testing tomcat8 deploy

.gitignore

@@ -1 +1,2 @@
 *.sw[pon]
+hieradata/local.yaml

hiera.yaml

@@ -4,4 +4,5 @@
 :yaml:
   :datadir: ./hieradata
 :hierarchy:
+  - local
   - common

manifests/first.pp

@@ -51,3 +51,5 @@
     require => Exec["generate-jinfo"],
     user => 'root',
 }
+
+#### Tomcat 8

modules/tomcat8/files/catalina.policy

@@ -0,0 +1,198 @@
+// AUTO-GENERATED FILE from /opt/tomcat8/conf/policy.d/
+
+// Licensed to the Apache Software Foundation (ASF) under one or more
+// contributor license agreements.  See the NOTICE file distributed with
+// this work for additional information regarding copyright ownership.
+// The ASF licenses this file to You under the Apache License, Version 2.0
+// (the "License"); you may not use this file except in compliance with
+// the License.  You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// ============================================================================
+// catalina.corepolicy - Security Policy Permissions for Tomcat 6
+//
+// This file contains a default set of security policies to be enforced (by the
+// JVM) when Catalina is executed with the "-security" option.  In addition
+// to the permissions granted here, the following additional permissions are
+// granted to the codebase specific to each web application:
+//
+// * Read access to the document root directory
+//
+// $Id: catalina.policy 609294 2008-01-06 11:43:46Z markt $
+// ============================================================================
+
+
+// ========== SYSTEM CODE PERMISSIONS =========================================
+
+
+// These permissions apply to javac
+grant codeBase "file:${java.home}/lib/-" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to all shared system extensions
+grant codeBase "file:${java.home}/jre/lib/ext/-" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre
+grant codeBase "file:${java.home}/../lib/-" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to all shared system extensions when
+// ${java.home} points at $JAVA_HOME/jre
+grant codeBase "file:${java.home}/lib/ext/-" {
+        permission java.security.AllPermission;
+};
+// These permissions apply to all JARs from Debian packages
+grant codeBase "file:/usr/share/java/-" {
+  permission java.security.AllPermission;
+};
+grant codeBase "file:/usr/share/maven-repo/-" {
+  permission java.security.AllPermission;
+};
+grant codeBase "file:/usr/share/ant/lib/-" {
+  permission java.security.AllPermission;
+};
+// ========== CATALINA CODE PERMISSIONS =======================================
+
+
+// These permissions apply to the logging API
+grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
+        //permission java.util.PropertyPermission "java.util.logging.config.class", "read";
+        //permission java.util.PropertyPermission "java.util.logging.config.file", "read";
+	permission java.security.AllPermission;
+        permission java.lang.RuntimePermission "shutdownHooks";
+        permission java.io.FilePermission "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read";
+        permission java.util.PropertyPermission "catalina.base", "read";
+        permission java.util.logging.LoggingPermission "control";
+        permission java.io.FilePermission "${catalina.base}${file.separator}logs", "read, write";
+        permission java.io.FilePermission "${catalina.base}${file.separator}logs${file.separator}*", "read, write";
+        permission java.lang.RuntimePermission "getClassLoader";
+        permission java.lang.RuntimePermission "setContextClassLoader";
+        // To enable per context logging configuration, permit read access to the appropriate file.
+        // Be sure that the logging configuration is secure before enabling such access
+        // eg for the examples web application:
+        // permission java.io.FilePermission "${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties", "read";
+};
+
+// These permissions apply to the server startup code
+grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to the servlet API classes
+// and those that are shared across all class loaders
+// located in the "lib" directory
+grant codeBase "file:${catalina.home}/lib/-" {
+        permission java.security.AllPermission;
+};
+// ========== WEB APPLICATION PERMISSIONS =====================================
+
+
+// These permissions are granted by default to all web applications
+// In addition, a web application will be given a read FilePermission
+// and JndiPermission for all files and directories in its document root.
