alanfranz · August 29, 2015 14:06
diff --git a/find_apache_tomcat7_latest.py b/find_apache_tomcat7_latest.py
 #!/usr/bin/env python
 # add as fact, drop this into /etc/facter/facts.d/
 # requires python with lxml installed,(usually a python-lxml package is available in most distributions)
 from lxml.etree import HTML 
 import re
 import sys
 import urllib

 pattern = re.compile("^7\.0\.\d\d\d?$")

 root = HTML(urllib.urlopen("http://tomcat.apache.org/download-70.cgi").read())

 for e in root.iterdescendants():
 	if isinstance(e.text, basestring) and pattern.match(e.text.strip()):
 		print "tomcat7_latest_version={0}".format(e.text.strip())
 		break
diff --git a/server.xml b/server.xml
 <!-- this should go inside <Server><Service><Engine> -->

 <Host name="localhost"  appBase="/opt/tomcat7/webapps"
            unpackWARs="false" autoDeploy="true" workDir="/opt/tomcat7/work">

        <!-- SingleSignOn valve, share authentication between web applications
             Documentation at: /docs/config/valve.html -->
        <!--
        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
        -->

        <!-- Access log processes all example.
             Documentation at: /docs/config/valve.html
             Note: The pattern used is equivalent to using pattern="common" -->
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="/opt/tomcat7/logs"
               prefix="localhost_access_log." suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />

      </Host>
diff --git a/tomcat7.conf b/tomcat7.conf
 description "tomcat7"
 
  start on runlevel [2345]
  stop on runlevel [!2345]
  respawn
  respawn limit 10 5
 
  # run as non privileged user 
  # add user with this command:
  ## adduser --system --ingroup www-data --home /opt/apache-tomcat apache-tomcat
  # Ubuntu 12.04: (use 'exec sudo -u apache-tomcat' when using 10.04)
  setuid tomcat
  setgid tomcat
 
  # adapt paths:
  env JAVA_HOME=/usr/lib/jvm/java-7-oracle
  env CATALINA_HOME=/opt/tomcat7/latest
  env CATALINA_TMPDIR=/opt/tomcat7/temp
  env HOME=/home/tomcat
 
  # adapt java options to suit your needs:
  env JAVA_OPTS="-Djava.awt.headless=true"
  env CATALINA_OPTS="-Xmx1536M -server"
 
  exec $CATALINA_HOME/bin/catalina.sh run
 
  # cleanup temp directory after stop
  post-stop script 
    rm -rf /opt/tomcat7/temp/*
  end script
diff --git a/tomcat7.pp b/tomcat7.pp
 # this will install latest tomcat7 from apache website, and yet retain your
 # config from /etc/tomcat7/conf
 # tested with puppet 3.6

 class tomcat7 {
 	$tomcat_full_version = $tomcat7_latest_version

 	exec { "/bin/tar xvf apache-tomcat-archive.tar.gz":
 		creates =>"/opt/tomcat7/apache-tomcat7-${tomcat_full_version}",
 		cwd => "/opt/tomcat7",
 		refreshonly => true,
 		alias => "tomcat7_unpack",
 		require => File["/opt/tomcat"]
 	}

 	file { "/opt/tomcat":
 		ensure => "directory",
 		mode => 0755,
 		owner => "root",
 		group => "root"
 	}
 		

 	file { "/opt/tomcat7/apache-tomcat-archive.tar.gz":
 		ensure => "present",
 		source => "/tmp/apache-tomcat-${tomcat_full_version}.tar.gz",
 		require => Exec["tomcat7_download_latest"],
 		notify => Exec["tomcat7_unpack"]
 		}

 	exec { "/usr/bin/wget --timestamping http://www.eu.apache.org/dist/tomcat/tomcat-7/v${tomcat_full_version}/bin/apache-tomcat-${tomcat_full_version}.tar.gz":
 		alias => "tomcat7_download_latest",
 		cwd => "/tmp"
 	}

 	exec { "/bin/ln -sf --no-target-directory apache-tomcat-${tomcat_full_version} latest":
 		refreshonly => true,
 		subscribe => Exec["tomcat7_unpack"],
 		cwd => "/opt/tomcat7",
 		alias => "tomcat7_symlink"
 	}



 	exec { "/bin/rm -rf conf.orig && /bin/mv -f conf conf.orig && /bin/ln -sf --no-target-directory /etc/tomcat7/conf conf":
 		refreshonly => true,
 		cwd => "/opt/tomcat7/latest",
 		subscribe => Exec["tomcat7_symlink"],
 		notify => Service["tomcat7"],
 		alias => "tomcat7_config_move"
 	}

