forked from evolix/ansible-roles
evoadmin/packweb: end of first pass
This commit is contained in:
parent
fe32d691b8
commit
2084e2e53e
|
@ -4,11 +4,34 @@
|
||||||
state: present
|
state: present
|
||||||
with_items:
|
with_items:
|
||||||
- apache2
|
- apache2
|
||||||
|
- apache2-mpm-prefork
|
||||||
- apachetop
|
- apachetop
|
||||||
- libwww-perl
|
- libwww-perl
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
|
||||||
|
- name: manually disable mpm_event
|
||||||
|
command: a2dismod mpm_event
|
||||||
|
register: cmd_disable_event
|
||||||
|
changed_when: "'Module mpm_event already disabled' not in cmd_disable_event.stdout"
|
||||||
|
|
||||||
|
- name: manually enable mpm_prefork
|
||||||
|
command: a2enmod mpm_prefork
|
||||||
|
register: cmd_disable_prefork
|
||||||
|
changed_when: "'Module mpm_prefork already enabled' not in cmd_disable_prefork.stdout"
|
||||||
|
|
||||||
|
# With Ansible 2.2 the module check the config for conflicts
|
||||||
|
# With 2.3 it can be disabled.
|
||||||
|
# https://docs.ansible.com/ansible/apache2_module_module.html
|
||||||
|
# - name: mpm_event modules is disabled
|
||||||
|
# apache2_module:
|
||||||
|
# name: '{{ item }}'
|
||||||
|
# state: absent
|
||||||
|
# with_items:
|
||||||
|
# - mpm_event
|
||||||
|
# tags:
|
||||||
|
# - apache
|
||||||
|
|
||||||
- name: basic modules are enabled
|
- name: basic modules are enabled
|
||||||
apache2_module:
|
apache2_module:
|
||||||
name: '{{ item }}'
|
name: '{{ item }}'
|
||||||
|
@ -17,7 +40,6 @@
|
||||||
- rewrite
|
- rewrite
|
||||||
- expires
|
- expires
|
||||||
- headers
|
- headers
|
||||||
- rewrite
|
|
||||||
- cgi
|
- cgi
|
||||||
- ssl
|
- ssl
|
||||||
tags:
|
tags:
|
||||||
|
|
11
evoadmin/defaults/main.yml
Normal file
11
evoadmin/defaults/main.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
general_alert_email: "root@localhost"
|
||||||
|
evoadmin_contact_email: Null
|
||||||
|
evoadmin_bounce_email: "{{ evoadmin_contact_email }}"
|
||||||
|
|
||||||
|
evoadmin_home_dir: "/home/{{ evoadmin_username }}"
|
||||||
|
evoadmin_document_root: "{{ evoadmin_home_dir }}/www"
|
||||||
|
evoadmin_scripts_dir: /usr/share/scripts/evoadmin/
|
||||||
|
evoadmin_host: "evoadmin.{{ ansible_fqdn }}"
|
||||||
|
evoadmin_username: evoadmin
|
||||||
|
evoadmin_ssl_subject: "/CN={{ ansible_fqdn }}"
|
12
evoadmin/files/evolinux.conf.diff
Normal file
12
evoadmin/files/evolinux.conf.diff
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
--- evolinux.conf 2015-04-09 16:39:41.862242460 +0200
|
||||||
|
+++ evolinux.conf 2015-04-09 16:51:11.902241748 +0200
|
||||||
|
@@ -23,7 +23,5 @@
|
||||||
|
# Allow RESUME (REST command)
|
||||||
|
AllowStoreRestart on
|
||||||
|
|
||||||
|
-<Limit LOGIN>
|
||||||
|
- AllowGroup ftpusers
|
||||||
|
- DenyAll
|
||||||
|
-</Limit>
|
||||||
|
+AuthOrder mod_auth_file.c
|
||||||
|
+AuthUserFile /etc/proftpd/vpasswd
|
6
evoadmin/handlers/main.yml
Normal file
6
evoadmin/handlers/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: reload apache2
|
||||||
|
service:
|
||||||
|
name: apache2
|
||||||
|
state: reloaded
|
17
evoadmin/tasks/config.yml
Normal file
17
evoadmin/tasks/config.yml
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: "Create /etc/evolinux"
|
||||||
|
file:
|
||||||
|
dest: "/etc/evolinux"
|
||||||
|
recurse: yes
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Configure web-add config file
|
||||||
|
template:
|
||||||
|
src: web-add.conf.j2
|
||||||
|
dest: /etc/evolinux/web-add.conf
|
||||||
|
|
||||||
|
- name: Configure web-add template file for mail
|
||||||
|
template:
|
||||||
|
src: web-mail.tpl.j2
|
||||||
|
dest: "{{ evoadmin_scripts_dir }}/web-mail.tpl"
|
24
evoadmin/tasks/ftp.yml
Normal file
24
evoadmin/tasks/ftp.yml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Verify if proftpd has evolinux config file
|
||||||
|
stat:
|
||||||
|
path: /etc/proftpd/conf.d/z-evolinux.conf
|
||||||
|
register: proftpd_config
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: Patch ProFTPd config file
|
||||||
|
patch:
