diff --git a/README.md b/README.md
index 05218fc0..90c4370f 100644
--- a/README.md
+++ b/README.md
@@ -92,7 +92,7 @@ To enable the collection to install JBoss Web Server from local archive files:
> **Note:** By default, the collection installs the main application server archive only. If you also want to install the native archive, ensure that you copy the native archive file to your control node and set the `jws_native` variable to `True`.
-> **Note:** If you did not change the archive file names, you do not need to set the `zipfile_name` and `native_zipfile` variables. The collection uses the JBoss Web Server version to determine the default file names automatically.
+> **Note:** If you did not change the archive file names, you do not need to set the `zipfile_name` and `native_zipfile` variables. The collection uses the JBoss Web Server version to determine the default file names automatically.
4. If you also want to install the latest cumulative patches for the appropriate JBoss Web Server version, copy the archive files for the latest patch updates to your Ansible control node. Then set the `jws_apply_patches` variable to `True`:
@@ -114,7 +114,7 @@ If you want the collection to install JBoss Web Server from RPM packages, you mu
- You have a working internet connection that the collection can use to obtain the RPM packages from Red Hat.
-> **Note:** When you enable the RPM installation method, the collection always installs the latest available RPM packages for the latest JBoss Web Server version, including any patch updates.
+> **Note:** When you enable the RPM installation method, the collection always installs the latest available RPM packages for the latest JBoss Web Server version, including any patch updates.
To enable the collection to install JBoss Web Server from RPM packages, set the `jws_install_method` variable to `rpm` on your Ansible control node:
@@ -286,7 +286,7 @@ For example:
- ansible.builtin.copy:
src: files/jolokia-war-1.7.1.war
dest: "{{ jws_home }}/tomcat/webapps/"
- remote_src: yes
+ remote_src: True
- To deploy an application by using a symbolic link or hard link to the `.war` file, which avoids duplicating the file, use the [file:](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/file_module.html) module:
diff --git a/molecule/ajp_or_https/prepare.yml b/molecule/ajp_or_https/prepare.yml
index b09a0cbc..684993bc 100644
--- a/molecule/ajp_or_https/prepare.yml
+++ b/molecule/ajp_or_https/prepare.yml
@@ -10,7 +10,10 @@
- "{{ assets_server }}/webserver/5.6.0/jws-5.6.0-application-server.zip"
- name: "Deploy https certificate"
- become: yes
+ become: True
ansible.builtin.copy:
src: ./resources/keystore.jks
dest: /etc/ssl/
+ mode: 0644
+ owner: root
+ group: root
diff --git a/molecule/force_install/converge.yml b/molecule/force_install/converge.yml
index f0e144ce..02c242ea 100644
--- a/molecule/force_install/converge.yml
+++ b/molecule/force_install/converge.yml
@@ -8,6 +8,9 @@
when:
- "(lookup('env', 'PWD') | default('/opt') + '/jws-5.7.0-application-server.zip') is exists"
- jws_version is defined
+ vars:
+ jws_apply_patches: False
+ jws_selinux_enabled: False
roles:
- role: middleware_automation.jws.jws
jws_setup: true
@@ -16,3 +19,4 @@
jws_service_systemd_type: forking
jws_force_install: true
jws_java_version: 11
+ jws_native: False
diff --git a/molecule/force_install/prepare.yml b/molecule/force_install/prepare.yml
index 5f9c0183..1adb0ed8 100644
--- a/molecule/force_install/prepare.yml
+++ b/molecule/force_install/prepare.yml
@@ -2,7 +2,6 @@
- name: Prepare
hosts: all
tasks:
-
- name: "Run preparation common to all scenario"
ansible.builtin.include_tasks: ../common_prepare.yml
vars:
@@ -12,10 +11,11 @@
- name: "Older version installation"
hosts: all
+ vars:
+ jws_apply_patches: False
+ tomcat_version: 9.0.80
vars_files:
- ../../playbooks/vars.yml
- collections:
- - middleware_automation.jws
pre_tasks:
- name: "Set JWS version if resource available"
ansible.builtin.set_fact:
@@ -24,5 +24,5 @@
- "(lookup('env', 'PWD') | default('/opt') + '/jws-5.5.0-application-server.zip') is exists"
- jws_version is defined
roles:
- - role: jws
- tomcat_version: 9.0.80
+ - role: middleware_automation.jws.jws
+ jws_native: False
diff --git a/molecule/force_install/verify.yml b/molecule/force_install/verify.yml
index 7332849f..5fe430b3 100644
--- a/molecule/force_install/verify.yml
