packweb/evoadmin: cleanup

* extracted tasks * more variables * more templates * less bugs
2017-07-03 18:23:39 +02:00 · 2017-07-03 18:23:39 +02:00 · bae8961e99
parent 2084e2e53e
commit bae8961e99
12 changed files with 245 additions and 218 deletions
--- a/evoadmin/defaults/main.yml
+++ b/evoadmin/defaults/main.yml
@ -5,7 +5,10 @@ evoadmin_bounce_email: "{{ evoadmin_contact_email }}"

 evoadmin_home_dir: "/home/{{ evoadmin_username }}"
 evoadmin_document_root: "{{ evoadmin_home_dir }}/www"
+evoadmin_log_dir: "{{ evoadmin_home_dir }}/log"
 evoadmin_scripts_dir: /usr/share/scripts/evoadmin/
 evoadmin_host: "evoadmin.{{ ansible_fqdn }}"
 evoadmin_username: evoadmin
 evoadmin_ssl_subject: "/CN={{ ansible_fqdn }}"
+
+evoadmin_enable_vhost: True
--- a/evoadmin/tasks/user.yml
+++ b/evoadmin/tasks/user.yml
@ -39,10 +39,10 @@

 # we use a shell command to have a "changed" thet really reflects the result.
 - name: Fix permissions
-  shell: "test -f {{ item }} && chmod -R --verbose u=rwX,g=rX,o= {{ item }}"
+  shell: "chmod -R --verbose u=rwX,g=rX,o= {{ item }}"
  register: command_result
  changed_when: "'changed' in command_result.stdout"
-  failed_when: False
+  # failed_when: False
  with_items:
  - "{{ evoadmin_home_dir}}/www"

--- a/evoadmin/tasks/web.yml
+++ b/evoadmin/tasks/web.yml
@ -20,12 +20,21 @@
  register: cmd_a2ensite
  changed_when: "'Enabling site' in cmd_a2ensite.stdout"
  notify: reload apache2
+  when: evoadmin_enable_vhost
+
+- name: Disable evoadmin vhost
+  command: "a2dissite evoadmin.conf"
+  register: cmd_a2dissite
+  changed_when: "'Disabling site' in cmd_a2dissite.stdout"
+  notify: reload apache2
+  when: not evoadmin_enable_vhost

 - name: Copy config file for evoadmin
-  copy:
-    src: config.local.php
-    dest: "{{ evoadmin_home_dir}}/www/conf/"
+  template:
+    src: config.local.php.j2
+    dest: "{{ evoadmin_document_root}}/conf/config.local.php"
    mode: "0644"
+    force: no

 - name: add www-evoadmin to shadow group
  user:
--- a/evoadmin/templates/config.local.php.j2
+++ b/evoadmin/templates/config.local.php.j2
@ -0,0 +1,8 @@
+<?php
+
+$localconf['admin']['mail'] = '{{ evoadmin_contact_email or general_alert_email | mandatory }}';
+$localconf['debug'] = FALSE;
+// Add local users that should be superadmin
+$localconf['superadmin'] = array();
+$localconf['script_path'] = '{{ evoadmin_scripts_dir }}';
+$localconf['cluster'] = FALSE;
--- a/evoadmin/templates/evoadmin.conf.j2
+++ b/evoadmin/templates/evoadmin.conf.j2
@ -10,7 +10,7 @@
    #ServerAlias {{ evoadmin_host }}

    # Repertoire principal
-    DocumentRoot /home/evoadmin/www/htdocs/
+    DocumentRoot {{ evoadmin_document_root }}/htdocs/

    # SSL
    SSLEngine on
@ -19,7 +19,7 @@
    SSLProtocol all -SSLv2 -SSLv3

    # Propriete du repertoire
-    <Directory /home/evoadmin/www/htdocs/>
+    <Directory {{ evoadmin_document_root }}/htdocs/>
        #Options Indexes SymLinksIfOwnerMatch
        Options SymLinksIfOwnerMatch
        AllowOverride AuthConfig Limit FileInfo
@ -31,8 +31,8 @@

