forked from evolix/ansible-roles
Merge branch 'server-status-suffix' into unstable
This commit is contained in:
commit
316fabeabe
|
@ -12,6 +12,7 @@ apache_evolinux_default_ssl_cert: /etc/ssl/certs/ssl-cert-snakeoil.pem
|
|||
apache_evolinux_default_ssl_key: /etc/ssl/private/ssl-cert-snakeoil.key
|
||||
|
||||
apache_serverstatus_suffix: ""
|
||||
apache_serverstatus_suffix_file: "/etc/evolinux/apache_serverstatus_suffix"
|
||||
|
||||
apache_log2mail_include: True
|
||||
apache_munin_include: True
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
mode: "0640"
|
||||
force: no
|
||||
tags:
|
||||
- apache
|
||||
- apache
|
||||
|
||||
- name: add IP addresses to private IP whitelist
|
||||
lineinfile:
|
||||
|
@ -19,7 +19,7 @@
|
|||
with_items: "{{ apache_ipaddr_whitelist_present }}"
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
- apache
|
||||
|
||||
- name: remove IP addresses from private IP whitelist
|
||||
lineinfile:
|
||||
|
@ -29,7 +29,7 @@
|
|||
with_items: "{{ apache_ipaddr_whitelist_absent }}"
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
- apache
|
||||
|
||||
- name: include private IP whitelist for server-status
|
||||
lineinfile:
|
||||
|
@ -38,7 +38,7 @@
|
|||
insertafter: 'SetHandler server-status'
|
||||
state: present
|
||||
tags:
|
||||
- apache
|
||||
- apache
|
||||
|
||||
- name: Copy private_htpasswd
|
||||
copy:
|
||||
|
@ -50,7 +50,7 @@
|
|||
force: no
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
- apache
|
||||
|
||||
- name: add user:pwd to private htpasswd
|
||||
lineinfile:
|
||||
|
@ -60,7 +60,7 @@
|
|||
with_items: "{{ apache_private_htpasswd_present }}"
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
- apache
|
||||
|
||||
- name: remove user:pwd from private htpasswd
|
||||
lineinfile:
|
||||
|
@ -70,4 +70,4 @@
|
|||
with_items: "{{ apache_private_htpasswd_absent }}"
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
- apache
|
||||
|
|
|
@ -4,6 +4,8 @@
|
|||
apt:
|
||||
name: log2mail
|
||||
state: present
|
||||
tags:
|
||||
- apache
|
||||
|
||||
- name: Add log2mail config for Apache segfaults
|
||||
template:
|
||||
|
@ -13,3 +15,5 @@
|
|||
group: adm
|
||||
mode: "0644"
|
||||
force: no
|
||||
tags:
|
||||
- apache
|
||||
|
|
|
@ -5,14 +5,14 @@
|
|||
name: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
- apache2
|
||||
- libapache2-mpm-itk
|
||||
- libapache2-mod-evasive
|
||||
- apachetop
|
||||
- libwww-perl
|
||||
- apache2
|
||||
- libapache2-mpm-itk
|
||||
- libapache2-mod-evasive
|
||||
- apachetop
|
||||
- libwww-perl
|
||||
tags:
|
||||
- apache
|
||||
- packages
|
||||
- apache
|
||||
- packages
|
||||
when: ansible_distribution_major_version | version_compare('9', '>=')
|
||||
|
||||
- name: packages are installed (jessie)
|
||||
|
@ -20,13 +20,13 @@
|
|||
name: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
- apache2-mpm-itk
|
||||
- libapache2-mod-evasive
|
||||
- apachetop
|
||||
- libwww-perl
|
||||
- apache2-mpm-itk
|
||||
- libapache2-mod-evasive
|
||||
- apachetop
|
||||
- libwww-perl
|
||||
tags:
|
||||
- apache
|
||||
- packages
|
||||
- apache
|
||||
- packages
|
||||
when: ansible_distribution_release == "jessie"
|
||||
|
||||
- name: basic modules are enabled
|
||||
|
@ -34,17 +34,21 @@
|
|||
name: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
- rewrite
|
||||
- expires
|
||||
- headers
|
||||
- cgi
|
||||
- ssl
|
||||
- include
|
||||
- negotiation
|
||||
- alias
|
||||
- rewrite
|
||||
- expires
|
||||
- headers
|
||||
- cgi
|
||||
- ssl
|
||||
- include
|
||||
- negotiation
|
||||
- alias
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
- apache
|
||||
|
||||
- include: server_status.yml
|
||||
tags:
|
||||
- apache
|
||||
|
||||
- name: Copy Apache defaults config file
|
||||
copy:
|
||||
|
@ -75,19 +79,23 @@
|
|||
dest: /etc/apache2/mods-enabled/status.conf
|
||||
state: absent
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
|
||||
- name: Ensure Apache config files are enabled
|
||||
command: "a2enconf {{ item }}"
|
||||
register: command_result
|
||||
changed_when: "'Enabling' in command_result.stderr"
|
||||
with_items:
|
||||
- z-evolinux-defaults.conf
|
||||
- zzz-evolinux-custom.conf
|
||||
- z-evolinux-defaults.conf
|
||||
- zzz-evolinux-custom.conf
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
- apache
|
||||
|
||||
- include: auth.yml
|
||||
tags:
|
||||
- apache
|
||||
|
||||
- name: default vhost is installed
|
||||
template:
|
||||
|
@ -97,7 +105,7 @@
|
|||
force: no
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
- apache
|
||||
|
||||
- name: default vhost is enabled
|
||||
file:
|
||||
|
@ -108,7 +116,7 @@
|
|||
notify: reload apache
|
||||
when: apache_evolinux_default_enabled
|
||||
tags:
|
||||
- apache
|
||||
- apache
|
||||
|
||||
- name: is umask already present?
