Browse Source

packweb/evoadmin: cleanup

* extracted tasks
* more variables
* more templates
* less bugs
samba
Jérémy Lecour 4 years ago
committed by Jérémy Lecour
parent
commit
bae8961e99
  1. 3
      evoadmin/defaults/main.yml
  2. 4
      evoadmin/tasks/user.yml
  3. 15
      evoadmin/tasks/web.yml
  4. 8
      evoadmin/templates/config.local.php.j2
  5. 11
      evoadmin/templates/evoadmin.conf.j2
  6. 6
      evolinux-base/tasks/default_www.yml
  7. 2
      packweb-apache/defaults/main.yml
  8. 67
      packweb-apache/tasks/apache.yml
  9. 48
      packweb-apache/tasks/awstats.yml
  10. 209
      packweb-apache/tasks/main.yml
  11. 64
      packweb-apache/tasks/php.yml
  12. 26
      packweb-apache/tasks/phpmyadmin.yml

3
evoadmin/defaults/main.yml

@ -5,7 +5,10 @@ evoadmin_bounce_email: "{{ evoadmin_contact_email }}"
evoadmin_home_dir: "/home/{{ evoadmin_username }}"
evoadmin_document_root: "{{ evoadmin_home_dir }}/www"
evoadmin_log_dir: "{{ evoadmin_home_dir }}/log"
evoadmin_scripts_dir: /usr/share/scripts/evoadmin/
evoadmin_host: "evoadmin.{{ ansible_fqdn }}"
evoadmin_username: evoadmin
evoadmin_ssl_subject: "/CN={{ ansible_fqdn }}"
evoadmin_enable_vhost: True

4
evoadmin/tasks/user.yml

@ -39,10 +39,10 @@
# we use a shell command to have a "changed" thet really reflects the result.
- name: Fix permissions
shell: "test -f {{ item }} && chmod -R --verbose u=rwX,g=rX,o= {{ item }}"
shell: "chmod -R --verbose u=rwX,g=rX,o= {{ item }}"
register: command_result
changed_when: "'changed' in command_result.stdout"
failed_when: False
# failed_when: False
with_items:
- "{{ evoadmin_home_dir}}/www"

15
evoadmin/tasks/web.yml

@ -20,12 +20,21 @@
register: cmd_a2ensite
changed_when: "'Enabling site' in cmd_a2ensite.stdout"
notify: reload apache2
when: evoadmin_enable_vhost
- name: Disable evoadmin vhost
command: "a2dissite evoadmin.conf"
register: cmd_a2dissite
changed_when: "'Disabling site' in cmd_a2dissite.stdout"
notify: reload apache2
when: not evoadmin_enable_vhost
- name: Copy config file for evoadmin
copy:
src: config.local.php
dest: "{{ evoadmin_home_dir}}/www/conf/"
template:
src: config.local.php.j2
dest: "{{ evoadmin_document_root}}/conf/config.local.php"
mode: "0644"
force: no
- name: add www-evoadmin to shadow group
user:

8
evoadmin/templates/config.local.php.j2

@ -0,0 +1,8 @@
<?php
$localconf['admin']['mail'] = '{{ evoadmin_contact_email or general_alert_email | mandatory }}';
$localconf['debug'] = FALSE;
// Add local users that should be superadmin
$localconf['superadmin'] = array();
$localconf['script_path'] = '{{ evoadmin_scripts_dir }}';
$localconf['cluster'] = FALSE;

11
evoadmin/templates/evoadmin.conf.j2

@ -10,7 +10,7 @@
#ServerAlias {{ evoadmin_host }}
# Repertoire principal
DocumentRoot /home/evoadmin/www/htdocs/
DocumentRoot {{ evoadmin_document_root }}/htdocs/
# SSL
SSLEngine on
@ -19,7 +19,7 @@
SSLProtocol all -SSLv2 -SSLv3
# Propriete du repertoire
<Directory /home/evoadmin/www/htdocs/>
<Directory {{ evoadmin_document_root }}/htdocs/>
#Options Indexes SymLinksIfOwnerMatch
Options SymLinksIfOwnerMatch
AllowOverride AuthConfig Limit FileInfo
@ -31,8 +31,8 @@
# LOG
CustomLog /var/log/apache2/access.log combined
CustomLog /home/evoadmin/log/access.log combined
ErrorLog /home/evoadmin/log/error.log
CustomLog {{ evoadmin_log_dir }}/access.log combined
ErrorLog {{ evoadmin_log_dir }}/error.log
# AWSTATS
SetEnv AWSTATS_FORCE_CONFIG evoadmin
@ -54,7 +54,6 @@
#php_admin_value upload_max_filesize 8M
#php_admin_flag allow_url_fopen Off
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f www-evoadmin"
php_admin_value error_log "/home/evoadmin/log/php.log"
php_admin_value error_log "{{ evoadmin_home_dir }}/log/php.log"
php_admin_value open_basedir "none"
</VirtualHost>

