From 971f16d4262066574875ec6096b7e8550ef9607d Mon Sep 17 00:00:00 2001
From: IDEZ Ugo <ugo.idez@gmail.com>
Date: Tue, 14 Dec 2021 09:44:34 +0100
Subject: [PATCH] TomCat Playbook

---
 tomcat/config                                 |   3 +
 tomcat/ppebase/context.xml                    |  19 ++++
 tomcat/ppebase/exans.yml                      |   4 +
 tomcat/ppebase/hosts                          |   1 +
 tomcat/ppebase/invent.txt                     |   1 +
 tomcat/ppebase/roles/bdd/tasks/mariadb.yml    |  39 +++++++
 .../roles/bdddump/tasks/createdump.yml        |   8 ++
 tomcat/ppebase/roles/tomcat/defaults/main.yml |   2 +
 tomcat/ppebase/roles/tomcat/handlers/main.yml |   4 +
 tomcat/ppebase/roles/tomcat/tasks/main.yml    |  69 ++++++++++++
 .../ppebase/roles/tomcat/tasks/main.yml.sv1   | 100 ++++++++++++++++++
 .../ppebase/roles/tomcat/tasks/main.yml.sv2   |  68 ++++++++++++
 .../roles/tomcat/templates/context.xml.j2     |  19 ++++
 .../tomcat/templates/tomcat-users.xml.j2      |  44 ++++++++
 .../roles/tomcat/templates/tomcat.service.j2  |  22 ++++
 tomcat/ppebase/roles/tomcat/vars/main.yml     |   2 +
 tomcat/ppebase/tomcat-setup.yml               |  13 +++
 tomcat/ppebase/tomcat-users.xml               |  44 ++++++++
 18 files changed, 462 insertions(+)
 create mode 100644 tomcat/config
 create mode 100644 tomcat/ppebase/context.xml
 create mode 100644 tomcat/ppebase/exans.yml
 create mode 100644 tomcat/ppebase/hosts
 create mode 100644 tomcat/ppebase/invent.txt
 create mode 100755 tomcat/ppebase/roles/bdd/tasks/mariadb.yml
 create mode 100644 tomcat/ppebase/roles/bdddump/tasks/createdump.yml
 create mode 100644 tomcat/ppebase/roles/tomcat/defaults/main.yml
 create mode 100644 tomcat/ppebase/roles/tomcat/handlers/main.yml
 create mode 100644 tomcat/ppebase/roles/tomcat/tasks/main.yml
 create mode 100644 tomcat/ppebase/roles/tomcat/tasks/main.yml.sv1
 create mode 100644 tomcat/ppebase/roles/tomcat/tasks/main.yml.sv2
 create mode 100644 tomcat/ppebase/roles/tomcat/templates/context.xml.j2
 create mode 100644 tomcat/ppebase/roles/tomcat/templates/tomcat-users.xml.j2
 create mode 100644 tomcat/ppebase/roles/tomcat/templates/tomcat.service.j2
 create mode 100644 tomcat/ppebase/roles/tomcat/vars/main.yml
 create mode 100644 tomcat/ppebase/tomcat-setup.yml
 create mode 100644 tomcat/ppebase/tomcat-users.xml

diff --git a/tomcat/config b/tomcat/config
new file mode 100644
index 0000000..d43614d
--- /dev/null
+++ b/tomcat/config
@@ -0,0 +1,3 @@
+host localhost
+        user root
+	hostname 127.0.0.1
diff --git a/tomcat/ppebase/context.xml b/tomcat/ppebase/context.xml
new file mode 100644
index 0000000..9265673
--- /dev/null
+++ b/tomcat/ppebase/context.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<Context antiResourceLocking="false" privileged="true" >
+</Context>
diff --git a/tomcat/ppebase/exans.yml b/tomcat/ppebase/exans.yml
new file mode 100644
index 0000000..9f2fb25
--- /dev/null
+++ b/tomcat/ppebase/exans.yml
@@ -0,0 +1,4 @@
+---
+- hosts: all
+  roles:
+  - bdd
diff --git a/tomcat/ppebase/hosts b/tomcat/ppebase/hosts
new file mode 100644
index 0000000..9672f3b
--- /dev/null
+++ b/tomcat/ppebase/hosts
@@ -0,0 +1 @@
+[localhost]
diff --git a/tomcat/ppebase/invent.txt b/tomcat/ppebase/invent.txt
new file mode 100644
index 0000000..2fbb50c
--- /dev/null
+++ b/tomcat/ppebase/invent.txt
@@ -0,0 +1 @@
+localhost
diff --git a/tomcat/ppebase/roles/bdd/tasks/mariadb.yml b/tomcat/ppebase/roles/bdd/tasks/mariadb.yml
