Merge pull request #70 from georchestra/debian10

Debian 10moving forward :)

Vagrantfile

@@ -16,7 +16,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
   # please see the online documentation at vagrantup.com.
 
   # Every Vagrant virtual environment requires a box to build off of.
-  config.vm.box = "debian/stretch64"
+  config.vm.box = "debian/buster64"
 
   # set CPU and RAM
   config.vm.provider "virtualbox" do |vb|

ansible.cfg

@@ -2,3 +2,4 @@
 inventory=./hosts
 roles_path=./roles/
 log_path=ansible.log
+allow_world_readable_tmpfiles=true

roles/apache/tasks/main.yml

@@ -3,19 +3,6 @@
     pkg: apache2
     state: present
 
-- name: enable required modules
-  apache2_module:
-    name: "{{ item }}"
-    state: present
-  with_items:
-  - proxy_http
-  - proxy
-  - ssl
-  - rewrite
-  - headers
-  - deflate
-  notify: reload apache2
-
 - name: disable the default site
   file:
     path: "/etc/apache2/sites-enabled/{{ item }}"
@@ -66,7 +53,7 @@
 - name: fetch 50x.html error page
   get_url:
     dest: /var/www/georchestra/htdocs/errors/50x.html
-    url: http://sdi.georchestra.org/errors/50x.html
+    url: https://raw.githubusercontent.com/georchestra/htdocs/master/errors/50x.html
 
 - name: create recaptcha response if needed
   tags: fucaptcha
@@ -107,6 +94,19 @@
     path: /var/www/georchestra/ssl/georchestra.key
     mode: 0400
 
+- name: enable required modules
+  apache2_module:
+    name: "{{ item }}"
+    state: present
+  with_items:
+  - proxy_http
+  - proxy
+  - ssl
+  - rewrite
+  - headers
+  - deflate
+  notify: reload apache2
+
 - include: clean.yml
   tags: [cleanup, apache_cleanup]
   when: cleanup is defined

roles/georchestra/tasks/cadastrapp.yml

@@ -13,7 +13,7 @@
 - name: create temp dir for cadastrapp
   file:
     name: "{{ cadastrapp.workdir }}"
-    owner: tomcat8
+    owner: tomcat
     state: directory
 
 - name: create addons subdir in georchestra datadir

roles/georchestra/tasks/clean.yml

@@ -19,5 +19,5 @@
 
 - name: remove non-free and contrib for dependencies
   apt_repository:
-    repo: "deb http://ftp.fr.debian.org/debian/ stretch main non-free contrib"
+    repo: "deb http://ftp.fr.debian.org/debian/ buster main non-free contrib"
     state: absent

roles/georchestra/tasks/geonetwork.yml

@@ -1,6 +1,6 @@
 - name: checkout geonetwork datadir
   become: yes
-  become_user: tomcat8
+  become_user: tomcat
   git:
     dest: "{{ geonetwork.datadir.path }}"
     repo: "{{ geonetwork.datadir.gitrepo }}"

roles/georchestra/tasks/geoserver.yml

@@ -6,7 +6,7 @@
 
 - name: checkout geoserver datadir
   become: yes
-  become_user: tomcat8
+  become_user: tomcat
   git:
     dest: "{{ geoserver.datadir.path }}"
     repo: "{{ geoserver.datadir.gitrepo }}"
@@ -15,23 +15,23 @@
 
 - name: fix geoserver logging path
   become: yes
-  become_user: tomcat8
+  become_user: tomcat
   replace:
     dest: "{{ geoserver.datadir.path }}/logging.xml"
     regexp: '<location>/tmp/geoserver.log</location>'
     replace: '<location>{{ logs_basedir }}/geoserver.log</location>'
 
 - name: set full geoserver url for getcapabilities docs
   become: yes
-  become_user: tomcat8
+  become_user: tomcat
   replace:
     dest: "{{ geoserver.datadir.path }}/global.xml"
     regexp: '<proxyBaseUrl>https://georchestra.mydomain.org/geoserver</proxyBaseUrl>'
     replace: '<proxyBaseUrl>https://{{ georchestra.fqdn }}/geoserver</proxyBaseUrl>'
 