|
||||
command: "grep -E '^umask ' /etc/apache2/envvars"
|
||||
|
@ -117,7 +125,7 @@
|
|||
register: envvar_grep_umask
|
||||
check_mode: no
|
||||
tags:
|
||||
- apache
|
||||
- apache
|
||||
|
||||
- name: Add a mark in envvars for umask
|
||||
blockinfile:
|
||||
|
@ -129,12 +137,12 @@
|
|||
umask 007
|
||||
when: envvar_grep_umask.rc != 0
|
||||
tags:
|
||||
- apache
|
||||
- apache
|
||||
|
||||
- include_role:
|
||||
name: remount-usr
|
||||
tags:
|
||||
- apache
|
||||
- apache
|
||||
|
||||
- name: "Install save_apache_status.sh"
|
||||
copy:
|
||||
|
@ -142,9 +150,15 @@
|
|||
dest: /usr/share/scripts/save_apache_status.sh
|
||||
mode: "0755"
|
||||
force: no
|
||||
tags:
|
||||
- apache
|
||||
|
||||
- include: log2mail.yml
|
||||
when: apache_log2mail_include
|
||||
tags:
|
||||
- apache
|
||||
|
||||
- include: munin.yml
|
||||
when: apache_munin_include
|
||||
tags:
|
||||
- apache
|
||||
|
|
29
apache/tasks/server_status.yml
Normal file
29
apache/tasks/server_status.yml
Normal file
|
@ -0,0 +1,29 @@
|
|||
---
|
||||
|
||||
- name: set apache serverstatus suffix if provided
|
||||
shell: "echo {{ apache_serverstatus_suffix }} > {{ apache_serverstatus_suffix_file }}"
|
||||
when: apache_serverstatus_suffix != ""
|
||||
|
||||
- name: generate random string for server-status suffix
|
||||
shell: "apg -a 1 -M N -n 1 > {{ apache_serverstatus_suffix_file }}"
|
||||
args:
|
||||
creates: "{{ apache_serverstatus_suffix_file }}"
|
||||
|
||||
- name: read apache server status suffix
|
||||
command: "tail -n 1 {{ apache_serverstatus_suffix_file }}"
|
||||
changed_when: False
|
||||
check_mode: no
|
||||
register: new_apache_serverstatus_suffix
|
||||
|
||||
- name: overwrite apache_serverstatus_suffix
|
||||
set_fact:
|
||||
apache_serverstatus_suffix: "{{ new_apache_serverstatus_suffix.stdout }}"
|
||||
|
||||
- debug:
|
||||
var: apache_serverstatus_suffix
|
||||
|
||||
- name: replace server-status suffix in default site index
|
||||
replace:
|
||||
dest: /var/www/index.html
|
||||
regexp: '__SERVERSTATUS_SUFFIX__'
|
||||
replace: "{{ apache_serverstatus_suffix }}"
|
|
@ -53,7 +53,7 @@
|
|||
</Location>
|
||||
|
||||
<IfModule mod_status.c>
|
||||
<Location /server-status>
|
||||
<Location /server-status-{{ apache_serverstatus_suffix | mandatory }}>
|
||||
SetHandler server-status
|
||||
include /etc/apache2/ipaddr_whitelist.conf
|
||||
Require local
|
||||
|
@ -112,7 +112,7 @@
|
|||
LogLevel warn
|
||||
|
||||
<IfModule mod_status.c>
|
||||
<Location /server-status>
|
||||
<Location /server-status-{{ apache_serverstatus_suffix | mandatory }}>
|
||||
SetHandler server-status
|
||||
include /etc/apache2/ipaddr_whitelist.conf
|
||||
Require local
|
||||
|
|
|
@ -21,6 +21,10 @@ evolinux_apt_public_sources: True
|
|||
evolinux_apt_upgrade: True
|
||||
evolinux_apt_remove_aptitude: True
|
||||
|
||||
# etc-evolinux
|
||||
|
||||
evolinux_etcevolinux_include: True
|
||||
|
||||
# etc-git
|
||||
|
||||
evolinux_etcgit_include: True
|
||||
|
|
9
evolinux-base/tasks/etc-evolinux.yml
Normal file
9
evolinux-base/tasks/etc-evolinux.yml
Normal file
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
|
||||
- name: /etc/evolinux exists
|
||||
file:
|
||||
dest: /etc/evolinux
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0700"
|
||||
state: directory