    # LOG
    CustomLog /var/log/apache2/access.log combined
-    CustomLog /home/evoadmin/log/access.log combined
-    ErrorLog  /home/evoadmin/log/error.log
+    CustomLog {{ evoadmin_log_dir }}/access.log combined
+    ErrorLog  {{ evoadmin_log_dir }}/error.log

    # AWSTATS
    SetEnv AWSTATS_FORCE_CONFIG evoadmin
@ -54,7 +54,6 @@
    #php_admin_value upload_max_filesize 8M
    #php_admin_flag allow_url_fopen Off
    php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f www-evoadmin"
-    php_admin_value error_log "/home/evoadmin/log/php.log"
+    php_admin_value error_log "{{ evoadmin_home_dir }}/log/php.log"
    php_admin_value open_basedir "none"
-
 </VirtualHost>
--- a/evolinux-base/tasks/default_www.yml
+++ b/evolinux-base/tasks/default_www.yml
@ -92,7 +92,7 @@
  - name: Apache vhost is installed
    template:
      src: default_www/apache_default_site.j2
-      dest: /etc/apache2/sites-available/000-default
+      dest: /etc/apache2/sites-available/000-default.conf
      mode: "0640"
      # force: yes
    notify: reload apache
@ -101,8 +101,8 @@

  - name: Apache vhost is enabled
    file:
-      src: /etc/apache2/sites-available/000-default
-      dest: /etc/apache2/sites-enabled/000-default
+      src: /etc/apache2/sites-available/000-default.conf
+      dest: /etc/apache2/sites-enabled/000-default.conf
      state: link
    notify: reload apache
    when: evolinux_default_www_apache_enabled
--- a/packweb-apache/defaults/main.yml
+++ b/packweb-apache/defaults/main.yml
@ -2,4 +2,4 @@
 # defaults file for packweb-apache
 general_alert_email: "root@localhost"
 log2mail_alert_email: Null
-packweb_install_evoadmin: True
+packweb_enable_evoadmin_vhost: True
--- a/packweb-apache/tasks/apache.yml
+++ b/packweb-apache/tasks/apache.yml
@ -0,0 +1,67 @@
+---
+
+- name: Check if Apache envvars have a PATH
+  command: "grep -E '^export PATH ' /etc/apache2/envvars"
+  failed_when: False
+  changed_when: False
+  register: envvar_grep_path
+  check_mode: no
+
+- name: Add a PATH envvar for Apache
+  blockinfile:
+    dest: /etc/apache2/envvars
+    marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PATH"
+    block: |
+      # Used for Evoadmin-web
+      export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+  when: envvar_grep_path.rc != 0
+
+- name: Additional packages are installed
+  apt:
+    name: '{{ item }}'
+    state: present
+  with_items:
+  - apache2-mpm-itk
+  - libapache2-mod-evasive
+  - libapache2-mod-security2
+
+- name: Copy Apache settings for modules
+  copy:
+    src: "{{ item }}"
+    dest: "/etc/apache2/conf-available/{{ item }}"
+    owner: root
+    group: root
+    mode: "0644"
+    force: no
+  with_items:
+  - evolinux-itk.conf
+  - evolinux-evasive.conf
+  - evolinux-modsec.conf
+
+- name: Ensure Apache modules configs are enabled
+  command: "a2enconf {{ item }}"
+  register: command_result
+  changed_when: "'Enabling' in command_result.stderr"
+  with_items:
+  - evolinux-itk
+  - evolinux-evasive
+  - evolinux-modsec
+
+- name: Check if log2mail is installed
+  command: "apt list --installed log2mail"
+  register: command_result
+  changed_when: False
+
+- debug:
+    var: command_result
+    verbosity: 1
+
+- name: Add log2mail config for Apache segfaults
+  template:
+    src: log2mail-apache.j2
+    dest: "/etc/log2mail/config/apache"
+    owner: root
+    group: root
+    mode: "0644"
+    force: no
+  when: "'log2mail' in command_result.stdout"
--- a/packweb-apache/tasks/awstats.yml
+++ b/packweb-apache/tasks/awstats.yml
@ -0,0 +1,48 @@
+---
+- name: Install awstats
+  apt:
+    name: awstats
+    state: present
+
+- name: Configure awstats
+  blockinfile:
+    dest: /etc/awstats/awstats.conf.local
+    marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PACKWEB"
+    block: |
+      LogFile="/var/log/apache2/access.log"
+      SiteDomain="{{ ansible_hostname }}"
+      DirData="/var/lib/awstats"
+      ShowHostsStats=0
+      ShowOriginStats=0
+      ShowPagesStats=0
+      ShowKeyphrasesStats=0
+      ShowKeywordsStats=0
+      ShowHTTPErrorsStats=0
+      LogFormat=1
+      AllowFullYearView=3
+      ErrorMessages="An error occured. Contact your Administrator"
+    mode: "0644"
+
+- name: Create conf-available/awstats-icon.conf file
+  copy:
+    dest: /etc/apache2/conf-available/awstats-icon.conf
+    content: |
+      Alias /awstats-icon/ /usr/share/awstats/icon/
+      <Directory /usr/share/awstats/icon/>
+        Require all granted
+      </Directory>
+    force: no
+    mode: "0644"
+
+- name: Enable apache awstats-icon configuration
+  command: "a2enconf awstats-icon"
+  register: command_result
+  changed_when: "'Enabling' in command_result.stderr"
+  notify: reload apache
+
+- name: Create awstats cron
+  lineinfile:
+    dest: /etc/cron.d/awstats
+    create: yes
+    regexp: '-config=awstats'
+    line: "10 */6 * * * root umask 033; [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null"
--- a/packweb-apache/tasks/main.yml
+++ b/packweb-apache/tasks/main.yml
@ -36,207 +36,13 @@
    regexp: '^DIR_MODE='
    line: 'DIR_MODE=0750'

