From 986d89fc3c6c671c9434c2150527dfbbaedb33b4 Mon Sep 17 00:00:00 2001
From: Benoit Moussaud <bmoussaud@xebialabs.com>
Date: Wed, 10 Jun 2020 14:30:07 +0200
Subject: [PATCH] improve devops as code integration

---
 provision_ansible.sh                          |   6 ++
 .../ansible_step/ansible-playbook.sh.ftl      |   1 +
 src/main/resources/devops-as-code/apply.py    |  66 ++++++++++--
 src/main/resources/xl-rules.xml               |  16 ++-
 xebialabs/ansible_controler.yaml              |  56 ++++++++++
 xebialabs/application_tomcat.yaml             |  28 +++++
 .../ansible-setup/provision_ansible.sh        |   6 ++
 .../roles/tomcat/defaults/main.yml            |   3 +
 .../roles/tomcat/handlers/main.yml            |   4 +
 .../roles_tomcat/roles/tomcat/tasks/main.yaml |   8 ++
 .../tomcat/tasks/tomcat-setup-Debian.yml      |  94 ++++++++++++++++
 .../tomcat/tasks/tomcat-setup-RedHat.yml      | 101 ++++++++++++++++++
 .../roles/tomcat/templates/context.xml.j2     |  19 ++++
 .../tomcat/templates/tomcat-users.xml.j2      |  45 ++++++++
 .../roles/tomcat/templates/tomcat.service.j2  |  22 ++++
 .../roles/tomcat/templates/xldeploy.yaml.j2   |  16 +++
 .../roles_tomcat/roles/tomcat/vars/Debian.yml |   2 +
 .../roles_tomcat/roles/tomcat/vars/RedHat.yml |   1 +
 xebialabs/aws_host.yaml                       |  50 +++++++++
 19 files changed, 529 insertions(+), 15 deletions(-)
 create mode 100644 provision_ansible.sh
 create mode 100644 xebialabs/ansible_controler.yaml
 create mode 100644 xebialabs/application_tomcat.yaml
 create mode 100644 xebialabs/artifacts/Applications/ansible-controller/1.0.0/ansible-instance/ansible-setup/provision_ansible.sh
 create mode 100755 xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/defaults/main.yml
 create mode 100755 xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/handlers/main.yml
 create mode 100755 xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/tasks/main.yaml
 create mode 100755 xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/tasks/tomcat-setup-Debian.yml
 create mode 100755 xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/tasks/tomcat-setup-RedHat.yml
 create mode 100755 xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/templates/context.xml.j2
 create mode 100755 xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/templates/tomcat-users.xml.j2
 create mode 100755 xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/templates/tomcat.service.j2
 create mode 100644 xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/templates/xldeploy.yaml.j2
 create mode 100755 xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/vars/Debian.yml
 create mode 100755 xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/vars/RedHat.yml
 create mode 100644 xebialabs/aws_host.yaml

diff --git a/provision_ansible.sh b/provision_ansible.sh
new file mode 100644
index 0000000..8b162cd
--- /dev/null
+++ b/provision_ansible.sh
@@ -0,0 +1,6 @@
+apt update
+apt install --yes software-properties-common
+apt-add-repository --yes --update ppa:ansible/ansible
+apt install --yes ansible
+ansible-playbook --version
+echo "-- DONE --"
diff --git a/src/main/resources/ansible_step/ansible-playbook.sh.ftl b/src/main/resources/ansible_step/ansible-playbook.sh.ftl
index abe474e..f8f8421 100644
--- a/src/main/resources/ansible_step/ansible-playbook.sh.ftl
+++ b/src/main/resources/ansible_step/ansible-playbook.sh.ftl
@@ -10,6 +10,7 @@
 
 -->
 export PYTHONUNBUFFERED=1
+export ANSIBLE_CONFIG=ansible.cfg
 
 <#assign verbose=""/>
 <#if ansibleController.debug>
diff --git a/src/main/resources/devops-as-code/apply.py b/src/main/resources/devops-as-code/apply.py
index 6793a10..c7e29c6 100644
--- a/src/main/resources/devops-as-code/apply.py
+++ b/src/main/resources/devops-as-code/apply.py
@@ -8,11 +8,48 @@
 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 
-from overtherepy import LocalConnectionOptions, OverthereHost, OverthereHostSession
+from overtherepy import LocalConnectionOptions, OverthereHost, OverthereHostSession, StringUtils, BashScriptBuilder, CommandResponse, SshConnectionOptions
+from com.xebialabs.overtherepy import PyLoggerExecutionOutputHandler
 from com.xebialabs.overthere import OperatingSystemFamily
-from com.xebialabs.overthere.util import OverthereUtils
+from com.xebialabs.overthere.util import OverthereUtils, MultipleOverthereExecutionOutputHandler, CapturingOverthereExecutionOutputHandler
 from java.nio.charset import Charset
 from java.lang import System
+from com.xebialabs.overthere import CmdLine
+import time
+import sys
+
+
+def local_execute(session, cmd):
+    """
+    Executes the command on the remote system and returns the result
+    :param session: checks the return code is 0. On failure the output is printed to stdout and a system exit is performed
+    :param cmd: Command line as an Array of Strings or String.  A String is split by space.