 	# first-time only executions. I might like to abstract some logic if I were a bit less lazy than I am.
 	# in order to stay on the safe side, we never let the normal user to access our files; this may be relaxed,
 	# depending on your context.

 	# this contains our config. our servlet container should be able to read it, but never write it.
 	exec { "/bin/mkdir -p /etc/tomcat7 && /bin/cp -r /opt/tomcat7/latest/conf.orig /etc/tomcat7/conf && /bin/chmod 0750 /etc/tomcat7/conf && /bin/chown root:tomcat /etc/tomcat7/conf ":
 		creates => "/etc/tomcat7/conf",
 		subscribe => Exec["tomcat7_config_move"]
 	}
 	
 	# this will contain the actual code of our webapps. Again, the container must be able to read them, 
 	# never write to them.
 	exec { "/bin/mkdir -p -m 0750 /opt/tomcat7/webapps && /bin/chown root:tomcat /opt/tomcat7/webapps":
 		creates => "/etc/tomcat7/webapps",
 	}

 	# those are working directories where the container must be able to write.
 	exec { "/bin/mkdir -p -m 0770 /opt/tomcat7/work && /bin/chown root:tomcat /opt/tomcat7/work":
 		creates => "/etc/tomcat7/work",
 	}

 	exec { "/bin/mkdir -p -m 0770 /opt/tomcat7/temp && /bin/chown root:tomcat /opt/tomcat7/temp":
 		creates => "/etc/tomcat7/temp",
 	}

 	exec { "/bin/mkdir -p -m 0770 /opt/tomcat7/logs && /bin/chown root:tomcat /opt/tomcat7/logs":
 		creates => "/etc/tomcat7/logs",
 	}


 }
	#!/usr/bin/env python
	# add as fact, drop this into /etc/facter/facts.d/
	# requires python with lxml installed,(usually a python-lxml package is available in most distributions)
	from lxml.etree import HTML
	import re
	import sys
	import urllib

	pattern = re.compile("^7\.0\.\d\d\d?$")

	root = HTML(urllib.urlopen("http://tomcat.apache.org/download-70.cgi").read())

	for e in root.iterdescendants():
	if isinstance(e.text, basestring) and pattern.match(e.text.strip()):
	print "tomcat7_latest_version={0}".format(e.text.strip())
	break
	<!-- this should go inside <Server><Service><Engine> -->

	<Host name="localhost" appBase="/opt/tomcat7/webapps"
	unpackWARs="false" autoDeploy="true" workDir="/opt/tomcat7/work">

	<!-- SingleSignOn valve, share authentication between web applications
	Documentation at: /docs/config/valve.html -->
	<!--
	<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
	-->

	<!-- Access log processes all example.
	Documentation at: /docs/config/valve.html
	Note: The pattern used is equivalent to using pattern="common" -->
	<Valve className="org.apache.catalina.valves.AccessLogValve" directory="/opt/tomcat7/logs"
	prefix="localhost_access_log." suffix=".txt"
	pattern="%h %l %u %t "%r" %s %b" />

	</Host>
	description "tomcat7"

	start on runlevel [2345]
	stop on runlevel [!2345]
	respawn
	respawn limit 10 5

	# run as non privileged user
	# add user with this command:
	## adduser --system --ingroup www-data --home /opt/apache-tomcat apache-tomcat
	# Ubuntu 12.04: (use 'exec sudo -u apache-tomcat' when using 10.04)
	setuid tomcat
	setgid tomcat

