tomcat

NTTCom-MS/eyp-tomcat:

Table of Contents

1. Overview
2. Module Description
3. Setup
   • What tomcat affects
   • Setup requirements
   • Beginning with tomcat
4. Usage
5. Reference
6. Limitations
7. Development
   • Contributing

Overview

Multi instance tomcat installation

Module Description

Multi instance tomcat installation and configuration of:

• server.xml
  • context, connectors, reals, values...
• JVM memory settings
• context.xml
• authenticators
• jaas
• jndi
• custom library deployment (tar.gz)
• web.xml
• custom properties files
• postgres jdbc driver

Setup

What tomcat affects

By default,

• CATALINA_HOME: /opt/tomcat-home (configured on class tomcat)
• CATALINA_BASE: "/opt/${name}" (configured on define instance)

Setup Requirements

This module requires pluginsync enabled and eyp/nsswitch module installed, optionally eyp-java

If eyp-logrotate is available, it can define catalina.out file rotation

Beginning with tomcat

simple example:

class { 'tomcat':
  tomcat_url => 'http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.68/bin/apache-tomcat-7.0.68.tar.gz',
  nativelibrary => true,
}

tomcat::instance { 'tomcat-8080':
  tomcatpw => 'lol',
  shutdown_port=>'2022',
  ajp_port=>'8081',
  connector_port=>'8080',
  jmx_port => '2021',
  lockoutrealm => false,
}

tomcat::instance { 'tomcat-8888':
  tomcatpw => 'lol',
  shutdown_port=>'9000',
  ajp_port=>'8885',
  connector_port=>'8888',
  jmx_port => '9999',
  lockoutrealm => true,
}

Usage

typical configuration options

Multi instance installation example:

---
paquets_general:
  - gcc
classes:
  - tomcat
  - java
java::java_package: java-1.8.0-openjdk
java::java_devel_package: java-1.8.0-openjdk-devel
tomcat::tomcat_src: puppet:///tomcat/apache-tomcat-7.0.57.tar.gz
tomcat::nativelibrary: true
tomcatinstances:
  tomcat8080:
    tomcatpw: a12345
    shutdown_port: 8070
    jmx_port: 8060
    ajp_port: ""
    connector_port: 8080
    xmx: 1024m
    xms: 512m
    realms:
      - es.systemadmin.es.sso.tomcat.SSORealm
    values:
      - org.apache.catalina.authenticator.SingleSignOn
    errorReportValveClass: es.systemadmin.es.sso.tomcat.SSOErrorValve
    lockoutrealm: false
    userdatabase: false
    extra_vars:
      CONNECTOR_PORT:
        8080
    rmi_server_hostname: "%{::ipaddress_eth0}"
  tomcat8081:
    tomcatpw: a12345
    shutdown_port: 8071
    jmx_port: 8061
    ajp_port: ""
    connector_port: 8081
    xmx: 1024m
    xms: 512m
    realms:
      - es.systemadmin.es.sso.tomcat.SSORealm
    values:
      - org.apache.catalina.authenticator.SingleSignOn
    errorReportValveClass: es.systemadmin.es.sso.tomcat.SSOErrorValve
    lockoutrealm: false
    userdatabase: false
    extra_vars:
      CONNECTOR_PORT:
        8081
    rmi_server_hostname: "%{::ipaddress_eth0}"
  tomcat8082:
    tomcatpw: a12345
    shutdown_port: 8072
    jmx_port: 8062
    ajp_port: ""
    connector_port: 8082
    xmx: 1024m
    xms: 512m
    realms:
      - es.systemadmin.es.sso.tomcat.SSORealm
    values:
      - org.apache.catalina.authenticator.SingleSignOn
    errorReportValveClass: es.systemadmin.es.sso.tomcat.SSOErrorValve
    lockoutrealm: false
    userdatabase: false
    extra_vars:
      CONNECTOR_PORT:
        8082
    rmi_server_hostname: "%{::ipaddress_eth0}"
  tomcat8083:
    tomcatpw: a12345
    shutdown_port: 8073
    jmx_port: 8063
    ajp_port: ""
    connector_port: 8083
    xmx: 1024m
    xms: 512m
    realms:
      - es.systemadmin.es.sso.tomcat.SSORealm
    values:
      - org.apache.catalina.authenticator.SingleSignOn
    errorReportValveClass: es.systemadmin.es.sso.tomcat.SSOErrorValve
    lockoutrealm: false
    userdatabase: false
    rmi_server_hostname: "%{::ipaddress_eth0}"

jaas properties example

jaasproperties:
  tomcat8080:
    app: SystemAdminInternalConfig
    provider: ldap://1.2.3.4:389/ou=People,dc=systemadmin,dc=es
    filter: (&(uid={USERNAME})(objectClass=inetOrgPerson))
  tomcat8081:
    app: SystemAdminInternalConfig
    provider: ldap://1.2.3.4:389/ou=People,dc=systemadmin,dc=es
    filter: (&(uid={USERNAME})(objectClass=inetOrgPerson))
  tomcat8082:
    app: SystemAdminInternalConfig
    provider: ldap://1.2.3.4:389/ou=People,dc=systemadmin,dc=es
    filter: (&(uid={USERNAME})(objectClass=inetOrgPerson))
  tomcat8083:
    app: SystemAdminInternalConfig
    provider: ldap://1.2.3.4:389/ou=People,dc=systemadmin,dc=es
    filter: (&(uid={USERNAME})(objectClass=inetOrgPerson))