+    :return: CommandResponse
+    """
+    if isinstance(cmd, basestring):
+        cmd = cmd.split()
+
+    cmdline = CmdLine.build(cmd)
+    capture_so_handler = CapturingOverthereExecutionOutputHandler.capturingHandler()
+    capture_se_handler = CapturingOverthereExecutionOutputHandler.capturingHandler()
+
+    console_so_handler = PyLoggerExecutionOutputHandler.sysoutHandler(session.logger)
+    console_se_handler = PyLoggerExecutionOutputHandler.syserrHandler(session.logger)
+    so_handler = MultipleOverthereExecutionOutputHandler.multiHandler([capture_so_handler, console_so_handler])
+    se_handler = MultipleOverthereExecutionOutputHandler.multiHandler([capture_se_handler, console_se_handler])
+
+    rc = session.get_conn().execute(so_handler, se_handler, cmdline)
+    # wait for output to drain
+    time.sleep(1)
+
+    response = CommandResponse(rc=rc, stdout=capture_so_handler.outputLines, stderr=capture_se_handler.outputLines)
+
+    if response.rc != 0:
+        session.logger.error(StringUtils.concat(response.stdout))
+        session.logger.error(StringUtils.concat(response.stderr))
+        session.logger.error("Exit code {0}".format(response.rc))
+        sys.exit(response.rc)
+    return response
 
 
 ansible_controler = repositoryService.read(ansible_controller_id)
@@ -22,7 +59,7 @@
 print("remote_yaml_file {0}".format(remote_yaml_file))
 
 operating_system = System.getProperty("os.name").lower()
-print(operating_system)
+print("running " + operating_system + " OS on localhost")
 if operating_system.startswith("win"):
     os = OperatingSystemFamily.WINDOWS
 else:
@@ -30,7 +67,8 @@
 
 local_opts = LocalConnectionOptions(os=os)
 local_host = OverthereHost(local_opts)
-local_session = OverthereHostSession(local_host)
+local_session = OverthereHostSession(local_host, stream_command_output=True)
+
 local_yaml_file = local_session.work_dir_file(remote_yaml_file.getName())
 print("local_yaml_file {0}".format(local_yaml_file))
 
@@ -47,6 +85,22 @@
            'yaml_file': local_yaml_file.path,
            }
 
-command_line = "/usr/local/bin/xl --xl-deploy-password {devopsAsCodePassword} --xl-deploy-username {devopsAsCodeUsername} --xl-deploy-url {devopsAsCodeUrl} apply  -f {yaml_file}".format(**context)
+command_line = "/usr/local/bin/xl --xl-deploy-password {devopsAsCodePassword} --xl-deploy-username {devopsAsCodeUsername} --xl-deploy-url {devopsAsCodeUrl} apply  -f {yaml_file} ".format(**context)
 print(command_line)
-response = local_session.execute(command_line)
+
+import subprocess
+process = subprocess.Popen(command_line, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+process.wait()
+if process.returncode != 0:
+    for line in process.stdout:
+        local_session.logger.error(line)
+    for line in process.stderr:
+        local_session.logger.error(line)
+    local_session.logger.error("Exit code {0}".format(process.returncode))
+    sys.exit(process.returncode)
+else:
+    for line in process.stdout:
+        local_session.logger.info(line)
+    for line in process.stderr:
+        local_session.logger.info(line)
+
diff --git a/src/main/resources/xl-rules.xml b/src/main/resources/xl-rules.xml
index 655016c..b78fcc7 100644
--- a/src/main/resources/xl-rules.xml
+++ b/src/main/resources/xl-rules.xml
@@ -164,20 +164,18 @@
             <expression>deployed.includeDevOpsAsCodeTask and deployed.applyRulesOnNOOP</expression>
         </conditions>
         <steps>
-            <os-script>
+            <jython>
                 <description expression="true">"Apply the devops-as-code definition fetched from {1}".format(deployed.container.host.name, deployed.container.name)</description>