|
||||||
|
remote_src: no
|
||||||
|
src: evolinux.conf.diff
|
||||||
|
dest: /etc/proftpd/conf.d/z-evolinux.conf
|
||||||
|
# Why 440? Because should be edited with ftpasswd.
|
||||||
|
# So, readonly when opened with vim.
|
||||||
|
# Then readable by group.
|
||||||
|
- name: Create /etc/proftpd/vpasswd file in 0440 mode
|
||||||
|
file:
|
||||||
|
state: touch
|
||||||
|
path: /etc/proftpd/vpasswd
|
||||||
|
mode: "0440"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
when: proftpd_config.stat.exists
|
13
evoadmin/tasks/main.yml
Normal file
13
evoadmin/tasks/main.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- include: packages.yml
|
||||||
|
|
||||||
|
- include: user.yml
|
||||||
|
|
||||||
|
- include: config.yml
|
||||||
|
|
||||||
|
- include: ssl.yml
|
||||||
|
|
||||||
|
- include: web.yml
|
||||||
|
|
||||||
|
- include: ftp.yml
|
17
evoadmin/tasks/packages.yml
Normal file
17
evoadmin/tasks/packages.yml
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- include_role:
|
||||||
|
name: apt-repositories
|
||||||
|
tasks_from: evolix_public.yml
|
||||||
|
|
||||||
|
- meta: flush_handlers
|
||||||
|
|
||||||
|
- name: Install PHP packages
|
||||||
|
apt:
|
||||||
|
name: '{{ item }}'
|
||||||
|
state: present
|
||||||
|
allow_unauthenticated: yes
|
||||||
|
with_items:
|
||||||
|
- php-pear
|
||||||
|
- php-log
|
||||||
|
- php5-pam
|
24
evoadmin/tasks/ssl.yml
Normal file
24
evoadmin/tasks/ssl.yml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
- name: ssl-cert package is installed
|
||||||
|
apt:
|
||||||
|
name: ssl-cert
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Create private key and csr for default site ({{ ansible_fqdn }})
|
||||||
|
command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ evoadmin_host }}.key -out /etc/ssl/{{ evoadmin_host }}.csr -batch -subj "{{ evoadmin_ssl_subject }}"
|
||||||
|
args:
|
||||||
|
creates: "/etc/ssl/private/{{ evoadmin_host }}.key"
|
||||||
|
|
||||||
|
- name: Adjust rights on private key
|
||||||
|
file:
|
||||||
|
path: /etc/ssl/private/{{ evoadmin_host }}.key
|
||||||
|
owner: root
|
||||||
|
group: ssl-cert
|
||||||
|
mode: "0640"
|
||||||
|
|
||||||
|
- name: Create certificate for default site
|
||||||
|
command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ evoadmin_host }}.csr -signkey /etc/ssl/private/{{ evoadmin_host }}.key -out /etc/ssl/certs/{{ evoadmin_host }}.crt
|
||||||
|
args:
|
||||||
|
creates: "/etc/ssl/certs/{{ evoadmin_host }}.crt"
|
60
evoadmin/tasks/user.yml
Normal file
60
evoadmin/tasks/user.yml
Normal file
|
@ -0,0 +1,60 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Create evoadmin account
|
||||||
|
user:
|
||||||
|
name: evoadmin
|
||||||
|
comment: "Evoadmin Web Account"
|
||||||
|
home: "{{ evoadmin_home_dir}}"
|
||||||
|
password: "!"