jndi properties example

jndiproperties:
  tomcat8080:
    ldapservers:
      - "ldap1.%{::ntteam_ptr_fqdn_tokenized_2}.systemadmin.es"
      - "ldap2.%{::ntteam_ptr_fqdn_tokenized_2}.systemadmin.es"
    ldapbase: "%{hiera('systemadmin::ldapbase')}"
    ldapadmin: "%{hiera('systemadmin::ldapadmin')}"
    ldapadminpassword: "%{hiera('openldap::server::adminpassword')}"
  tomcat8081:
    ldapservers:
      - "ldap1.%{::ntteam_ptr_fqdn_tokenized_2}.systemadmin.es"
      - "ldap2.%{::ntteam_ptr_fqdn_tokenized_2}.systemadmin.es"
    ldapbase: "%{hiera('systemadmin::ldapbase')}"
    ldapadmin: "%{hiera('systemadmin::ldapadmin')}"
    ldapadminpassword: "%{hiera('openldap::server::adminpassword')}"
  tomcat8082:
    ldapservers:
      - "ldap1.%{::ntteam_ptr_fqdn_tokenized_2}.systemadmin.es"
      - "ldap2.%{::ntteam_ptr_fqdn_tokenized_2}.systemadmin.es"
    ldapbase: "%{hiera('systemadmin::ldapbase')}"
    ldapadmin: "%{hiera('systemadmin::ldapadmin')}"
    ldapadminpassword: "%{hiera('openldap::server::adminpassword')}"
  tomcat8083:
    ldapservers:
      - "ldap1.%{::ntteam_ptr_fqdn_tokenized_2}.systemadmin.es"
      - "ldap2.%{::ntteam_ptr_fqdn_tokenized_2}.systemadmin.es"
    ldapbase: "%{hiera('systemadmin::ldapbase')}"
    ldapadmin: "%{hiera('systemadmin::ldapadmin')}"
    ldapadminpassword: "%{hiera('openldap::server::adminpassword')}"

authenticators example

tomcatauthenticators:
  tomcat8080:
    basic: es.systemadmin.sso.tomcat.BasicAuthenticator
    form: es.systemadmin.sso.tomcat.FormAuthenticator
  tomcat8081:
    basic: es.systemadmin.sso.tomcat.BasicAuthenticator
    form: es.systemadmin.sso.tomcat.FormAuthenticator
  tomcat8082:
    basic: es.systemadmin.sso.tomcat.BasicAuthenticator
    form: es.systemadmin.sso.tomcat.FormAuthenticator
  tomcat8083:
    basic: es.systemadmin.sso.tomcat.BasicAuthenticator
    form: es.systemadmin.sso.tomcat.FormAuthenticator

library tarball installation example

tomcatlibstarballs:
  tomcat8080:
    source: puppet:///customers/example/tomcatlibs.tgz
  tomcat8081:
    source: puppet:///customers/example/tomcatlibs.tgz
  tomcat8082:
    source: puppet:///customers/example/tomcatlibs.tgz
  tomcat8083:
    source: puppet:///customers/example/tomcatlibs.tgz

custom tomcat properties file deployment example

tomcatproperties:
  catalina8080:
    properties_file: catalina
    source: puppet:///customers/example/catalina.properties
    catalina_base: /opt/tomcat8080
    servicename: tomcat8080
  catalina8081:
    properties_file: catalina
    source: puppet:///customers/example/catalina.properties
    catalina_base: /opt/tomcat8081
    servicename: tomcat8081
  catalina8082:
    properties_file: catalina
    source: puppet:///customers/example/catalina.properties
    catalina_base: /opt/tomcat8082
    servicename: tomcat8082
  catalina8083:
    properties_file: catalina
    source: puppet:///customers/example/catalina.properties
    catalina_base: /opt/tomcat8083
    servicename: tomcat8083
  logging8080:
    properties_file: logging
    source: puppet:///customers/example/logging.properties
    catalina_base: /opt/tomcat8080
    servicename: tomcat8080
  logging8081:
    properties_file: logging
    source: puppet:///customers/example/logging.properties
    catalina_base: /opt/tomcat8081
    servicename: tomcat8081
  logging8082:
    properties_file: logging
    source: puppet:///customers/example/logging.properties
    catalina_base: /opt/tomcat8082
    servicename: tomcat8082
  logging8083:
    properties_file: logging
    source: puppet:///customers/example/logging.properties
    catalina_base: /opt/tomcat8083
    servicename: tomcat8083

web.xml example

tomcatwebxml:
  tomcat8080:
    source: puppet:///customers/example/web.xml
  tomcat8081:
    source: puppet:///customers/example/web.xml
  tomcat8082:
    source: puppet:///customers/example/web.xml
  tomcat8083:
    source: puppet:///customers/example/web.xml

context.xml example

tomcatcontext:
  tomcat8080:
    sessionCookiePath: /
    antiJARLocking: true
    antiResourceLocking: true
  tomcat8081:
    sessionCookiePath: /
    antiJARLocking: true
    antiResourceLocking: true
  tomcat8082:
    sessionCookiePath: /
    antiJARLocking: true
    antiResourceLocking: true
  tomcat8083:
    sessionCookiePath: /
    antiJARLocking: true
    antiResourceLocking: true

update library

tomcat::lib { 'tomcat-8080':
  jar_name => 'ecj-4.4.3',
  source => 'puppet:///solr/ecj-4.4.3.jar',
}

java agent

tomcat::agent { 'tomcat-8080':
  agent_name => 'agenttest',
  comment => 'example agent',
  jar_name => 'agenttest-1.0.29',
  source => 'puppet:///tomcat/agenttest-1.0.29.jar',
}

postgres JDBC driver

tomcatinstances:
  tomcat_retail01:
    tomcatpw: 123456
    xmx: 1024m
    xms: 1024m
    ajp_port: 9509
    maxpermsize: 384m
    heapdump_oom_dir: /opt/applogs/RETAIL01
  tomcat_retail50:
    tomcatpw: 123456
    xmx: 1024m
    xms: 1024m
    ajp_port: 9510
    maxpermsize: 384m
    heapdump_oom_dir: /opt/applogs/RETAIL50
tomcatdriverpostgres:
  tomcat_retail01: {}
  tomcat_retail50: {}

add a new tomcatuser

tomcat::tomcatuser { 'tomcat-8080':
  tomcatuser => 'test',
  tomcatpw => 'lol',
}

init script usage

options

[root@ldapm ~]# /etc/init.d/tomcat-8080
Usage: /etc/init.d/tomcat-8080 start | stop | status | threadump | heapdump <file>

threadump

Will create a thread dump on catalina.out

# /etc/init.d/tomcat-8080 threadump
thread dump - OK

For example:

