As I am working on a new YaK component to deploy a JBoss-EAP/WildFly server, I decided to configure it with help of scripting tool instead of direct modification of xml files. The idea is to create a script on the server via Jinja templates and then run it.


The role has only one main.yml file which is doing the following:

  1. Create a temporary script using ansible.builtin.tempfile
  2. Write operations into this file
  3. Run it
  4. Remove the file

Theses tasks are in a block with an associate rescue block to catch any error we could have.

Note that I decided to set “change_when” to false for step 1, 2 and 4 as working with temporary script on the server is not really a modification of the server itself. This helps to have a relevant playbook recap at end of execution.

Also, to support idempotency, I have added a changed_when clause:

changed_when: "'changed' in jboss_cli_result.stdout"

Whenever a jboss cli script is logging “changed”, associate Ansible task will be showed as changed.


As I can’t have only one template for all jboss-cli operations, I decided to name template with the operation name. So far, the role is supporting the following operations:

  • For operation starting with an address (ie. /subsystem=elytron… ):
    • add-alias.j2
    • add-handler.j2
    • add.j2
    • remove-handler.j2
    • remove.j2
    • undefine-attribute.j2
    • write-attribute.j2
  • For other kind of operations (ie. starting with a keyword and not slash):
    • datasource-add.j2
    • deploy.j2
    • echo.j2
    • module-add.j2
    • reload.j2
    • security.j2

As add and remove resource are very similar templates, they are symbolic link to another common file ( _ressource.j2). We will not cover all templates in the blog, so let’s focus on one.

Deploy a Java Application

Deploying a Java application consist of following steps:

  1. Create a folder to store the file on remote server
  2. Copy the file in it
  3. Deploy it in JBoss-EAP/WildFly

Calling the jboss-cli role will look like this:

- name: Deploy WebApp
    name: "deploy webapp"
      - deploy_webapp:
        operation: "deploy"
        parameters: "{{ deployments }}"
    name: "jboss-cli"

Where deployments is a list of Java applications (ear, war) to deploy.

Parameters for deployment are limited compared to other operations:

  • operation to specify what we are going to do. This is also indicating which Jinja template to use.
  • parameters: The list of files to deploy. It is a list of full path to files.

deploy.j2 file contains the following code:

{% for dep in operation.parameters %}
{% set filename = (dep |basename) %}
{% set path_to_file = webapp_folder + '/' + filename %}
if (outcome != success) of /deployment={{ filename }}:read-resource()
    deploy {{ path_to_file }}
    echo changed
    echo nochange
{% endfor %}

Line 1: Instead of using loop in Ansible, I found it more convenient to do loop in template itself.

Line 2 and 3: I am populating variables so that jboss-cli commands to make the code a bit easier to read.

Line 4 to 9 are jboss-cli commands.

  • Line 4: We are reading-resource. If this fails (outcome different from success), …
  • We deploy Java application (line 5) and write “changed” to script output
  • Or else (line 7), application already exists and we echo nochange.

Such role will output the following lines:

TASK [deploy-webapp : Include deploy-webapp-WildFly role] **************************
Friday 25 November 2022  06:56:54 +0000 (0:00:01.161)       0:02:31.697 *******
included: /workspace/yak/components/middleware_webserver/roles/deploy-webapp/tasks/deploy-webapp-WildFly.yml for oci_dbi_test/srv-linux-mdw-ols-1/WILDFLY

TASK [deploy-webapp : Call common tasks] **************************
Friday 25 November 2022  06:56:54 +0000 (0:00:00.105)       0:02:31.802 *******
included: /workspace/yak/components/middleware_webserver/roles/deploy-webapp/tasks/deploy-webapp-JBoss-WildFly-common.yml for oci_dbi_test/srv-linux-mdw-ols-1/WILDFLY

TASK [deploy-webapp : Create /app/installers/webapp folders] **************************
Friday 25 November 2022  06:56:54 +0000 (0:00:00.146)       0:02:31.949 *******
changed: [oci_dbi_test/srv-linux-mdw-ols-1/WILDFLY]

TASK [deploy-webapp : Copy File] **********************************
Friday 25 November 2022  06:56:55 +0000 (0:00:00.556)       0:02:32.505 *******
changed: [oci_dbi_test/srv-linux-mdw-ols-1/WILDFLY] => (item=/workspace/.ssh/helloworld.war)

TASK [Deploy WebApp] **********************************************
Friday 25 November 2022  06:56:56 +0000 (0:00:00.970)       0:02:33.476 *******

TASK [jboss-cli : Create Temporary Script] *****************************************
Friday 25 November 2022  06:56:56 +0000 (0:00:00.111)       0:02:33.587 *******
ok: [oci_dbi_test/srv-linux-mdw-ols-1/WILDFLY]

TASK [jboss-cli : Write Operations into Script] ************************************
Friday 25 November 2022  06:56:56 +0000 (0:00:00.503)       0:02:34.091 *******
ok: [oci_dbi_test/srv-linux-mdw-ols-1/WILDFLY] => (item=deploy on deploy)

TASK [jboss-cli : Run Script deploy webapp] ****************************************
Friday 25 November 2022  06:56:57 +0000 (0:00:00.802)       0:02:34.894 *******
changed: [oci_dbi_test/srv-linux-mdw-ols-1/WILDFLY]

TASK [jboss-cli : Debug] ******************************************
Friday 25 November 2022  06:57:00 +0000 (0:00:03.175)       0:02:38.070 *******
skipping: [oci_dbi_test/srv-linux-mdw-ols-1/WILDFLY]

TASK [jboss-cli : Remove Temporary Script] *****************************************
Friday 25 November 2022  06:57:00 +0000 (0:00:00.070)       0:02:38.140 *******
skipping: [oci_dbi_test/srv-linux-mdw-ols-1/WILDFLY]

Next Steps

For this particular operation, we could imagine to implement a “force” option, whenever we want to overwrite the deployed webapp. I could also remove deployed web application when they are not declared in host variables.

For now, the role already support enough operation to be able to install and configure a JBoss or WildFly server with dbi services best practices. The component also takes care of configuring datasource with associated driver as well as SSL setup for administration console and web application secured access.

Role also supports JBoss-EAP or WildFly indifferently.