search

silpion / ansible-tomcat

Manage installation of Tomcat
Apache License 2.0
64 stars 57 forks source link

Sysvinit process owner #12

Closed kakawait closed 9 years ago

kakawait commented 9 years ago

Inside Sysvinit system when using an instance user Tomcat process still run under root user.

using

tomcat_instances:
  - name: foo
    user: vagrant
    group: vagrant
    path: /home/vagrant
    home: /home/vagrant
    service_name: tomcat-foo
    service_file: tomcat-foo
    port_ajp: 18009
    port_connector: 18080
    port_redirect: 18443
    port_shutdown: 18005

result

root      5196  0.2  5.7 2259404 58380 ?       Sl   21:46   0:03 /usr/java/default/bin/java -Djava.util.logging.config.file=/home/vagrant/catalina/foo/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/opt/tomcat/apache-tomcat-7.0.62/endorsed -classpath /opt/tomcat/apache-tomcat-7.0.62/bin/bootstrap.jar:/opt/tomcat/apache-tomcat-7.0.62/bin/tomcat-juli.jar -Dcatalina.base=/home/vagrant/catalina/foo -Dcatalina.home=/opt/tomcat/apache-tomcat-7.0.62 -Djava.io.tmpdir=/home/vagrant/catalina/foo/temp org.apache.catalina.startup.Bootstrap start

Inside service_sysvinit.j2 there is reference to instance user here https://github.com/silpion/ansible-tomcat/blob/master/templates/service_sysvinit.j2#L11 but it never uses.

I'm not Tomcat expert and you may have your reason to keep process on root user but if it just missing we can do something like

start(){
  echo -n $"Starting $PROC: "
{% if tomcat_service_umask is defined %}
  umask {{ tomcat_service_umask }}
{% endif %}
  touch $CATALINA_PID 2>&1
  if [ "$?" -eq "0" ]; then
    chown ${TOMCAT_USER}:{{ tomcat_user_group }} $CATALINA_PID
  fi
  daemon --user=$TOMCAT_USER $CATALINA_HOME/bin/catalina.sh start
  ret=$?
  echo
  [ $ret -eq 0 ] && touch $LOCK
}

(can be improved by adding default value for tomcat_user_group)

ghost commented 9 years ago

Good catch. I'll fix that asap. For now you can "copy" the template, fix it by yourself and configure tomcat_server_sysvinit_template to your (fixed) copy.

kakawait commented 9 years ago

Yeah I already did that :) I just create the issue for the community :+1:

ghost commented 9 years ago

Fixed in 1.1.0. I did not integrate any migration code (PID file management).

kakawait commented 9 years ago

but if CATALINA_PID is inside a folder that TOMCAT_USER does not have write access the startup script will failed. But never mind if it works as default ok, user can plugs it own service template!

ghost commented 9 years ago

Good catch. Tried to use daemon function for that, but daemon does not help. Updating the SysV default service template for various little fixes right now.

ghost commented 9 years ago

Fixed with 1.1.1.