Full thread dump OpenJDK 64-Bit Server VM (25.101-b13 mixed mode):

"ajp-bio-8888-AsyncTimeout" #20 daemon prio=5 os_prio=0 tid=0x00007f71343c7000 nid=0x226f waiting on condition [0x00007f7120fab000]
   java.lang.Thread.State: TIMED_WAITING (sleeping)
    at java.lang.Thread.sleep(Native Method)
    at org.apache.tomcat.util.net.JIoEndpoint$AsyncTimeout.run(JIoEndpoint.java:152)
    at java.lang.Thread.run(Thread.java:745)

"http-bio-8080-AsyncTimeout" #18 daemon prio=5 os_prio=0 tid=0x00007f71343c3800 nid=0x226d waiting on condition [0x00007f71211ad000]
   java.lang.Thread.State: TIMED_WAITING (sleeping)
    at java.lang.Thread.sleep(Native Method)
    at org.apache.tomcat.util.net.JIoEndpoint$AsyncTimeout.run(JIoEndpoint.java:152)
    at java.lang.Thread.run(Thread.java:745)

"ContainerBackgroundProcessor[StandardEngine[Catalina]]" #16 daemon prio=5 os_prio=0 tid=0x00007f71343b2800 nid=0x226b waiting on condition [0x00007f71213af000]
   java.lang.Thread.State: TIMED_WAITING (sleeping)
    at java.lang.Thread.sleep(Native Method)
    at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1513)
    at java.lang.Thread.run(Thread.java:745)

"GC Daemon" #13 daemon prio=2 os_prio=0 tid=0x00007f7134307800 nid=0x225c in Object.wait() [0x00007f7122d01000]
   java.lang.Thread.State: TIMED_WAITING (on object monitor)
    at java.lang.Object.wait(Native Method)
    - waiting on <0x00000000e16a8560> (a sun.misc.GC$LatencyLock)
    at sun.misc.GC$Daemon.run(GC.java:117)
    - locked <0x00000000e16a8560> (a sun.misc.GC$LatencyLock)

(...)

"Finalizer" #3 daemon prio=8 os_prio=0 tid=0x00007f7134089800 nid=0x220a in Object.wait() [0x00007f7123eaa000]
   java.lang.Thread.State: WAITING (on object monitor)
    at java.lang.Object.wait(Native Method)
    - waiting on <0x00000000e0008ee0> (a java.lang.ref.ReferenceQueue$Lock)
    at java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:143)
    - locked <0x00000000e0008ee0> (a java.lang.ref.ReferenceQueue$Lock)
    at java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:164)
    at java.lang.ref.Finalizer$FinalizerThread.run(Finalizer.java:209)

"Reference Handler" #2 daemon prio=10 os_prio=0 tid=0x00007f7134085000 nid=0x2209 in Object.wait() [0x00007f7123fab000]
   java.lang.Thread.State: WAITING (on object monitor)
    at java.lang.Object.wait(Native Method)
    - waiting on <0x00000000e0006b50> (a java.lang.ref.Reference$Lock)
    at java.lang.Object.wait(Object.java:502)
    at java.lang.ref.Reference.tryHandlePending(Reference.java:191)
    - locked <0x00000000e0006b50> (a java.lang.ref.Reference$Lock)
    at java.lang.ref.Reference$ReferenceHandler.run(Reference.java:153)

"main" #1 prio=5 os_prio=0 tid=0x00007f7134009800 nid=0x2203 runnable [0x00007f713af9b000]
   java.lang.Thread.State: RUNNABLE
    at java.net.PlainSocketImpl.socketAccept(Native Method)
    at java.net.AbstractPlainSocketImpl.accept(AbstractPlainSocketImpl.java:409)
    at java.net.ServerSocket.implAccept(ServerSocket.java:545)
    at java.net.ServerSocket.accept(ServerSocket.java:513)
    at org.apache.catalina.core.StandardServer.await(StandardServer.java:453)
    at org.apache.catalina.startup.Catalina.await(Catalina.java:777)
    at org.apache.catalina.startup.Catalina.start(Catalina.java:723)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:321)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:455)

"VM Thread" os_prio=0 tid=0x00007f713407b800 nid=0x2208 runnable

"VM Periodic Task Thread" os_prio=0 tid=0x00007f71341a5800 nid=0x2253 waiting on condition