|
|
@ -19,6 +19,10 @@
|
|||
name: etc-git
|
||||
when: evolinux_etcgit_include
|
||||
|
||||
- name: /etc/evolinux base
|
||||
include: etc-evolinux.yml
|
||||
when: evolinux_etcevolinux_include
|
||||
|
||||
- name: Hostname
|
||||
include: hostname.yml
|
||||
when: evolinux_hostname_include
|
||||
|
|
|
@ -58,7 +58,7 @@
|
|||
|
||||
<ul id="evolinks">
|
||||
<li><a href="/munin/{{ ansible_domain }}/{{ ansible_fqdn }}/">Stats système</a></li>
|
||||
<li><a href="/server-status">Server Status</a></li>
|
||||
<li><a href="/server-status-__SERVERSTATUS_SUFFIX__">Server Status</a></li>
|
||||
<!-- <li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li> -->
|
||||
<!-- <li><a href="/mysqlreport.html">Dernier rapport MySQL Tuner</a></li> -->
|
||||
<!-- <li><a href="/cgi-bin/awstats.pl">Stats web</a></li> -->
|
||||
|
|
|
@ -16,4 +16,6 @@ nginx_default_redirect_url: "http://evolix.fr"
|
|||
nginx_evolinux_default_enabled: True
|
||||
|
||||
# nginx_phpmyadmin_suffix: ""
|
||||
# nginx_serverstatus_suffix: ""
|
||||
|
||||
nginx_serverstatus_suffix: ""
|
||||
nginx_serverstatus_suffix_file: "/etc/evolinux/nginx_serverstatus_suffix"
|
||||
|
|
|
@ -1,6 +1,10 @@
|
|||
---
|
||||
|
||||
- name: logrotate configuration
|
||||
copy:
|
||||
src: logrotate_nginx
|
||||
dest: /etc/logrotate.d/nginx
|
||||
force: no
|
||||
tags:
|
||||
- nginx
|
||||
- logrotate
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
line: ' worker_connections 1024;'
|
||||
insertafter: 'events \{'
|
||||
tags:
|
||||
- nginx
|
||||
- nginx
|
||||
|
||||
- name: use epoll
|
||||
lineinfile:
|
||||
|
@ -25,7 +25,7 @@
|
|||
line: ' use epoll;'
|
||||
insertafter: 'events \{'
|
||||
tags:
|
||||
- nginx
|
||||
- nginx
|
||||
|
||||
- name: Install Nginx http configuration
|
||||
copy:
|
||||
|
@ -35,7 +35,7 @@
|
|||
# force: yes
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
- nginx
|
||||
|
||||
# TODO: verify that those permissions are correct :
|
||||
# not too strict for ipaddr_whitelist
|
||||
|
@ -52,7 +52,7 @@
|
|||
force: no
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
- nginx
|
||||
|
||||
- name: add IP addresses to private IP whitelist
|
||||
lineinfile:
|
||||
|
@ -62,7 +62,7 @@
|
|||
with_items: "{{ nginx_ipaddr_whitelist_present }}"
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
- nginx
|
||||
|
||||
- name: remove IP addresses from private IP whitelist
|
||||
lineinfile:
|
||||
|
@ -72,7 +72,7 @@
|
|||
with_items: "{{ nginx_ipaddr_whitelist_absent }}"
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
- nginx
|
||||
|
||||
- name: Copy private_htpasswd
|
||||
copy:
|
||||
|
@ -85,7 +85,7 @@
|
|||
force: no
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
- nginx
|
||||
|
||||
- name: add user:pwd to private htpasswd
|
||||
lineinfile:
|
||||
|
@ -95,7 +95,7 @@
|
|||
with_items: "{{ nginx_private_htpasswd_present }}"
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
- nginx
|
||||
|
||||
- name: remove user:pwd from private htpasswd
|
||||
lineinfile:
|
||||
|
@ -105,7 +105,11 @@
|
|||
with_items: "{{ nginx_private_htpasswd_absent }}"
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
- nginx
|
||||
|
||||
- include: server_status.yml
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: nginx vhost is installed
|
||||