+grant { 
+    // Required for JNDI lookup of named JDBC DataSource's and
+    // javamail named MimePart DataSource used to send mail
+    permission java.util.PropertyPermission "java.home", "read";
+    permission java.util.PropertyPermission "java.naming.*", "read";
+    permission java.util.PropertyPermission "javax.sql.*", "read";
+
+    // OS Specific properties to allow read access
+    permission java.util.PropertyPermission "os.name", "read";
+    permission java.util.PropertyPermission "os.version", "read";
+    permission java.util.PropertyPermission "os.arch", "read";
+    permission java.util.PropertyPermission "file.separator", "read";
+    permission java.util.PropertyPermission "path.separator", "read";
+    permission java.util.PropertyPermission "line.separator", "read";
+
+    // JVM properties to allow read access
+    permission java.util.PropertyPermission "java.version", "read";
+    permission java.util.PropertyPermission "java.vendor", "read";
+    permission java.util.PropertyPermission "java.vendor.url", "read";
+    permission java.util.PropertyPermission "java.class.version", "read";
+    permission java.util.PropertyPermission "java.specification.version", "read";
+    permission java.util.PropertyPermission "java.specification.vendor", "read";
+    permission java.util.PropertyPermission "java.specification.name", "read";
+
+    permission java.util.PropertyPermission "java.vm.specification.version", "read";
+    permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
+    permission java.util.PropertyPermission "java.vm.specification.name", "read";
+    permission java.util.PropertyPermission "java.vm.version", "read";
+    permission java.util.PropertyPermission "java.vm.vendor", "read";
+    permission java.util.PropertyPermission "java.vm.name", "read";
+
+    // Required for OpenJMX
+    permission java.lang.RuntimePermission "getAttribute";
+
+    // Allow read of JAXP compliant XML parser debug
+    permission java.util.PropertyPermission "jaxp.debug", "read";
+
+    // Precompiled JSPs need access to this package.
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime.*";
+
+    // Example JSPs need those to work properly
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el";
+    permission java.lang.RuntimePermission "accessDeclaredMembers";
+
+    // Precompiled JSPs need access to this system property.
+    permission java.util.PropertyPermission "org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "read";
+
+    // java.io.tmpdir should be usable as a temporary file directory
+    permission java.util.PropertyPermission "java.io.tmpdir", "read";
+    permission java.io.FilePermission "${java.io.tmpdir}/-", "read,write,delete";
+
+};
+// You can assign additional permissions to particular web applications by
+// adding additional "grant" entries here, based on the code base for that
+// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files.
+//
+// Different permissions can be granted to JSP pages, classes loaded from
+// the /WEB-INF/classes/ directory, all jar files in the /WEB-INF/lib/
+// directory, or even to individual jar files in the /WEB-INF/lib/ directory.
+//
+// For instance, assume that the standard "examples" application
+// included a JDBC driver that needed to establish a network connection to the
+// corresponding database and used the scrape taglib to get the weather from
+// the NOAA web server.  You might create a "grant" entries like this:
+//
+// The permissions granted to the context root directory apply to JSP pages.
+// grant codeBase "file:${catalina.base}/webapps/examples/-" {
+//      permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
+//      permission java.net.SocketPermission "*.noaa.gov:80", "connect";
+// };
+//
+// The permissions granted to the context WEB-INF/classes directory
+// grant codeBase "file:${catalina.base}/webapps/examples/WEB-INF/classes/-" {
+// };
+//
+// The permission granted to your JDBC driver
+// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/driver.jar!/-" {
+//      permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
+// };
+// The permission granted to the scrape taglib
+// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/scrape.jar!/-" {
+//      permission java.net.SocketPermission "*.noaa.gov:80", "connect";
+// };
+
+grant codebase "file:/installations/dspace/-" {
+  permission java.security.AllPermission;
+};
+
+grant codeBase "file:${catalina.home}/webapps/manager/-" {
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.*";
+};