-                <!-- as the ansibleController can be assigned dynamically to the host's container, we force XLD to read it again to set the target-host property -->
-                <target-host expression="true">repositoryService.read(deployed.container.host.ansibleController.host.id)</target-host>
-                <script>devops-as-code/apply.sh.ftl</script>
+                <script>devops-as-code/apply.py</script>
                 <order>90</order>
-                <freemarker-context>
+                <jython-context>
+                    <ansible_controller_id expression="true">deployed.container.host.ansibleController.id</ansible_controller_id>
                     <yaml_file expression="true">
                         "{0}/{1}/tmp/digital.ai_xldeploy.yaml".format(deployed.container.host.ansibleController.devopsAsCodeDirectory, deployed.container.host.name)
                     </yaml_file>
-                    <ansibleController expression="true">repositoryService.read(deployed.container.host.ansibleController.host.id)</ansibleController>
-                </freemarker-context>
-            </os-script>
-
+                    <ansibleController expression="true">deployed.container.host.ansibleController</ansibleController>
+                </jython-context>
+            </jython>
             <jython>
                 <description expression="true">"Add new provisioned CI from {0} to the environment".format(deployed.container.name)</description>
                 <order>95</order>
diff --git a/xebialabs/ansible_controler.yaml b/xebialabs/ansible_controler.yaml
new file mode 100644
index 0000000..47f8f7d
--- /dev/null
+++ b/xebialabs/ansible_controler.yaml
@@ -0,0 +1,56 @@
+---
+apiVersion: xl-deploy/v1
+kind: Applications
+spec:
+- name: Applications/ansible-controller
+  type: udm.Application
+  lastVersion: 1.0.1
+  children:
+  - name: 1.0.0
+    type: udm.ProvisioningPackage
+    deployables:
+    - name: ansible-instance
+      type: aws.ec2.InstanceSpec
+      boundTemplates:
+      - Applications/ansible-controller/1.0.0/ansible-host-template
+      provisioners:
+      - name: ansible-setup
+        type: script.provisioner.Script
+        hostTemplate: Applications/ansible-controller/1.0.0/ansible-host-template
+        file: !file "artifacts/Applications/ansible-controller/1.0.0/ansible-instance/ansible-setup/provision_ansible.sh"
+      instanceName: ansible-controller-instance
+      amiId: ami-08c757228751c5335
+      region: eu-west-3
+      securityGroup:
+      - Name:ansible-controller-sg
+      instanceType: t2.micro
+      keyName: adlere-seminaire
+    - name: ansible-controller-sg
+      type: aws.vpc.SecurityGroupSpec
+      securityGroupName: ansible-controller-sg
+      description: ssh-security (HTTP/SSH)
+      region: eu-west-3
+      inboundRules:
+      - name: ssh
+        type: aws.vpc.SecurityGroupInboundRuleSpec
+        protocol: TCP
+        portRange: "22"
+        source: 0.0.0.0/0
+    templates:
+    - name: ansible-host-template
+      type: template.overthere.SshHost
+      instanceName: ansible-controller-{{%instanceId%}}-host
+      childTemplates:
+      - name: ansible-controler-template
+        type: template.ansible.Controller
+        instanceName: defaultAnsibleController
+        ansiblePlaybookPath: /usr/bin/ansible-playbook
+        ansibleGalaxyPath: /usr/bin/ansible-galaxy
+      tags:
+      - ansible_roles_not_applied
+      os: UNIX
+      connectionType: SUDO
+      address: '{{%publicHostname%}}'