+++ b/molecule/force_install/verify.yml
@@ -1,8 +1,11 @@
---
- name: Verify
hosts: instance
- collections:
- - middleware_automation.jws
+ vars:
+ jws_apply_patches: False
+ jws_java_version: 11
+ jws_native: False
+ jws_selinux_enabled: False
pre_tasks:
- name: "Set JWS version if resource available"
ansible.builtin.set_fact:
@@ -11,5 +14,4 @@
- "(lookup('env', 'PWD') | default('/opt') + '/jws-5.7.0-application-server.zip') is exists"
- jws_version is defined
roles:
- - role: jws_validation
- jws_java_version: 11
+ - role: middleware_automation.jws.jws_validation
diff --git a/molecule/override_server_xml/converge.yml b/molecule/override_server_xml/converge.yml
index 14eb50a6..a0bda11c 100644
--- a/molecule/override_server_xml/converge.yml
+++ b/molecule/override_server_xml/converge.yml
@@ -4,6 +4,8 @@
vars:
# following value set the jvmRoute attribute (specific to override template)
jvm_route: jvm_route_1
+ jws_apply_patches: False
+ jws_selinux_enabled: False
roles:
- role: middleware_automation.jws.jws
jws_home: /opt/custom
@@ -12,3 +14,4 @@
jws_systemd_enabled: True
jws_service_systemd_type: forking
jws_java_version: 17
+ jws_native: False
diff --git a/molecule/override_server_xml/verify.yml b/molecule/override_server_xml/verify.yml
index 1c71fa20..b5b8b272 100644
--- a/molecule/override_server_xml/verify.yml
+++ b/molecule/override_server_xml/verify.yml
@@ -6,23 +6,23 @@
jws_listen_https_port: 8443
jws_listen_https_bind_address: localhost
jvm_route: jvm_route_1
- collections:
- - middleware_automation.jws
+ jws_selinux_enabled: False
roles:
- - jws_validation
+ - middleware_automation.jws.jws_validation
post_tasks:
- - ansible.builtin.set_fact:
+ - name: "Set server.xml path relative to jws home"
+ ansible.builtin.set_fact:
path_to_server_xml: "{{ jws_home }}/conf/server.xml"
- name: "Read content of {{ path_to_server_xml }}"
- become: yes
+ become: True
ansible.builtin.slurp:
src: "{{ path_to_server_xml }}"
register: slurped_server_xml
- name: "Extract content for slurped file and search for {{ jvm_route }}."
ansible.builtin.set_fact:
- matches: "{{ slurped_server_xml['content'] | b64decode | regex_findall(jvm_route)}}"
+ matches: "{{ slurped_server_xml['content'] | b64decode | regex_findall(jvm_route) }}"
- name: "Checks that occurence of {{ jvm_route }} was found."
ansible.builtin.assert:
diff --git a/molecule/preinstalledjdk/prepare.yml b/molecule/preinstalledjdk/prepare.yml
index b5bf9e7d..cd83f0eb 100644
--- a/molecule/preinstalledjdk/prepare.yml
+++ b/molecule/preinstalledjdk/prepare.yml
@@ -12,13 +12,13 @@
tasks:
- name: "Prepare JDK for scenario"
- become: yes
+ become: True
block:
- name: "Download JDK from {{ jdk_url }}"
ansible.builtin.unarchive:
src: "{{ jdk_url }}"
dest: "{{ jdk_install_dir }}"
- remote_src: yes
+ remote_src: True
- name: "Ensure new JDK is registered as an alternatives for the java command."
ansible.builtin.command: "update-alternatives --install /usr/bin/java java {{ jdk_home }}/bin/java 1"
@@ -30,6 +30,6 @@
changed_when: False
register: verify_jdk_install
- - name: "test"
+ - name: "Test"
ansible.builtin.debug:
msg: "{{ verify_jdk_install }}"
diff --git a/molecule/preinstalledjdk/verify.yml b/molecule/preinstalledjdk/verify.yml
index 765c9b63..392987a6 100644
--- a/molecule/preinstalledjdk/verify.yml
+++ b/molecule/preinstalledjdk/verify.yml
@@ -2,7 +2,5 @@
- name: Verify
hosts: all
vars:
- collections:
- - middleware_automation.jws
roles:
- - jws_validation
+ - middleware_automation.jws.jws_validation
diff --git a/molecule/uninstall/converge.yml b/molecule/uninstall/converge.yml
index ca9ff3c6..1c2fd810 100644
--- a/molecule/uninstall/converge.yml
+++ b/molecule/uninstall/converge.yml
@@ -8,9 +8,8 @@
- name: "Red Hat JBoss Web Server uninstallation"
hosts: all
- collections:
- - middleware_automation.jws
post_tasks:
- - include_role:
- name: jws
+ - name: "Perform uninstall"
+ ansible.builtin.include_role:
+ name: middleware_automation.jws.jws
tasks_from: uninstall.yml
diff --git a/molecule/uninstall/verify.yml b/molecule/uninstall/verify.yml
index d9871a8b..16b3feb0 100644
--- a/molecule/uninstall/verify.yml
+++ b/molecule/uninstall/verify.yml
@@ -3,6 +3,7 @@
hosts: all
tasks:
- name: Read info on /opt subdirs
+ become: True
ansible.builtin.find:
paths: /opt
file_type: directory
diff --git a/playbooks/playbook.yml b/playbooks/playbook.yml
