middleware_automation.jws.jws

This role contains the ansible playbook to set up JWS.

Dependencies

The roles depends on:

Versions

JWS VERSION	Release Date	Tomcat Version	Native Version	Notes
`6.0.0`	October 31, 2023	`10.1.8`	`1.2.36`	Release Notes
`5.8.0`	May 7, 2024	`9.0.87`	`1.2.31`	Release Notes
`5.7.0`	November 2, 2022	`9.0.62`	`1.2.31`	Release Notes
`5.6.0`	November 30, 2021	`9.0.50`	`1.2.30`	Release Notes
`5.5.0`	June 29, 2021	`9.0.43`	`1.2.26`	Release Notes
`5.4.0`	November 23, 2020	`9.0.36`	`1.2.25`	Release Notes
`5.3.0`	April 21, 2020	`9.0.30`	`1.2.23`	Release Notes
`5.2.0`	November 20, 2019	`9.0.21`	`1.2.21`	Release Notes
`5.1.0`	May 08, 2019	`9.0.7`	`1.2.17`	Release Notes

For further information: JBoss Web Server Component Details

Role Defaults

Download and install parameters

Variable	Description	Default
`jws_install_method`	Installation method, allowed values: `['zipfiles','rpm']`	`zipfiles`
`jws_install_dir`	Installation path for JWS/tomcat	`/opt`
`jws_rpm`	Installation RPM version	`jws6`
`jws_version`	Version of JWS to install	`6.0.0`
`jws_apply_patches`	Install JWS most recent cumulative patch for requested version	`False`
`jws_selinux_enabled`	Enable selinux policy enforcement for JWS	`True`
`jws_home`	Default installation path for JWS archives	`{{ jws_install_dir }}/jws-{{ jws_version.split('.')[0] }}.{{ jws_version.split('.')[1] }}/tomcat`
`jws_user`	posix user account for service	`tomcat`
`jws_uid`	posix UID user account for service	`tomcat`
`jws_group`	posix group for service	`tomcat`
`jws_gid`	posix GID user account for service	`tomcat`
`jws_native`	Install native bits; provide a zipfile path below with tomcat, while on JWS it will be interpolated from version	`False`
`jws_native_zipfile`	Tomcat native binaries archive filename	`''`
`jws_force_install`	Whether to stop any running tomcat process and continue installation	`false`
`jws_archive_repository`	Path local to controller for offline/download archive files	`{{ lookup('env', 'PWD') \| default('/opt') }}`
`jws_offline_install`	Whether to perform a completely offline install	`false`
`jws_url_download_retries`	Number of retries in case a download fails	`5`
`jws_url_download_delay`	Delay among two consequent download retries	`10`

Service configuration

Variable	Description	Default
`jws_apps_to_remove`	Comma separated list of apps to undeploy	`docs,ROOT,examples`
`jws_catalina_base`	Tomcat catalina base env variable	`{{ lookup('env','CATALINA_BASE') }}`
`jws_conf_properties`	Path for tomcat configuration	`./conf/catalina.properties`
`jws_conf_policy`	Path for tomcat policy configuration	`./conf/catalina.policy`
`jws_conf_logging`	Path for logging configuration	`./conf/logging.properties`
`jws_conf_context`	Relative path to context.xml	`./conf/context.xml`
`jws_conf_server`	Relative path to server.xml	`./conf/server.xml`
`jws_conf_web`	Relative path to web.xml	`./conf/web.xml`
`jws_conf_templates_context`	Template to use for context.xml	`templates/context.xml.j2`
`jws_conf_templates_server`	Template to use for server.xml	`templates/server.xml.j2`
`jws_conf_templates_web`	Template to use for web.xml	`templates/web.xml.j2`
`jws_conf_templates_catalina_properties`	Template to use for catalina.properties	`templates/catalina.properties.j2`
`jws_shutdown_port`	Tomcat shutdown port	`8005`
`jws_listen_http_port`	Tomcat http listen port	`8080`
`jws_listen_http_bind_address`	Service bind address	`localhost`
`jws_listen_http_enabled`	Enable listening on http port	`True`
`jws_listen_https_port`	Enable listening on https port	`8443`
`jws_listen_https_bind_address`	Bind address for https	`::1`
`jws_listen_https_enabled`	Enable listening on https port	`false`
`jws_listen_ajp_enabled`	Enable listening on ajp port	`False`
`jws_listen_ajp_address`	Bind address for ajp	`::1`
`jws_listen_ajp_port`	Tomcat ajp listen port	`8009`
`jws_listen_ajp_secret_required`	Enable loading secret from vault	`True`
`jws_listen_ajp_secret`	Passphrase for vault secret	`secret`
`jws_systemd_enabled`	Enable tomcat systemd unit	`False`
`jws_systemd_script_interpreter`	Interpreter for systemd unit	`bash`
`jws_systemd_script_shebang`	Customize sysVinit script shebang	`#!/bin/{{ jws_systemd_script_interpreter }}`
`jws_service_name`	Name for the systemd unit	`tomcat`
`jws_service_conf`	Absolute path to tomcat.conf	`{{ jws_home }}/conf/tomcat.conf`
`jws_service_script`	Tomcat sysVinit script	`{{ jws_home }}/bin/systemd-service.sh`
`jws_service_systemd`	Tomcat systemd unit	`/usr/lib/systemd/system/tomcat.service`
`jws_service_pidfile`	Absolute path to tomcat PIDfile	`{{ jws_home }}/tomcat.pidfile`
`jws_service_systemd_type`	Systemd unit type	`simple`