+      username: ubuntu
+      privateKeyFile: /Users/bmoussaud/.ssh/adlere-seminaire.pem
+      sudoUsername: root
diff --git a/xebialabs/application_tomcat.yaml b/xebialabs/application_tomcat.yaml
new file mode 100644
index 0000000..086c579
--- /dev/null
+++ b/xebialabs/application_tomcat.yaml
@@ -0,0 +1,28 @@
+---
+apiVersion: xl-deploy/v1
+kind: Applications
+spec:
+  - name: Applications/java-server-application
+    type: udm.Application
+    lastVersion: 0.1.1
+    children:
+      - name: 0.1.1
+        type: udm.DeploymentPackage
+        orchestrator:
+          - parallel-by-container
+        deployables:
+          - name: tomcat
+            type: ansible.RolesSpec
+            includeDevOpsAsCodeTask: True
+            scanPlaceholders: False
+            file: !file "artifacts/tomcat/0.1.1/roles_tomcat"
+            tags:
+              - app_server
+            roles:
+              - tomcat
+            variables:
+              tomcat_ver: '9.0.30'
+              ui_manager_user: 'manager'
+              ui_manager_pass: 'Str0ngManagerP@ssw4rd'
+              ui_admin_username: 'admin'
+              ui_admin_pass: 'Str0#ngManagerP@@@ssword'
diff --git a/xebialabs/artifacts/Applications/ansible-controller/1.0.0/ansible-instance/ansible-setup/provision_ansible.sh b/xebialabs/artifacts/Applications/ansible-controller/1.0.0/ansible-instance/ansible-setup/provision_ansible.sh
new file mode 100644
index 0000000..8b162cd
--- /dev/null
+++ b/xebialabs/artifacts/Applications/ansible-controller/1.0.0/ansible-instance/ansible-setup/provision_ansible.sh
@@ -0,0 +1,6 @@
+apt update
+apt install --yes software-properties-common
+apt-add-repository --yes --update ppa:ansible/ansible
+apt install --yes ansible
+ansible-playbook --version
+echo "-- DONE --"
diff --git a/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/defaults/main.yml b/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/defaults/main.yml
new file mode 100755
index 0000000..ac56a6a
--- /dev/null
+++ b/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+tomcat_archive_url: https://archive.apache.org/dist/tomcat/tomcat-9/v{{ tomcat_ver }}/bin/apache-tomcat-{{ tomcat_ver }}.tar.gz
+tomcat_archive_dest: /tmp/apache-tomcat-{{ tomcat_ver }}.tar.gz
diff --git a/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/handlers/main.yml b/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/handlers/main.yml
new file mode 100755
index 0000000..02c4fcb
--- /dev/null
+++ b/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart tomcat
+  service:
+    name: tomcat
+    state: restarted
diff --git a/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/tasks/main.yaml b/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/tasks/main.yaml
new file mode 100755
index 0000000..9ba17ed
--- /dev/null
+++ b/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/tasks/main.yaml
@@ -0,0 +1,8 @@
+---
+- name: Add the OS specific variables
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ ansible_distribution }}{{ ansible_distribution_major_version }}.yml"
+    - "{{ ansible_os_family }}.yml"
+
+- include_tasks: "tomcat-setup-{{ ansible_os_family }}.yml"
diff --git a/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/tasks/tomcat-setup-Debian.yml b/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/tasks/tomcat-setup-Debian.yml
new file mode 100755
index 0000000..ab71d15
--- /dev/null
+++ b/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/tasks/tomcat-setup-Debian.yml
@@ -0,0 +1,94 @@
+- name: Ensure the system can use the HTTPS transport for APT.