index 1dd25b17..b9a4fccb 100644
--- a/playbooks/playbook.yml
+++ b/playbooks/playbook.yml
@@ -5,4 +5,3 @@
- vars.yml
roles:
- name: middleware_automation.jws.jws
- - name: middleware_automation.jws.jws_validation
diff --git a/roles/jws/README.md b/roles/jws/README.md
index b66a3ebc..6f57f0c5 100644
--- a/roles/jws/README.md
+++ b/roles/jws/README.md
@@ -76,7 +76,7 @@ Role Defaults
| `jws_shutdown_port` | Tomcat shutdown port | `8005` |
| `jws_listen_http_port` | Tomcat http listen port | `8080` |
| `jws_listen_http_bind_address` | Service bind address | `localhost` |
-| `jws_listen_http_enabled` | Enable listening on http port | `yes` |
+| `jws_listen_http_enabled` | Enable listening on http port | `True` |
| `jws_listen_https_port` | Enable listening on https port | `8443` |
| `jws_listen_https_bind_address` | Bind address for https | `::1` |
| `jws_listen_https_enabled` | Enable listening on https port | `false` |
@@ -162,4 +162,3 @@ Example Playbook
roles:
- middleware_automation.jws.jws
```
-
diff --git a/roles/jws/defaults/main.yml b/roles/jws/defaults/main.yml
index 8bc0443f..ce28fe24 100644
--- a/roles/jws/defaults/main.yml
+++ b/roles/jws/defaults/main.yml
@@ -30,8 +30,9 @@ jws_offline_install: False
jws_archive_repository: "{{ lookup('env', 'PWD') | default('/opt') }}"
# following var is only used by the URL mode of installation
jws_apache_archive_download_url_prefix: 'https://archive.apache.org/dist/tomcat/tomcat-'
-jws_install_download_archive_require_privilege_escalation: yes
-jws_install_unarchive_require_privilege_escalation: yes
+jws_install_download_archive_require_privilege_escalation: True
+jws_install_unarchive_require_privilege_escalation: True
+
# Default version of Apache Tomcat to use if no version is provided
tomcat_version: 10.1.13
# Switch to True if you want to also download native bits
@@ -116,7 +117,7 @@ jws_service_name: "{{ (jws_install_method == 'rpm') | ternary(jws_rpm_service_na
jws_service_systemd: "/usr/lib/systemd/system/{{ jws_service_name }}.service"
jws_service_systemd_type: "simple"
jws_selinux_enabled: False
-jws_selinux_policy_require_priv_escalation: yes
+jws_selinux_policy_require_priv_escalation: True
jws_firewalld_package_name:
- firewalld
diff --git a/roles/jws/handlers/main.yml b/roles/jws/handlers/main.yml
index c925ba67..ebade47f 100644
--- a/roles/jws/handlers/main.yml
+++ b/roles/jws/handlers/main.yml
@@ -17,9 +17,9 @@
changed_when: restorecon.stdout_lines | length > 0
- name: Reload Systemd
- become: yes
+ become: True
ansible.builtin.systemd:
- daemon_reload: yes
+ daemon_reload: True
when:
- jws.service is defined
- jws.service.enabled is defined
@@ -43,7 +43,7 @@
listen: "Stop Tomcat service"
- name: "Restart {{ jws.service.hr_name }} service"
- become: yes
+ become: True
ansible.builtin.service:
name: "{{ jws.service.name }}"
state: restarted
diff --git a/roles/jws/meta/argument_specs.yml b/roles/jws/meta/argument_specs.yml
index 50251913..eb709469 100644
--- a/roles/jws/meta/argument_specs.yml
+++ b/roles/jws/meta/argument_specs.yml
@@ -25,11 +25,11 @@ argument_specs:
description: "Whether to perform an offline installation"
type: "bool"
jws_install_download_archive_require_privilege_escalation:
- default: yes
+ default: True
description: "Whether or not to become root to donwload the archive"
type: "bool"
jws_install_unarchive_require_privilege_escalation:
- default: yes
+ default: True
description: "Whether or not to become root to decompress the archive"
type: "bool"
jws_rpm:
@@ -58,7 +58,7 @@ argument_specs:
description: "Enable selinux policy enforcement for JWS"
type: "bool"
jws_selinux_policy_require_priv_escalation:
- default: yes
+ default: True
description: "Specifies whether or not SE Linux manipulation requires privilege escalation (sudo)."
type: "bool"
jws_dependencies_list:
diff --git a/roles/jws/tasks/apply_cp/checksum.yml b/roles/jws/tasks/apply_cp/checksum.yml
index 94878906..44d5f3e4 100644
--- a/roles/jws/tasks/apply_cp/checksum.yml
+++ b/roles/jws/tasks/apply_cp/checksum.yml
@@ -7,6 +7,7 @@
- name: "Load data on downloaded file: {{ jws_install_dir }}/{{ patch_bundle }}."
ansible.builtin.stat:
path: "{{ jws_install_dir }}/{{ patch_bundle }}"
+ become: True
register: downloaded_file_metadata
- name: "Verify that file checksum {{ downloaded_file_metadata.stat.checksum }} with provided one: {{ patch_checksum }}."