|
||||||
|
|
||||||
|
- name: Create www-evoadmin group
|
||||||
|
group:
|
||||||
|
name: www-evoadmin
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Install Git
|
||||||
|
apt:
|
||||||
|
name: git
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Clone evoadmin repository
|
||||||
|
git:
|
||||||
|
repo: https://forge.evolix.org/evoadmin-web.git
|
||||||
|
dest: "{{ evoadmin_document_root}}"
|
||||||
|
update: no
|
||||||
|
# Warning: Need sudo!
|
||||||
|
become_user: "{{ evoadmin_username }}"
|
||||||
|
|
||||||
|
- name: "Create {{ evoadmin_scripts_dir }}"
|
||||||
|
file:
|
||||||
|
dest: "{{ evoadmin_scripts_dir }}"
|
||||||
|
# recurse: yes
|
||||||
|
mode: "0700"
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Install scripts like web-add.sh
|
||||||
|
shell: "cp {{ evoadmin_document_root}}/scripts/* {{ evoadmin_scripts_dir }}/"
|
||||||
|
args:
|
||||||
|
creates: "{{ evoadmin_scripts_dir }}/web-add.sh"
|
||||||
|
|
||||||
|
# we use a shell command to have a "changed" thet really reflects the result.
|
||||||
|
- name: Fix permissions
|
||||||
|
shell: "test -f {{ item }} && chmod -R --verbose u=rwX,g=rX,o= {{ item }}"
|
||||||
|
register: command_result
|
||||||
|
changed_when: "'changed' in command_result.stdout"
|
||||||
|
failed_when: False
|
||||||
|
with_items:
|
||||||
|
- "{{ evoadmin_home_dir}}/www"
|
||||||
|
|
||||||
|
- name: Add www-evoadmin to group shadow
|
||||||
|
user:
|
||||||
|
name: www-evoadmin
|
||||||
|
groups: shadow
|
||||||
|
append: yes
|
||||||
|
|
||||||
|
- name: Add evoadmin sudoers file
|
||||||
|
template:
|
||||||
|
src: sudoers.j2
|
||||||
|
dest: /etc/sudoers.d/evoadmin
|
||||||
|
mode: "0600"
|
||||||
|
validate: "visudo -cf %s"
|
33
evoadmin/tasks/web.yml
Normal file
33
evoadmin/tasks/web.yml
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Set default values in /etc/php5/apache2/conf.d/z-evolinux_defaults.ini
|
||||||
|
ini_file:
|
||||||
|
dest: /etc/php5/apache2/conf.d/z-evolinux_defaults.ini
|
||||||
|
section: PHP
|
||||||
|
option: "disable_functions"
|
||||||
|
value: "shell-exec,system,passthru,putenv,popen"
|
||||||
|
notify: reload apache
|
||||||
|
|
||||||
|
|
||||||
|
- name: Install evoadmin VHost
|
||||||
|
template:
|
||||||
|
src: evoadmin.conf.j2
|
||||||
|
dest: /etc/apache2/sites-available/evoadmin.conf
|
||||||
|
notify: reload apache2
|
||||||
|
|
||||||
|
- name: Enable evoadmin vhost
|
||||||
|
command: "a2ensite evoadmin.conf"
|
||||||
|
register: cmd_a2ensite
|
||||||
|
changed_when: "'Enabling site' in cmd_a2ensite.stdout"
|
||||||
|
notify: reload apache2
|
||||||
|
|
||||||
|
- name: Copy config file for evoadmin
|
||||||
|
copy:
|
||||||
|
src: config.local.php
|
||||||
|
dest: "{{ evoadmin_home_dir}}/www/conf/"
|
||||||
|
mode: "0644"
|
||||||
|
|
||||||
|
- name: add www-evoadmin to shadow group
|
||||||
|
user:
|
||||||
|
name: www-evoadmin
|
||||||
|
groups: shadow
|
60
evoadmin/templates/evoadmin.conf.j2
Normal file
60
evoadmin/templates/evoadmin.conf.j2
Normal file
|
@ -0,0 +1,60 @@
|
||||||
|
<VirtualHost *:80>
|
||||||
|
ServerName {{ evoadmin_host }}
|
||||||
|
