Skip to content
Install and configure tomcat on your system.
Branch: master
Clone or download


Build Status

Install and configure tomcat on your system.

Example Playbook

This example is taken from molecule/default/playbook.yml:

- name: Converge
  hosts: all
  become: yes
  gather_facts: yes

      - name: "tomcat"
      - name: "tomcat-version-7"
        version: 7
        shutdown_port: 8007
        non_ssl_connector_port: 8082
        ssl_connector_port: 8445
        ajp_port: 8011
      - name: "tomcat-version-8"
        version: 8
        shutdown_port: 8008
        non_ssl_connector_port: 8083
        ssl_connector_port: 8446
        ajp_port: 8012
      - name: "tomcat-version-9"
        version: 9
        shutdown_port: 8019
        non_ssl_connector_port: 8084
        ssl_connector_port: 8447
        ajp_port: 8013
      - name: "tomcat-specific"
        user: "specificuser"
        group: "specificgroup"
        shutdown_port: 8020
        non_ssl_connector_port: 8085
        ssl_connector_port: 8448
        ajp_port: 8014
        xms: 256M
        xmx: 512M
      - name: "tomcat-with-wars"
        shutdown_port: 8021
        non_ssl_connector_port: 8086
        ssl_connector_port: 8449
        ajp_port: 8015
          - url:
      - name: "tomcat-java_opts"
        shutdown_port: 8022
        non_ssl_connector_port: 8087
        ssl_connector_port: 8449
        ajp_port: 8016
          - name: UMASK
            value: "0007"
      - name: "tomcat-with_lib"
        shutdown_port: 8023
        non_ssl_connector_port: 8088
        ssl_connector_port: 8450
        ajp_port: 8017
          - url: ""

    - robertdebock.tomcat

The machine you are running this on, may need to be prepared. Tests have been done on machines prepared by this playbook:

- name: Converge
  hosts: all
  become: yes
  gather_facts: no

    - robertdebock.bootstrap

Also see a full explanation and example on how to use these roles.

Role Variables

These variables are set in defaults/main.yml:

# defaults file for tomcat

# The explicit version to use when referring to the short name.
tomcat_version7: 7.0.94
tomcat_version8: 8.5.40
tomcat_version9: 9.0.19

# The location where to download Apache Tomcat from.
tomcat_mirror: ""

# Some "sane" defaults.
tomcat_name: tomcat
tomcat_directory: /opt
tomcat_version: 8
tomcat_user: tomcat
tomcat_group: tomcat
tomcat_xms: 512M
tomcat_xmx: 1024M
tomcat_non_ssl_connector_port: 8080
tomcat_ssl_connector_port: 8443
tomcat_shutdown_port: 8005
tomcat_ajp_port: 8009
tomcat_jre_home: /usr

# This role allows multiple installations of Apache Tomcat, each in their own
# location, potentially of different version.
# This is done by defining a "tomcat_instances" where "name:" is a unique
# identifier of an instance.
# The default tomcat_instances is one instance using the defaults described
# in defaults/main.yml.
  - name: "{{ tomcat_name }}"
    version: "{{ tomcat_version }}"
    user: "{{ tomcat_user }}"
    group: "{{ tomcat_group }}"
    xms: "{{ tomcat_xms }}"
    xmx: "{{ tomcat_xmx }}"
    non_ssl_connector_port: "{{ tomcat_non_ssl_connector_port }}"
    ssl_connector_port: "{{ tomcat_ssl_connector_port }}"
    shutdown_port: "{{ tomcat_shutdown_port }}"
    ajp_port: "{{ tomcat_ajp_port }}"
      - name: JRE_HOME
        value: "{{ tomcat_jre_home }}"

# When downloading wars, should the SSL certificate be valid? (Impossible for
# CentOS 6, so default: no.)
tomcat_validate_certs: no


  • Access to a repository containing packages, likely on the internet.
  • A recent version of Ansible. (Tests run on the last 3 release of Ansible.)

The following roles can be installed to ensure all requirements are met, using ansible-galaxy install -r requirements.yml:

- robertdebock.bootstrap
- robertdebock.service


This role is a part of many compatible roles. Have a look at the documentation of these roles for further information.

Here is an overview of related roles: dependencies


This role has been tested against the following distributions and Ansible version:

distribution ansible 2.6 ansible 2.7 ansible devel
alpine-edge* yes yes yes*
alpine-latest yes yes yes*
archlinux yes yes yes*
centos-6 yes yes yes*
centos-latest yes yes yes*
debian-latest yes yes yes*
debian-stable yes yes yes*
debian-unstable* yes yes yes*
fedora-latest yes yes yes*
fedora-rawhide* yes yes yes*
opensuse-leap yes yes yes*
ubuntu-devel* yes yes yes*
ubuntu-latest yes yes yes*
ubuntu-rolling yes yes yes*

A single star means the build may fail, it's marked as an experimental build.


Unit tests are done on every commit and periodically.

If you find issues, please register them in GitHub

To test this role locally please use Molecule:

pip install molecule
molecule test

To test on Amazon EC2, configure ~/.aws/credentials and export AWS_REGION=eu-central-1 before running molecule test --scenario-name ec2.

There are many specific scenarios available, please have a look in the molecule/ directory.

Run the ansible-galaxy and my lint rules if you want your change to be merges:

git clone /tmp/ansible-lint
ansible-lint -r /tmp/ansible-lint/lib/ansiblelint/rules .

git clone /tmp/my-ansible-lint
ansible-lint -r /tmp/my-ansible-lint/rules .



Author Information

Robert de Bock

You can’t perform that action at this time.