Update to 2021-12-01 19:13

roles/diagrams/defaults/main.yml

@@ -0,0 +1,17 @@
+---
+
+# Veresion of diagrams to deploy
+diagrams_version: 15.7.4
+# URL of the WAR file to deploy
+diagrams_war_url: https://github.com/jgraph/drawio/releases/download/v{{ diagrams_version }}/draw.war
+# Expected sha1 of the WAR file
+diagrams_war_sha1: 6ec509cba9c0cb7ed5a6872bcfc3711f6bfb1933
+# root directory of the installation
+diagrams_root_dir: /opt/diagrams
+# Should ansible manage upgrades, or just initial install ?
+diagrams_manage_upgrade: True
+# Port on which the tomcat instance will listen.
+# Note that it'll also use this port +1 for shutdown requests, but only on 127.0.0.1
+diagrams_port: 8182
+# List of IP addresses (or CIDR) allowed to access tomcat port
+diagrams_src_ip: []

roles/diagrams/handlers/main.yml

@@ -0,0 +1,4 @@
+---
+
+- name: restart diagrams
+  service: name=tomcat@diagrams state=restarted

roles/diagrams/meta/main.yml

@@ -0,0 +1,7 @@
+---
+
+dependencies:
+  - role: repo_lux # EL8 doesn't have tomcat anymore
+    when:
+      - ansible_os_family == 'RedHat'
+      - ansible_distribution_major_version is version('8','>=')

roles/diagrams/tasks/archive_post.yml

@@ -0,0 +1,14 @@
+---
+
+- name: Compress previous version
+  command: tar cf {{ diagrams_root_dir }}/archives/{{ diagrams_current_version }}.tar.zst --use-compress-program=zstd ./
+  environment:
+    ZST_CLEVEL: 10
+  args:
+    chdir: "{{ diagrams_root_dir }}/archives/{{ diagrams_current_version }}"
+    warn: False
+  tags: diagrams
+
+- name: Remove the arachive directory
+  file: path={{ diagrams_root_dir }}/archives/{{ diagrams_current_version }} state=absent
+  tags: diagrams

roles/diagrams/tasks/archive_pre.yml

@@ -0,0 +1,9 @@
+---
+
+- name: Create the archive dir
+  file: path={{ diagrams_root_dir }}/archives/{{ diagrams_current_version }} state=directory
+  tags: diagrams
+
+- name: Copy the war archive
+  copy: src={{ diagrams_root_dir }}/webapps/draw.war dest={{ diagrams_root_dir }}/archives/{{ diagrams_current_version }} remote_src=True
+  tags: diagrams

roles/diagrams/tasks/cleanup.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Remove tmp and obsolete files
+  file: path={{ item }} state=absent
+  loop:
+    - "{{ diagrams_root_dir }}/tmp/draw.war"
+  tags: diagrams

roles/diagrams/tasks/conf.yml

@@ -0,0 +1,21 @@
+---
+
+- name: Deploy sysconfig
+  template: src=sysconfig.j2 dest=/etc/sysconfig/tomcat@diagrams
+  notify: restart diagrams
+  tags: diagrams
+
+- name: Deploy tomcat configuration
+  template: src={{ item }}.j2 dest={{ diagrams_root_dir }}/conf/{{ item }} group=tomcat mode=640
+  loop:
+    - server.xml
+  notify: restart diagrams
+  tags: diagrams
+
+- name: Link configuration files
+  file: state=link src=/etc/tomcat/{{ item }} dest={{ diagrams_root_dir }}/conf/{{ item }}
+  loop:
+    - web.xml
+    - logging.properties
+  notify: restart diagrams
+  tags: diagrams

roles/diagrams/tasks/directories.yml

@@ -0,0 +1,38 @@
+---
+
+- name: Create directories
+  file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
+  loop:
+    - dir: "{{ diagrams_root_dir }}/"
+      group: tomcat
+    - dir: "{{ diagrams_root_dir }}/webapps"
+      group: tomcat
+      mode: 770
+    - dir: "{{ diagrams_root_dir }}/conf"
+      group: tomcat
+    - dir: "{{ diagrams_root_dir }}/conf/Catalina"
+      owner: tomcat
+      mode: 700
+    - dir: "{{ diagrams_root_dir }}/tmp"
+      group: tomcat
+      mode: 770
+    - dir: "{{ diagrams_root_dir }}/logs"
+      owner: tomcat
+      mode: 700
+    - dir: "{{ diagrams_root_dir }}/work"
+      owner: tomcat
+      mode: 700
+    - dir: "{{ diagrams_root_dir }}/meta"
+      mode: 700
+    - dir: "{{ diagrams_root_dir }}/archives"
+      mode: 700
+  tags: diagrams
+
+- name: Create symlinks
+  file: state=link src={{ item.src }} dest={{ item.dest }}
+  loop:
+    - src: /usr/share/tomcat/bin/
+      dest: "{{ diagrams_root_dir }}/bin"
+    - src: /usr/share/java/tomcat
+      dest: "{{ diagrams_root_dir }}/lib"
+  tags: diagrams