diff --git a/roles/jws/tasks/apply_cp/copy_cp_on_target_and_checksum.yml b/roles/jws/tasks/apply_cp/copy_cp_on_target_and_checksum.yml
index 54ad1015..d56dd0c2 100644
--- a/roles/jws/tasks/apply_cp/copy_cp_on_target_and_checksum.yml
+++ b/roles/jws/tasks/apply_cp/copy_cp_on_target_and_checksum.yml
@@ -21,6 +21,7 @@
- name: "Check deployed patch state"
ansible.builtin.stat:
path: "{{ jws_install_dir }}/{{ patch_bundle }}"
+ become: True
register: patch_info
- name: "Set patch checksum"
@@ -34,6 +35,7 @@
- name: "Check {{ patch_checksum_file }} state"
ansible.builtin.stat:
path: "{{ patch_checksum_file }}"
+ become: True
register: last_patch_status
- name: "Print information message if patch has already been applied"
diff --git a/roles/jws/tasks/apply_cp/download_from_rhn.yml b/roles/jws/tasks/apply_cp/download_from_rhn.yml
index 9deb234c..e5184320 100644
--- a/roles/jws/tasks/apply_cp/download_from_rhn.yml
+++ b/roles/jws/tasks/apply_cp/download_from_rhn.yml
@@ -1,7 +1,7 @@
---
- name: Perform patch download from RHN via JBossNetwork API
delegate_to: localhost
- run_once: yes
+ run_once: True
when:
- jws_apply_patches
- not jws_offline_install
@@ -22,7 +22,7 @@
when:
- rhn_products.results is defined and rhn_products.results | length > 0
delegate_to: localhost
- run_once: yes
+ run_once: True
- name: Determine latest version
ansible.builtin.set_fact:
@@ -30,7 +30,7 @@
when:
- rhn_products.results is defined and rhn_products.results | length > 0
delegate_to: localhost
- run_once: yes
+ run_once: True
- name: Determine install zipfile from search results
ansible.builtin.set_fact:
@@ -42,7 +42,7 @@
- jws_patch_version is not defined or jws_patch_version | length == 0
- rhn_products.results is defined and rhn_products.results | length > 0
delegate_to: localhost
- run_once: yes
+ run_once: True
- name: "Compute patch to apply (if any)."
when:
@@ -56,7 +56,7 @@
patch_version: "{{ jws_patch_version }}"
when: jws_patch_version is defined and jws_patch_version | length > 0
delegate_to: localhost
- run_once: yes
+ run_once: True
- name: Check latest version against requested version
ansible.builtin.set_fact:
diff --git a/roles/jws/tasks/apply_cp/perform_update.yml b/roles/jws/tasks/apply_cp/perform_update.yml
index 197fefe1..ef54a6e5 100644
--- a/roles/jws/tasks/apply_cp/perform_update.yml
+++ b/roles/jws/tasks/apply_cp/perform_update.yml
@@ -8,7 +8,7 @@
ansible.builtin.unarchive:
src: "{{ jws_install_dir }}/{{ patch_bundle }}"
dest: "{{ jws.install_dir }}"
- remote_src: yes
+ remote_src: True
owner: "{{ jws.user | default(omit) }}"
group: "{{ jws.group | default(omit) }}"
mode: 0750
diff --git a/roles/jws/tasks/firewalld.yml b/roles/jws/tasks/firewalld.yml
index c20dd6d6..38f9f309 100644
--- a/roles/jws/tasks/firewalld.yml
+++ b/roles/jws/tasks/firewalld.yml
@@ -20,10 +20,11 @@
enabled: true
- name: "Ensure firewalld allows communication over {{ jws_listen_http_port }}."