new file mode 100755
index 0000000..277df1d
--- /dev/null
+++ b/tomcat/ppebase/roles/bdd/tasks/mariadb.yml
@@ -0,0 +1,39 @@
+  - name: update
+    apt:
+      update_cache: yes
+      ignore_errors: yes
+
+  - name: installer MariaDB Serveur
+    apt: 
+      name: mariadb-server 
+      state: latest
+
+  - name: installer mariadbclient
+    apt:
+      name: mariadb-client
+      state: latest
+
+  - name: installer python
+    apt:
+      name: python
+      state: latest
+
+  - name: demarrer mysql
+    service:
+      name: mysqld
+      state: started
+      enabled: yes
+
+  - name: creer la bdd
+    community.mysql.mysql_db:
+      name:
+        - sdis29
+      state: present
+
+  - name: creer l'utilisateur
+    mysql_user:
+      name: slam
+      password: Azerty1+
+      priv: *.*:ALL
+      host: 127.0.0.1
+      become: yes
diff --git a/tomcat/ppebase/roles/bdddump/tasks/createdump.yml b/tomcat/ppebase/roles/bdddump/tasks/createdump.yml
new file mode 100644
index 0000000..487fa90
--- /dev/null
+++ b/tomcat/ppebase/roles/bdddump/tasks/createdump.yml
@@ -0,0 +1,8 @@
+- name: creer une sauvegarde
+  mysql_db:
+    name: sdis29
+    state: dump
+    target: /tmp/sdis29.sql
+    login_host: localhost
+    login_user: slam
+    login_password: Azerty1+
diff --git a/tomcat/ppebase/roles/tomcat/defaults/main.yml b/tomcat/ppebase/roles/tomcat/defaults/main.yml
new file mode 100644
index 0000000..4b7a55b
--- /dev/null
+++ b/tomcat/ppebase/roles/tomcat/defaults/main.yml
@@ -0,0 +1,2 @@
+tomcat_archive_url: http://depl/store/apache-tomcat-10.0.13.tar.gz
+tomcat_archive_dest: /opt/tomcat/apache-tomcat-10.0.13.tar.gz
diff --git a/tomcat/ppebase/roles/tomcat/handlers/main.yml b/tomcat/ppebase/roles/tomcat/handlers/main.yml
new file mode 100644
index 0000000..02c4fcb
--- /dev/null
+++ b/tomcat/ppebase/roles/tomcat/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart tomcat
+  service:
+    name: tomcat
+    state: restarted
diff --git a/tomcat/ppebase/roles/tomcat/tasks/main.yml b/tomcat/ppebase/roles/tomcat/tasks/main.yml
new file mode 100644
index 0000000..5dba831
--- /dev/null
+++ b/tomcat/ppebase/roles/tomcat/tasks/main.yml
@@ -0,0 +1,69 @@
+  - name: Install basic packages
+    package:
+      name: ['vim','aptitude','bash-completion','tmux','tree','htop','wget','unzip','curl','git','python']
+      state: present
+      update_cache: yes
+
+  - name: installer JDK
+    apt:
+      name: openjdk-11-jdk
+      state: present
+
+  - name: creer le repertoire /opt/tomcat
+    file:
+      path: /opt/tomcat
+      state: directory
+      mode: 0755
+
+  - name: creer le groupe tomcat
+    group:
+      name: tomcat
+
+  - name: creer l'utilisateur tomcat
+    user:
+      name: tomcat
+      group: tomcat
+      home: /user/share/tomcat
+      createhome: no
+
+  - name: installer TomCat
+    unarchive:
+      src: http://depl/store/apache-tomcat-10.0.13.tar.gz
+      dest: /opt/tomcat
+      remote_src: yes
+
+  - name: Change ownership
+    file:
+      path: /opt/tomcat
+      owner: tomcat
+      group: tomcat
+      mode: "u+rwx,g+rx,o=rx"
+      recurse: yes
+      state: directory
+
+  - name: Templating Tomcat service from local to remote
+    template:
+      src: tomcat.service.j2
+      dest: /etc/systemd/system/
+      mode: 0755
+
+  - name: Demarrer le service tomcat
+    local_action: command sh /opt/tomcat/apache-tomcat-10.0.13/bin/startup.sh
