip()):
		print "tomcat7_latest_version={0}".format(e.text.strip())
		break

## server.xml
<!-- this should go inside <Server><Service><Engine> -->

<Host name="localhost"  appBase="/opt/tomcat7/webapps"
            unpackWARs="false" autoDeploy="true" workDir="/opt/tomcat7/work">

        <!-- SingleSignOn valve, share authentication between web applications
             Documentation at: /docs/config/valve.html -->
        <!--
        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
        -->

        <!-- Access log processes all example.
             Documentation at: /docs/config/valve.html
             Note: The pattern used is equivalent to using pattern="common" -->
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="/opt/tomcat7/logs"
               prefix="localhost_access_log." suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />

      </Host>

## tomcat7.conf
description "tomcat7"

  start on runlevel [2345]
  stop on runlevel [!2345]
  respawn
  respawn limit 10 5

  # run as non privileged user
  # add user with this command:
  ## adduser --system --ingroup www-data --home /opt/apache-tomcat apache-tomcat
  # Ubuntu 12.04: (use 'exec sudo -u apache-tomcat' when using 10.04)
  setuid tomcat
  setgid tomcat

  # adapt paths:
  env JAVA_HOME=/usr/lib/jvm/java-7-oracle
  env CATALINA_HOME=/opt/tomcat7/latest
  env CATALINA_TMPDIR=/opt/tomcat7/temp
  env HOME=/home/tomcat

  # adapt java options to suit your needs:
  env JAVA_OPTS="-Djava.awt.headless=true"
  env CATALINA_OPTS="-Xmx1536M -server"

  exec $CATALINA_HOME/bin/catalina.sh run

  # cleanup temp directory after stop
  post-stop script
    rm -rf /opt/tomcat7/temp/*
  end script

## tomcat7.pp
# this will install latest tomcat7 from apache website, and yet retain your
# config from /etc/tomcat7/conf
# tested with puppet 3.6

class tomcat7 {
	$tomcat_full_version = $tomcat7_latest_version

	exec { "/bin/tar xvf apache-tomcat-archive.tar.gz":
		creates =>"/opt/tomcat7/apache-tomcat7-${tomcat_full_version}",
		cwd => "/opt/tomcat7",
		refreshonly => true,
		alias => "tomcat7_unpack",
		require => File["/opt/tomcat"]
	}

	file { "/opt/tomcat":
		ensure => "directory",
		mode => 0755,
		owner => "root",
		group => "root"
	}


	file { "/opt/tomcat7/apache-tomcat-archive.tar.gz":
		ensure => "present",
		source => "/tmp/apache-tomcat-${tomcat_full_version}.tar.gz",
		require => Exec["tomcat7_download_latest"],
		notify => Exec["tomcat7_unpack"]
		}

	exec { "/usr/bin/wget --timestamping http://www.eu.apache.org/dist/tomcat/tomcat-7/v${tomcat_full_version}/bin/apache-tomcat-${tomcat_full_version}.tar.gz":
		alias => "tomcat7_download_latest",
		cwd => "/tmp"
	}

	exec { "/bin/ln -sf --no-target-directory apache-tomcat-${tomcat_full_version} latest":
		refreshonly => true,
		subscribe => Exec["tomcat7_unpack"],
		cwd => "/opt/tomcat7",
		alias => "tomcat7_symlink"
	}


	exec { "/bin/rm -rf conf.orig && /bin/mv -f conf conf.orig && /bin/ln -sf --no-target-directory /etc/tomcat7/conf conf":
		refreshonly => true,
		cwd => "/opt/tomcat7/latest",
		subscribe => Exec["tomcat7_symlink"],
		notify => Service["tomcat7"],
		alias => "tomcat7_config_move"
	}

	# first-time only executions. I might like to abstract some logic if I were a bit less lazy than I am.
	# in order to stay on the safe side, we never let the normal user to access our files; this may be relaxed,
	# depending on your context.

	# this contains our config. our servlet container should be able to read it, but never write it.
	exec { "/bin/mkdir -p /etc/tomcat7 && /bin/cp -r /opt/tomcat7/latest/conf.orig /etc/tomcat7/conf && /bin/chmod 0750 /etc/tomcat7/conf && /bin/chown root:tomcat /etc/tomcat7/conf ":
		creates => "/etc/tomcat7/conf",
		subscribe => Exec["tomcat7_config_move"]
	}

	# this will contain the actual code of our webapps. Again, the container must be able to read them,
	# never write to them.
	exec { "/bin/mkdir -p -m 0750 /opt/tomcat7/webapps && /bin/chown root:tomcat /opt/tomcat7/webapps":
		creates => "/etc/tomcat7/webapps",
	}

	# those are working directories where the container must be able to write.
	exec { "/bin/mkdir -p -m 0770 /opt/tomcat7/work && /bin/chown root:tomcat /opt/tomcat7/work":
		creates => "/etc/tomcat7/work",
	}

	exec { "/bin/mkdir -p -m 0770 /opt/tomcat7/temp && /bin/chown root:tomcat /opt/tomcat7/temp":
		creates => "/etc/tomcat7/temp",
	}

	exec { "/bin/mkdir -p -m 0770 /opt/tomcat7/logs && /bin/chown root:tomcat /opt/tomcat7/logs":
		creates => "/etc/tomcat7/logs",
	}


