Hi, I am using Ansible role robertdebock.tomcat to install Tomcat. This role uses archives from the Tomcat site to install Tomcat. I have always thought that this is a fine approach but the customer has pointed out that a package install is preferred because it makes installing security updates easier. This customer uses Ubuntu 18.04 and the position of the InfraOps engineers is that installing Tomcat from the official Ubuntu repository is always preferred.
I don't know how exactly using apt packages makes life a lot easier when it comes to security updates. I think it depends. If Ansible manages the version it looks more or less the same to me. The Ansible role would have an var for example tomcat_version and the value would determine the what version is on the system. Updating Tomcat using Ansible would be same proces: update tomcat_version var and provision the node. When Ansible is not managing the version but is used for example only for the initial install using Ansible package module it becomes a bit of a puzzle to figure out how this would work. And also would have some drawbacks. Ansible is good at configuration management and orchestration for example. Apt not really. What is the position / what are the thoughts on this in the Tomcat community? On the Tomcat website I could find no information on package install. I don't think a recommended installation approach is mentioned there. Thanks and Regards, Onno