	# adapt paths:
	env JAVA_HOME=/usr/lib/jvm/java-7-oracle
	env CATALINA_HOME=/opt/tomcat7/latest
	env CATALINA_TMPDIR=/opt/tomcat7/temp
	env HOME=/home/tomcat

	# adapt java options to suit your needs:
	env JAVA_OPTS="-Djava.awt.headless=true"
	env CATALINA_OPTS="-Xmx1536M -server"

	exec $CATALINA_HOME/bin/catalina.sh run

	# cleanup temp directory after stop
	post-stop script
	rm -rf /opt/tomcat7/temp/*
	end script
	# this will install latest tomcat7 from apache website, and yet retain your
	# config from /etc/tomcat7/conf
	# tested with puppet 3.6

	class tomcat7 {
	$tomcat_full_version = $tomcat7_latest_version

	exec { "/bin/tar xvf apache-tomcat-archive.tar.gz":
	creates =>"/opt/tomcat7/apache-tomcat7-${tomcat_full_version}",
	cwd => "/opt/tomcat7",
	refreshonly => true,
	alias => "tomcat7_unpack",
	require => File["/opt/tomcat"]
	}

	file { "/opt/tomcat":
	ensure => "directory",
	mode => 0755,
	owner => "root",
	group => "root"
	}


	file { "/opt/tomcat7/apache-tomcat-archive.tar.gz":
	ensure => "present",
	source => "/tmp/apache-tomcat-${tomcat_full_version}.tar.gz",
	require => Exec["tomcat7_download_latest"],
	notify => Exec["tomcat7_unpack"]
	}

	exec { "/usr/bin/wget --timestamping http://www.eu.apache.org/dist/tomcat/tomcat-7/v${tomcat_full_version}/bin/apache-tomcat-${tomcat_full_version}.tar.gz":
	alias => "tomcat7_download_latest",
	cwd => "/tmp"
	}

	exec { "/bin/ln -sf --no-target-directory apache-tomcat-${tomcat_full_version} latest":
	refreshonly => true,
	subscribe => Exec["tomcat7_unpack"],
	cwd => "/opt/tomcat7",
	alias => "tomcat7_symlink"
	}



	exec { "/bin/rm -rf conf.orig && /bin/mv -f conf conf.orig && /bin/ln -sf --no-target-directory /etc/tomcat7/conf conf":
	refreshonly => true,
	cwd => "/opt/tomcat7/latest",
	subscribe => Exec["tomcat7_symlink"],
	notify => Service["tomcat7"],
	alias => "tomcat7_config_move"
	}

	# first-time only executions. I might like to abstract some logic if I were a bit less lazy than I am.
	# in order to stay on the safe side, we never let the normal user to access our files; this may be relaxed,
	# depending on your context.

	# this contains our config. our servlet container should be able to read it, but never write it.
	exec { "/bin/mkdir -p /etc/tomcat7 && /bin/cp -r /opt/tomcat7/latest/conf.orig /etc/tomcat7/conf && /bin/chmod 0750 /etc/tomcat7/conf && /bin/chown root:tomcat /etc/tomcat7/conf ":
	creates => "/etc/tomcat7/conf",
	subscribe => Exec["tomcat7_config_move"]
	}

	# this will contain the actual code of our webapps. Again, the container must be able to read them,
	# never write to them.
	exec { "/bin/mkdir -p -m 0750 /opt/tomcat7/webapps && /bin/chown root:tomcat /opt/tomcat7/webapps":
	creates => "/etc/tomcat7/webapps",
	}

	# those are working directories where the container must be able to write.
	exec { "/bin/mkdir -p -m 0770 /opt/tomcat7/work && /bin/chown root:tomcat /opt/tomcat7/work":
	creates => "/etc/tomcat7/work",
	}

	exec { "/bin/mkdir -p -m 0770 /opt/tomcat7/temp && /bin/chown root:tomcat /opt/tomcat7/temp":
	creates => "/etc/tomcat7/temp",
	}

	exec { "/bin/mkdir -p -m 0770 /opt/tomcat7/logs && /bin/chown root:tomcat /opt/tomcat7/logs":
	creates => "/etc/tomcat7/logs",
	}


	}