Redirect permanent / https://{{ evoadmin_host }}/
|
||||||
|
</VirtualHost>
|
||||||
|
|
||||||
|
<VirtualHost *:443>
|
||||||
|
|
||||||
|
# FQDN principal
|
||||||
|
ServerName {{ evoadmin_host }}
|
||||||
|
#ServerAlias {{ evoadmin_host }}
|
||||||
|
|
||||||
|
# Repertoire principal
|
||||||
|
DocumentRoot /home/evoadmin/www/htdocs/
|
||||||
|
|
||||||
|
# SSL
|
||||||
|
SSLEngine on
|
||||||
|
SSLCertificateFile /etc/ssl/certs/{{ evoadmin_host }}.crt
|
||||||
|
SSLCertificateKeyFile /etc/ssl/private/{{ evoadmin_host }}.key
|
||||||
|
SSLProtocol all -SSLv2 -SSLv3
|
||||||
|
|
||||||
|
# Propriete du repertoire
|
||||||
|
<Directory /home/evoadmin/www/htdocs/>
|
||||||
|
#Options Indexes SymLinksIfOwnerMatch
|
||||||
|
Options SymLinksIfOwnerMatch
|
||||||
|
AllowOverride AuthConfig Limit FileInfo
|
||||||
|
Require all granted
|
||||||
|
</Directory>
|
||||||
|
|
||||||
|
# user - group (thanks to sesse@debian.org)
|
||||||
|
AssignUserID www-evoadmin evoadmin
|
||||||
|
|
||||||
|
# LOG
|
||||||
|
CustomLog /var/log/apache2/access.log combined
|
||||||
|
CustomLog /home/evoadmin/log/access.log combined
|
||||||
|
ErrorLog /home/evoadmin/log/error.log
|
||||||
|
|
||||||
|
# AWSTATS
|
||||||
|
SetEnv AWSTATS_FORCE_CONFIG evoadmin
|
||||||
|
|
||||||
|
# REWRITE
|
||||||
|
UseCanonicalName On
|
||||||
|
RewriteEngine On
|
||||||
|
RewriteCond %{HTTP_HOST} !^{{ evoadmin_host }}$
|
||||||
|
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]
|
||||||
|
|
||||||
|
# PHP
|
||||||
|
#php_admin_flag engine off
|
||||||
|
#AddType text/html .html
|
||||||
|
#php_admin_flag display_errors On
|
||||||
|
#php_flag short_open_tag On
|
||||||
|
#php_flag register_globals On
|
||||||
|
#php_admin_value memory_limit 256M
|
||||||
|
#php_admin_value max_execution_time 60
|
||||||
|
#php_admin_value upload_max_filesize 8M
|
||||||
|
#php_admin_flag allow_url_fopen Off
|
||||||
|
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f www-evoadmin"
|
||||||
|
php_admin_value error_log "/home/evoadmin/log/php.log"
|
||||||
|
php_admin_value open_basedir "none"
|
||||||
|
|
||||||
|
</VirtualHost>
|
3
evoadmin/templates/sudoers.j2
Normal file
3
evoadmin/templates/sudoers.j2
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
User_Alias EVOADMIN = www-evoadmin
|
||||||
|
Cmnd_Alias EVOADMIN_WEB = {{ evoadmin_scripts_dir | mandatory }}/web-*.sh, {{ evoadmin_scripts_dir | mandatory }}/ftpadmin.sh
|
||||||
|
EVOADMIN ALL=NOPASSWD: EVOADMIN_WEB
|
2
evoadmin/templates/web-add.conf.j2
Normal file
2
evoadmin/templates/web-add.conf.j2
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
CONTACT_MAIL="{{ evoadmin_contact_email or general_alert_email | mandatory }}"
|
||||||
|
WWWBOUNCE_MAIL="{{ evoadmin_bounce_email or general_alert_email | mandatory }}"
|
86
evoadmin/templates/web-mail.tpl.j2
Normal file
86
evoadmin/templates/web-mail.tpl.j2
Normal file
|
@ -0,0 +1,86 @@
|
||||||
|
From: %MAIL_FROM%
|
||||||
|
To: RCPTTO
|
||||||
|
Bcc: %MAIL_BCC%
|
||||||
|
Subject: Parametres hebergement web : LOGIN
|
||||||
|
|
||||||
|
Bonjour,
|
||||||
|
|
||||||
|
Votre compte d'hebergement web a ete cree.