tomcat-vault configuration

Variable	Description	Default
`jws_tomcat_vault_keystore`	vault keystore filename, made available in playbook files lookup paths	`vault.keystore`
`jws_tomcat_vault_enabled`	Enable value	`False`
`jws_tomcat_vault_alias`	Alias for loading from vault	`my_vault`
`jws_tomcat_vault_storepass`	Tomcat keystore password	`123456`
`jws_tomcat_vault_iteration`	Number of iteration for vault encryption	`44`
`jws_tomcat_vault_salt`	Salt for encrypting tomcat vault	`1234abcd`
`jws_tomcat_vault_properties`	vault.properties filename, made available in playbook files lookup paths	`vault.properties`
`jws_tomcat_vault_data`	vault.data filename, made available in playbook files lookup paths	`VAULT.dat`

mod_cluster configuration

Variable	Description	Default
`jws_modcluster_enable`	Enable mod_cluster module	`False`
`jws_modcluster_ip`	Bind address for mod_cluster	`127.0.0.1`
`jws_modcluster_port`	mod_cluster port	`6666`
`jws_modcluster_connector_port`	mod_cluster connector port	`8080`
`jws_modcluster_advertise`	Enable mod_cluster advertising	`false`
`jws_modcluster_sticky_session`	Enable mod_cluster sticky sessions	`true`
`jws_modcluster_sticky_session_force`	Force use of sticky sessions	`false`
`jws_modcluster_sticky_session_remove`	Remove sticky session from cookies	`true`

HTTPS configuration

Variable	Description	Default
`jws_listen_https_enabled`	Enable HTTPS connector	`False`
`jws_listen_https_port`	Tomcat HTTPS listen port	`'8443'`
`jws_listen_https_bind_address`	Service HTTPS bind address	`'localhost'`
`jws_listen_https_servername`	Servername associated to the HTTPS connector	`'My Server'`
`jws_listen_https_threads_max`	Max number of threads for the HTTPS connector	`150`
`jws_listen_https_connection_timeout`	HTTPS connector timeout	`6000`
`jws_listen_https_headers_size`	HTTPS connector HTTPS header size	`8192`
`jws_listen_https_keystore_file`	Path to keystore file used by HTTPS connector	`/etc/ssl/keystore.jks`
`jws_listen_https_keystore_password`	Password to keystore file	`changeit`
`jws_listen_https_client_auth`	Request certificate from client	`false`

Role Variables

Variable	Description
`jws_java_version`	Version of java openjdk RPM to install for Tomcat, by default nothing is installed
`jws_java_home`	Path to the JAVA_HOME to be used by the server

NOTE: You need to provided either jws_java_version or jws_java_home value. jws_java_version value can be 11, 17.

Example Playbook

---
- hosts: all
  vars:
    jws_java_version: 17
    jws_listen_http_bind_address: 127.0.0.1
    jws_systemd_enabled: True
    jws_service_systemd_type: forking
    jws_selinux_enabled: False
  roles:
    - middleware_automation.jws.jws