JNI global references: 51

Heap
 def new generation   total 157248K, used 100655K [0x00000000e0000000, 0x00000000eaaa0000, 0x00000000eaaa0000)
  eden space 139776K,  72% used [0x00000000e0000000, 0x00000000e624bfd8, 0x00000000e8880000)
  from space 17472K,   0% used [0x00000000e8880000, 0x00000000e8880000, 0x00000000e9990000)
  to   space 17472K,   0% used [0x00000000e9990000, 0x00000000e9990000, 0x00000000eaaa0000)
 tenured generation   total 349568K, used 0K [0x00000000eaaa0000, 0x0000000100000000, 0x0000000100000000)
   the space 349568K,   0% used [0x00000000eaaa0000, 0x00000000eaaa0000, 0x00000000eaaa0200, 0x0000000100000000)
 Metaspace       used 15177K, capacity 15452K, committed 15744K, reserved 1062912K
  class space    used 1547K, capacity 1609K, committed 1664K, reserved 1048576K

heapdump

Requires jmap installed

# /etc/init.d/tomcat-8080 heapdump heap.bin
Dumping heap to /tmp/hsperfdata_tomcat/heap.bin ...
Heap dump file created

known errors

error installing tomcat native library

The following error means that you need to install the devel package for java, for example java-1.7.0-openjdk-devel:

Notice: /Stage[main]/Tomcat/Exec[configure native library /usr/local/src]/returns: dirname: missing operand
Notice: /Stage[main]/Tomcat/Exec[configure native library /usr/local/src]/returns: Try 'dirname --help' for more information.
Notice: /Stage[main]/Tomcat/Exec[configure native library /usr/local/src]/returns: dirname: missing operand
Notice: /Stage[main]/Tomcat/Exec[configure native library /usr/local/src]/returns: Try 'dirname --help' for more information.
Notice: /Stage[main]/Tomcat/Exec[configure native library /usr/local/src]/returns: dirname: missing operand
Notice: /Stage[main]/Tomcat/Exec[configure native library /usr/local/src]/returns: Try 'dirname --help' for more information.
Notice: /Stage[main]/Tomcat/Exec[configure native library /usr/local/src]/returns: checking build system type... x86_64-unknown-linux-gnu
Notice: /Stage[main]/Tomcat/Exec[configure native library /usr/local/src]/returns: checking host system type... x86_64-unknown-linux-gnu
Notice: /Stage[main]/Tomcat/Exec[configure native library /usr/local/src]/returns: checking target system type... x86_64-unknown-linux-gnu
Notice: /Stage[main]/Tomcat/Exec[configure native library /usr/local/src]/returns: checking for a BSD-compatible install... /usr/bin/install -c
Notice: /Stage[main]/Tomcat/Exec[configure native library /usr/local/src]/returns: checking for working mkdir -p... yes
Notice: /Stage[main]/Tomcat/Exec[configure native library /usr/local/src]/returns: Tomcat Native Version: 1.1.33
Notice: /Stage[main]/Tomcat/Exec[configure native library /usr/local/src]/returns: checking for chosen layout... tcnative
Notice: /Stage[main]/Tomcat/Exec[configure native library /usr/local/src]/returns: checking for APR... yes
Notice: /Stage[main]/Tomcat/Exec[configure native library /usr/local/src]/returns:   setting CC to "gcc"
Notice: /Stage[main]/Tomcat/Exec[configure native library /usr/local/src]/returns:   setting CPP to "gcc -E"
Notice: /Stage[main]/Tomcat/Exec[configure native library /usr/local/src]/returns: checking for JDK location (please wait)... configure: error: Not a directory:
Error: bash -c "./configure --with-apr=/usr/bin/apr-1-config --with-java-home=$(dirname $(dirname $(dirname $(find / -xdev -iname jni_md.h | head -n1))))" returned 1 instead of one of [0]
Error: /Stage[main]/Tomcat/Exec[configure native library /usr/local/src]/returns: change from notrun to 0 failed: bash -c "./configure --with-apr=/usr/bin/apr-1-config --with-java-home=$(dirname $(dirname $(dirname $(find / -xdev -iname jni_md.h | head -n1))))" returned 1 instead of one of [0]

tomcat agent

tomcat::agent { 'tomcat-8080':
  agent_name => 'demo',
  jar_name => 'demo',
  tar_source => 'puppet:///solr/apache-tomcat-7.0.62.tar.gz',
}

Reference

Global variables

• eyptomcat::shutdowncommand: Defines a string to be used to shutdown tomcat (default: SHUTDOWN)

classes

tomcat

• installation options (at least one is required):
  • tomcat_src: resource with the tomcat package (default: undef)
  • tomcat_url: URL to download the tomcat package (default: undef)
• other options:
  • manage_tomcat_user: Manage or not the tomcat_user user (default: true)
  • tomcat_user: User to run tomcat (default: tomcat)
  • tomcat_user_home: tomcat user home dir (default: /home/tomcat)
  • tomcat_user_shell: tomcat user shell (default: /bin/bash)
  • catalina_home: where to install tomcat (default: /opt/tomcat-home)
  • srcdir: Place to store .tar.gz and other temporal files (default: /usr/local/src)
  • nativelibrary: Install tomcat native library (default: true)

defines

tomcat::instance

references:

• [http://www.fasterj.com/articles/oraclecollectors1.shtml](Oracle JVM Garbage Collectors)
• [https://blog.codecentric.de/en/2013/10/useful-jvm-flags-part-7-cms-collector/](Useful JVM Flags – Part 7 (CMS Collector))
• [http://blog.sokolenko.me/2014/11/javavm-options-production.html](JVM options for production)

NOTE: please be aware some options might not be available for your specific tomcat version

instance options:

