Merge branch 'server-status-suffix' into unstable

2018-01-03 10:06:47 +01:00 · 2018-01-03 10:06:47 +01:00 · 316fabeabe
parent 5c3b375b25 b634840b42
commit 316fabeabe
17 changed files with 172 additions and 68 deletions
--- a/apache/defaults/main.yml
+++ b/apache/defaults/main.yml
@ -12,6 +12,7 @@ apache_evolinux_default_ssl_cert: /etc/ssl/certs/ssl-cert-snakeoil.pem
 apache_evolinux_default_ssl_key: /etc/ssl/private/ssl-cert-snakeoil.key

 apache_serverstatus_suffix: ""
+apache_serverstatus_suffix_file: "/etc/evolinux/apache_serverstatus_suffix"

 apache_log2mail_include: True
 apache_munin_include: True
--- a/apache/tasks/auth.yml
+++ b/apache/tasks/auth.yml
@ -9,7 +9,7 @@
    mode: "0640"
    force: no
  tags:
-  - apache
+    - apache

 - name: add IP addresses to private IP whitelist
  lineinfile:
@ -19,7 +19,7 @@
  with_items: "{{ apache_ipaddr_whitelist_present }}"
  notify: reload apache
  tags:
-  - apache
+    - apache

 - name: remove IP addresses from private IP whitelist
  lineinfile:
@ -29,7 +29,7 @@
  with_items: "{{ apache_ipaddr_whitelist_absent }}"
  notify: reload apache
  tags:
-  - apache
+    - apache

 - name: include private IP whitelist for server-status
  lineinfile:
@ -38,7 +38,7 @@
    insertafter: 'SetHandler server-status'
    state: present
  tags:
-  - apache
+    - apache

 - name: Copy private_htpasswd
  copy:
@ -50,7 +50,7 @@
    force: no
  notify: reload apache
  tags:
-  - apache
+    - apache

 - name: add user:pwd to private htpasswd
  lineinfile:
@ -60,7 +60,7 @@
  with_items: "{{ apache_private_htpasswd_present }}"
  notify: reload apache
  tags:
-  - apache
+    - apache

 - name: remove user:pwd from private htpasswd
  lineinfile:
@ -70,4 +70,4 @@
  with_items: "{{ apache_private_htpasswd_absent }}"
  notify: reload apache
  tags:
-  - apache
+    - apache
--- a/apache/tasks/log2mail.yml
+++ b/apache/tasks/log2mail.yml
@ -4,6 +4,8 @@
  apt:
    name: log2mail
    state: present
+  tags:
+    - apache

 - name: Add log2mail config for Apache segfaults
  template:
@ -13,3 +15,5 @@
    group: adm
    mode: "0644"
    force: no
+  tags:
+    - apache
--- a/apache/tasks/main.yml
+++ b/apache/tasks/main.yml
@ -5,14 +5,14 @@
    name: '{{ item }}'
    state: present
  with_items:
-  - apache2
-  - libapache2-mpm-itk
-  - libapache2-mod-evasive
-  - apachetop
-  - libwww-perl
+    - apache2
+    - libapache2-mpm-itk
+    - libapache2-mod-evasive
+    - apachetop
+    - libwww-perl
  tags:
-  - apache
-  - packages
+    - apache
+    - packages
  when: ansible_distribution_major_version | version_compare('9', '>=')

 - name: packages are installed (jessie)
@ -20,13 +20,13 @@
    name: '{{ item }}'
    state: present
  with_items:
-  - apache2-mpm-itk
-  - libapache2-mod-evasive
-  - apachetop
-  - libwww-perl
+    - apache2-mpm-itk
+    - libapache2-mod-evasive
+    - apachetop
+    - libwww-perl
  tags:
-  - apache
-  - packages
+    - apache
+    - packages
  when: ansible_distribution_release == "jessie"

 - name: basic modules are enabled
@ -34,17 +34,21 @@
    name: '{{ item }}'
    state: present
  with_items:
-  - rewrite
-  - expires
-  - headers
-  - cgi
-  - ssl
-  - include
-  - negotiation
-  - alias
+    - rewrite
+    - expires
+    - headers
+    - cgi
+    - ssl
+    - include
+    - negotiation
+    - alias
  notify: reload apache
  tags:
-  - apache
+    - apache
+
+- include: server_status.yml
+  tags:
+    - apache