- name: Check if Apache envvars have a PATH
-  command: "grep -E '^export PATH ' /etc/apache2/envvars"
-  failed_when: False
-  changed_when: False
-  register: envvar_grep_path
-  check_mode: no
+- include: apache.yml

- name: Add a PATH envvar for Apache
-  blockinfile:
-    dest: /etc/apache2/envvars
-    marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PATH"
-    block: |
-      # Used for Evoadmin-web
-      export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-  when: envvar_grep_path.rc != 0
+- include: php.yml

- name: Additional packages are installed
-  apt:
-    name: '{{ item }}'
-    state: present
-  with_items:
-  - apache2-mpm-itk
-  - libapache2-mod-evasive
-  - libapache2-mod-security2
+- include: phpmyadmin.yml

- name: Copy Apache settings for modules
-  copy:
-    src: "{{ item }}"
-    dest: "/etc/apache2/conf-available/{{ item }}"
-    owner: root
-    group: root
-    mode: "0644"
-    force: no
-  with_items:
-  - evolinux-itk.conf
-  - evolinux-evasive.conf
-  - evolinux-modsec.conf
-
- name: Ensure Apache modules configs are enabled
-  command: "a2enconf {{ item }}"
-  register: command_result
-  changed_when: "'Enabling' in command_result.stderr"
-  with_items:
-  - evolinux-itk
-  - evolinux-evasive
-  - evolinux-modsec
-
- name: Check if log2mail is installed
-  command: "apt list --installed log2mail"
-  register: command_result
-  changed_when: False
-
- debug:
-    var: command_result
-    verbosity: 1
-
- name: Add log2mail config for Apache segfaults
-  template:
-    src: log2mail-apache.j2
-    dest: "/etc/log2mail/config/apache"
-    owner: root
-    group: root
-    mode: "0644"
-    force: no
-  when: "'log2mail' in command_result.stdout"
-
- name: Install PHP5 packages
-  apt:
-    name: '{{ item }}'
-    state: present
-  with_items:
-  - libapache2-mod-php5
-  - php5
-  - php5-gd
-  - php5-imap
-  - php5-ldap
-  - php5-mcrypt
-  - php5-mysql
-  - php5-pgsql
-  - php-gettext
-  - php5-curl
-  - libssh2-php
-  tags:
-  - apache
-
- name: Set variables for php config files
-  set_fact:
-    php5_apache5_defaults_file: /etc/php5/apache2/conf.d/z-evolinux_defaults.ini
-    php5_apache5_custom_file: /etc/php5/apache2/conf.d/zzz-evolinux_custom.ini
-
- name: Set default values for PHP
-  ini_file:
-    dest: "{{ php5_apache5_defaults_file }}"
-    section: PHP
-    option: "{{ item.option }}"
-    value: "{{ item.value }}"
-    mode: "0644"
-    create: yes
-  with_items:
-  - { option: "short_open_tag", value: "Off" }
-  - { option: "expose_php", value: "Off" }
-  - { option: "display_errors", value: "Off" }
-  - { option: "log_errors", value: "On" }
-  - { option: "allow_url_fopen", value: "Off" }
-  notify: reload apache
-
- name: Disable PHP exec function without evoadmin
-  ini_file:
-    dest: "{{ php5_apache5_defaults_file }}"
-    section: PHP
-    option: disable_functions
-    value: "exec,shell-exec,system,passthru,putenv,popen"
-  when: not packweb_install_evoadmin
-
- name: Don't disable PHP exec function with evoadmin
-  ini_file:
-    dest: "{{ php5_apache5_defaults_file }}"
-    section: PHP
-    option: disable_functions
-    value: "shell-exec,system,passthru,putenv,popen"
-  when: packweb_install_evoadmin
-
- name: Custom php.ini
-  copy:
-    dest: "{{ php5_apache5_custom_file }}"
-    content: |
-      # Put customized values here.
-    force: no
-
- name: Install phpmyadmin
-  apt:
-    name: phpmyadmin
-    state: present
-
- name: Check if phpmyadmin default configuration is present
-  stat:
-    path: /etc/apache2/conf-enabled/phpmyadmin.conf
-  register: pma_default_config
-
- debug:
-    var: pma_default_config
-    verbosity: 1
-
- name: Disable phpmyadmin default configuration
-  command: "a2disconf phpmyadmin"
-  register: command_result
-  changed_when: "'Disabling' in command_result.stderr"
-  when: pma_default_config.stat.exists
-
- name: Change group to www-data for /etc/phpmyadmin/
-  file:
-    dest: /etc/phpmyadmin/
-    group: www-data
-
- name: Install awstats
-  apt:
-    name: awstats
-    state: present
-
- name: Configure awstats
-  blockinfile:
-    dest: /etc/awstats/awstats.conf.local
-    marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PACKWEB"
-    block: |
-      LogFile="/var/log/apache2/access.log"
-      SiteDomain="{{ ansible_hostname }}"
-      DirData="/var/lib/awstats"
-      ShowHostsStats=0
-      ShowOriginStats=0
-      ShowPagesStats=0
-      ShowKeyphrasesStats=0
-      ShowKeywordsStats=0
-      ShowHTTPErrorsStats=0
-      LogFormat=1
-      AllowFullYearView=3
-      ErrorMessages="An error occured. Contact your Administrator"
-    mode: "0644"
-
- name: Create conf-available/awstats-icon.conf file
-  copy:
-    dest: /etc/apache2/conf-available/awstats-icon.conf
-    content: |
-      Alias /awstats-icon/ /usr/share/awstats/icon/
-      <Directory /usr/share/awstats/icon/>
-        Require all granted
-      </Directory>
-    force: no
-    mode: "0644"
-
- name: Enable apache awstats-icon configuration
-  command: "a2enconf awstats-icon"
-  register: command_result
-  changed_when: "'Enabling' in command_result.stderr"
-  notify: reload apache
-
- name: Create awstats cron
-  lineinfile:
-    dest: /etc/cron.d/awstats
-    create: yes
-    regexp: '-config=awstats'
-    line: "10 */6 * * * root umask 033; [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null"
+- include: awstats.yml