}
	#!/usr/bin/env python
	# add as fact, drop this into /etc/facter/facts.d/
	# requires python with lxml installed,(usually a python-lxml package is available in most distributions)
	from lxml.etree import HTML
	import re
	import sys
	import urllib

	pattern = re.compile("^7\.0\.\d\d\d?$")

	root = HTML(urllib.urlopen("http://tomcat.apache.org/download-70.cgi").read())

	for e in root.iterdescendants():
	if isinstance(e.text, basestring) and pattern.match(e.text.strip()):
	print "tomcat7_latest_version={0}".format(e.text.strip())
	break
	<!-- this should go inside <Server><Service><Engine> -->

	<Host name="localhost" appBase="/opt/tomcat7/webapps"
	unpackWARs="false" autoDeploy="true" workDir="/opt/tomcat7/work">

	<!-- SingleSignOn valve, share authentication between web applications
	Documentation at: /docs/config/valve.html -->
	<!--
	<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
	-->

	<!-- Access log processes all example.
	Documentation at: /docs/config/valve.html
	Note: The pattern used is equivalent to using pattern="common" -->
	<Valve className="org.apache.catalina.valves.AccessLogValve" directory="/opt/tomcat7/logs"
	prefix="localhost_access_log." suffix=".txt"
	pattern="%h %l %u %t "%r" %s %b" />

	</Host>
	description "tomcat7"

	start on runlevel [2345]
	stop on runlevel [!2345]
	respawn
	respawn limit 10 5

	# run as non privileged user
	# add user with this command:
	## adduser --system --ingroup www-data --home /opt/apache-tomcat apache-tomcat
	# Ubuntu 12.04: (use 'exec sudo -u apache-tomcat' when using 10.04)
	setuid tomcat
	setgid tomcat

	# adapt paths:
	env JAVA_HOME=/usr/lib/jvm/java-7-oracle
	env CATALINA_HOME=/opt/tomcat7/latest
	env CATALINA_TMPDIR=/opt/tomcat7/temp
	env HOME=/home/tomcat

	# adapt java options to suit your needs:
	env JAVA_OPTS="-Djava.awt.headless=true"
	env CATALINA_OPTS="-Xmx1536M -server"

	exec $CATALINA_HOME/bin/catalina.sh run

	# cleanup temp directory after stop
	post-stop script
	rm -rf /opt/tomcat7/temp/*
	end script
	# this will install latest tomcat7 from apache website, and yet retain your
	# config from /etc/tomcat7/conf
	# tested with puppet 3.6

	class tomcat7 {
	$tomcat_full_version = $tomcat7_latest_version

	exec { "/bin/tar xvf apache-tomcat-archive.tar.gz":
	creates =>"/opt/tomcat7/apache-tomcat7-${tomcat_full_version}",
	cwd => "/opt/tomcat7",
	refreshonly => true,
	alias => "tomcat7_unpack",
	require => File["/opt/tomcat"]
	}

	file { "/opt/tomcat":
	ensure => "directory",
	mode => 0755,
	owner => "root",
	group => "root"
	}


	file { "/opt/tomcat7/apache-tomcat-archive.tar.gz":
	ensure => "present",
	source => "/tmp/apache-tomcat-${tomcat_full_version}.tar.gz",
	require => Exec["tomcat7_download_latest"],
	notify => Exec["tomcat7_unpack"]
	}

	exec { "/usr/bin/wget --timestamping http://www.eu.apache.org/dist/tomcat/tomcat-7/v${tomcat_full_version}/bin/apache-tomcat-${tomcat_full_version}.tar.gz":
	alias => "tomcat7_download_latest",
	cwd => "/tmp"
	}

	exec { "/bin/ln -sf --no-target-directory apache-tomcat-${tomcat_full_version} latest":
	refreshonly => true,
	subscribe => Exec["tomcat7_unpack"],
	cwd => "/opt/tomcat7",
	alias => "tomcat7_symlink"
	}



	exec { "/bin/rm -rf conf.orig && /bin/mv -f conf conf.orig && /bin/ln -sf --no-target-directory /etc/tomcat7/conf conf":
	refreshonly => true,
	cwd => "/opt/tomcat7/latest",
	subscribe => Exec["tomcat7_symlink"],
	notify => Service["tomcat7"],
	alias => "tomcat7_config_move"
	}

	# first-time only executions. I might like to abstract some logic if I were a bit less lazy than I am.
	# in order to stay on the safe side, we never let the normal user to access our files; this may be relaxed,
	# depending on your context.

	# this contains our config. our servlet container should be able to read it, but never write it.
	exec { "/bin/mkdir -p /etc/tomcat7 && /bin/cp -r /opt/tomcat7/latest/conf.orig /etc/tomcat7/conf && /bin/chmod 0750 /etc/tomcat7/conf && /bin/chown root:tomcat /etc/tomcat7/conf ":
	creates => "/etc/tomcat7/conf",
	subscribe => Exec["tomcat7_config_move"]
	}

	# this will contain the actual code of our webapps. Again, the container must be able to read them,
	# never write to them.
	exec { "/bin/mkdir -p -m 0750 /opt/tomcat7/webapps && /bin/chown root:tomcat /opt/tomcat7/webapps":
	creates => "/etc/tomcat7/webapps",
	}

	# those are working directories where the container must be able to write.
	exec { "/bin/mkdir -p -m 0770 /opt/tomcat7/work && /bin/chown root:tomcat /opt/tomcat7/work":
	creates => "/etc/tomcat7/work",
	}

	exec { "/bin/mkdir -p -m 0770 /opt/tomcat7/temp && /bin/chown root:tomcat /opt/tomcat7/temp":
	creates => "/etc/tomcat7/temp",
	}

	exec { "/bin/mkdir -p -m 0770 /opt/tomcat7/logs && /bin/chown root:tomcat /opt/tomcat7/logs":
	creates => "/etc/tomcat7/logs",
	}


	}