|
||||||
|
|
||||||
|
**********************************
|
||||||
|
* CONNEXION SFTP/SSH
|
||||||
|
**********************************
|
||||||
|
|
||||||
|
NOM DU SERVEUR : %SERVER_NAME%
|
||||||
|
USER : LOGIN
|
||||||
|
PASSWORD : PASSE1
|
||||||
|
|
||||||
|
*****************************************
|
||||||
|
* Details sur l'environnement Apache/PHP
|
||||||
|
*****************************************
|
||||||
|
|
||||||
|
URL du site :
|
||||||
|
http://SERVERNAME
|
||||||
|
|
||||||
|
URL des stats :
|
||||||
|
http://SERVERNAME/cgi-RANDOM/awstats.pl
|
||||||
|
(acces par IP ou login a demander !)
|
||||||
|
|
||||||
|
Repertoire de connexion : HOME_DIR/LOGIN/
|
||||||
|
Repertoire pour site web : HOME_DIR/LOGIN/www/
|
||||||
|
|
||||||
|
Apache/PHP tourne en www-LOGIN:LOGIN c'est-a-dire qu'il a acces
|
||||||
|
uniquement *en lecture* aux differents fichiers/repertoires
|
||||||
|
(a condition d'avoir 'g=rx' sur les repertoires et 'g=r' sur les
|
||||||
|
fichiers ce qui est le comportement par defaut).
|
||||||
|
|
||||||
|
Lorsqu'on a besoin d'autoriser *l'ecriture* pour certains
|
||||||
|
fichiers/repertoires, il suffit d'ajouter le droit 'g+w'.
|
||||||
|
|
||||||
|
***********************************
|
||||||
|
* MySQL
|
||||||
|
***********************************
|
||||||
|
|
||||||
|
SERVEUR : 127.0.0.1
|
||||||
|
PORT DU SERVEUR : 3306
|
||||||
|
USER : LOGIN
|
||||||
|
PASSWORD : PASSE2
|
||||||
|
NOM BASE : DBNAME
|
||||||
|
URL interface d'admin :
|
||||||
|
%PMA_URL%
|
||||||
|
|
||||||
|
***********************************
|
||||||
|
* Rappels divers
|
||||||
|
***********************************
|
||||||
|
|
||||||
|
Votre nom de domaine doit etre configure pour pointer
|
||||||
|
sur l'adresse IP %SERVER_ADDR% (enregistrement DNS A)
|
||||||
|
ou etre un alias de %SERVER_NAME% (enregistrement DNS CNAME).
|
||||||
|
|
||||||
|
Si vous avez besoin de faire des tests, vous devez
|
||||||
|
ajouter la ligne suivante au fichier "/etc/hosts" sous Linux/Unix
|
||||||
|
ou au fichier "system32\drivers\etc\hosts" sous Windows NT/XP :
|
||||||
|
%SERVER_ADDR% SERVERNAME
|
||||||
|
|
||||||
|
Attention, par defaut, toutes les connexions vers l'exterieur
|
||||||
|
sont bloquees. Si vous avez besoin de recuperer des donnees
|
||||||
|
a l'exterieur (flux RSS, BDD externe, etc.), contactez nous
|
||||||
|
afin de mettre en oeuvre les autorisations necessaires.
|
||||||
|
|
||||||
|
Afin de securiser au maximum le serveur, certaines URL
|
||||||
|
particulieres sont non autorisees pour eviter diverses
|
||||||
|
attaques (XSS, robots, trojans, injections, etc.).
|
||||||
|
Exemple d'URL refusee :
|
||||||
|
http://SERVERNAME/cmd32.exe
|
||||||
|
En cas de soucis avec votre application, prevenez-nous.
|
||||||
|
|
||||||
|
Si vous desirez mettre en place des parametres particuliers
|
||||||
|
pour votre site (PHP, etc.) ou pour tout autre demande (scripts en crontab,
|
||||||
|
etc.), n'hesitez pas a nous contacter a l'adresse
|
||||||
|
%MAIL_STANDARD% (ou %MAIL_URGENT% si votre demande est
|
||||||
|
urgente).
