From 0261e875679f1bf63c8d689da7fc7e014597885d Mon Sep 17 00:00:00 2001 From: Stonewall Jackson Date: Sat, 4 Feb 2023 01:23:43 -0500 Subject: initial commit --- roles/tika/defaults/main.yml | 3 + roles/tika/handlers/main.yml | 4 ++ roles/tika/tasks/main.yml | 69 ++++++++++++++++++++++ roles/tika/templates/etc/sysconfig/tika.j2 | 3 + .../templates/etc/systemd/system/tika.service.j2 | 53 +++++++++++++++++ roles/tika/templates/etc/tika/config.xml.j2 | 15 +++++ roles/tika/templates/etc/tika/log4j2.xml.j2 | 18 ++++++ roles/tika/vars/main.yml | 4 ++ 8 files changed, 169 insertions(+) create mode 100644 roles/tika/defaults/main.yml create mode 100644 roles/tika/handlers/main.yml create mode 100644 roles/tika/tasks/main.yml create mode 100644 roles/tika/templates/etc/sysconfig/tika.j2 create mode 100644 roles/tika/templates/etc/systemd/system/tika.service.j2 create mode 100644 roles/tika/templates/etc/tika/config.xml.j2 create mode 100644 roles/tika/templates/etc/tika/log4j2.xml.j2 create mode 100644 roles/tika/vars/main.yml (limited to 'roles/tika') diff --git a/roles/tika/defaults/main.yml b/roles/tika/defaults/main.yml new file mode 100644 index 0000000..9ca8d89 --- /dev/null +++ b/roles/tika/defaults/main.yml @@ -0,0 +1,3 @@ +tika_version: 2.6.0 +tika_port: 9998 +tika_heap_size: 2g diff --git a/roles/tika/handlers/main.yml b/roles/tika/handlers/main.yml new file mode 100644 index 0000000..56f3127 --- /dev/null +++ b/roles/tika/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart tika + systemd: + name: tika + state: restarted diff --git a/roles/tika/tasks/main.yml b/roles/tika/tasks/main.yml new file mode 100644 index 0000000..d2d59dc --- /dev/null +++ b/roles/tika/tasks/main.yml @@ -0,0 +1,69 @@ +- name: install java + dnf: + name: java-17-openjdk-headless + state: present + +- name: create tika installation directory + file: + path: '{{ tika_install_dir }}' + state: directory + +- name: download jar file + get_url: + url: '{{ tika_url }}' + dest: '{{ tika_install_dir }}/tika-server.jar' + mode: 0444 + notify: restart tika + +- name: add local user + user: + name: tika + system: yes + home: '{{ tika_data_dir }}' + shell: /sbin/nologin + create_home: no + +- name: create data directory + file: + path: '{{ tika_data_dir }}' + state: directory + owner: tika + group: tika + mode: 0770 + +- name: create systemd unit + template: + src: etc/systemd/system/tika.service.j2 + dest: /etc/systemd/system/tika.service + register: tika_unit + +- name: reload systemd units + systemd: + daemon_reload: yes + when: tika_unit.changed + +- name: create environment file + template: + src: etc/sysconfig/tika.j2 + dest: /etc/sysconfig/tika + notify: restart tika + +- name: create configuration directory + file: + path: '{{ tika_conf_dir }}' + state: directory + +- name: generate config files + template: + src: '{{ tika_conf_dir[1:] }}/{{ item }}.j2' + dest: '{{ tika_conf_dir }}/{{ item }}' + loop: + - log4j2.xml + - config.xml + notify: restart tika + +- name: start tika + systemd: + name: tika + enabled: yes + state: started diff --git a/roles/tika/templates/etc/sysconfig/tika.j2 b/roles/tika/templates/etc/sysconfig/tika.j2 new file mode 100644 index 0000000..1e2ac54 --- /dev/null +++ b/roles/tika/templates/etc/sysconfig/tika.j2 @@ -0,0 +1,3 @@ +JVM_HEAP_SIZE={{ tika_heap_size }} +TIKA_PORT={{ tika_port }} +TIKA_OPTS="-Dlog4j.configurationFile={{ tika_conf_dir }}/log4j2.xml" diff --git a/roles/tika/templates/etc/systemd/system/tika.service.j2 b/roles/tika/templates/etc/systemd/system/tika.service.j2 new file mode 100644 index 0000000..f888fcb --- /dev/null +++ b/roles/tika/templates/etc/systemd/system/tika.service.j2 @@ -0,0 +1,53 @@ +[Unit] +Description=Apache Tika +Before=dovecot.service + +[Service] +Type=simple +User=tika +Restart=on-failure + +ProtectSystem=strict +ReadWritePaths={{ tika_data_dir }} /var/log/tika + +# Harden this java nightmare +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +DevicePolicy=closed +ProtectSystem=strict +ProtectHome=yes +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +LockPersonality=yes + +WorkingDirectory={{ tika_install_dir }} +LogsDirectory=tika + +Environment=TIKA_DATA_HOME={{ tika_data_dir }} +Environment=JVM_ARGS= +Environment=TIKA_OPTS= +Environment=JVM_GC_ARGS="-XX:+UseG1GC -XX:+PerfDisableSharedMem -XX:+ParallelRefProcEnabled -XX:MaxGCPauseMillis=250 -XX:+UseLargePages -XX:+AlwaysPreTouch" +Environment=TIKA_HOST=localhost +Environment=TIKA_PORT=9998 +Environment=TIKA_LOGS_DIR=/var/log/tika +Environment=TIKA_CONFIG_FILE={{ tika_conf_dir }}/config.xml +EnvironmentFile=/etc/sysconfig/tika + +ExecStart=java -server \ + $JVM_ARGS \ + $JVM_GC_ARGS \ + -Dlog4j2.formatMsgNoLookups=true \ + $TIKA_OPTS \ + -jar tika-server.jar \ + -c ${TIKA_CONFIG_FILE} \ + -h ${TIKA_HOST} \ + -p ${TIKA_PORT} + +[Install] +WantedBy=multi-user.target diff --git a/roles/tika/templates/etc/tika/config.xml.j2 b/roles/tika/templates/etc/tika/config.xml.j2 new file mode 100644 index 0000000..0e8df31 --- /dev/null +++ b/roles/tika/templates/etc/tika/config.xml.j2 @@ -0,0 +1,15 @@ + + + + false + + -Xmx{{ tika_heap_size }} + -Dlog4jconfigurationFile={{ tika_conf_dir }}/log4j2.xml + + + tika + status + + + + diff --git a/roles/tika/templates/etc/tika/log4j2.xml.j2 b/roles/tika/templates/etc/tika/log4j2.xml.j2 new file mode 100644 index 0000000..ae66fbb --- /dev/null +++ b/roles/tika/templates/etc/tika/log4j2.xml.j2 @@ -0,0 +1,18 @@ + + + + + + + {% raw %}%maxLen{%-5p %c %m%notEmpty{ =>%ex{short}}}{10240}%n{% endraw %} + + + + + + + + + + + diff --git a/roles/tika/vars/main.yml b/roles/tika/vars/main.yml new file mode 100644 index 0000000..e730904 --- /dev/null +++ b/roles/tika/vars/main.yml @@ -0,0 +1,4 @@ +tika_url: https://dlcdn.apache.org/tika/{{ tika_version }}/tika-server-standard-{{ tika_version }}.jar +tika_install_dir: /usr/local/share/tika +tika_data_dir: /var/lib/tika +tika_conf_dir: /etc/tika -- cgit