+
+
+  - name: Set UI access credentials
+    template:
+      src: tomcat-users.xml.j2
+      dest: tomcat-users.xml
+    notify: restart tomcat
+
+  - name: Allow access to Manager and Host Manager apps from any IP
+    template:
+      src: context.xml.j2
+      dest: context.xml 
+
+  - name: Redemarrer le service tomcat (1)
+    local_action: command sh /opt/tomcat/apache-tomcat-10.0.13/bin/shutdown.sh
+
+  - name: Redemarrer le service tomcat (2)
+    local_action: command sh /opt/tomcat/apache-tomcat-10.0.13/bin/startup.sh
diff --git a/tomcat/ppebase/roles/tomcat/tasks/main.yml.sv1 b/tomcat/ppebase/roles/tomcat/tasks/main.yml.sv1
new file mode 100644
index 0000000..9522ca8
--- /dev/null
+++ b/tomcat/ppebase/roles/tomcat/tasks/main.yml.sv1
@@ -0,0 +1,100 @@
+  - name: on s'assure que le systeme supporte l'https
+    stat:
+      path: /usr/lib/apt/methods/https
+    register: apt_https_transport
+
+  - name: installer apt https transport
+    apt:
+      name: "apt-transport-https"
+      state: present
+      update_cache: yes
+    when: not apt_https_transport.stat.exists
+
+  - name: Install basic packages
+    package:
+      name: ['vim','aptitude','bash-completion','tmux','tree','htop','wget','unzip','curl','git','python']
+      state: present
+      update_cache: yes
+
+  - name: installer JDK
+    apt:
+      name: openjdk-11-jdk
+      state: present
+
+  - name: creer le repertoire /opt/tomcat
+    file:
+      path: /opt/tomcat
+      state: directory
+      mode: 0755
+
+  - name: creer le groupe tomcat
+    group:
+      name: tomcat
+
+  - name: creer l'utilisateur tomcat
+    user:
+      name: tomcat
+      group: tomcat
+      home: /user/share/tomcat
+      createhome: no
+
+  - name: installer TomCat
+    unarchive:
+      src: http://depl/store/apache-tomcat-10.0.13.tar.gz
+      dest: /opt/tomcat
+      remote_src: yes
+
+  - name: Change ownership
+    file:
+      path: /opt/tomcat
+      owner: tomcat
+      group: tomcat
+      mode: "u+rwx,g+rx,o=rx"
+      recurse: yes
+      state: directory
+
+  - name: Create a tomcat directory
+    file:
+      path: /usr/share/tomcat
+      state: directory
+      owner: tomcat
+      group: tomcat
+
+  - name: Extract tomcat archive
+    unarchive:
+      src: /opt/tomcat/apache-tomcat-10.0.13.tar.gz
+      dest: /usr/share/tomcat
+      owner: tomcat
+      group: tomcat
+      remote_src: yes
+      extra_opts: "--strip-components=1"
+      creates: /usr/share/tomcat/bin
+
+  - name: Copy Tomcat service from local to remote
+    copy:
+      src: tomcat.service.j2
+      dest: /etc/systemd/system/
+      mode: 0755
+  
+  - name: demarrer le service TomCat
+    systemd:
+      name: tomcat
+      state: started
+      enabled: true
+      daemon_reload: yes
+
+  - name: Set UI access credentials
+    template:
+      src: tomcat-users.xml.j2
+      dest: /usr/share/tomcat/conf/tomcat-users.xml
+    notify: restart tomcat
+
+  - name: Allow access to Manager and Host Manager apps from any IP
+    template:
+      src: context.xml.j2 
+      dest: "{{ item }}"
+    with_items:
+      - /usr/share/tomcat/webapps/host-manager/META-INF/context.xml
+      - /usr/share/tomcat/webapps/manager/META-INF/context.xml
+    notify: restart tomcat
+
diff --git a/tomcat/ppebase/roles/tomcat/tasks/main.yml.sv2 b/tomcat/ppebase/roles/tomcat/tasks/main.yml.sv2
new file mode 100644