+  stat:
+    path: /usr/lib/apt/methods/https
+  register: apt_https_transport
+
+- name: Install APT HTTPS transport.
+  apt:
+    name: "apt-transport-https"
+    state: present
+    update_cache: yes
+  when: not apt_https_transport.stat.exists
+
+- name: Install basic packages
+  package:
+    name: ['vim','aptitude','bash-completion','tmux','tree','htop','wget','unzip','curl','git']
+    state: present
+    update_cache: yes
+
+- name: Install Default Java (Debian/Ubuntu)
+  apt:
+    name: default-jdk
+    state: present
+
+- name: Add tomcat group
+  group:
+    name: tomcat
+
+- name: Add "tomcat" user
+  user:
+    name: tomcat
+    group: tomcat
+    home: /usr/share/tomcat
+    createhome: no
+    system: yes
+
+- name: Download Tomcat
+  get_url:
+    url: "{{ tomcat_archive_url }}"
+    dest: "{{ tomcat_archive_dest }}"
+
+- name: Create a tomcat directory
+  file:
+    path: /usr/share/tomcat
+    state: directory
+    owner: tomcat
+    group: tomcat
+
+- name: Extract tomcat archive
+  unarchive:
+    src: "{{ tomcat_archive_dest }}"
+    dest: /usr/share/tomcat
+    owner: tomcat
+    group: tomcat
+    remote_src: yes
+    extra_opts: "--strip-components=1"
+    creates: /usr/share/tomcat/bin
+
+- name: Copy tomcat service file
+  template:
+    src: templates/tomcat.service.j2
+    dest: /etc/systemd/system/tomcat.service
+  when: ansible_service_mgr == "systemd"
+
+- name: Start and enable tomcat
+  service:
+    daemon_reload: yes
+    name: tomcat
+    state: started
+    enabled: yes
+  when: ansible_service_mgr == "systemd"
+- name: Set UI access credentials
+  template:
+    src: tomcat-users.xml.j2
+    dest: /usr/share/tomcat/conf/tomcat-users.xml
+  notify: restart tomcat
+
+- name: Allow access to Manager and Host Manager apps from any IP
+  template:
+    src: context.xml.j2 
+    dest: "{{ item }}"
+  with_items:
+    - /usr/share/tomcat/webapps/host-manager/META-INF/context.xml
+    - /usr/share/tomcat/webapps/manager/META-INF/context.xml
+  notify: restart tomcat
+
+- name: Generate the Devops-As-Code
+  template: src=xldeploy.yaml.j2 dest=/tmp/digital.ai_xldeploy.yaml mode=0755
+
+- name: Fetch the Devops-As-Code yaml file  on the master
+  fetch:
+    src: /tmp/digital.ai_xldeploy.yaml
+    dest: "{{ devops_as_code_directory }}"
+    flat: no
+
diff --git a/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/tasks/tomcat-setup-RedHat.yml b/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/tasks/tomcat-setup-RedHat.yml
new file mode 100755
index 0000000..87d6aaf
--- /dev/null
+++ b/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/tasks/tomcat-setup-RedHat.yml
@@ -0,0 +1,101 @@
+- name: Add EPEL repository
+  yum:
+    name: epel-release
+    state: present
+
+- name: Install basic packages
+  package:
+    name: ['vim','bash-completion','tmux','tree','htop','wget','unzip','curl','git']
+    state: present
+
+- name: Install Java 8 CentOS
+  yum:
+    name: java-1.8.0-openjdk
+    state: present
+
+- name: Add tomcat group
+  group:
+    name: tomcat
+
+- name: Add "tomcat" user
+  user:
+    name: tomcat
+    group: tomcat
+    home: /usr/share/tomcat
+    createhome: no
+    system: yes
+
+- name: Download Tomcat
+  get_url:
+    url: "{{ tomcat_archive_url }}"
+    dest: "{{ tomcat_archive_dest }}"
+
+- name: Create a tomcat directory
+  file:
+    path: /usr/share/tomcat
+    state: directory
+    owner: tomcat
+    group: tomcat
+
+- name: Extract tomcat archive