 - name: Copy Apache defaults config file
  copy:
@ -75,19 +79,23 @@
    dest: /etc/apache2/mods-enabled/status.conf
    state: absent
  notify: reload apache
+  tags:
+    - apache

 - name: Ensure Apache config files are enabled
  command: "a2enconf {{ item }}"
  register: command_result
  changed_when: "'Enabling' in command_result.stderr"
  with_items:
-  - z-evolinux-defaults.conf
-  - zzz-evolinux-custom.conf
+    - z-evolinux-defaults.conf
+    - zzz-evolinux-custom.conf
  notify: reload apache
  tags:
-  - apache
+    - apache

 - include: auth.yml
+  tags:
+  - apache

 - name: default vhost is installed
  template:
@ -97,7 +105,7 @@
    force: no
  notify: reload apache
  tags:
-  - apache
+    - apache

 - name: default vhost is enabled
  file:
@ -108,7 +116,7 @@
  notify: reload apache
  when: apache_evolinux_default_enabled
  tags:
-  - apache
+    - apache

 - name: is umask already present?
  command: "grep -E '^umask ' /etc/apache2/envvars"
@ -117,7 +125,7 @@
  register: envvar_grep_umask
  check_mode: no
  tags:
-  - apache
+    - apache

 - name: Add a mark in envvars for umask
  blockinfile:
@ -129,12 +137,12 @@
      umask 007
  when: envvar_grep_umask.rc != 0
  tags:
-  - apache
+    - apache

 - include_role:
    name: remount-usr
  tags:
-  - apache
+    - apache

 - name: "Install save_apache_status.sh"
  copy:
@ -142,9 +150,15 @@
    dest: /usr/share/scripts/save_apache_status.sh
    mode: "0755"
    force: no
+  tags:
+    - apache

 - include: log2mail.yml
  when: apache_log2mail_include
+  tags:
+    - apache

 - include: munin.yml
  when: apache_munin_include
+  tags:
+    - apache
--- a/apache/tasks/server_status.yml
+++ b/apache/tasks/server_status.yml
@ -0,0 +1,29 @@
+---
+
+- name: set apache serverstatus suffix if provided
+  shell: "echo {{ apache_serverstatus_suffix }} > {{ apache_serverstatus_suffix_file }}"
+  when: apache_serverstatus_suffix != ""
+
+- name: generate random string for server-status suffix
+  shell: "apg -a 1 -M N -n 1 > {{ apache_serverstatus_suffix_file }}"
+  args:
+    creates: "{{ apache_serverstatus_suffix_file }}"
+
+- name: read apache server status suffix
+  command: "tail -n 1 {{ apache_serverstatus_suffix_file }}"
+  changed_when: False
+  check_mode: no
+  register: new_apache_serverstatus_suffix
+
+- name: overwrite apache_serverstatus_suffix
+  set_fact:
+    apache_serverstatus_suffix: "{{ new_apache_serverstatus_suffix.stdout }}"
+
+- debug:
+    var: apache_serverstatus_suffix
+
+- name: replace server-status suffix in default site index
+  replace:
+    dest: /var/www/index.html
+    regexp: '__SERVERSTATUS_SUFFIX__'
+    replace: "{{ apache_serverstatus_suffix }}"
--- a/apache/templates/evolinux-default.conf.j2
+++ b/apache/templates/evolinux-default.conf.j2
@ -53,7 +53,7 @@
    </Location>

    <IfModule mod_status.c>
-        <Location /server-status>
+        <Location /server-status-{{ apache_serverstatus_suffix | mandatory }}>
            SetHandler server-status
            include /etc/apache2/ipaddr_whitelist.conf
            Require local
@ -112,7 +112,7 @@
        LogLevel warn

        <IfModule mod_status.c>
-            <Location /server-status>
+            <Location /server-status-{{ apache_serverstatus_suffix | mandatory }}>
                SetHandler server-status
                include /etc/apache2/ipaddr_whitelist.conf
                Require local
--- a/evolinux-base/defaults/main.yml
+++ b/evolinux-base/defaults/main.yml
@ -21,6 +21,10 @@ evolinux_apt_public_sources: True
 evolinux_apt_upgrade: True
 evolinux_apt_remove_aptitude: True

+# etc-evolinux
+
+evolinux_etcevolinux_include: True
+
 # etc-git

 evolinux_etcgit_include: True
--- a/evolinux-base/tasks/etc-evolinux.yml
+++ b/evolinux-base/tasks/etc-evolinux.yml
@ -0,0 +1,9 @@
+---
+
+- name: /etc/evolinux exists
+  file:
+    dest: /etc/evolinux
+    owner: root
+    group: root
+    mode: "0700"
+    state: directory
--- a/evolinux-base/tasks/main.yml
+++ b/evolinux-base/tasks/main.yml
@ -19,6 +19,10 @@
    name: etc-git
  when: evolinux_etcgit_include

+- name: /etc/evolinux base
+  include: etc-evolinux.yml
+  when: evolinux_etcevolinux_include
+
 - name: Hostname
  include: hostname.yml
  when: evolinux_hostname_include
--- a/evolinux-base/templates/default_www/index.html.j2
+++ b/evolinux-base/templates/default_www/index.html.j2
@ -58,7 +58,7 @@

        <ul id="evolinks">
            <li><a href="/munin/{{ ansible_domain }}/{{ ansible_fqdn }}/">Stats système</a></li>
-            <li><a href="/server-status">Server Status</a></li>
+            <li><a href="/server-status-__SERVERSTATUS_SUFFIX__">Server Status</a></li>
            <!-- <li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li> -->
            <!-- <li><a href="/mysqlreport.html">Dernier rapport MySQL Tuner</a></li> -->
            <!-- <li><a href="/cgi-bin/awstats.pl">Stats web</a></li> -->
--- a/nginx/defaults/main.yml
+++ b/nginx/defaults/main.yml
@ -16,4 +16,6 @@ nginx_default_redirect_url: "http://evolix.fr"
 nginx_evolinux_default_enabled: True

 # nginx_phpmyadmin_suffix: ""
-# nginx_serverstatus_suffix: ""
+
+nginx_serverstatus_suffix: ""
+nginx_serverstatus_suffix_file: "/etc/evolinux/nginx_serverstatus_suffix"
--- a/nginx/tasks/logrotate.yml
+++ b/nginx/tasks/logrotate.yml
@ -1,6 +1,10 @@
 ---
+
 - name: logrotate configuration
  copy:
    src: logrotate_nginx
    dest: /etc/logrotate.d/nginx
    force: no
+  tags:
+    - nginx
+    - logrotate
--- a/nginx/tasks/main_regular.yml
+++ b/nginx/tasks/main_regular.yml
@ -16,7 +16,7 @@
    line: '    worker_connections 1024;'
    insertafter: 'events \{'
  tags:
-  - nginx
+    - nginx

 - name: use epoll
  lineinfile:
@ -25,7 +25,7 @@
    line: '    use epoll;'
    insertafter: 'events \{'
  tags:
-  - nginx
+    - nginx

 - name: Install Nginx http configuration
  copy:
@ -35,7 +35,7 @@
    # force: yes
  notify: reload nginx
  tags:
-  - nginx
+    - nginx

 # TODO: verify that those permissions are correct :
 # not too strict for ipaddr_whitelist
@ -52,7 +52,7 @@
    force: no
  notify: reload nginx
  tags:
-  - nginx
+    - nginx

 - name: add IP addresses to private IP whitelist
  lineinfile:
@ -62,7 +62,7 @@
  with_items: "{{ nginx_ipaddr_whitelist_present }}"
  notify: reload nginx
  tags:
-  - nginx
+    - nginx

 - name: remove IP addresses from private IP whitelist
  lineinfile:
@ -72,7 +72,7 @@
  with_items: "{{ nginx_ipaddr_whitelist_absent }}"
  notify: reload nginx
  tags:
-  - nginx
+    - nginx

 - name: Copy private_htpasswd
  copy:
@ -85,7 +85,7 @@
    force: no
  notify: reload nginx
  tags:
-  - nginx
+    - nginx

 - name: add user:pwd to private htpasswd
  lineinfile:
@ -95,7 +95,7 @@
  with_items: "{{ nginx_private_htpasswd_present }}"
  notify: reload nginx
  tags:
-  - nginx
+    - nginx

 - name: remove user:pwd from private htpasswd
  lineinfile:
@ -105,7 +105,11 @@
  with_items: "{{ nginx_private_htpasswd_absent }}"
  notify: reload nginx
  tags:
-  - nginx
+    - nginx
+
+- include: server_status.yml
+  tags:
+    - nginx

 - name: nginx vhost is installed
  template:
@ -115,7 +119,7 @@
    force: no
  notify: reload nginx
  tags:
-  - nginx
+    - nginx

 - name: default vhost is enabled
  file:
@ -126,7 +130,7 @@
  notify: reload nginx
  when: nginx_evolinux_default_enabled
  tags:
-  - nginx
+    - nginx

 # - block:
 #   - name: generate random string for phpmyadmin suffix
@ -168,7 +172,7 @@
    enabled: yes
    state: started
  tags:
-  - nginx
+    - nginx

 - name: Check if Munin is installed
  stat:
@ -176,19 +180,19 @@
  check_mode: no
  register: stat_munin_node
  tags:
-  - nginx
-  - munin
+    - nginx
+    - munin

 - include: munin_vhost.yml
  when: stat_munin_node.stat.exists
  tags:
-  - nginx
-  - munin
+    - nginx
+    - munin

 - include: munin_graphs.yml
  when: stat_munin_node.stat.exists
  tags:
-  - nginx
-  - munin
+    - nginx
+    - munin

 - include: logrotate.yml
--- a/nginx/tasks/packages_jessie.yml
+++ b/nginx/tasks/packages_jessie.yml
@ -7,5 +7,5 @@
    state: present
  notify: restart nginx
  tags:
-  - nginx
-  - packages
+    - nginx
+    - packages
--- a/nginx/tasks/packages_jessie_backports.yml
+++ b/nginx/tasks/packages_jessie_backports.yml
@ -4,8 +4,8 @@
    name: apt
    tasks_from: backports.yml
  tags:
-  - nginx
-  - packages
+    - nginx
+    - packages

 - name: Prefer Nginx packages from jessie-backports
  copy:
@ -15,13 +15,13 @@
    mode: "0640"
  register: nginx_apt_preferences
  tags:
-  - nginx
-  - packages
+    - nginx
+    - packages

 - name: update apt
  apt:
    update_cache: yes
  when: nginx_apt_preferences | changed
  tags:
-  - nginx
-  - packages
+    - nginx
+    - packages
--- a/nginx/tasks/server_status.yml
+++ b/nginx/tasks/server_status.yml
@ -0,0 +1,29 @@
+---
+
+- name: set nginx serverstatus suffix if provided
+  shell: "echo {{ nginx_serverstatus_suffix }} > {{ nginx_serverstatus_suffix_file }}"
+  when: nginx_serverstatus_suffix != ""
+
+- name: generate random string for server-status suffix
+  shell: "apg -a 1 -M N -n 1 > {{ nginx_serverstatus_suffix_file }}"
+  args:
+    creates: "{{ nginx_serverstatus_suffix_file }}"
+
+- name: read nginx server status suffix
+  command: "tail -n 1 {{ nginx_serverstatus_suffix_file }}"
+  changed_when: False
+  check_mode: no
+  register: new_nginx_serverstatus_suffix
+
+- name: overwrite nginx_serverstatus_suffix
+  set_fact:
+    nginx_serverstatus_suffix: "{{ new_nginx_serverstatus_suffix.stdout }}"
+
+- debug:
+    var: nginx_serverstatus_suffix
+
+- name: replace server-status suffix in default site index
+  replace:
+    dest: /var/www/index.html
+    regexp: '__SERVERSTATUS_SUFFIX__'
+    replace: "{{ nginx_serverstatus_suffix }}"
--- a/nginx/templates/evolinux-default.conf.j2
+++ b/nginx/templates/evolinux-default.conf.j2
@ -48,7 +48,7 @@ server {
    listen 80;
    server_name munin;

-    location /nginx_status {
+    location /nginx_status-{{ nginx_serverstatus_suffix | mandatory }} {
        stub_status on;
        access_log off;
    }