index 0000000..aa7853b
--- /dev/null
+++ b/tomcat/ppebase/roles/tomcat/tasks/main.yml.sv2
@@ -0,0 +1,68 @@
+  - name: Install basic packages
+    package:
+      name: ['vim','aptitude','bash-completion','tmux','tree','htop','wget','unzip','curl','git','python']
+      state: present
+      update_cache: yes
+
+  - name: installer JDK
+    apt:
+      name: openjdk-11-jdk
+      state: present
+
+  - name: creer le repertoire /opt/tomcat
+    file:
+      path: /opt/tomcat
+      state: directory
+      mode: 0755
+
+  - name: creer le groupe tomcat
+    group:
+      name: tomcat
+
+  - name: creer l'utilisateur tomcat
+    user:
+      name: tomcat
+      group: tomcat
+      home: /user/share/tomcat
+      createhome: no
+
+  - name: installer TomCat
+    unarchive:
+      src: http://depl/store/apache-tomcat-10.0.13.tar.gz
+      dest: /opt/tomcat
+      remote_src: yes
+
+  - name: Change ownership
+    file:
+      path: /opt/tomcat
+      owner: tomcat
+      group: tomcat
+      mode: "u+rwx,g+rx,o=rx"
+      recurse: yes
+      state: directory
+
+  - name: Templating Tomcat service from local to remote
+    template:
+      src: tomcat.service.j2
+      dest: /etc/systemd/system/
+      mode: 0755
+
+  - name: VRRR demarrer le service tomcat
+    local_action: command sh /opt/tomcat/apache-tomcat-10.0.13/bin/startup.sh
+
+
+  - name: Set UI access credentials
+    template:
+      src: tomcat-users.xml.j2
+      dest: tomcat-users.xml
+    notify: restart tomcat
+
+  - name: Allow access to Manager and Host Manager apps from any IP
+    template:
+      src: context.xml.j2 
+      dest: "{{ item }}"
+    with_items:
+      - /opt/tomcat/webapps/host-manager/META-INF/context.xml
+      - /opt/tomcat/webapps/manager/META-INF/context.xml
+    notify: restart tomcat
+
diff --git a/tomcat/ppebase/roles/tomcat/templates/context.xml.j2 b/tomcat/ppebase/roles/tomcat/templates/context.xml.j2
new file mode 100644
index 0000000..9265673
--- /dev/null
+++ b/tomcat/ppebase/roles/tomcat/templates/context.xml.j2
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<Context antiResourceLocking="false" privileged="true" >
+</Context>
diff --git a/tomcat/ppebase/roles/tomcat/templates/tomcat-users.xml.j2 b/tomcat/ppebase/roles/tomcat/templates/tomcat-users.xml.j2
new file mode 100644
index 0000000..dd9bff3
--- /dev/null
+++ b/tomcat/ppebase/roles/tomcat/templates/tomcat-users.xml.j2
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<tomcat-users xmlns="http://tomcat.apache.org/xml"
+              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
+              version="1.0">
+<!--
+  NOTE:  By default, no user is included in the "manager-gui" role required
+  to operate the "/manager/html" web application.  If you wish to use this app,
+  you must define such a user - the username and password are arbitrary. It is
+  strongly recommended that you do NOT use one of the users in the commented out
+  section below since they are intended for use with the examples web
+  application.
+-->
+<!--
+  NOTE:  The sample user and role entries below are intended for use with the
+  examples web application. They are wrapped in a comment and thus are ignored
+  when reading this file. If you wish to configure these users for use with the
+  examples web application, do not forget to remove the <!.. ..> that surrounds
+  them. You will also need to set the passwords to something appropriate.