+  unarchive:
+    src: "{{ tomcat_archive_dest }}"
+    dest: /usr/share/tomcat
+    owner: tomcat
+    group: tomcat
+    remote_src: yes
+    extra_opts: "--strip-components=1"
+    creates: /usr/share/tomcat/bin
+
+- name: Copy tomcat service file
+  template:
+    src: templates/tomcat.service.j2
+    dest: /etc/systemd/system/tomcat.service
+  when: ansible_service_mgr == "systemd"
+
+- name: Start and enable tomcat
+  service:
+    daemon_reload: yes
+    name: tomcat
+    state: started
+    enabled: yes
+  when: ansible_service_mgr == "systemd"
+
+- name: Start and enable firewalld
+  service:
+    name: firewalld
+    state: started
+    enabled: yes
+  when: ansible_service_mgr == "systemd"
+
+- name: Open tomcat port on the firewall
+  firewalld:
+    port: 8080/tcp
+    permanent: true
+    state: enabled
+    immediate: yes
+  when: ansible_service_mgr == "systemd"
+
+- name: Set UI access credentials
+  template:
+    src: tomcat-users.xml.j2
+    dest: /usr/share/tomcat/conf/tomcat-users.xml
+  notify: restart tomcat
+
+- name: Allow access to Manager and Host Manager apps from any IP
+  template:
+    src: context.xml.j2 
+    dest: "{{ item }}"
+  with_items:
+    - /usr/share/tomcat/webapps/host-manager/META-INF/context.xml
+    - /usr/share/tomcat/webapps/manager/META-INF/context.xml
+  notify: restart tomcat
+
+- name: Generate the Devops-As-Code
+  template: src=xldeploy.yaml.j2 dest=/tmp/digital.ai_xldeploy.yaml mode=0755
+
+- name: Fetch the Devops-As-Code yaml file  on the master
+  fetch:
+    src: /tmp/digital.ai_xldeploy.yaml
+    dest: "{{ devops_as_code_directory }}"
+    flat: no
\ No newline at end of file
diff --git a/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/templates/context.xml.j2 b/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/templates/context.xml.j2
new file mode 100755
index 0000000..9265673
--- /dev/null
+++ b/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/templates/context.xml.j2
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<Context antiResourceLocking="false" privileged="true" >
+</Context>
diff --git a/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/templates/tomcat-users.xml.j2 b/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/templates/tomcat-users.xml.j2
new file mode 100755
index 0000000..976627e
--- /dev/null
+++ b/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/templates/tomcat-users.xml.j2
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<tomcat-users xmlns="http://tomcat.apache.org/xml"
+              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
+              version="1.0">
+<!--
+  NOTE:  By default, no user is included in the "manager-gui" role required
+  to operate the "/manager/html" web application.  If you wish to use this app,
+  you must define such a user - the username and password are arbitrary. It is
+  strongly recommended that you do NOT use one of the users in the commented out
+  section below since they are intended for use with the examples web
+  application.
+-->
+<!--
+  NOTE:  The sample user and role entries below are intended for use with the
+  examples web application. They are wrapped in a comment and thus are ignored
+  when reading this file. If you wish to configure these users for use with the
+  examples web application, do not forget to remove the <!.. ..> that surrounds
+  them. You will also need to set the passwords to something appropriate.