 - name: set list of advertised wms srs
   become: yes
-  become_user: tomcat8
+  become_user: tomcat
   lineinfile:
     dest: "{{ geoserver.datadir.path }}/wms.xml"
     insertafter: '</metadata>'
@@ -40,7 +40,7 @@
 - name: fix my_ldap config for usergroup/roles
   tags: fixgsldap
   become: yes
-  become_user: tomcat8
+  become_user: tomcat
   replace:
     dest: "{{ geoserver.datadir.path }}/security/{{ item.1 }}/my_ldap/config.xml"
     regexp: "{{ item.0.pat }}"
@@ -58,7 +58,7 @@
 # alternative could be to checkout the geofence branch of geoserver_minimal_datadir
 #- name: enforce geofence auth
 #  become: yes
-#  become_user: tomcat8
+#  become_user: tomcat
 #  lineinfile:
 #    dest: '{{ geoserver.datadir.path }}/security/auth/default/config.xml'
 #    regexp: '  <className>org.geoserver.security.auth.UsernamePasswordAuthenticationProvider</className>'
@@ -67,6 +67,6 @@
 - name: create geowebcache datadir
   file:
     dest: "{{ geowebcache_datadir }}"
-    owner: tomcat8
+    owner: tomcat
     state: directory
 

roles/georchestra/tasks/main.yml

@@ -3,8 +3,8 @@
   file:
     path: "{{ item }}"
     state: directory
-    owner: tomcat8
-    group: tomcat8
+    owner: tomcat
+    group: tomcat
   with_items:
   - "{{ geonetwork.datadir.path }}"
   - "{{ geoserver.datadir.path }}"

roles/georchestra/tasks/nativelibs.yml

@@ -1,6 +1,6 @@
 - name: enable non-free and contrib for dependencies
   apt_repository:
-   repo: "deb http://deb.debian.org/debian stretch main contrib"
+   repo: "deb http://deb.debian.org/debian buster main contrib"
 
 - name: install runtime dependencies
   apt:
@@ -16,8 +16,8 @@
 - name: point georchestra's shared.loader to catalina.base/shared/*.jar
   lineinfile:
     dest: "{{ tomcat_basedir }}/georchestra/conf/catalina.properties"
-    regexp: 'shared.loader=${catalina.home}/shared/classes,${catalina.home}/shared/*.jar,/var/lib/tomcat8/shared/classes,/var/lib/tomcat8/shared/*.jar'
-    line: 'shared.loader=${catalina.home}/shared/classes,${catalina.base}/shared/*.jar,/var/lib/tomcat8/shared/classes,/var/lib/tomcat8/shared/*.jar'
+    regexp: 'shared.loader=${catalina.home}/shared/classes,${catalina.home}/shared/*.jar,/var/lib/tomcat9/shared/classes,/var/lib/tomcat9/shared/*.jar'
+    line: 'shared.loader=${catalina.home}/shared/classes,${catalina.base}/shared/*.jar,/var/lib/tomcat9/shared/classes,/var/lib/tomcat9/shared/*.jar'
 
 - name: create tomcat shared dir
   file:

roles/georchestra/tasks/wars.yml

@@ -17,15 +17,15 @@
 - name: install debian packages
   apt:
     pkg: "{{ item.value.pkg }}"
-    default_release: stretch
+    default_release: buster
     update_cache: yes
     state: latest
   with_dict: "{{ georchestra_wars }}"
   when: item.key != 'cadastrapp'
 
 - name: symlink webapps in each tomcat instance
   file:
-    owner: tomcat8
+    owner: tomcat
     src: "/usr/share/lib/{{ item.value.pkg }}/{{ item.key }}-generic.war"
     dest: "{{ tomcat_basedir }}/{{ item.value.tomcat }}/webapps/{{ item.key }}.war"
     state: link

roles/georchestra/templates/console/console.properties.j2

@@ -245,7 +245,6 @@ publicKey={{ console_captcha.publicKey }}
 #subject.new.account.notification=[${instanceName}] New account created
 