+-->
+<!-- user manager can access only manager section -->
+<role rolename="manager-gui" />
+<user username="{{ ui_manager_user }}" password="{{ ui_manager_pass }}" roles="manager-gui" />
+
+<!-- user admin can access manager and admin section both -->
+<role rolename="admin-gui" />
+<user username="{{ ui_admin_username }}" password="{{ ui_admin_pass }}" roles="manager-gui,admin-gui" />
+</tomcat-users>
diff --git a/tomcat/ppebase/roles/tomcat/templates/tomcat.service.j2 b/tomcat/ppebase/roles/tomcat/templates/tomcat.service.j2
new file mode 100644
index 0000000..0ce7236
--- /dev/null
+++ b/tomcat/ppebase/roles/tomcat/templates/tomcat.service.j2
@@ -0,0 +1,22 @@
+[Unit]
+Description=Tomcat
+After=syslog.target network.target
+
+[Service]
+Type=forking
+
+User=tomcat
+Group=tomcat
+
+Environment=JAVA_HOME={{ JAVA_HOME }}
+Environment='JAVA_OPTS=-Djava.awt.headless=true'
+
+Environment=CATALINA_HOME=/usr/share/tomcat
+Environment=CATALINA_BASE=/usr/share/tomcat
+Environment=CATALINA_PID=/usr/share/tomcat/temp/tomcat.pid
+
+ExecStart=/opt/tomcat/bin/catalina.sh start
+ExecStop=/opt/tomcat/bin/catalina.sh stop
+
+[Install]
+WantedBy=multi-user.target
diff --git a/tomcat/ppebase/roles/tomcat/vars/main.yml b/tomcat/ppebase/roles/tomcat/vars/main.yml
new file mode 100644
index 0000000..aae9205
--- /dev/null
+++ b/tomcat/ppebase/roles/tomcat/vars/main.yml
@@ -0,0 +1,2 @@
+---
+JAVA_HOME: /usr/lib/jvm/default-java
diff --git a/tomcat/ppebase/tomcat-setup.yml b/tomcat/ppebase/tomcat-setup.yml
new file mode 100644
index 0000000..52aaa99
--- /dev/null
+++ b/tomcat/ppebase/tomcat-setup.yml
@@ -0,0 +1,13 @@
+- name: Tomcat deployment playbook
+  hosts: all       # Inventory hosts group / server to act on
+  become: yes               # If to escalate privilege
+  become_method: sudo       # Set become method
+  remote_user: root         # Update username for remote server
+  vars:
+    tomcat_ver: 10.0.13                          # Tomcat version to install
+    ui_manager_user: manager                    # User who can access the UI manager section only
+    ui_manager_pass: root      # UI manager user password
+    ui_admin_username: admin                    # User who can access bpth manager and admin UI sections
+    ui_admin_pass: root          # UI admin password
+  roles:
+    - tomcat
diff --git a/tomcat/ppebase/tomcat-users.xml b/tomcat/ppebase/tomcat-users.xml
new file mode 100644
index 0000000..37c05aa
--- /dev/null
+++ b/tomcat/ppebase/tomcat-users.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<tomcat-users xmlns="http://tomcat.apache.org/xml"
+              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
+              version="1.0">
+<!--
+  NOTE:  By default, no user is included in the "manager-gui" role required
+  to operate the "/manager/html" web application.  If you wish to use this app,
+  you must define such a user - the username and password are arbitrary. It is
+  strongly recommended that you do NOT use one of the users in the commented out
+  section below since they are intended for use with the examples web
+  application.
+-->
+<!--
+  NOTE:  The sample user and role entries below are intended for use with the
+  examples web application. They are wrapped in a comment and thus are ignored
+  when reading this file. If you wish to configure these users for use with the
+  examples web application, do not forget to remove the <!.. ..> that surrounds
+  them. You will also need to set the passwords to something appropriate.
+-->
+<!-- user manager can access only manager section -->
+<role rolename="manager-gui" />
+<user username="manager" password="root" roles="manager-gui" />
+
+<!-- user admin can access manager and admin section both -->
+<role rolename="admin-gui" />
+<user username="admin" password="root" roles="manager-gui,admin-gui" />
+</tomcat-users>