modules/tomcat8/manifests/init.pp

@@ -0,0 +1,120 @@
+class tomcat8(
+  $install_dir    = hiera('tomcat8::install_dir',    '/opt' ),
+  $ensure         = 'installed',
+  $from           = hiera('tomcat8::from'),
+  $keypath           = hiera('tomcat8::keypath'),
+  ) {
+
+  if $ensure == 'installed' {
+    # Set default exec path for this module
+    Exec { path  => ['/usr/bin', '/usr/sbin', '/bin'] }
+
+	#fixed mirror, version
+        $downloadURI = "http://mirror.hosting90.cz/apache/tomcat/tomcat-8/v8.0.23/bin/apache-tomcat-8.0.23.tar.gz"
+
+    if ! defined(File[$install_dir]) {
+      file { $install_dir:
+        ensure  => directory,
+      }
+    }
+
+    $installerFilename = inline_template('<%= File.basename(@downloadURI) %>')
+
+      exec { 'get_tomcat':
+        cwd     => $install_dir,
+        creates => "${install_dir}/${installerFilename}",
+        command => "wget -c --no-cookies --no-check-certificate \"${downloadURI}\" -O ${installerFilename}",
+        timeout => 600,
+        require => Package['wget'],
+      }
+
+      file { "${install_dir}/${installerFilename}":
+        mode    => '0755',
+        require => Exec['get_tomcat'],
+      }
+
+      if ! defined(Package['wget']) {
+        package { 'wget':
+          ensure =>  present,
+        }
+      }
+
+    # tarball so just extract it.
+      $dirname = regsubst($installerFilename, '(.*)\.tar\.gz', '\1')
+      exec { 'extract_tomcat':
+        cwd     => "${install_dir}/",
+        command => "tar -xzf ${installerFilename}",
+        creates => "${install_dir}/${dirname}",
+        require => Exec['get_tomcat'],
+      }
+
+      file { "${install_dir}/tomcat8":
+    	ensure => link,
+	    target => "${install_dir}/${dirname}",
+	    require => Exec['extract_tomcat'],
+      }
+
+    $var_dirs = ["/var/lib/tomcat8", "/var/lib/tomcat8/temp", "/var/lib/tomcat8/webapps",
+    "/var/log/tomcat8", "/var/cache/tomcat8", "/var/cache/tomcat8/Catalina"]
+    file {$var_dirs:
+        ensure => directory,
+    }
+    file { '/var/lib/tomcat8/logs':
+        ensure => link,
+        target => '/var/log/tomcat8',
+    }
+    file { '/var/lib/tomcat8/work':
+        ensure => link,
+        target => '/var/cache/tomcat8',
+    }
+    file { '/var/lib/tomcat8/conf':
+        ensure => link,
+        target => "${install_dir}/tomcat8/conf",
+    }
+    file{ '/var/lib/tomcat8/work/catalina.policy':
+        ensure => file,
+        source => 'puppet:///modules/tomcat8/catalina.policy',
+    }
+    exec { 'scp_policy.d':
+        command => "scp -r -i ${keypath} -o StrictHostKeyChecking=no ${from}:/opt/tomcat8/conf/policy.d ${install_dir}/tomcat8/conf/",
+        creates => "${install_dir}/tomcat8/conf/policy.d",
+        require => File["${install_dir}/tomcat8"],
+    }
+    exec { 'scp_init_script':
+        command => "scp -r -i ${keypath} -o StrictHostKeyChecking=no ${from}:/etc/init.d/tomcat8 /etc/init.d/",
+        creates => "/etc/init.d/tomcat8",
+        require => File["${install_dir}/tomcat8"],
+        notify => Exec['cleanup_init']
+    }
+    exec {'cleanup_init':
+        command => "sed -i -e \"s/tomcat6/tomcat/g\" -e \"s#/opt/\$NAME#${install_dir}/tomcat8#g\" /etc/init.d/tomcat8"
+    }
+    #user { "tomcat":
+    #    ensure => present,
+    #    managehome => true,
+    #    shell => '/bin/bash',
+    #}
+    #service { "tomcat8":
+    #    ensure => running,
+    #    enable => true,
+    #    reguire => Exec['scp_init_scrip'],
+    #}
+
+#probe
+#native
+#user on files
+
+
+    # Ensure that files belong to tomcat
+    #file {$java_home:
+    #  recurse   => true,
+    #  owner     => root,
+    #  group     => root,
+    #  subscribe => Exec['extract_tomcat'],
+    #}
+
+    # Set links depending on osfamily or operating system fact
+  }
+}
+
+class { 'tomcat8':}