• service options:
  • ensure = 'running',
  • manage_service = true,
  • manage_docker_service = true,
  • enable = true,
• other options:
  • tomcatpw: Password for tomcat GUI user (default: password, must be changed)
  • catalina_base = "/opt/${name}",
  • instancename = $name,
  • pwdigest: Hashing algorithm for tomcat-users.xml file, valid values: sha, plaintext (default: sha)
  • tomcat_user = $tomcat::params::default_tomcat_user,
  • server_info: server identification for this version of Tomcat (default: .)
  • server_number: server's version number (default: .)
  • server_built: server built time for this version of Tomcat (default: .)
  • xmx: JVM max memory: (default: 512m)
  • xms: JVM start memory: (default: 512m)
  • maxpermsize: JVM -XX:MaxPermSize (if available): (default: 512m)
  • permsize: JVM -XX:PermSize (default: undef)
  • shutdown_port: shutdown port (default: 8005)
  • shutdown_address: shutdown listen address (default: 127.0.0.1)
  • ajp_port: AJP listen port (default: undef)
  • connector_port: HTTP connector port (default: 8080)
  • connector_http_server: HTTP server Header (default: undef which adds the default name: Server: Apache-Coyote/1.1)
  • jmx_port: JMX listen port (default: 8999)
  • redirectPort = '8443',
  • realms = undef,
  • values = undef,
  • errorReportValveClass = undef,
  • maxThreads: tomcat max threads (default: 150)
  • minSpareThreads = '4',
  • connectionTimeout = '20000',
  • lockoutrealm = true,
  • userdatabase = true,
  • extra_vars = undef,
  • system_properties = undef,
  • rmi_server_hostname = undef,
  • catalina_rotate: if eyp-logrotate is available defines a daily catalina.out rotation with this value retention (default: 15)
  • catalina_size: if eyp-logrotate is available defines a max size to rotate catalina.out (default: 100M)
  • heapdump_oom_dir: heapdump dir, if defined enables heapdumping (default: undef)
  • install_tomcat_manager = true,
  • shutdown_command: shutdown command for the shutdown port (default: eyptomcat::shutdowncommand which, by default, is SHUTDOWN)
  • java_library_path: -Djava.library.path (default: undef)
  • java_home = undef,
  • webapps_owner: webapps folder owner
  • webapps_group: webapps folder group
  • webapps_mode: webapps folder mode
  • custom_webxml: copies web.xml from catalina_home to catalina_base. If you need to use a custom web.xml you are going to need to set it to true. (default: false)
  • catalina_stop_options: Options to stop tomcat (default: stop) - It must be a string
  • use_par_new_gc: Uses a parallel version of the young generation copying collector alongside the default collector. This minimizes pauses by using all available CPUs in parallel. The collector is compatible with both the default collector and the Concurrent Mark and Sweep (CMS) collector.
  • max_tenuring_threshold: reduce the amount of time spent in data copying in the young generation collection while avoiding promoting too many objects, by noting tenuring ages in the GC logs (default: undef)
  • survivor_ratio: Ratio of eden/survivor space size (default: undef)
  • unlock_diagnostic_vm_options = false,
  • par_gc_cards_per_stride_chunk: controls the granularity of tasks given to GC worker threads and helps get the best performance (default: undef)
  • bind_gc_task_threads_to_cpus : binds GC threads to individual CPU cores (default: false)
  • use_gc_task_affinity: allocates tasks to GC worker threads using an affinity parameter if implemented (default: false)
  • always_pre_touch: It pretouchs and set zero all the pages you have allocated during the initialization of your application (default: false)
  • scavenge_before_full_gc: Do young generation GC prior to a full GC (default: false)
  • agressive_opts: Turn on point performance compiler optimizations that are expected to be default in upcoming releases (default: false)
  • use_biased_locking: Enable biased locking (default: false)
  • print_gc_cause = false,
  • target_survivor_ratio: Desired percentage of survivor space used after scavenge (default: undef)
  • parallel_gc_threads: Sets the number of garbage collection threads in the young and old parallel garbage collectors (default: undef)
  • jvm_prefer_ip4_stack = false,
  • http_max_connections = undef,
  • rmi_port = undef,
  • connector_ajp_accept_count = undef,
  • connector_ajp_acceptor_threadcount = undef,

tomcat::agent

• jar_name: jar to deploy (required)
• agent_name: agent name, agent will be deployed on catalina_base/agent_name (required)
• install_type: installation type: source/tar/link (default: tar)
• source: file source, must be a puppet resource (for installation type source)
• file_ln: jar already in place, just add a softlink to it (for installation type link)
• tar_source: tar source, must be a puppet resource (for installation type tar)
• catalina_base: (default: /opt/${name})
• servicename: (default: $name)
• purge_old: purge old agent versions (default: false)
• ensure: (default: present)
• description: commet to add in the setenv file to identify this agent (default: undef)
• srcdir: where to keep temporal files for tar based installation type (default: /usr/local/src)

tomcat::driver::postgres

Install postgres driver for a given tomcat instance:

• catalina_base: catalina_base for the tomcat instance (default: /opt/${resource's name})
• servicename: tomcat's servicename (default: resource's name)
• jdbc_version = '4',
• postgres_version = '9.2',
• srcdir = '/usr/local/src',
• ensure = 'present',

tomcat::authenticators

• basic = 'org.apache.catalina.authenticator.BasicAuthenticator',
• form = 'org.apache.catalina.authenticator.FormAuthenticator',
• clientcert = 'org.apache.catalina.authenticator.SSLAuthenticator',
• digest = 'org.apache.catalina.authenticator.DigestAuthenticator',
• none = 'org.apache.catalina.authenticator.NonLoginAuthenticator',
• catalina_base: catalina_base for the tomcat instance (default: /opt/${resource's name})
• servicename: tomcat's servicename (default: resource's name)

tomcat::context

• sessionCookiePath = undef,
• watchedResource = 'WEB-INF/web.xml',
• manager = '',
• antiJARLocking = false,
• antiResourceLocking = false,
• catalina_base: catalina_base for the tomcat instance (default: /opt/${resource's name})
• servicename: tomcat's servicename (default: resource's name)
• path: (default: undef)
• session_cookie_name: change default session cookie name (default: undef, JSESSIONID)