6
evolinux-base/tasks/default_www.yml

@ -92,7 +92,7 @@
- name: Apache vhost is installed
template:
src: default_www/apache_default_site.j2
dest: /etc/apache2/sites-available/000-default
dest: /etc/apache2/sites-available/000-default.conf
mode: "0640"
# force: yes
notify: reload apache
@ -101,8 +101,8 @@
- name: Apache vhost is enabled
file:
src: /etc/apache2/sites-available/000-default
dest: /etc/apache2/sites-enabled/000-default
src: /etc/apache2/sites-available/000-default.conf
dest: /etc/apache2/sites-enabled/000-default.conf
state: link
notify: reload apache
when: evolinux_default_www_apache_enabled

2
packweb-apache/defaults/main.yml

@ -2,4 +2,4 @@
# defaults file for packweb-apache
general_alert_email: "root@localhost"
log2mail_alert_email: Null
packweb_install_evoadmin: True
packweb_enable_evoadmin_vhost: True

67
packweb-apache/tasks/apache.yml

@ -0,0 +1,67 @@
---
- name: Check if Apache envvars have a PATH
command: "grep -E '^export PATH ' /etc/apache2/envvars"
failed_when: False
changed_when: False
register: envvar_grep_path
check_mode: no
- name: Add a PATH envvar for Apache
blockinfile:
dest: /etc/apache2/envvars
marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PATH"
block: |
# Used for Evoadmin-web
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
when: envvar_grep_path.rc != 0
- name: Additional packages are installed
apt:
name: '{{ item }}'
state: present
with_items:
- apache2-mpm-itk
- libapache2-mod-evasive
- libapache2-mod-security2
- name: Copy Apache settings for modules
copy:
src: "{{ item }}"
dest: "/etc/apache2/conf-available/{{ item }}"
owner: root
group: root
mode: "0644"
force: no
with_items:
- evolinux-itk.conf
- evolinux-evasive.conf
- evolinux-modsec.conf
- name: Ensure Apache modules configs are enabled
command: "a2enconf {{ item }}"
register: command_result
changed_when: "'Enabling' in command_result.stderr"
with_items:
- evolinux-itk
- evolinux-evasive
- evolinux-modsec
- name: Check if log2mail is installed
command: "apt list --installed log2mail"
register: command_result
changed_when: False
- debug:
var: command_result
verbosity: 1
- name: Add log2mail config for Apache segfaults
template:
src: log2mail-apache.j2
dest: "/etc/log2mail/config/apache"
owner: root
group: root
mode: "0644"
force: no
when: "'log2mail' in command_result.stdout"

48
packweb-apache/tasks/awstats.yml

@ -0,0 +1,48 @@
---
- name: Install awstats
apt:
name: awstats
state: present
- name: Configure awstats
blockinfile:
dest: /etc/awstats/awstats.conf.local
marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PACKWEB"
block: |
LogFile="/var/log/apache2/access.log"
SiteDomain="{{ ansible_hostname }}"
DirData="/var/lib/awstats"
ShowHostsStats=0
ShowOriginStats=0
ShowPagesStats=0
ShowKeyphrasesStats=0
ShowKeywordsStats=0
ShowHTTPErrorsStats=0
LogFormat=1
AllowFullYearView=3
ErrorMessages="An error occured. Contact your Administrator"
mode: "0644"
- name: Create conf-available/awstats-icon.conf file
copy:
dest: /etc/apache2/conf-available/awstats-icon.conf
content: |
Alias /awstats-icon/ /usr/share/awstats/icon/
<Directory /usr/share/awstats/icon/>
Require all granted
</Directory>
force: no
mode: "0644"
- name: Enable apache awstats-icon configuration
command: "a2enconf awstats-icon"
register: command_result
changed_when: "'Enabling' in command_result.stderr"
notify: reload apache
- name: Create awstats cron
lineinfile:
dest: /etc/cron.d/awstats
create: yes
regexp: '-config=awstats'
line: "10 */6 * * * root umask 033; [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null"

