action :configure do base_instance = "tomcat#{node['tomcat']['base_version']}" # Set defaults for resource attributes from node attributes. We can't do # this in the resource declaration because node isn't populated yet when # that runs [:catalina_options, :java_options, :use_security_manager, :authbind, :max_threads, :ssl_max_threads, :ssl_cert_file, :ssl_key_file, :ssl_chain_files, :keystore_file, :keystore_type, :truststore_file, :truststore_type, :certificate_dn, :loglevel, :tomcat_auth, :user, :group, :tmp_dir, :lib_dir, :endorsed_dir].each do |attr| if not new_resource.instance_variable_get("@#{attr}") new_resource.instance_variable_set("@#{attr}", node['tomcat'][attr]) end end if new_resource.name == 'base' instance = base_instance # If they weren't set explicitly, set these paths to the default [:base, :home, :config_dir, :log_dir, :work_dir, :context_dir, :webapp_dir].each do |attr| if not new_resource.instance_variable_get("@#{attr}") new_resource.instance_variable_set("@#{attr}", node["tomcat"][attr]) end end else # Use a unique name for this instance instance = "#{base_instance}-#{new_resource.name}" # If they weren't set explicitly, set these paths to the default with # the base instance name replaced with our own [:base, :home, :config_dir, :log_dir, :work_dir, :context_dir, :webapp_dir].each do |attr| if not new_resource.instance_variable_get("@#{attr}") and node["tomcat"][attr] new = node["tomcat"][attr].sub("tomcat#{node['tomcat']['base_version']}", "#{instance}") new_resource.instance_variable_set("@#{attr}", new) end end # Create the directories, since the OS package wouldn't have [:base, :config_dir, :context_dir].each do |attr| directory new_resource.instance_variable_get("@#{attr}") do mode '0755' recursive true end end [:log_dir, :work_dir, :webapp_dir].each do |attr| directory new_resource.instance_variable_get("@#{attr}") do mode '0755' recursive true user new_resource.user group new_resource.group end end # Don't make a separate home, just link to base if new_resource.home != new_resource.base link "#{new_resource.home}" do to "#{new_resource.base}" end end # config_dir needs symlinks to the files we're not going to create ['catalina.policy', 'catalina.properties', 'context.xml', 'tomcat-users.xml', 'web.xml'].each do |file| link "#{new_resource.config_dir}/#{file}" do to "#{node['tomcat']['config_dir']}/#{file}" end end # The base also needs a bunch of to symlinks inside it ['bin', 'lib'].each do |dir| link "#{new_resource.base}/#{dir}" do to "#{node['tomcat']['base']}/#{dir}" end end {'conf' => 'config_dir', 'logs' => 'log_dir', 'temp' => 'tmp_dir', 'work' => 'work_dir', 'webapps' => 'webapp_dir'}.each do |name, attr| link "#{new_resource.base}/#{name}" do to new_resource.instance_variable_get("@#{attr}") end end # Make a copy of the init script for this instance execute "/etc/init.d/#{instance}" do command <<-EOH cp /etc/init.d/#{base_instance} /etc/init.d/#{instance} perl -i -pe 's/#{base_instance}/#{instance}/g' /etc/init.d/#{instance} EOH end end # Even for the base instance, the OS package may not make this directory directory new_resource.endorsed_dir do mode '0755' recursive true end unless new_resource.truststore_file.nil? java_options = new_resource.java_options.to_s java_options << " -Djavax.net.ssl.trustStore=#{new_resource.config_dir}/#{new_resource.truststore_file}" java_options << " -Djavax.net.ssl.trustStorePassword=#{new_resource.truststore_password}" new_resource.java_options = java_options end case node['platform'] when 'centos', 'redhat', 'fedora', 'amazon', 'oracle' template "/etc/sysconfig/#{instance}" do source 'sysconfig_tomcat6.erb' variables ({ :user => new_resource.user, :home => new_resource.home, :base => new_resource.base, :java_options => new_resource.java_options, :use_security_manager => new_resource.use_security_manager, :tmp_dir => new_resource.tmp_dir, :catalina_options => new_resource.catalina_options, :endorsed_dir => new_resource.endorsed_dir }) owner 'root' group 'root' mode '0644' notifies :restart, "service[#{instance}]" end when 'smartos' # SmartOS doesn't support multiple instances template "#{new_resource.base}/bin/setenv.sh" do source 'setenv.sh.erb' owner 'root' group 'root' mode '0644' notifies :restart, "service[#{instance}]" end else template "/etc/default/#{instance}" do source 'default_tomcat6.erb' variables ({ :user => new_resource.user, :group => new_resource.group, :home => new_resource.home, :base => new_resource.base, :java_options => new_resource.java_options, :use_security_manager => new_resource.use_security_manager, :tmp_dir => new_resource.tmp_dir, :authbind => new_resource.authbind, :catalina_options => new_resource.catalina_options, :endorsed_dir => new_resource.endorsed_dir }) owner 'root' group 'root' mode '0644' notifies :restart, "service[#{instance}]" end end template "#{new_resource.config_dir}/server.xml" do source 'server.xml.erb' variables ({ :port => new_resource.port, :proxy_port => new_resource.proxy_port, :ssl_port => new_resource.ssl_port, :ssl_proxy_port => new_resource.ssl_proxy_port, :ajp_port => new_resource.ajp_port, :shutdown_port => new_resource.shutdown_port, :max_threads => new_resource.max_threads, :ssl_max_threads => new_resource.ssl_max_threads, :keystore_file => new_resource.keystore_file, :keystore_type => new_resource.keystore_type, :tomcat_auth => new_resource.tomcat_auth, :config_dir => new_resource.config_dir, }) owner 'root' group 'root' mode '0644' notifies :restart, "service[#{instance}]" end template "#{new_resource.config_dir}/logging.properties" do source 'logging.properties.erb' owner 'root' group 'root' mode '0644' notifies :restart, "service[#{instance}]" end if new_resource.ssl_cert_file.nil? execute 'Create Tomcat SSL certificate' do group new_resource.group command <<-EOH #{node['tomcat']['keytool']} \ -genkey \ -keystore "#{new_resource.config_dir}/#{new_resource.keystore_file}" \ -storepass "#{node['tomcat']['keystore_password']}" \ -keypass "#{node['tomcat']['keystore_password']}" \ -dname "#{node['tomcat']['certificate_dn']}" EOH umask 0007 creates "#{new_resource.config_dir}/#{new_resource.keystore_file}" action :run notifies :restart, "service[#{instance}]" end else script "create_keystore-#{instance}" do interpreter 'bash' action :nothing cwd new_resource.config_dir code <<-EOH cat #{new_resource.ssl_chain_files.join(' ')} > cacerts.pem openssl pkcs12 -export \ -inkey #{new_resource.ssl_key_file} \ -in #{new_resource.ssl_cert_file} \ -chain \ -CAfile cacerts.pem \ -password pass:#{node['tomcat']['keystore_password']} \ -out #{new_resource.keystore_file} EOH notifies :restart, "service[tomcat]" end cookbook_file "#{new_resource.config_dir}/#{new_resource.ssl_cert_file}" do mode '0644' notifies :run, "script[create_keystore-#{instance}]" end cookbook_file "#{new_resource.config_dir}/#{new_resource.ssl_key_file}" do mode '0644' notifies :run, "script[create_keystore-#{instance}]" end new_resource.ssl_chain_files.each do |cert| cookbook_file "#{new_resource.config_dir}/#{cert}" do mode '0644' notifies :run, "script[create_keystore-#{instance}]" end end end unless new_resource.truststore_file.nil? cookbook_file "#{new_resource.config_dir}/#{new_resource.truststore_file}" do mode '0644' end end service "#{instance}" do case node['platform'] when 'centos', 'redhat', 'fedora', 'amazon' service_name "#{instance}" supports :restart => true, :status => true when 'debian', 'ubuntu' service_name "#{instance}" supports :restart => true, :reload => false, :status => true when 'smartos' # SmartOS doesn't support multiple instances service_name 'tomcat' supports :restart => false, :reload => false, :status => true else service_name "#{instance}" end action [:start, :enable] notifies :run, "execute[wait for #{instance}]", :immediately retries 4 retry_delay 30 end execute "wait for #{instance}" do command 'sleep 5' action :nothing end end