|
||||||
|
|
||||||
|
|
||||||
|
Cordialement,
|
||||||
|
--
|
||||||
|
%FOOTER%
|
|
@ -2,3 +2,4 @@
|
||||||
# defaults file for packweb-apache
|
# defaults file for packweb-apache
|
||||||
general_alert_email: "root@localhost"
|
general_alert_email: "root@localhost"
|
||||||
log2mail_alert_email: Null
|
log2mail_alert_email: Null
|
||||||
|
packweb_install_evoadmin: True
|
||||||
|
|
0
packweb-apache/files/log/access.log
Normal file
0
packweb-apache/files/log/access.log
Normal file
0
packweb-apache/files/log/error.log
Normal file
0
packweb-apache/files/log/error.log
Normal file
38
packweb-apache/files/userlogrotate
Normal file
38
packweb-apache/files/userlogrotate
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
DATE=`/bin/date +"%d-%m-%Y"`
|
||||||
|
HOMEPREFIX="/home"
|
||||||
|
|
||||||
|
rotate () {
|
||||||
|
mv $1 $1.$DATE
|
||||||
|
gzip $1.$DATE
|
||||||
|
touch $1
|
||||||
|
chown $2 $1
|
||||||
|
chmod g+r $1
|
||||||
|
}
|
||||||
|
|
||||||
|
user_for() {
|
||||||
|
homedir=`echo $1 | sed "s#\($HOMEPREFIX/\([^/]\+\)\).*#\1#"`
|
||||||
|
stat -L -c '%G' $homedir
|
||||||
|
}
|
||||||
|
|
||||||
|
for log in access.log access-*.log error.log; do
|
||||||
|
for i in `ls -1 -d $HOMEPREFIX/*/log/$log 2>/dev/null | grep -v \.bak\.`; do
|
||||||
|
USER=`user_for $i`
|
||||||
|
rotate $i root:$USER
|
||||||
|
done
|
||||||
|
done
|
||||||
|
|
||||||
|
for i in `ls -1 -d $HOMEPREFIX/*/log/php.log 2>/dev/null | grep -v \.bak\.`; do
|
||||||
|
USER=`user_for $i`
|
||||||
|
rotate $i www-$USER:$USER
|
||||||
|
done
|
||||||
|
|
||||||
|
for log in production.log delayed_job.log development.log test.log; do
|
||||||
|
for i in `ls -1 -d $HOMEPREFIX/*/www/{,current/}log/$log 2>/dev/null | grep -v \.bak\.`; do
|
||||||
|
USER=`user_for $i`
|
||||||
|
rotate $i $USER:$USER
|
||||||
|
done
|
||||||
|
done
|
||||||
|
|
||||||
|
apache2ctl restart > /dev/null
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
- name: Include apache role
|
- name: Include apache role
|
||||||
include_role:
|
include_role:
|
||||||
name: "{{ roles }}/apache"
|
name: "apache"
|
||||||
|
|
||||||
- name: Add elements to user account template
|
- name: Add elements to user account template
|
||||||
file:
|
file:
|
||||||
|
@ -13,8 +13,22 @@
|
||||||
- { path: log, mode: "0750", state: directory }
|
- { path: log, mode: "0750", state: directory }
|
||||||
- { path: awstats, mode: "0750", state: directory }
|
- { path: awstats, mode: "0750", state: directory }
|
||||||
- { path: www, mode: "0750", state: directory }
|
- { path: www, mode: "0750", state: directory }
|
||||||
- { path: log/access.log, mode: "0644", state: touch }
|
|
||||||
- { path: log/error.log, mode: "0644", state: touch }
|
- name: Copy apache empty log files if missing
|
||||||
|
copy:
|
||||||
|
src: "log/{{ item }}"
|
||||||
|
dest: "/etc/skel/log/{{ item }}"
|
||||||
|
mode: "0644"
|
||||||
|
force: no
|
||||||
|
with_items:
|
||||||
|
- access.log
|
||||||
|
- error.log
|
||||||
|
|
||||||
|
- name: Install userlogrotate
|
||||||
|
copy:
|
||||||
|
src: userlogrotate
|
||||||
|
dest: /etc/cron.weekly/userlogrotate
|
||||||
|
mode: "0755"
|
||||||
|
|
||||||
- name: Force DIR_MODE to 0750 in /etc/adduser.conf
|
- name: Force DIR_MODE to 0750 in /etc/adduser.conf
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -107,9 +121,14 @@
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
|
||||||