+-->
+<!-- user manager can access only manager section -->
+<role rolename="manager-gui" />
+<user username="{{ ui_manager_user }}" password="{{ ui_manager_pass }}" roles="manager-gui" />
+
+<!-- user admin can access manager and admin section both -->
+<role rolename="admin-gui" />
+<user username="{{ ui_admin_username }}" password="{{ ui_admin_pass }}" roles="manager-gui,admin-gui" />
+</tomcat-users>
+
diff --git a/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/templates/tomcat.service.j2 b/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/templates/tomcat.service.j2
new file mode 100755
index 0000000..e0d34bd
--- /dev/null
+++ b/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/templates/tomcat.service.j2
@@ -0,0 +1,22 @@
+[Unit]
+Description=Tomcat
+After=syslog.target network.target
+
+[Service]
+Type=forking
+
+User=tomcat
+Group=tomcat
+
+Environment=JAVA_HOME={{ JAVA_HOME }}
+Environment='JAVA_OPTS=-Djava.awt.headless=true'
+
+Environment=CATALINA_HOME=/usr/share/tomcat
+Environment=CATALINA_BASE=/usr/share/tomcat
+Environment=CATALINA_PID=/usr/share/tomcat/temp/tomcat.pid
+
+ExecStart=/usr/share/tomcat/bin/catalina.sh start
+ExecStop=/usr/share/tomcat/bin/catalina.sh stop
+
+[Install]
+WantedBy=multi-user.target
diff --git a/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/templates/xldeploy.yaml.j2 b/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/templates/xldeploy.yaml.j2
new file mode 100644
index 0000000..66e59cf
--- /dev/null
+++ b/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/templates/xldeploy.yaml.j2
@@ -0,0 +1,16 @@
+---
+apiVersion: xl-deploy/v1
+kind: Infrastructure
+spec:
+- name: {{container.id}}/tomcat-server
+  type: tomcat.Server
+  home: /usr/share/tomcat
+  startCommand: sudo systemctl start tomcat
+  stopCommand: sudo systemctl stop tomcat
+  statusCommand: sudo systemctl status tomcat
+  startWaitTime: 1
+  stopWaitTime: 1
+  children:
+  - name: tomcat.vh
+    type: tomcat.VirtualHost
+
diff --git a/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/vars/Debian.yml b/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/vars/Debian.yml
new file mode 100755
index 0000000..aae9205
--- /dev/null
+++ b/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/vars/Debian.yml
@@ -0,0 +1,2 @@
+---
+JAVA_HOME: /usr/lib/jvm/default-java
diff --git a/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/vars/RedHat.yml b/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/vars/RedHat.yml
new file mode 100755
index 0000000..60943a8
--- /dev/null
+++ b/xebialabs/artifacts/tomcat/0.1.1/roles_tomcat/roles/tomcat/vars/RedHat.yml
@@ -0,0 +1 @@
+JAVA_HOME: /usr/lib/jvm/jre
diff --git a/xebialabs/aws_host.yaml b/xebialabs/aws_host.yaml
new file mode 100644
index 0000000..095eb1b
--- /dev/null
+++ b/xebialabs/aws_host.yaml
@@ -0,0 +1,50 @@
+---
+apiVersion: xl-deploy/v1
+kind: Applications
+spec:
+- name: Applications/aws-host
+  type: udm.Application
+  lastVersion: 1.0.0
+  children:
+  - name: 1.0.0
+    type: udm.DeploymentPackage
+    deployables:
+    - name: tomcat-instance
+      type: aws.ec2.InstanceSpec
+      boundTemplates:
+      - Applications/aws-host/1.0.0/sshost-template
+      instanceName: tomcat-instance
+      amiId: ami-08c757228751c5335
+      region: eu-west-3
+      securityGroup:
+      - Name:tomcat-security-group
+      instanceType: t2.micro
+      keyName: adlere-seminaire
+    - name: tomcat-sg
+      type: aws.vpc.SecurityGroupSpec
+      securityGroupName: tomcat-security-group
+      description: tomcat-security (HTTP/SSH)
+      region: eu-west-3
+      inboundRules:
+      - name: http
+        type: aws.vpc.SecurityGroupInboundRuleSpec
+        protocol: TCP
+        portRange: "8080"
+        source: 0.0.0.0/0
+      - name: ssh
+        type: aws.vpc.SecurityGroupInboundRuleSpec
+        protocol: TCP
+        portRange: "22"
+        source: 0.0.0.0/0
+    templates:
+    - name: sshost-template
+      type: template.overthere.SshHost
+      instanceName: '{{%instanceId%}}-host'
+      tags:
+      - app_server
+      os: UNIX
+      connectionType: SUDO
+      address: '{{%publicHostname%}}'
+      username: ubuntu
+      privateKeyFile: /Users/bmoussaud/.ssh/adlere-seminaire.pem
+      sudoUsername: root