+ become: True
ansible.posix.firewalld:
port: "{{ jws_listen_http_port }}/tcp"
permanent: true
state: enabled
- immediate: yes
+ immediate: True
when:
- jws_listen_http_port is defined
diff --git a/roles/jws/tasks/install/download_from_rhn.yml b/roles/jws/tasks/install/download_from_rhn.yml
index 1408e20e..9583f302 100644
--- a/roles/jws/tasks/install/download_from_rhn.yml
+++ b/roles/jws/tasks/install/download_from_rhn.yml
@@ -1,7 +1,7 @@
---
- name: Perform download from RHN using JBoss Network API
delegate_to: localhost
- run_once: yes
+ run_once: True
become: "{{ rhn_download_become | default(False) }}"
when:
- not jws_offline_install
@@ -20,7 +20,7 @@
ansible.builtin.set_fact:
rhn_filtered_products: "{{ rhn_products.results | selectattr('file_path', 'match', '[^/]*/' + path_to_zipfile_local | basename + '$') }}"
delegate_to: localhost
- run_once: yes
+ run_once: True
- name: Download Red Hat JWS
ansible.builtin.include_tasks: rhn/download.yml
diff --git a/roles/jws/tasks/install/force_install.yml b/roles/jws/tasks/install/force_install.yml
index 2c7e9c4f..c67aaa92 100644
--- a/roles/jws/tasks/install/force_install.yml
+++ b/roles/jws/tasks/install/force_install.yml
@@ -37,19 +37,19 @@
changed_when: True
- name: "Create group: {{ jws.group }}"
- become: yes
+ become: True
ansible.builtin.group:
name: "{{ jws.group }}"
gid: "{{ jws.gid }}"
- system: yes
+ system: True
when: jws_force_install
- name: "Create user: {{ jws.user }}"
- become: yes
+ become: True
ansible.builtin.user:
name: "{{ jws.user }}"
uid: "{{ jws.uid }}"
- system: yes
+ system: True
groups: "{{ jws.group }}"
home: "{{ jws_home }}"
shell: /sbin/nologin
diff --git a/roles/jws/tasks/install/rpm.yml b/roles/jws/tasks/install/rpm.yml
index 952325fe..77ad1cdb 100644
--- a/roles/jws/tasks/install/rpm.yml
+++ b/roles/jws/tasks/install/rpm.yml
@@ -39,11 +39,13 @@
- dnf_command != "'groupinstall'"
- name: "Load stat of {{ jws_rpm_root_dir }}/enable"
+ become: True
ansible.builtin.stat:
path: "{{ jws_rpm_root_dir }}/enable"
register: jws_rpm_root_dir_enable_stat
- name: "Perform {{ info_msg }}"
+ become: True
ansible.builtin.command:
cmd: "dnf {{ dnf_command | default('groupinstall') }} -y {{ jws.rpm }}"
creates: "{{ jws_rpm_root_dir }}/enable"
@@ -59,6 +61,7 @@
- jws_tomcat_vault_enabled is defined and jws_tomcat_vault_enabled
block:
- name: "Install package for tomcat_vault: {{ jws.vault.package_name }}"
+ become: True
ansible.builtin.package:
name: "{{ jws.vault.package_name }}"
state: present
diff --git a/roles/jws/tasks/install/zipfiles.yml b/roles/jws/tasks/install/zipfiles.yml
index 90debfae..9fae608c 100644
--- a/roles/jws/tasks/install/zipfiles.yml
+++ b/roles/jws/tasks/install/zipfiles.yml
@@ -23,7 +23,7 @@
- name: "Install {{ jws.service.hr_name }} and required binaries from local zipfiles (install method: {{ jws.install_method }})"
become: "{{ jws_install_unarchive_require_privilege_escalation }}"
ansible.builtin.unarchive:
- remote_src: yes
+ remote_src: True
src: "{{ jws_install_dir }}/{{ item.src }}"
dest: "{{ jws_install_dir }}"
owner: "{{ jws.user }}"
@@ -35,7 +35,7 @@
notify: "Restart Tomcat service"
- name: Configure custom jws_home
- become: yes
+ become: True
when:
- jws_home != jws.install_dir + '/' + jws_zipfile_rootdir
- unarchived_zipfiles.changed
@@ -46,8 +46,8 @@
dest: "{{ jws_home }}"
owner: "{{ jws.user }}"
group: "{{ jws.group }}"
- remote_src: yes
- force: yes
+ remote_src: True
+ force: True
mode: preserve
- name: Move the version.txt to custom jws_home
@@ -56,7 +56,7 @@
dest: "{{ jws_home }}/../"
owner: "{{ jws.user }}"
group: "{{ jws.group }}"
- remote_src: yes
- force: yes
+ remote_src: True
+ force: True
mode: preserve
when: jws_version is defined
diff --git a/roles/jws/tasks/main.yml b/roles/jws/tasks/main.yml
index 127b9e26..62e4937a 100644
--- a/roles/jws/tasks/main.yml
+++ b/roles/jws/tasks/main.yml
@@ -40,7 +40,7 @@
packages_list: "{{ jws_dependencies_list }}"
- name: "Ensure tomcatjss rpm is not installed"
- become: yes
+ become: True
ansible.builtin.dnf:
name: tomcatjss
state: absent
@@ -49,7 +49,7 @@
- jws.check_jws_ss_absent
- name: Check user/groups and whether force install needed
- become: yes
+ become: True
block:
- name: "Create group: {{ jws.group }}"
ansible.builtin.group:
@@ -85,6 +85,7 @@
- name: "Check state of install_dir: {{ jws_install_dir }}"
ansible.builtin.stat:
path: "{{ jws_install_dir }}"
+ become: True
register: install_path
- name: "Ensure install dir is created: {{ jws_install_dir }}"
@@ -94,6 +95,7 @@
owner: "{{ jws.user }}"
group: "{{ jws.group }}"
mode: 0750
+ become: True
when:
- not install_path.stat.exists
- jws.install_method is defined
@@ -123,7 +125,7 @@
- jws_apply_patches
- name: "Ensure {{ jws_home }}/ directories have appropriate privileges"
- become: yes
+ become: True
ansible.builtin.file:
path: "{{ jws_home }}/{{ item }}/"
owner: "{{ jws.user }}"
@@ -138,7 +140,7 @@
- bin
- name: "Ensure {{ jws_home }}/ files have the recommended priviliges, owner and group"
- become: yes
+ become: True
ansible.builtin.file:
path: "{{ jws_home }}/{{ item }}"
owner: "{{ jws.user }}"
@@ -164,7 +166,7 @@
- jws_listen_https_enabled
- name: "Deploy custom configuration files"
- become: yes
+ become: True
ansible.builtin.template:
src: "{{ item.template }}"
dest: "{{ item.dest }}"
@@ -191,6 +193,7 @@
path: "{{ jws_home }}/webapps/{{ item }}"
state: absent
loop: "{{ jws.apps.to_remove }}"
+ become: True
when: jws.apps.to_remove is defined
- name: "Create vault configuration (if enabled)"
diff --git a/roles/jws/tasks/rhn/download.yml b/roles/jws/tasks/rhn/download.yml
index 09eb3b45..467e73da 100644
--- a/roles/jws/tasks/rhn/download.yml
+++ b/roles/jws/tasks/rhn/download.yml
@@ -32,5 +32,5 @@
dest: "{{ rhn_product_path }}"
no_log: "{{ omit_rhn_output | default(true) }}"
delegate_to: localhost
- run_once: yes
+ run_once: True
become: "{{ rhn_download_become | default(False) }}"
diff --git a/roles/jws/tasks/rhn/search.yml b/roles/jws/tasks/rhn/search.yml
index f65a3dec..c15d467b 100644
--- a/roles/jws/tasks/rhn/search.yml
+++ b/roles/jws/tasks/rhn/search.yml
@@ -20,7 +20,7 @@
no_log: "{{ omit_rhn_output | default(true) }}"
delegate_to: localhost
become: "{{ rhn_download_become | default(False) }}"
- run_once: yes
+ run_once: True
- name: "Ensure search results are valid."
ansible.builtin.assert:
diff --git a/roles/jws/tasks/sanity_checks/https.yml b/roles/jws/tasks/sanity_checks/https.yml
index cc3f3653..70787508 100644
--- a/roles/jws/tasks/sanity_checks/https.yml
+++ b/roles/jws/tasks/sanity_checks/https.yml
@@ -24,6 +24,7 @@
ansible.builtin.stat:
path: "{{ jws.listen.https.keystore.file }}"
register: java_keystore_location
+ become: True
- name: "Check that java_keystore location is valid and exist."
ansible.builtin.assert:
diff --git a/roles/jws/tasks/systemd/disable.yml b/roles/jws/tasks/systemd/disable.yml
index caf71bbc..e8a2717f 100644
--- a/roles/jws/tasks/systemd/disable.yml
+++ b/roles/jws/tasks/systemd/disable.yml
@@ -6,7 +6,7 @@
quiet: true
- name: "Disable jws.service"
- become: yes
+ become: True
ansible.builtin.service:
name: "{{ jws.service.name }}"
enabled: no
diff --git a/roles/jws/tasks/systemd/selinux.yml b/roles/jws/tasks/systemd/selinux.yml
index 3ee33cc7..bc2ecc83 100644
--- a/roles/jws/tasks/systemd/selinux.yml
+++ b/roles/jws/tasks/systemd/selinux.yml
@@ -26,11 +26,13 @@
- selinux-policy-devel
- name: Check if archive contains a selinux policy
+ become: True
ansible.builtin.stat:
path: "{{ jws_home }}/selinux/jws{{ jws_version.split('.')[0] | default('6') }}-tomcat.pp"
register: policy_path_selinux
- name: Update file contexts with home directory
+ become: True
ansible.builtin.replace:
path: "{{ jws_home }}/selinux/jws{{ jws_version.split('.')[0] | default('6') }}-tomcat.fc"
regexp: '^@@CWD@@'
diff --git a/roles/jws/tasks/systemd/seport.yml b/roles/jws/tasks/systemd/seport.yml
index 1e4d117d..7cc52c64 100644
--- a/roles/jws/tasks/systemd/seport.yml
+++ b/roles/jws/tasks/systemd/seport.yml
@@ -12,6 +12,7 @@
set -o pipefail
semanage port -l | grep -e tcp | grep -e ' {{ requested_port }},*'
changed_when: False
+ become: True
register: seport_status
rescue:
- name: "Print state (1 missing, 0 installed)"
@@ -29,6 +30,7 @@
when:
- seport_status.rc != 0
ansible.builtin.command: "semanage port --add -t http_port_t -p tcp {{ requested_port }}"
+ become: True
register: result
failed_when: result.rc != 0 and "already defined" not in result.stderr
changed_when:
diff --git a/roles/jws/tasks/systemd/service.yml b/roles/jws/tasks/systemd/service.yml
index a9fa2ec8..e0f0335b 100644
--- a/roles/jws/tasks/systemd/service.yml
+++ b/roles/jws/tasks/systemd/service.yml
@@ -6,13 +6,13 @@
quiet: true
- name: "Enable jws.service"
- become: yes
+ become: True
ansible.builtin.service:
name: "{{ jws.service.name }}"
- enabled: yes
+ enabled: True
- name: "Start jws.service"
- become: yes
+ become: True
ansible.builtin.service:
name: "{{ jws.service.name }}"
state: started
diff --git a/roles/jws/tasks/systemd/stop.yml b/roles/jws/tasks/systemd/stop.yml
index d8d66a90..f8bb8f37 100644
--- a/roles/jws/tasks/systemd/stop.yml
+++ b/roles/jws/tasks/systemd/stop.yml
@@ -6,7 +6,7 @@
quiet: true
- name: "Stop jws.service"
- become: yes
+ become: True
ansible.builtin.service:
name: "{{ jws.service.name }}"
state: stopped
diff --git a/roles/jws/tasks/systemd/systemd.yml b/roles/jws/tasks/systemd/systemd.yml
index b4f43466..2dae1e6c 100644
--- a/roles/jws/tasks/systemd/systemd.yml
+++ b/roles/jws/tasks/systemd/systemd.yml
@@ -35,7 +35,7 @@
- not jws_service_pidfile is defined
- name: "Ensure service script is deployed"
- become: yes
+ become: True
ansible.builtin.template:
src: templates/systemd/service.sh.j2
dest: "{{ jws_service_script }}"
@@ -44,7 +44,7 @@
mode: 0755
- name: "Ensure service configurations files is deployed: {{ jws_service_conf }}"
- become: yes
+ become: True
ansible.builtin.template:
src: templates/systemd/tomcat.conf.j2
dest: "{{ jws_service_conf }}"
@@ -58,7 +58,7 @@
- Ensure Tomcat runs under systemd
- name: "Ensure systemd service is configured"
- become: yes
+ become: True
ansible.builtin.template:
src: templates/systemd/tomcat.service.j2
dest: "{{ jws.service.systemd }}"
diff --git a/roles/jws/tasks/tomcat_vault.yml b/roles/jws/tasks/tomcat_vault.yml
index 95067f73..3b64c9a9 100644
--- a/roles/jws/tasks/tomcat_vault.yml
+++ b/roles/jws/tasks/tomcat_vault.yml
@@ -1,5 +1,6 @@
---
- name: "Copy {{ jws.service.hr_name }} vault keystore from control node to remote"
+ become: True
ansible.builtin.copy:
src: "{{ jws.vault.keystore }}"
dest: "{{ jws_home }}"
@@ -8,6 +9,7 @@
mode: 0640
- name: "Copy {{ jws.service.hr_name }} vault properties file from control node to remote"
+ become: True
ansible.builtin.copy:
src: "{{ jws.vault.properties }}"
dest: "{{ jws_home }}/conf/"
@@ -16,6 +18,7 @@
mode: 0640
- name: "Copy {{ jws.service.hr_name }} vault data file from control node to remote"
+ become: True
ansible.builtin.copy:
src: "{{ jws.vault.data }}"
dest: "{{ jws_home }}"
diff --git a/roles/jws/tasks/uninstall.yml b/roles/jws/tasks/uninstall.yml
index c7f1a9ea..c53cb494 100644
--- a/roles/jws/tasks/uninstall.yml
+++ b/roles/jws/tasks/uninstall.yml
@@ -16,7 +16,7 @@
- name: "Delete files from server home {{ jws_home }}"
when:
- jws.install_method != 'rpm'
- become: yes
+ become: True
block:
- name: "Check that server home has been provided"
ansible.builtin.assert:
@@ -38,7 +38,7 @@
- name: "Perform rpm uninstall"
when:
- jws.install_method == 'rpm'
- become: yes
+ become: True
block:
- name: "Disable installed server to ensure package is removed"
ansible.builtin.file:
diff --git a/roles/jws/templates/5/server.xml.j2 b/roles/jws/templates/5/server.xml.j2
index b573514e..ee65193d 100644
--- a/roles/jws/templates/5/server.xml.j2
+++ b/roles/jws/templates/5/server.xml.j2
@@ -108,8 +108,8 @@
{% endif %}
maxThreads="{{ jws.listen.https.threads.max }}"
SSLEnabled="true"
- allowTrace="false"
- scheme="https"
+ allowTrace="false"
+ scheme="https"
secure="true"
xpoweredBy="false"
server="{{ jws.listen.https.servername }}"
@@ -155,15 +155,15 @@
address="{{ jws.listen.ajp.address }}"
port="{{ jws.listen.ajp.port }}"
redirectPort="{{ jws.listen.https.port }}"
- secret="{{ jws.listen.ajp.secret }}"
- allowTrace="false"/>
+ secret="{{ jws.listen.ajp.secret }}"
+ allowTrace="false"/>
{% else %}
+ secretRequired="false"
+ allowTrace="false"/>
{% endif %}
{% endif %}
diff --git a/roles/jws/templates/6/server.xml.j2 b/roles/jws/templates/6/server.xml.j2
index 105a4506..0fbbedb5 100644
--- a/roles/jws/templates/6/server.xml.j2
+++ b/roles/jws/templates/6/server.xml.j2
@@ -149,15 +149,15 @@
address="{{ jws.listen.ajp.address }}"
port="{{ jws.listen.ajp.port }}"
redirectPort="{{ jws.listen.https.port }}"
- secret="{{ jws.listen.ajp.secret }}"
- allowTrace="false"/>
+ secret="{{ jws.listen.ajp.secret }}"
+ allowTrace="false"/>
{% else %}
+ secretRequired="false"
+ allowTrace="false"/>
{% endif %}
{% endif %}
diff --git a/roles/jws/templates/server.xml.j2 b/roles/jws/templates/server.xml.j2
index 46b64c58..d283659f 100644
--- a/roles/jws/templates/server.xml.j2
+++ b/roles/jws/templates/server.xml.j2
@@ -108,8 +108,8 @@
{% endif %}
maxThreads="{{ jws.listen.https.threads.max }}"
SSLEnabled="true"
- allowTrace="false"
- scheme="https"
+ allowTrace="false"
+ scheme="https"
secure="true"
xpoweredBy="false"
server="{{ jws.listen.https.servername }}"
@@ -155,15 +155,15 @@
address="{{ jws.listen.ajp.address }}"
port="{{ jws.listen.ajp.port }}"
redirectPort="{{ jws.listen.https.port }}"
- secret="{{ jws.listen.ajp.secret }}"
- allowTrace="false"/>
+ secret="{{ jws.listen.ajp.secret }}"
+ allowTrace="false"/>
{% else %}
+ secretRequired="false"
+ allowTrace="false"/>
{% endif %}
{% endif %}
diff --git a/roles/jws_validation/defaults/main.yml b/roles/jws_validation/defaults/main.yml
index 7a347029..74b7e72b 100644
--- a/roles/jws_validation/defaults/main.yml
+++ b/roles/jws_validation/defaults/main.yml
@@ -5,7 +5,7 @@ jws_group: tomcat
jws_gid: 53
catalina_logfile: logs/catalina.out
-jws_validation_read_catalina_privilege_escalation: yes
+jws_validation_read_catalina_privilege_escalation: True
tomcat_version: 10.1.13
jws_home: "/opt/apache-tomcat-{{ tomcat_version }}/"
diff --git a/roles/jws_validation/meta/argument_specs.yml b/roles/jws_validation/meta/argument_specs.yml
index 43393f7d..23d99993 100644
--- a/roles/jws_validation/meta/argument_specs.yml
+++ b/roles/jws_validation/meta/argument_specs.yml
@@ -6,7 +6,7 @@ argument_specs:
description: "Pattern to search for in the catalina logfile."
type: "str"
jws_validation_read_catalina_privilege_escalation:
- default: yes
+ default: True
description: "Whether or not Ansible can read the catalina.out without root priv"
type: "bool"
jws_listen_http_bind_address:
diff --git a/roles/jws_validation/tasks/apply_cp.yml b/roles/jws_validation/tasks/apply_cp.yml
index bed7dcdb..13622ff9 100644
--- a/roles/jws_validation/tasks/apply_cp.yml
+++ b/roles/jws_validation/tasks/apply_cp.yml
@@ -7,7 +7,7 @@
quiet: True
- name: "Check {{ checksum_file_name }} file exists"
- become: yes
+ become: True
ansible.builtin.stat:
path: "{{ jws_home }}/../{{ checksum_file_name }}"
register: applied_patch_file
diff --git a/roles/jws_validation/tasks/jws_version.yml b/roles/jws_validation/tasks/jws_version.yml
index bc7f186f..345a1e01 100644
--- a/roles/jws_validation/tasks/jws_version.yml
+++ b/roles/jws_validation/tasks/jws_version.yml
@@ -7,7 +7,7 @@
quiet: True
- name: "Load Version files"
- become: yes
+ become: True
ansible.builtin.slurp:
src: "{{ jws_home }}/../version.txt"
register: install_jws_version
diff --git a/roles/jws_validation/tasks/rpm.yml b/roles/jws_validation/tasks/rpm.yml
index 4366f4bf..8e7f6fee 100644
--- a/roles/jws_validation/tasks/rpm.yml
+++ b/roles/jws_validation/tasks/rpm.yml
@@ -15,6 +15,7 @@
- skip_ansible_lint
- name: "Load information on {{ jws_home }}"
+ become: True
ansible.builtin.stat:
path: "{{ jws_home }}"
register: jws_home_path
diff --git a/roles/jws_validation/tasks/service_status.yml b/roles/jws_validation/tasks/service_status.yml
index 287eca3e..eabbd53e 100644
--- a/roles/jws_validation/tasks/service_status.yml
+++ b/roles/jws_validation/tasks/service_status.yml
@@ -4,7 +4,6 @@
- name: Check if service is started
block:
-
- ansible.builtin.assert:
that:
- ansible_facts is defined
diff --git a/roles/jws_validation/tasks/user.yml b/roles/jws_validation/tasks/user.yml
index a103fd87..edbe87d5 100644
--- a/roles/jws_validation/tasks/user.yml
+++ b/roles/jws_validation/tasks/user.yml
@@ -1,6 +1,6 @@
---
- name: "Check that user account {{ jws_user }} was properly created"
- become: yes
+ become: True
ansible.builtin.user:
name: "{{ jws_user }}"
uid: "{{ jws_uid }}"