template:
|
||||
|
@ -115,7 +119,7 @@
|
|||
force: no
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
- nginx
|
||||
|
||||
- name: default vhost is enabled
|
||||
file:
|
||||
|
@ -126,7 +130,7 @@
|
|||
notify: reload nginx
|
||||
when: nginx_evolinux_default_enabled
|
||||
tags:
|
||||
- nginx
|
||||
- nginx
|
||||
|
||||
# - block:
|
||||
# - name: generate random string for phpmyadmin suffix
|
||||
|
@ -168,7 +172,7 @@
|
|||
enabled: yes
|
||||
state: started
|
||||
tags:
|
||||
- nginx
|
||||
- nginx
|
||||
|
||||
- name: Check if Munin is installed
|
||||
stat:
|
||||
|
@ -176,19 +180,19 @@
|
|||
check_mode: no
|
||||
register: stat_munin_node
|
||||
tags:
|
||||
- nginx
|
||||
- munin
|
||||
- nginx
|
||||
- munin
|
||||
|
||||
- include: munin_vhost.yml
|
||||
when: stat_munin_node.stat.exists
|
||||
tags:
|
||||
- nginx
|
||||
- munin
|
||||
- nginx
|
||||
- munin
|
||||
|
||||
- include: munin_graphs.yml
|
||||
when: stat_munin_node.stat.exists
|
||||
tags:
|
||||
- nginx
|
||||
- munin
|
||||
- nginx
|
||||
- munin
|
||||
|
||||
- include: logrotate.yml
|
||||
|
|
|
@ -7,5 +7,5 @@
|
|||
state: present
|
||||
notify: restart nginx
|
||||
tags:
|
||||
- nginx
|
||||
- packages
|
||||
- nginx
|
||||
- packages
|
||||
|
|
|
@ -4,8 +4,8 @@
|
|||
name: apt
|
||||
tasks_from: backports.yml
|
||||
tags:
|
||||
- nginx
|
||||
- packages
|
||||
- nginx
|
||||
- packages
|
||||
|
||||
- name: Prefer Nginx packages from jessie-backports
|
||||
copy:
|
||||
|
@ -15,13 +15,13 @@
|
|||
mode: "0640"
|
||||
register: nginx_apt_preferences
|
||||
tags:
|
||||
- nginx
|
||||
- packages
|
||||
- nginx
|
||||
- packages
|
||||
|
||||
- name: update apt
|
||||
apt:
|
||||
update_cache: yes
|
||||
when: nginx_apt_preferences | changed
|
||||
tags:
|
||||
- nginx
|
||||
- packages
|
||||
- nginx
|
||||
- packages
|
||||
|
|
29
nginx/tasks/server_status.yml
Normal file
29
nginx/tasks/server_status.yml
Normal file
|
@ -0,0 +1,29 @@
|
|||
---
|
||||
|
||||
- name: set nginx serverstatus suffix if provided
|
||||
shell: "echo {{ nginx_serverstatus_suffix }} > {{ nginx_serverstatus_suffix_file }}"
|
||||
when: nginx_serverstatus_suffix != ""
|
||||
|
||||
- name: generate random string for server-status suffix
|
||||
shell: "apg -a 1 -M N -n 1 > {{ nginx_serverstatus_suffix_file }}"
|
||||
args:
|
||||
creates: "{{ nginx_serverstatus_suffix_file }}"
|
||||
|
||||
- name: read nginx server status suffix
|
||||
command: "tail -n 1 {{ nginx_serverstatus_suffix_file }}"
|
||||
changed_when: False
|
||||
check_mode: no
|
||||
register: new_nginx_serverstatus_suffix
|
||||
|
||||
- name: overwrite nginx_serverstatus_suffix
|
||||
set_fact:
|
||||
nginx_serverstatus_suffix: "{{ new_nginx_serverstatus_suffix.stdout }}"
|
||||
|
||||
- debug:
|
||||
var: nginx_serverstatus_suffix
|
||||
|
||||
- name: replace server-status suffix in default site index
|
||||
replace:
|
||||
dest: /var/www/index.html
|
||||
regexp: '__SERVERSTATUS_SUFFIX__'
|
||||
replace: "{{ nginx_serverstatus_suffix }}"
|
|
@ -48,7 +48,7 @@ server {
|
|||
listen 80;
|
||||
server_name munin;
|
||||
|
||||
location /nginx_status {
|
||||
location /nginx_status-{{ nginx_serverstatus_suffix | mandatory }} {
|
||||
stub_status on;
|
||||
access_log off;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue