apache/evoadmin : split jessie/stretch
This commit is contained in:
parent
9dbed2dd59
commit
b4ca2dd686
73
apache/tasks/auth.yml
Normal file
73
apache/tasks/auth.yml
Normal file
|
@ -0,0 +1,73 @@
|
|||
---
|
||||
|
||||
- name: Init private_ipaddr_whitelist.conf file
|
||||
copy:
|
||||
src: private_ipaddr_whitelist.conf
|
||||
dest: /etc/apache2/private_ipaddr_whitelist.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0640"
|
||||
force: no
|
||||
tags:
|
||||
- apache
|
||||
|
||||
- name: add IP addresses to private IP whitelist
|
||||
lineinfile:
|
||||
dest: /etc/apache2/private_ipaddr_whitelist.conf
|
||||
line: "Require ip {{ item }}"
|
||||
state: present
|
||||
with_items: "{{ apache_private_ipaddr_whitelist_present }}"
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
|
||||
- name: remove IP addresses from private IP whitelist
|
||||
lineinfile:
|
||||
dest: /etc/apache2/private_ipaddr_whitelist.conf
|
||||
line: "Require ip {{ item }}"
|
||||
state: absent
|
||||
with_items: "{{ apache_private_ipaddr_whitelist_absent }}"
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
|
||||
- name: include private IP whitelist for server-status
|
||||
lineinfile:
|
||||
dest: /etc/apache2/mods-available/status.conf
|
||||
line: " include /etc/apache2/private_ipaddr_whitelist.conf"
|
||||
insertafter: 'SetHandler server-status'
|
||||
state: present
|
||||
tags:
|
||||
- apache
|
||||
|
||||
- name: Copy private_htpasswd
|
||||
copy:
|
||||
src: private_htpasswd
|
||||
dest: /etc/apache2/private_htpasswd
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0640"
|
||||
force: no
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
|
||||
- name: add user:pwd to private htpasswd
|
||||
lineinfile:
|
||||
dest: /etc/apache2/private_htpasswd
|
||||
line: "{{ item }}"
|
||||
state: present
|
||||
with_items: "{{ apache_private_htpasswd_present }}"
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
|
||||
- name: remove user:pwd from private htpasswd
|
||||
lineinfile:
|
||||
dest: /etc/apache2/private_htpasswd
|
||||
line: "{{ item }}"
|
||||
state: absent
|
||||
with_items: "{{ apache_private_htpasswd_absent }}"
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
|
@ -1,24 +1,41 @@
|
|||
- name: packages are installed
|
||||
---
|
||||
|
||||
- name: Main packages are installed
|
||||
apt:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
- apache2
|
||||
- apache2-mpm-prefork
|
||||
- apachetop
|
||||
- libwww-perl
|
||||
tags:
|
||||
- apache
|
||||
- packages
|
||||
|
||||
- name: Install packages for Jessie
|
||||
apt:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
- apache2-mpm-prefork
|
||||
tags:
|
||||
- apache
|
||||
- packages
|
||||
when: ansible_distribution_release == "jessie"
|
||||
|
||||
- name: manually disable mpm_event
|
||||
command: a2dismod mpm_event
|
||||
register: cmd_disable_event
|
||||
changed_when: "'Module mpm_event already disabled' not in cmd_disable_event.stdout"
|
||||
notify: restart apache
|
||||
tags:
|
||||
- apache
|
||||
|
||||
- name: manually enable mpm_prefork
|
||||
command: a2enmod mpm_prefork
|
||||
register: cmd_disable_prefork
|
||||
changed_when: "'Module mpm_prefork already enabled' not in cmd_disable_prefork.stdout"
|
||||
notify: restart apache
|
||||
tags:
|
||||
- apache
|
||||
|
||||
# With Ansible 2.2 the module check the config for conflicts
|
||||
# With 2.3 it can be disabled.
|
||||
|
@ -32,6 +49,18 @@
|
|||
# tags:
|
||||
# - apache
|
||||
|
||||
- name: Additional packages are installed
|
||||
apt:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
- apg
|
||||
- apachetop
|
||||
- libwww-perl
|
||||
tags:
|
||||
- apache
|
||||
- packages
|
||||
|
||||
- name: basic modules are enabled
|
||||
apache2_module:
|
||||
name: '{{ item }}'
|
||||
|
@ -89,75 +118,7 @@
|
|||
tags:
|
||||
- apache
|
||||
|
||||
- name: Init private_ipaddr_whitelist.conf file
|
||||
copy:
|
||||
src: private_ipaddr_whitelist.conf
|
||||
dest: /etc/apache2/private_ipaddr_whitelist.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0640"
|
||||
force: no
|
||||
tags:
|
||||
- apache
|
||||
|
||||
- name: add IP addresses to private IP whitelist
|
||||
lineinfile:
|
||||
dest: /etc/apache2/private_ipaddr_whitelist.conf
|
||||
line: "Require ip {{ item }}"
|
||||
state: present
|
||||
with_items: "{{ apache_private_ipaddr_whitelist_present }}"
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
|
||||
- name: remove IP addresses from private IP whitelist
|
||||
lineinfile:
|
||||
dest: /etc/apache2/private_ipaddr_whitelist.conf
|
||||
line: "Require ip {{ item }}"
|
||||
state: absent
|
||||
with_items: "{{ apache_private_ipaddr_whitelist_absent }}"
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
|
||||
- name: include private IP whitelist for server-status
|
||||
lineinfile:
|
||||
dest: /etc/apache2/mods-available/status.conf
|
||||
line: " include /etc/apache2/private_ipaddr_whitelist.conf"
|
||||
insertafter: 'SetHandler server-status'
|
||||
state: present
|
||||
|
||||
- name: Copy private_htpasswd
|
||||
copy:
|
||||
src: private_htpasswd
|
||||
dest: /etc/apache2/private_htpasswd
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0640"
|
||||
force: no
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
|
||||
- name: add user:pwd to private htpasswd
|
||||
lineinfile:
|
||||
dest: /etc/apache2/private_htpasswd
|
||||
line: "{{ item }}"
|
||||
state: present
|
||||
with_items: "{{ apache_private_htpasswd_present }}"
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
|
||||
- name: remove user:pwd from private htpasswd
|
||||
lineinfile:
|
||||
dest: /etc/apache2/private_htpasswd
|
||||
line: "{{ item }}"
|
||||
state: absent
|
||||
with_items: "{{ apache_private_htpasswd_absent }}"
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
- include: auth.yml
|
||||
|
||||
- name: default vhost is installed
|
||||
template:
|
||||
|
@ -180,40 +141,6 @@
|
|||
tags:
|
||||
- apache
|
||||
|
||||
- block:
|
||||
- name: generate random string for phpmyadmin suffix
|
||||
command: "apg -a 1 -M N -n 1"
|
||||
changed_when: False
|
||||
register: _random_phpmyadmin_suffix
|
||||
|
||||
- name: overwrite apache_phpmyadmin_suffix
|
||||
set_fact:
|
||||
apache_phpmyadmin_suffix: "{{ _random_phpmyadmin_suffix.stdout }}"
|
||||
when: apache_phpmyadmin_suffix == ""
|
||||
|
||||
- name: replace phpmyadmin suffix in default site index
|
||||
replace:
|
||||
dest: /var/www/index.html
|
||||
regexp: '__PHPMYADMIN_SUFFIX__'
|
||||
replace: "{{ apache_phpmyadmin_suffix }}"
|
||||
|
||||
# - block:
|
||||
# - name: generate random string for serverstatus suffix
|
||||
# command: "apg -a 1 -M N -n 1"
|
||||
# changed_when: False
|
||||
# register: _random_serverstatus_suffix
|
||||
#
|
||||
# - name: overwrite apache_serverstatus_suffix
|
||||
# set_fact:
|
||||
# apache_serverstatus_suffix: "{{ _random_serverstatus_suffix.stdout }}"
|
||||
# when: apache_serverstatus_suffix == ""
|
||||
#
|
||||
# - name: replace server-status suffix in default site index
|
||||
# replace:
|
||||
# dest: /var/www/index.html
|
||||
# regexp: '__SERVERSTATUS_SUFFIX__'
|
||||
# replace: "{{ apache_serverstatus_suffix }}"
|
||||
|
||||
- name: is umask already present?
