From 5c4125263e6c6f9540f61a52fecebb57b20023d7 Mon Sep 17 00:00:00 2001 From: Gregory Colpart Date: Sun, 23 Jul 2017 00:38:05 +0200 Subject: [PATCH] Quick review of pack-web-apache role --- .../templates/log2mail-apache.j2 | 0 packweb-apache/files/evolinux-itk.conf | 10 ---- packweb-apache/tasks/apache.yml | 58 +++++++------------ .../evolinux-evasive.conf.j2} | 1 + 4 files changed, 23 insertions(+), 46 deletions(-) rename {packweb-apache => apache}/templates/log2mail-apache.j2 (100%) delete mode 100644 packweb-apache/files/evolinux-itk.conf rename packweb-apache/{files/evolinux-evasive.conf => templates/evolinux-evasive.conf.j2} (79%) diff --git a/packweb-apache/templates/log2mail-apache.j2 b/apache/templates/log2mail-apache.j2 similarity index 100% rename from packweb-apache/templates/log2mail-apache.j2 rename to apache/templates/log2mail-apache.j2 diff --git a/packweb-apache/files/evolinux-itk.conf b/packweb-apache/files/evolinux-itk.conf deleted file mode 100644 index 4e25d84b..00000000 --- a/packweb-apache/files/evolinux-itk.conf +++ /dev/null @@ -1,10 +0,0 @@ - -StartServers 50 -MinSpareServers 20 -MaxSpareServers 30 -ServerLimit 250 -MaxClients 250 -MaxRequestsPerChild 0 -LimitUIDRange 0 6000 -LimitGIDRange 0 6000 - diff --git a/packweb-apache/tasks/apache.yml b/packweb-apache/tasks/apache.yml index 18ce16ca..31570944 100644 --- a/packweb-apache/tasks/apache.yml +++ b/packweb-apache/tasks/apache.yml @@ -16,62 +16,48 @@ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin when: envvar_grep_path.rc != 0 -- name: Install ITK module for Jessie - apt: - name: apache2-mpm-itk - when: ansible_distribution_release == "jessie" - -- name: Install ITK module for Stretch - apt: - name: libapache2-mpm-itk - when: ansible_distribution_release == "stretch" - - name: Additional packages are installed apt: name: '{{ item }}' state: present with_items: - - libapache2-mod-evasive - libapache2-mod-security2 - modsecurity-crs + - apg + +- name: Additional modules are enabled + apache2_module: + name: '{{ item }}' + state: present + with_items: + - ssl + - include + - negotiation + - alias - name: Copy Apache settings for modules copy: - src: "{{ item }}" - dest: "/etc/apache2/conf-available/{{ item }}" + src: "evolinux-modsec.conf" + dest: "/etc/apache2/conf-available/evolinux-modsec.conf" + owner: root + group: root + mode: "0644" + force: no + +- name: Copy Apache settings for modules + template: + src: "evolinux-evasive.conf.j2" + dest: "/etc/apache2/conf-available/evolinux-evasive.conf" owner: root group: root mode: "0644" force: no - with_items: - - evolinux-itk.conf - - evolinux-evasive.conf - - evolinux-modsec.conf - name: Ensure Apache modules configs are enabled command: "a2enconf {{ item }}" register: command_result changed_when: "'Enabling' in command_result.stderr" with_items: - - evolinux-itk - evolinux-evasive - evolinux-modsec -- name: Check if log2mail is installed - command: "apt list --installed log2mail" - register: command_result - changed_when: False - -- debug: - var: command_result - verbosity: 1 - -- name: Add log2mail config for Apache segfaults - template: - src: log2mail-apache.j2 - dest: "/etc/log2mail/config/apache" - owner: root - group: root - mode: "0644" - force: no - when: "'log2mail' in command_result.stdout" diff --git a/packweb-apache/files/evolinux-evasive.conf b/packweb-apache/templates/evolinux-evasive.conf.j2 similarity index 79% rename from packweb-apache/files/evolinux-evasive.conf rename to packweb-apache/templates/evolinux-evasive.conf.j2 index 15be182f..fd73ad81 100644 --- a/packweb-apache/files/evolinux-evasive.conf +++ b/packweb-apache/templates/evolinux-evasive.conf.j2 @@ -5,4 +5,5 @@ DOSSiteCount 30 DOSPageInterval 3 DOSSiteInterval 1 DOSBlockingPeriod 60 +DOSEmailNotify {{ general_alert_email }}