roles/diagrams/tasks/facts.yml

@@ -0,0 +1,12 @@
+---
+
+- import_tasks: ../includes/webapps_set_install_mode.yml
+  vars:
+    - root_dir: "{{ diagrams_root_dir }}"
+    - version: "{{ diagrams_version }}"
+  tags: diagrams
+
+- block:
+    - set_fact: diagrams_install_mode={{ (install_mode == 'upgrade' and not diagrams_manage_upgrade) | ternary('none',install_mode) }}
+    - set_fact: diagrams_current_version={{ current_version | default('') }}
+  tags: diagrams

roles/diagrams/tasks/install.yml

@@ -0,0 +1,15 @@
+---
+
+- when: diagrams_install_mode != 'none'
+  block:
+    - name: Download diagrams WAR
+      get_url:
+        url: "{{ diagrams_war_url }}"
+        dest: "{{ diagrams_root_dir }}/tmp/draw.war"
+        checksum: sha1:{{ diagrams_war_sha1 }}
+    
+    - name: Move WAR to the webapp dir
+      copy: src={{ diagrams_root_dir }}/tmp/draw.war dest={{ diagrams_root_dir }}/webapps/draw.war remote_src=True
+      notify: restart diagrams
+
+  tags: diagrams

roles/diagrams/tasks/iptables.yml

@@ -0,0 +1,9 @@
+---
+
+- name:  Handle diagrams port in the firewall
+  iptables_raw:
+    name: diagrams_port
+    state: "{{ (diagrams_src_ip | length > 0) | ternary('present','absent') }}"
+    rules: "-A INPUT -m state --state NEW -p tcp --dport {{ diagrams_port }} -s {{ diagrams_src_ip | join(',') }} -j ACCEPT"
+  tags: firewall,diagrams
+

roles/diagrams/tasks/main.yml

@@ -0,0 +1,23 @@
+---
+
+- name: Install tomcat
+  yum:
+    name:
+      - tomcat
+  tags: diagrams
+
+- include: directories.yml
+- include: facts.yml
+- include: archive_pre.yml
+  when: diagrams_install_mode == 'upgrade'
+- include: install.yml
+- include: conf.yml
+- include: selinux.yml
+  when: ansible_selinux.status == 'enabled'
+- include: iptables.yml
+  when: iptables_manage | default(True)
+- include: services.yml
+- include: write_version.yml
+- include: archive_post.yml
+  when: diagrams_install_mode == 'upgrade'
+- include: cleanup.yml

roles/diagrams/tasks/selinux.yml

@@ -0,0 +1,25 @@
+---
+
+- name: Allow tomcat to bind on diagrams' port
+  seport: ports={{ diagrams_port }},{{ diagrams_port + 1 }} proto=tcp setype=http_port_t state=present
+  tags: diagrams
+
+- name: Set SELinux context
+  sefcontext:
+    target: "{{ item.target }}"
+    setype: "{{ item.type }}"
+    state: present
+  loop:
+    - target: "{{ diagrams_root_dir }}/webapps(/.*)?"
+      type: tomcat_var_lib_t
+    - target: "{{ diagrams_root_dir }}/(work|tmp)(/.*)?"
+      type: tomcat_cache_t
+    - target: "{{ diagrams_root_dir }}/logs(/.*)?"
+      type: tomcat_log_t
+  register: diagrams_sefcontext
+  tags: diagrams
+
+- name: Restore file contexts
+  command: restorecon -R {{ diagrams_root_dir }}
+  when: diagrams_sefcontext.results | selectattr('changed','equalto',True) | list | length > 0
+  tags: diagrams

roles/diagrams/tasks/services.yml

@@ -0,0 +1,5 @@
+---
+
+- name: start and enable diagrams
+  service: name=tomcat@diagrams state=started enabled=True
+  tags: diagrams

roles/diagrams/tasks/write_version.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Write installed version
+  copy: content={{ diagrams_version }} dest={{ diagrams_root_dir }}/meta/ansible_version
+  tags: diagrams

roles/diagrams/templates/server.xml.j2

@@ -0,0 +1,22 @@
+<?xml version='1.0' encoding='utf-8'?>
+<Server port="{{ diagrams_port | int + 1 }}" shutdown="SHUTDOWN">
+  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
+  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="off" />
+  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+  <Service name="Catalina">
+    <Connector port="{{ diagrams_port }}" protocol="HTTP/1.1"
+               connectionTimeout="20000" />
+    <Engine name="Catalina" defaultHost="diagrams">
+      <Host name="diagrams"  appBase="webapps"
+            unpackWARs="true" autoDeploy="true">
+        <Context path="" docBase="draw"></Context>
+        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+               prefix="diagrams_access_log." suffix=".txt"
+               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
+      </Host>
+    </Engine>
+  </Service>
+</Server>

roles/diagrams/templates/sysconfig.j2

@@ -0,0 +1,3 @@
+CATALINA_BASE="{{ diagrams_root_dir }}"
+CATALINA_HOME="{{ diagrams_root_dir }}"
+CATALINA_TMPDIR="{{ diagrams_root_dir }}/tmp"