tomcat::jaas

• app,
• provider,
• filter,
• username = 'tomcat',
• password = 'tomcat',
• catalina_base: catalina_base for the tomcat instance (default: /opt/${resource's name})
• servicename: tomcat's servicename (default: resource's name)

tomcat::jndi

• ldapservers,
• ldapbase,
• ldapadmin,
• ldapadminpassword,
• catalina_base: catalina_base for the tomcat instance (default: /opt/${resource's name})
• servicename: tomcat's servicename (default: resource's name)

tomcat::lib

• jar_name,
• source = undef,
• file_ln = undef,
• purge_old: purge other versions of this library (default: true)
• ensure = 'present',
• catalina_base: catalina_base for the tomcat instance (default: /opt/${resource's name})
• servicename: tomcat's servicename (default: resource's name)

tomcat::libstarball

• catalina_base: catalina_base for the tomcat instance (default: /opt/${resource's name})
• servicename: tomcat's servicename (default: resource's name)
• source,
• libstarballname = $name,
• purge_old = false,

tomcat::properties

• source,
• properties_file,
• catalina_base: catalina_base for the tomcat instance (default: /opt/${resource's name})
• servicename: tomcat's servicename (default: resource's name)
• dir: properties directory (default: conf)

tomcat::resource

• catalina_base: catalina_base for the tomcat instance (default: /opt/${resource's name})
• servicename: tomcat's servicename (default: resource's name)
• resource_type
• resource_name,
• factory = undef,
• driver_class_name = undef,
• resource_url = undef,
• username = undef,
• password = undef,
• initial_size = undef,
• max_active = undef,
• max_idle = undef,
• min_idle = undef,
• validation_query = undef,
• min_evictable_idletimemillis = undef,
• time_between_evictionrunsmillis = undef,
• numtests_per_evictionrun = undef,
• init_sql = undef,
• auth = undef,
• location = undef,

tomcat::webxml

• source,
• catalina_base: catalina_base for the tomcat instance (default: /opt/${resource's name})
• servicename: tomcat's servicename (default: resource's name)

tomcat:tomcatuser

• tomcatuser: username (mandatory)
• password: password (mandatory)
• catalina_base: catalina base (default: /opt/<resource's name>)
• servicename: instance name (default: resource's name)
• pwdigest: password format, must match instance configuration (default: sha)
• roles: list of roles (default: [ 'tomcat', 'manager', 'admin', 'manager-gui' ])

Limitations

Tested on:

• CentOS 5
• CentOS 6
• CentOS 7
• Ubuntu 14.04
• Ubuntu 16.04

But should work anywhere

Development

We are pushing to have acceptance testing in place, so any new feature must have tests to check both presence and absence of any feature

TODO

• acceptance testing for tomcat::agent
• acceptance testing manage_service=false
• review documentation for version 0.4 and 0.5
• include files for server.xml
• delete duplicated code for default vhost

Contributing

1. Fork it
2. Create your feature branch (git checkout -b my-new-feature)
3. Commit your changes (git commit -am 'Added some feature')
4. Push to the branch (git push origin my-new-feature)
5. Create new Pull Request

CHANGELOG

0.6.24

• added sendReasonPhrase option to HTTP/HTTPS connectors (tomcat >=8.5 < 9.0)

0.6.23

• added URIEncoding to AJP connector

0.6.22

• bugfix audit rules

0.6.21

• added client_https_protocols option to tomcat::instance

0.6.20

• added webapps_mode_recursive to tomcat::instance to be able to recursively change mode for webapps directory

0.6.19

• added option in tomcat::instance to be able to enable SecurityListener
• configurable directory mode for:
  • logs
  • temp
  • bin
• add default auditd rules for config files

0.6.18

• added tomcat::instance variable to control allowUnsafeLegacyRenegotiation

0.6.17

• added variable to be able to set conf's dir mode: conf_dir_mode to tomcat::intance

0.6.15

• added variable connector_ajp_redirect_port

0.6.14

• added tomcat::java_property

0.6.13

• added unlock_commercial_features, flight_recorder, debug_non_safepoints, print_string_table_statistics
• added variables to managed tomcat::webxml's file mode
• added catalina_disable_http_keepalive

0.6.12

• added maxPostSize to AJP, HTTP and HTTPS connectors

0.6.11

• added JVM options:
  • use_par_new_gc
  • max_tenuring_threshold
  • survivor_ratio
  • unlock_diagnostic_vm_options
  • par_gc_cards_per_stride_chunk
  • bind_gc_task_threads_to_cpus
  • use_gc_task_affinity
  • always_pre_touch
  • scavenge_before_full_gc
  • agressive_opts
  • use_biased_locking
  • print_gc_cause
  • target_survivor_ratio
  • parallel_gc_threads
  • http_max_connections
  • jvm_prefer_ip4_stack
  • rmi_port
  • connector_ajp_accept_count
  • connector_ajp_acceptor_threadcount

0.6.10

• added HTTPS connector and thuststore/keystore management

0.6.9

• added connector_ajp_connection_timeout to tomcat::instance

0.6.6

• bugfix start_stop_threads and connector_ajp_max_threads

0.6.4

• added custom_jar to tomcat::agent
• added connector_ajp_max_threads to tomcat::instance to define maxThreads for AJP
• added start_stop_threads to tomcat::instance
• added email notification in init script

0.6.3

• minor changes

0.6.2

• bugfix tomcat::agent: tomcat service may not be not managed

0.6.1

• added connector_http_enabled to enable/disable HTTP connector in tomcat::instance
• added config_files_mode to tomcat::instance to be able to set default mode for config files
• added file_mode to tomcat::webxml
• added default web.xml file mode under puppet management
• changed default shutdown command
• added access log related variables:
  • log_pattern
  • log_directory
  • log_prefix
  • log_suffix
  • log_resolve_hosts
• INCOMPATIBLE CHANGE: set java.awt.headless variable to true by default - it should be harmless
• added debug options:
  • debug
  • runjdwp_dt_socket_address
  • runjdwp_dt_socket_server
  • runjdwp_dt_socket_suspend
• added UseParallelGC option
• added -server option, by default is not set as each JVM, platform and architecture combination behaves differently

0.5.19

• Redirected to /dev/null possible errors when deleting pid file from init script

0.5.18

• added catalina_stop_options to tomcat::instance

0.5.17

• added -Xmn using xmn tomcat instance variable

0.5.16

• added -Xmns and -Xmnx variables
• INCOMPATIBLE CHANGE set +UseConcMarkSweepGC by default (use_concurrent_mark_sweep: true)
• added GC variables:
  • cms_initiating_occupancy_fraction
  • use_cms_initiating_occupancy_only
  • cms_scavenge_before_remark
  • cms_parallel_remark_enabled
  • print_tenuring_distribution
  • disable_explicit_gc
  • max_gc_pause_millis
  • print_gc
  • print_gc_details
  • print_gc_datestamps
  • print_gc_application_stopped_time
  • print_gc_file
• added tomcat instance variable jvm_error_file

0.5.15

• added umask variable for tomcat::instance

0.5.14

• added puppet managed banner to setenv.sh, startup.sh, shutdown.sh and init script
• added locale and encoding variables to tomcat::instance:
  • user_language
  • user_region
  • user_country
  • user_variant
  • file_encoding
  • sun_jnu_encoding
  • file_encoding_pkg

0.5.13

• java::agent notify untar on tar changes

0.5.12

• bugfix: CATALINA_OPTS loaded twice (catalina.sh & startup.sh)

0.5.11

• chown to tomcot for tomcat::agent

0.5.10

• tomcat::properties: allow custom dir

0.5.9

• bugfix mkdir srcdir dependencies on tomcat::agent

0.5.8

• bugfix: tar name in tomcat::agent

0.5.7

• added tomcat::agent::tarball_path to allow different agent tarballs for multiple instances

0.5.5

• bugfix tomcat::agent: allow installation agents on multiple instances using the same source tar

0.5.4

• tomcat::agent in tarball mode: added --no-same-owner and --strip 1

0.5.3

• bugfix tomcat-users.xml not present when userdatabase=false

0.5.2

• added variables to deploywar for file ownership and mode:
  • war_owner
  • war_group
  • war_mode

0.5.1

• added tomcat::tomcatrole as a define (tomcat::instance has been rewritten to use it)
• renamed uppercase variables from tomcat::intance:
  • redirectPort to redirect_port
  • maxThreads to max_threads
  • minSpareThreads to min_spare_threads
• deleted obsolete variable connectionTimeout from tomcat::instance

0.5.0

• INCOMPATIBLE CHANGE: renamed tomcat::instance variable errorReportValveClass to error_report_valve_class
• added variable to customize ErrorReportValve:
  • add_error_report_valve_settings (default: true)
  • error_report_valve_show_report (default: false)
  • error_report_valve_show_server_info (default: false)
• added org.apache.catalina.valves.ErrorReportValve management (showReport and showServerInfo) to be able to disable stack traces by default
• added variable to enable/disable JasperListener

0.4.53

• bugfix tomcat-users.xml dependency

0.4.52

• INCOMPATIBLE CHANGE: added variable custom_webxml to tomcat::instance (default: false) it copies web.xml from catalina_home to catalina_base (if you need to use a custom web.xml you are going to need to set it to true)

0.4.51

• added tomcat::tomcatuser (tomcat-user.xml user management)
• tomcat::instance rewritten to use tomcat::tomcatuser

0.4.50

• added tar as a installation method for tomcat::agent (changed behaviour)

0.4.49

• added catalina_logrotate_ensure to enable/disable (present/absent) logrotate configuration

0.4.48

• added ensure for tomcat::jaas, tomcat::krb5, tomcat::jndi and tomcat::login

0.4.47

• lint AD SSO

0.4.46

• tomcat AD SSO cleanup

0.4.45

• added variable for pid_file

0.4.44

• logging properties:
  • added default template for logging properties
  • INCOMPATIBLE CHANGE: changed catalina.out default date format to ISO 8601
  • added -Djava.util.logging.config.file to be able to configure an custom file
• bugfix connector_ajp_packet_size
• variables enctypes for krb5

0.4.43

• deleted eyp_tomcat_check_jdk

0.4.42

• template krb5, rc4 only

0.4.41

• template krb5
  • arcfour-hmac-md5,aes256-cts-hmac-sha1-96,aes128-cts,rc4-hmac

0.4.40

• added tomcat::valve

0.4.39

• dropped debug for JNDI realm

0.4.38

• lint

0.4.37

• added JNDI realm debug

0.4.36

• enforced group ID if tomcat_user_uid is set

0.4.35

• PID path back to /var/run
• changed startup systemd's startup user

0.4.33

• bugfix systemd PID

0.4.32

• variable tomcat_user_uid to define tomcat's uid
• added "user" variable to tomcat::resource
• changed PID path

0.4.31

• changed systemd's init script to force /bin/bash

0.4.30

• updated systemd to use PIDfile

0.4.29

• template krb5 lowercase and weak crypto to false

0.4.28

• tomcat::krb5 added allow_weak_crypto

0.4.27

• added option add_root_ln to tomcat::deploywar to create a symlink for ROOT.war

0.4.26

• init script: cd to CATALINA_BASE

0.4.25

• jaas typo

0.4.23

• pushing back use tomcat:jvmproperty for java.security.auth.login.config instead of a template