 - name: Remove read permission on some folders (/, /etc, ...)
  shell: "test -d {{ item }} && chmod --verbose o-r {{ item }}"
@ -313,8 +119,5 @@
 - name: Install Evoadmin
  include_role:
    name: evoadmin
-  when: packweb_install_evoadmin
-
- name: Install web-add script
-  include: web-add.yml
-  when: not packweb_install_evoadmin
+  vars:
+    evoadmin_enable_vhost: "{{ packweb_enable_evoadmin_vhost }}"
--- a/packweb-apache/tasks/php.yml
+++ b/packweb-apache/tasks/php.yml
@ -0,0 +1,64 @@
+---
+
+- name: Install PHP5 packages
+  apt:
+    name: '{{ item }}'
+    state: present
+  with_items:
+  - libapache2-mod-php5
+  - php5
+  - php5-gd
+  - php5-imap
+  - php5-ldap
+  - php5-mcrypt
+  - php5-mysql
+  - php5-pgsql
+  - php-gettext
+  - php5-curl
+  - libssh2-php
+  tags:
+  - apache
+
+- name: Set variables for php config files
+  set_fact:
+    php5_apache5_defaults_file: /etc/php5/apache2/conf.d/z-evolinux_defaults.ini
+    php5_apache5_custom_file: /etc/php5/apache2/conf.d/zzz-evolinux_custom.ini
+
+- name: Set default values for PHP
+  ini_file:
+    dest: "{{ php5_apache5_defaults_file }}"
+    section: PHP
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
+    mode: "0644"
+    create: yes
+  with_items:
+  - { option: "short_open_tag", value: "Off" }
+  - { option: "expose_php", value: "Off" }
+  - { option: "display_errors", value: "Off" }
+  - { option: "log_errors", value: "On" }
+  - { option: "allow_url_fopen", value: "Off" }
+  notify: reload apache
+
+- name: Disable PHP exec function without evoadmin
+  ini_file:
+    dest: "{{ php5_apache5_defaults_file }}"
+    section: PHP
+    option: disable_functions
+    value: "exec,shell-exec,system,passthru,putenv,popen"
+  when: not packweb_enable_evoadmin_vhost
+
+- name: Don't disable PHP exec function with evoadmin
+  ini_file:
+    dest: "{{ php5_apache5_defaults_file }}"
+    section: PHP
+    option: disable_functions
+    value: "shell-exec,system,passthru,putenv,popen"
+  when: packweb_enable_evoadmin_vhost
+
+- name: Custom php.ini
+  copy:
+    dest: "{{ php5_apache5_custom_file }}"
+    content: |
+      # Put customized values here.
+    force: no
--- a/packweb-apache/tasks/phpmyadmin.yml
+++ b/packweb-apache/tasks/phpmyadmin.yml
@ -0,0 +1,26 @@
+---
+
+- name: Install phpmyadmin
+  apt:
+    name: phpmyadmin
+    state: present
+
+- name: Check if phpmyadmin default configuration is present
+  stat:
+    path: /etc/apache2/conf-enabled/phpmyadmin.conf
+  register: pma_default_config
+
+- debug:
+    var: pma_default_config
+    verbosity: 1
+
+- name: Disable phpmyadmin default configuration
+  command: "a2disconf phpmyadmin"
+  register: command_result
+  changed_when: "'Disabling' in command_result.stderr"
+  when: pma_default_config.stat.exists
+
+- name: Change group to www-data for /etc/phpmyadmin/
+  file:
+    dest: /etc/phpmyadmin/
+    group: www-data