 # Encoding of the email templates
-# This "é" char should display nicely in a ISO 8859-1 configured editor
 # default: UTF-8
 #templateEncoding=UTF-8
 

roles/postgresql/tasks/main.yml

@@ -10,14 +10,11 @@
 
 - name: installing dependencies
   apt:
-    name: "{{ item }}"
+    pkg: ['postgis', 'postgresql-11-postgis-2.5', 'postgresql-11-postgis-2.5-scripts', 'postgresql-contrib']
     state: present
     update_cache: yes
-  with_items:
-  - postgresql-9.6-postgis-2.3
-  - postgresql-9.6-postgis-2.3-scripts #for postgis.control
-  - postgresql-contrib-9.6 #for dblink extension
-  - postgis
+# postgresql-11-postgis-2.5-scripts #for postgis.control
+# postgresql-contrib #for dblink extension
 
 - name: install python-psycopg2 for ansible psql modules
   apt:
@@ -30,6 +27,7 @@
   postgresql_user:
     name: "{{ georchestra.db.user }}"
     password: "{{ georchestra.db.pass }}"
+    encrypted: yes
 
 - name: create georchestra main database
   become: yes

roles/tomcat/tasks/cadastrapp.yml

@@ -8,5 +8,5 @@
 - name: symlink postgresql.jar for jdbc/cadastrapp
   file:
     src: "{{ tomcat_basedir }}/georchestra/webapps/cadastrapp/WEB-INF/lib/postgresql-9.1-901-1.jdbc4.jar"
-    dest: /usr/share/tomcat8/lib/postgresql-9.1-901-1.jdbc4.jar
+    dest: /usr/share/tomcat9/lib/postgresql-9.1-901-1.jdbc4.jar
     state: link

roles/tomcat/tasks/clean.yml

@@ -12,16 +12,16 @@
   with_items:
   - "{{ tomcat_basedir }}"
   - "{{ logs_basedir }}"
-  - /etc/tomcat8/keystore
+  - /etc/tomcat9/keystore
 
 #- name: removing pkgs
 #  apt:
 #    pkg: "{{ item }}"
 #    state: absent
 #    purge: yes
 #  with_items:
-#  - tomcat8
-#  - tomcat8-user
+#  - tomcat9
+#  - tomcat9-user
 
 - name: remove init scripts & config files
   file:

roles/tomcat/tasks/common.yml

@@ -1,12 +1,15 @@
 - name: installing dependencies
   apt:
-    pkg: [ tomcat8, tomcat8-user, libservlet3.1-java, libtcnative-1 ] #libservlet cf debian bug 867147
+    pkg: ['tomcat9', 'tomcat9-user', 'libservlet3.1-java', 'libtcnative-1'] #libservlet cf debian bug 867147
     state: present
     update_cache: yes
+# tomcat9-user #needed for tomcat9-create-instance
+# libservlet3.1-java #debian bug 867147
+# libtcnative-1 #APR native libs
 
 - name: disable default instance
   service:
-    name: tomcat8
+    name: tomcat9
     state: stopped
     enabled: no
 
@@ -20,7 +23,7 @@
 - name: create temp dir
   tags: systemd_unit
   command: systemd-tmpfiles  --prefix=/run/tomcat --create
-  when: tomcat_piddir|changed
+  when: tomcat_piddir.changed
 
 - name: template systemd unit
   tags: systemd_unit
@@ -46,15 +49,15 @@
     keytool -importkeystore
       -srckeystore /etc/ssl/certs/java/cacerts \
       -srcstorepass changeit \
-      -destkeystore /etc/tomcat8/keystore \
+      -destkeystore /etc/tomcat9/keystore \
       -deststorepass {{ tomcat_keystore_pass }}
-    creates=/etc/tomcat8/keystore
+    creates=/etc/tomcat9/keystore
 
 - name: check if localhost exists in keystore
   tags: keystore
   command: >
     keytool -list -alias localhost \
-      -keystore /etc/tomcat8/keystore \
+      -keystore /etc/tomcat9/keystore \
       -storepass {{ tomcat_keystore_pass }}
   ignore_errors: yes
   register: localhost_exists
@@ -63,13 +66,13 @@
   tags: keystore
   command: >
     keytool -genkey -alias localhost \
-      -keystore /etc/tomcat8/keystore \
+      -keystore /etc/tomcat9/keystore \
       -storepass {{ tomcat_keystore_pass }} \
       -keypass {{ tomcat_keystore_pass }} \
       -keyalg RSA \
       -keysize 2048 \
       -dname "CN=localhost, O=IT, L=Somewhere, C=FR"
-  when: localhost_exists|failed
+  when: localhost_exists is failed
 