0.4.22

• bugfix tomcat::jvmproperty

0.4.21

• added debug option for jaas

0.4.20

• rollback use tomcat:jvmproperty for java.security.auth.login.config instead of a template file due to this:

# puppet agent --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Duplicate declaration: Tomcat::Jvmproperty[java.security.auth.login.config] is already declared in file /etc/instance-puppet-modules/tomcat/manifests/jaas.pp:74; cannot redeclare at /etc/instance-puppet-modules/tomcat/manifests/jaas.pp:74 on node demotomcat.systemadmin.es
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

0.4.19

• added defaults for tomcat::realm::jndi
• added tomcat::jvmproperty
• added app_base to tomcat::deploywar
• improved acceptance testing
• added concat serverxml: 29 - end host
• added tomcat::alias
• added debian 8 to acceptance testing
• tomcat::jaas rewritten to use tomcat:jvmproperty for java.security.auth.login.config instead of a template file
• tomcat::krb5:
  • added debug and forwardable options
  • added java.security.krb5.conf as a tomcat::jvmproperty
  • added javax.security.auth.useSubjectCredsOnly as tomcat::jvmproperty

0.4.18

• minor change krb5 template

0.4.17

• added default_keytab

0.4.15

• contextxml lint

0.4.14

• rewrite servei instancia

0.4.12

• keytab full path

0.4.11

• added tomcat::deploywar

0.4.10

• bugfix krb5 file naming

0.4.9

• tomcat::contextxml::environment and tomcat::contextxml::resourcelink aligment
• bugfix SPN tomcat::jaas
• tomcat::krb5 added keytab_source

0.4.8

• tomcat::contextxml: bugfix
• deleted type option from tomcat::jaas
• renaming variables from tomcat::jaas for krb5 to a more meaningful name

0.4.7

• tomcat::contextxml:
  • estil tomcat::contextxml
  • INCOMPATIBLE CHANGE: manager default value changed from '' to undef

0.4.6

• bugfix tomcat::contextxml

0.4.5

• added enable_default_access_log to be able to disable default Valve

0.4.4

• tomcat::context:
  • reloadable set by default to true
  • path is now mandatory
  • path related bugfix

0.4.3

• flag to be able to disable version_logger_listener

0.4.2

• added option packetSize (connector_ajp_packet_size) for the AJP connector

0.4.1

Major release with incompatible changes, please review this list carefully:

• added combined realm by default to allow multiple realms (COMPATIBILITY ISSUE: LockOutRealm cannot be enabled on tomcat 7.0.32 or older because we are using CombinedRealm by default)
• added jvmRoute support as jvm_route
• server.xml concat rewrite - it's going to change due to this, service will be restarted unless manage_service is set to false
• tomcat::resource added max_wait
• added tomcat::realm::jndi
• added tomcat::catalinapolicy
• added tomcat::login
• added tomcat::context for server.xml context definition
• tomcat::context renamed to tomcat::contextxml:
  • INCOMPABLE CHANGE variable rename:
    • watchedResource to watched_resource
    • antiJARLocking to anti_jar_locking, changed default value from false to undef
    • sessionCookiePath to session_cookie_path
    • antiResourceLocking to anti_resource_locking, changed default value from false to undef
• addded tomcat::loggingproperties (from source file)
• modified startup, shutdown and configtest scripts to be able to work in a CATALINA_HOME==CATALINA_BASE environments
• tomcat configtest WARNING init script it's going to change, service will be reloaded unless manage_service is set to false
• added the following tomcat::instance options WARNING server.xml
  • connector_http_max_header_size
  • connector_http_max_threads
  • connector_http_min_spare_threads
  • connector_http_max_spare_threads
  • connector_http_enable_lookups
  • connector_http_accept_count
  • WARNING renamed connectionTimeout to connector_http_connection_timeout
  • connector_http_disable_upload_timeout
  • connector_http_uri_encoding
  • xml_validation
  • xml_namespace_aware

0.3.17

• bugfix: added notification on systemd changes

0.3.16

• bugfix: avoid service notifications if manage_service=false

0.3.15

• bugfix: honor userdatabase setting

0.3.12

• added path and session_cookie_name to tomcat::context

0.3.11

• added configurable HTTP Server header (connector_http_server) to tomcat::instance

0.3.10

• Added tomcat::agent

0.3.9

• SERVICE RESTART REQUIRED (unless manage_service=false) - added headpdump and treadump functions to init script:

Info: Computing checksum on file /etc/init.d/tomcat-8081
Info: /Stage[main]/Main/Node[ldapm]/Tomcat::Instance[tomcat-8081]/File[/etc/init.d/tomcat-8081]: Filebucketed /etc/init.d/tomcat-8081 to puppet with sum b06f4ada432b23db81a6c8d33a311e78
Notice: /Stage[main]/Main/Node[ldapm]/Tomcat::Instance[tomcat-8081]/File[/etc/init.d/tomcat-8081]/content: content changed '{md5}b06f4ada432b23db81a6c8d33a311e78' to '{md5}ecb7c3003a37ac6bc8f3940adc1cc717'
Info: /Stage[main]/Main/Node[ldapm]/Tomcat::Instance[tomcat-8081]/File[/etc/init.d/tomcat-8081]: Scheduling refresh of Service[tomcat-8081]
Notice: /Stage[main]/Main/Node[ldapm]/Tomcat::Instance[tomcat-8081]/Service[tomcat-8081]: Triggered 'refresh' from 1 events

(...)

0.3.0

• INCOMPATIBLE CHANGE: variable rename:
  • LockOutRealm to lockoutrealm
  • UserDatabase to userdatabase