209
packweb-apache/tasks/main.yml

@ -36,207 +36,13 @@
regexp: '^DIR_MODE='
line: 'DIR_MODE=0750'
- name: Check if Apache envvars have a PATH
command: "grep -E '^export PATH ' /etc/apache2/envvars"
failed_when: False
changed_when: False
register: envvar_grep_path
check_mode: no
- name: Add a PATH envvar for Apache
blockinfile:
dest: /etc/apache2/envvars
marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PATH"
block: |
# Used for Evoadmin-web
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
when: envvar_grep_path.rc != 0
- name: Additional packages are installed
apt:
name: '{{ item }}'
state: present
with_items:
- apache2-mpm-itk
- libapache2-mod-evasive
- libapache2-mod-security2
- name: Copy Apache settings for modules
copy:
src: "{{ item }}"
dest: "/etc/apache2/conf-available/{{ item }}"
owner: root
group: root
mode: "0644"
force: no
with_items:
- evolinux-itk.conf
- evolinux-evasive.conf
- evolinux-modsec.conf
- name: Ensure Apache modules configs are enabled
command: "a2enconf {{ item }}"
register: command_result
changed_when: "'Enabling' in command_result.stderr"
with_items:
- evolinux-itk
- evolinux-evasive
- evolinux-modsec
- include: apache.yml
- name: Check if log2mail is installed
command: "apt list --installed log2mail"
register: command_result
changed_when: False
- debug:
var: command_result
verbosity: 1
- name: Add log2mail config for Apache segfaults
template:
src: log2mail-apache.j2
dest: "/etc/log2mail/config/apache"
owner: root
group: root
mode: "0644"
force: no
when: "'log2mail' in command_result.stdout"
- name: Install PHP5 packages
apt:
name: '{{ item }}'
state: present
with_items:
- libapache2-mod-php5
- php5
- php5-gd
- php5-imap
- php5-ldap
- php5-mcrypt
- php5-mysql
- php5-pgsql
- php-gettext
- php5-curl
- libssh2-php
tags:
- apache
- name: Set variables for php config files
set_fact:
php5_apache5_defaults_file: /etc/php5/apache2/conf.d/z-evolinux_defaults.ini
php5_apache5_custom_file: /etc/php5/apache2/conf.d/zzz-evolinux_custom.ini
- name: Set default values for PHP
ini_file:
dest: "{{ php5_apache5_defaults_file }}"
section: PHP
option: "{{ item.option }}"
value: "{{ item.value }}"
mode: "0644"
create: yes
with_items:
- { option: "short_open_tag", value: "Off" }
- { option: "expose_php", value: "Off" }
- { option: "display_errors", value: "Off" }
- { option: "log_errors", value: "On" }
- { option: "allow_url_fopen", value: "Off" }
notify: reload apache
- include: php.yml
- name: Disable PHP exec function without evoadmin
ini_file:
dest: "{{ php5_apache5_defaults_file }}"
section: PHP
option: disable_functions
value: "exec,shell-exec,system,passthru,putenv,popen"
when: not packweb_install_evoadmin
- include: phpmyadmin.yml
- name: Don't disable PHP exec function with evoadmin
ini_file:
dest: "{{ php5_apache5_defaults_file }}"
section: PHP
option: disable_functions
value: "shell-exec,system,passthru,putenv,popen"
when: packweb_install_evoadmin
- name: Custom php.ini
copy:
dest: "{{ php5_apache5_custom_file }}"
content: |
# Put customized values here.
force: no
- name: Install phpmyadmin
apt:
name: phpmyadmin
state: present
- name: Check if phpmyadmin default configuration is present
stat:
path: /etc/apache2/conf-enabled/phpmyadmin.conf
register: pma_default_config
- debug:
var: pma_default_config
verbosity: 1
- name: Disable phpmyadmin default configuration
command: "a2disconf phpmyadmin"
register: command_result
changed_when: "'Disabling' in command_result.stderr"
when: pma_default_config.stat.exists
- name: Change group to www-data for /etc/phpmyadmin/
file:
dest: /etc/phpmyadmin/
group: www-data
- name: Install awstats
apt:
name: awstats
state: present
- name: Configure awstats
blockinfile:
dest: /etc/awstats/awstats.conf.local
marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PACKWEB"
block: |
LogFile="/var/log/apache2/access.log"
SiteDomain="{{ ansible_hostname }}"
DirData="/var/lib/awstats"
ShowHostsStats=0
ShowOriginStats=0
ShowPagesStats=0
ShowKeyphrasesStats=0
ShowKeywordsStats=0
ShowHTTPErrorsStats=0
LogFormat=1
AllowFullYearView=3
ErrorMessages="An error occured. Contact your Administrator"
mode: "0644"
- name: Create conf-available/awstats-icon.conf file
copy:
dest: /etc/apache2/conf-available/awstats-icon.conf
content: |
Alias /awstats-icon/ /usr/share/awstats/icon/
<Directory /usr/share/awstats/icon/>
Require all granted
</Directory>
force: no
mode: "0644"
- name: Enable apache awstats-icon configuration
command: "a2enconf awstats-icon"
register: command_result
changed_when: "'Enabling' in command_result.stderr"
notify: reload apache
- name: Create awstats cron
lineinfile:
dest: /etc/cron.d/awstats
create: yes
regexp: '-config=awstats'
line: "10 */6 * * * root umask 033; [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null"
- include: awstats.yml
- name: Remove read permission on some folders (/, /etc, ...)
shell: "test -d {{ item }} && chmod --verbose o-r {{ item }}"
@ -313,8 +119,5 @@
- name: Install Evoadmin
include_role:
name: evoadmin
when: packweb_install_evoadmin
- name: Install web-add script
include: web-add.yml
when: not packweb_install_evoadmin
vars:
evoadmin_enable_vhost: "{{ packweb_enable_evoadmin_vhost }}"