 - name: create tomcat_basedir
   file:
@@ -80,5 +83,5 @@
   file:
     path: "{{ logs_basedir }}"
     state: directory
-    owner: tomcat8
-    group: tomcat8
+    owner: tomcat
+    group: tomcat

roles/tomcat/tasks/instance.yml

@@ -1,10 +1,10 @@
 - name: create instance {{ item.key }}
-  command: tomcat8-instance-create -p {{ item.value.port }} -c {{ item.value.control_port }} {{ tomcat_basedir }}/{{ item.key }} creates={{ tomcat_basedir }}/{{ item.key }}
+  command: tomcat9-instance-create -p {{ item.value.port }} -c {{ item.value.control_port }} {{ tomcat_basedir }}/{{ item.key }} creates={{ tomcat_basedir }}/{{ item.key }}
   with_dict: "{{ tomcat_instances }}"
 
 - name: symlink policy.d dir
   file:
-    src: /etc/tomcat8/policy.d/
+    src: /etc/tomcat9/policy.d/
     dest: "{{ tomcat_basedir }}/{{ item.key }}/conf/policy.d"
     state: link
   with_dict: "{{ tomcat_instances }}"
@@ -14,7 +14,7 @@
     name: "{{ tomcat_basedir }}/{{ item.0 }}/{{ item.1 }}"
     state: directory
     recurse: yes
-    owner: tomcat8
+    owner: tomcat
   with_nested:
     - "{{ tomcat_instances.keys() }}"
     - [ logs, temp, conf, work, webapps ]

roles/tomcat/templates/config-georchestra.j2

@@ -1,7 +1,7 @@
 JAVA_OPTS="-Djava.awt.headless=true -XX:+UseConcMarkSweepGC \
 	-Xms1G \
 	-Xmx2G \
-	-Djavax.net.ssl.trustStore=/etc/tomcat8/keystore \
+	-Djavax.net.ssl.trustStore=/etc/tomcat9/keystore \
 	-Djavax.net.ssl.trustStorePassword={{ tomcat_keystore_pass }} \
 	-Dorg.geotools.referencing.forceXY=true \
 	-Djava.util.prefs.userRoot=/tmp \

roles/tomcat/templates/config-geoserver.j2

@@ -1,7 +1,7 @@
 JAVA_OPTS="-Djava.awt.headless=true -XX:+UseConcMarkSweepGC \
 	-Xms512m \
 	-Xmx1G \
-	-Djavax.net.ssl.trustStore=/etc/tomcat8/keystore \
+	-Djavax.net.ssl.trustStore=/etc/tomcat9/keystore \
 	-Djavax.net.ssl.trustStorePassword={{ tomcat_keystore_pass }} \
 	-Dgeorchestra.datadir={{ georchestra.datadir.path }} \
 	-DGEOSERVER_DATA_DIR={{ geoserver.datadir.path }} \

roles/tomcat/templates/config-proxycas.j2

@@ -2,5 +2,5 @@ JAVA_OPTS="-Djava.awt.headless=true -XX:+UseConcMarkSweepGC \
 	-Xms256m \
 	-Xmx512m \
 	-Dgeorchestra.datadir={{ georchestra.datadir.path }} \
-	-Djavax.net.ssl.trustStore=/etc/tomcat8/keystore \
+	-Djavax.net.ssl.trustStore=/etc/tomcat9/keystore \
 	-Djavax.net.ssl.trustStorePassword={{ tomcat_keystore_pass }}"

roles/tomcat/templates/server-proxycas.xml.j2

@@ -78,7 +78,7 @@
                URIEncoding="UTF-8"
                maxThreads="150"
                clientAuth="false"
-               keystoreFile="/etc/tomcat8/keystore"
+               keystoreFile="/etc/tomcat9/keystore"
                keystorePass="{{ tomcat_keystore_pass }}"
                compression="on"
                compressionMinSize="2048"

roles/tomcat/templates/tomcat.conf.j2

@@ -1 +1 @@
-d	/run/tomcat	0755	tomcat8	tomcat8
+d	/run/tomcat	0755	tomcat	tomcat