|
||||
command: "grep -E '^umask ' /etc/apache2/envvars"
|
||||
failed_when: False
|
||||
|
@ -234,3 +161,32 @@
|
|||
when: envvar_grep_umask.rc != 0
|
||||
tags:
|
||||
- apache
|
||||
|
||||
- name: Stat /default index
|
||||
stat:
|
||||
path: /var/www/index.html
|
||||
register: _default_index
|
||||
check_mode: no
|
||||
tags:
|
||||
- apache
|
||||
|
||||
- include: phpmyadmin.yml
|
||||
when: _default_index.stat.exists
|
||||
|
||||
|
||||
# - block:
|
||||
# - name: generate random string for serverstatus suffix
|
||||
# command: "apg -a 1 -M N -n 1"
|
||||
# changed_when: False
|
||||
# register: _random_serverstatus_suffix
|
||||
#
|
||||
# - name: overwrite apache_serverstatus_suffix
|
||||
# set_fact:
|
||||
# apache_serverstatus_suffix: "{{ _random_serverstatus_suffix.stdout }}"
|
||||
# when: apache_serverstatus_suffix == ""
|
||||
#
|
||||
# - name: replace server-status suffix in default site index
|
||||
# replace:
|
||||
# dest: /var/www/index.html
|
||||
# regexp: '__SERVERSTATUS_SUFFIX__'
|
||||
# replace: "{{ apache_serverstatus_suffix }}"
|
||||
|
|
24
apache/tasks/phpmyadmin.yml
Normal file
24
apache/tasks/phpmyadmin.yml
Normal file
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
|
||||
- block:
|
||||
- name: generate random string for phpmyadmin suffix
|
||||
command: "apg -a 1 -M N -n 1"
|
||||
changed_when: False
|
||||
register: _random_phpmyadmin_suffix
|
||||
|
||||
- name: overwrite apache_phpmyadmin_suffix
|
||||
set_fact:
|
||||
apache_phpmyadmin_suffix: "{{ _random_phpmyadmin_suffix.stdout }}"
|
||||
when: apache_phpmyadmin_suffix == ""
|
||||
tags:
|
||||
- apache
|
||||
- phpmyadmin
|
||||
|
||||
- name: replace phpmyadmin suffix in default site index
|
||||
replace:
|
||||
dest: /var/www/index.html
|
||||
regexp: '__PHPMYADMIN_SUFFIX__'
|
||||
replace: "{{ apache_phpmyadmin_suffix }}"
|
||||
tags:
|
||||
- apache
|
||||
- phpmyadmin
|
|
@ -10,8 +10,15 @@
|
|||
apt:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
allow_unauthenticated: yes
|
||||
with_items:
|
||||
- php-pear
|
||||
- php-log
|
||||
|
||||
- name: Install PHP5 packages
|
||||
apt:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
allow_unauthenticated: yes
|
||||
with_items:
|
||||
- php5-pam
|
||||
when: ansible_distribution_release == "jessie"
|
||||
|
|
|
@ -7,7 +7,16 @@
|
|||
option: "disable_functions"
|
||||
value: "shell-exec,system,passthru,putenv,popen"
|
||||
notify: reload apache
|
||||
when: ansible_distribution_release == "jessie"
|
||||
|
||||
- name: Set default values in /etc/php5/apache2/conf.d/z-evolinux_defaults.ini
|
||||
ini_file:
|
||||
dest: /etc/php/7.0/apache2/conf.d/z-evolinux_defaults.ini
|
||||
section: PHP
|
||||
option: "disable_functions"
|
||||
value: "shell-exec,system,passthru,putenv,popen"
|
||||
notify: reload apache
|
||||
when: ansible_distribution_release == "stretch"
|
||||
|
||||
- name: Install evoadmin VHost
|
||||
template:
|
||||
|
|
Loading…
Reference in a new issue