64
packweb-apache/tasks/php.yml

@ -0,0 +1,64 @@
---
- name: Install PHP5 packages
apt:
name: '{{ item }}'
state: present
with_items:
- libapache2-mod-php5
- php5
- php5-gd
- php5-imap
- php5-ldap
- php5-mcrypt
- php5-mysql
- php5-pgsql
- php-gettext
- php5-curl
- libssh2-php
tags:
- apache
- name: Set variables for php config files
set_fact:
php5_apache5_defaults_file: /etc/php5/apache2/conf.d/z-evolinux_defaults.ini
php5_apache5_custom_file: /etc/php5/apache2/conf.d/zzz-evolinux_custom.ini
- name: Set default values for PHP
ini_file:
dest: "{{ php5_apache5_defaults_file }}"
section: PHP
option: "{{ item.option }}"
value: "{{ item.value }}"
mode: "0644"
create: yes
with_items:
- { option: "short_open_tag", value: "Off" }
- { option: "expose_php", value: "Off" }
- { option: "display_errors", value: "Off" }
- { option: "log_errors", value: "On" }
- { option: "allow_url_fopen", value: "Off" }
notify: reload apache
- name: Disable PHP exec function without evoadmin
ini_file:
dest: "{{ php5_apache5_defaults_file }}"
section: PHP
option: disable_functions
value: "exec,shell-exec,system,passthru,putenv,popen"
when: not packweb_enable_evoadmin_vhost
- name: Don't disable PHP exec function with evoadmin
ini_file:
dest: "{{ php5_apache5_defaults_file }}"
section: PHP
option: disable_functions
value: "shell-exec,system,passthru,putenv,popen"
when: packweb_enable_evoadmin_vhost
- name: Custom php.ini
copy:
dest: "{{ php5_apache5_custom_file }}"
content: |
# Put customized values here.
force: no

26
packweb-apache/tasks/phpmyadmin.yml

@ -0,0 +1,26 @@
---
- name: Install phpmyadmin
apt:
name: phpmyadmin
state: present
- name: Check if phpmyadmin default configuration is present
stat:
path: /etc/apache2/conf-enabled/phpmyadmin.conf
register: pma_default_config
- debug:
var: pma_default_config
verbosity: 1
- name: Disable phpmyadmin default configuration
command: "a2disconf phpmyadmin"
register: command_result
changed_when: "'Disabling' in command_result.stderr"
when: pma_default_config.stat.exists
- name: Change group to www-data for /etc/phpmyadmin/
file:
dest: /etc/phpmyadmin/
group: www-data
Loading…
Cancel
Save