- name: Set default values in /etc/php5/apache2/conf.d/z-evolinux_defaults.ini
|
- name: Set variables for php config files
|
||||||
|
set_fact:
|
||||||
|
php5_apache5_defaults_file: /etc/php5/apache2/conf.d/z-evolinux_defaults.ini
|
||||||
|
php5_apache5_custom_file: /etc/php5/apache2/conf.d/zzz-evolinux_custom.ini
|
||||||
|
|
||||||
|
- name: Set default values for PHP
|
||||||
ini_file:
|
ini_file:
|
||||||
dest: /etc/php5/apache2/conf.d/z-evolinux_defaults.ini
|
dest: "{{ php5_apache5_defaults_file }}"
|
||||||
section: PHP
|
section: PHP
|
||||||
option: "{{ item.option }}"
|
option: "{{ item.option }}"
|
||||||
value: "{{ item.value }}"
|
value: "{{ item.value }}"
|
||||||
|
@ -117,16 +136,31 @@
|
||||||
create: yes
|
create: yes
|
||||||
with_items:
|
with_items:
|
||||||
- { option: "short_open_tag", value: "Off" }
|
- { option: "short_open_tag", value: "Off" }
|
||||||
- { option: "disable_functions", value: "exec, shell-exec, system, passthru, putenv, popen" }
|
|
||||||
- { option: "expose_php", value: "Off" }
|
- { option: "expose_php", value: "Off" }
|
||||||
- { option: "display_errors", value: "Off" }
|
- { option: "display_errors", value: "Off" }
|
||||||
- { option: "log_errors", value: "On" }
|
- { option: "log_errors", value: "On" }
|
||||||
- { option: "allow_url_fopen", value: "Off" }
|
- { option: "allow_url_fopen", value: "Off" }
|
||||||
notify: reload apache
|
notify: reload apache
|
||||||
|
|
||||||
|
- name: Disable PHP exec function without evoadmin
|
||||||
|
ini_file:
|
||||||
|
dest: "{{ php5_apache5_defaults_file }}"
|
||||||
|
section: PHP
|
||||||
|
option: disable_functions
|
||||||
|
value: "exec,shell-exec,system,passthru,putenv,popen"
|
||||||
|
when: not packweb_install_evoadmin
|
||||||
|
|
||||||
|
- name: Don't disable PHP exec function with evoadmin
|
||||||
|
ini_file:
|
||||||
|
dest: "{{ php5_apache5_defaults_file }}"
|
||||||
|
section: PHP
|
||||||
|
option: disable_functions
|
||||||
|
value: "shell-exec,system,passthru,putenv,popen"
|
||||||
|
when: packweb_install_evoadmin
|
||||||
|
|
||||||
- name: Custom php.ini
|
- name: Custom php.ini
|
||||||
copy:
|
copy:
|
||||||
dest: /etc/php5/apache2/conf.d/zzz-evolinux_custom.ini
|
dest: "{{ php5_apache5_custom_file }}"
|
||||||
content: |
|
content: |
|
||||||
# Put customized values here.
|
# Put customized values here.
|
||||||
force: no
|
force: no
|
||||||
|
@ -186,7 +220,7 @@
|
||||||
content: |
|
content: |
|
||||||
Alias /awstats-icon/ /usr/share/awstats/icon/
|
Alias /awstats-icon/ /usr/share/awstats/icon/
|
||||||
<Directory /usr/share/awstats/icon/>
|
<Directory /usr/share/awstats/icon/>
|
||||||
Require All Granted
|
Require all granted
|
||||||
</Directory>
|
</Directory>
|
||||||
force: no
|
force: no
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
@ -275,3 +309,12 @@
|
||||||
- /var/log/debug
|
- /var/log/debug
|
||||||
- /var/log/mail.err
|
- /var/log/mail.err
|
||||||
- /var/log/mail.warn
|
- /var/log/mail.warn
|
||||||
|
|
||||||
|
- name: Install Evoadmin
|
||||||
|
include_role:
|
||||||
|
name: evoadmin
|
||||||
|
when: packweb_install_evoadmin
|
||||||
|
|
||||||
|
- name: Install web-add script
|
||||||
|
include: web-add.yml
|
||||||
|
when: not packweb_install_evoadmin
|
||||||
|
|
3
packweb-apache/tasks/web-add.yml
Normal file
3
packweb-apache/tasks/web-add.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
# TODO: ...
|
Loading…
Reference in a new issue