diff --git a/evoadmin/defaults/main.yml b/evoadmin/defaults/main.yml
index 03a7ff3b..30ba8010 100644
--- a/evoadmin/defaults/main.yml
+++ b/evoadmin/defaults/main.yml
@@ -5,7 +5,10 @@ evoadmin_bounce_email: "{{ evoadmin_contact_email }}"
evoadmin_home_dir: "/home/{{ evoadmin_username }}"
evoadmin_document_root: "{{ evoadmin_home_dir }}/www"
+evoadmin_log_dir: "{{ evoadmin_home_dir }}/log"
evoadmin_scripts_dir: /usr/share/scripts/evoadmin/
evoadmin_host: "evoadmin.{{ ansible_fqdn }}"
evoadmin_username: evoadmin
evoadmin_ssl_subject: "/CN={{ ansible_fqdn }}"
+
+evoadmin_enable_vhost: True
diff --git a/evoadmin/tasks/user.yml b/evoadmin/tasks/user.yml
index dda4429d..e3442cd1 100644
--- a/evoadmin/tasks/user.yml
+++ b/evoadmin/tasks/user.yml
@@ -39,10 +39,10 @@
# we use a shell command to have a "changed" thet really reflects the result.
- name: Fix permissions
- shell: "test -f {{ item }} && chmod -R --verbose u=rwX,g=rX,o= {{ item }}"
+ shell: "chmod -R --verbose u=rwX,g=rX,o= {{ item }}"
register: command_result
changed_when: "'changed' in command_result.stdout"
- failed_when: False
+ # failed_when: False
with_items:
- "{{ evoadmin_home_dir}}/www"
diff --git a/evoadmin/tasks/web.yml b/evoadmin/tasks/web.yml
index 69f719ef..7bbc67be 100644
--- a/evoadmin/tasks/web.yml
+++ b/evoadmin/tasks/web.yml
@@ -20,12 +20,21 @@
register: cmd_a2ensite
changed_when: "'Enabling site' in cmd_a2ensite.stdout"
notify: reload apache2
+ when: evoadmin_enable_vhost
+
+- name: Disable evoadmin vhost
+ command: "a2dissite evoadmin.conf"
+ register: cmd_a2dissite
+ changed_when: "'Disabling site' in cmd_a2dissite.stdout"
+ notify: reload apache2
+ when: not evoadmin_enable_vhost
- name: Copy config file for evoadmin
- copy:
- src: config.local.php
- dest: "{{ evoadmin_home_dir}}/www/conf/"
+ template:
+ src: config.local.php.j2
+ dest: "{{ evoadmin_document_root}}/conf/config.local.php"
mode: "0644"
+ force: no
- name: add www-evoadmin to shadow group
user:
diff --git a/evoadmin/templates/config.local.php.j2 b/evoadmin/templates/config.local.php.j2
new file mode 100644
index 00000000..3e159bcd
--- /dev/null
+++ b/evoadmin/templates/config.local.php.j2
@@ -0,0 +1,8 @@
+
+
#Options Indexes SymLinksIfOwnerMatch
Options SymLinksIfOwnerMatch
AllowOverride AuthConfig Limit FileInfo
@@ -31,8 +31,8 @@
# LOG
CustomLog /var/log/apache2/access.log combined
- CustomLog /home/evoadmin/log/access.log combined
- ErrorLog /home/evoadmin/log/error.log
+ CustomLog {{ evoadmin_log_dir }}/access.log combined
+ ErrorLog {{ evoadmin_log_dir }}/error.log
# AWSTATS
SetEnv AWSTATS_FORCE_CONFIG evoadmin
@@ -54,7 +54,6 @@
#php_admin_value upload_max_filesize 8M
#php_admin_flag allow_url_fopen Off
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f www-evoadmin"
- php_admin_value error_log "/home/evoadmin/log/php.log"
+ php_admin_value error_log "{{ evoadmin_home_dir }}/log/php.log"
php_admin_value open_basedir "none"
-
diff --git a/evolinux-base/tasks/default_www.yml b/evolinux-base/tasks/default_www.yml
index 750d2200..0fdf03f9 100644
--- a/evolinux-base/tasks/default_www.yml
+++ b/evolinux-base/tasks/default_www.yml
@@ -92,7 +92,7 @@
- name: Apache vhost is installed
template:
src: default_www/apache_default_site.j2
- dest: /etc/apache2/sites-available/000-default
+ dest: /etc/apache2/sites-available/000-default.conf
mode: "0640"
# force: yes
notify: reload apache
@@ -101,8 +101,8 @@
- name: Apache vhost is enabled
file:
- src: /etc/apache2/sites-available/000-default
- dest: /etc/apache2/sites-enabled/000-default
+ src: /etc/apache2/sites-available/000-default.conf
+ dest: /etc/apache2/sites-enabled/000-default.conf
state: link
notify: reload apache
when: evolinux_default_www_apache_enabled
diff --git a/packweb-apache/defaults/main.yml b/packweb-apache/defaults/main.yml
index 2e2c3481..0301183f 100644
--- a/packweb-apache/defaults/main.yml
+++ b/packweb-apache/defaults/main.yml
@@ -2,4 +2,4 @@
# defaults file for packweb-apache
general_alert_email: "root@localhost"
log2mail_alert_email: Null
-packweb_install_evoadmin: True
+packweb_enable_evoadmin_vhost: True
diff --git a/packweb-apache/tasks/apache.yml b/packweb-apache/tasks/apache.yml
new file mode 100644
index 00000000..76756d10
--- /dev/null
+++ b/packweb-apache/tasks/apache.yml
@@ -0,0 +1,67 @@
+---
+
+- name: Check if Apache envvars have a PATH
+ command: "grep -E '^export PATH ' /etc/apache2/envvars"
+ failed_when: False
+ changed_when: False
+ register: envvar_grep_path
+ check_mode: no
+
+- name: Add a PATH envvar for Apache
+ blockinfile:
+ dest: /etc/apache2/envvars
+ marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PATH"
+ block: |
+ # Used for Evoadmin-web
+ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ when: envvar_grep_path.rc != 0
+
+- name: Additional packages are installed
+ apt:
+ name: '{{ item }}'
+ state: present
+ with_items:
+ - apache2-mpm-itk
+ - libapache2-mod-evasive
+ - libapache2-mod-security2
+
+- name: Copy Apache settings for modules
+ copy:
+ src: "{{ item }}"
+ dest: "/etc/apache2/conf-available/{{ item }}"
+ owner: root
+ group: root
+ mode: "0644"
+ force: no
+ with_items:
+ - evolinux-itk.conf
+ - evolinux-evasive.conf
+ - evolinux-modsec.conf
+
+- name: Ensure Apache modules configs are enabled
+ command: "a2enconf {{ item }}"
+ register: command_result
+ changed_when: "'Enabling' in command_result.stderr"
+ with_items:
+ - evolinux-itk
+ - evolinux-evasive
+ - evolinux-modsec
+
+- name: Check if log2mail is installed
+ command: "apt list --installed log2mail"
+ register: command_result
+ changed_when: False
+
+- debug:
+ var: command_result
+ verbosity: 1
+
+- name: Add log2mail config for Apache segfaults
+ template:
+ src: log2mail-apache.j2
+ dest: "/etc/log2mail/config/apache"
+ owner: root
+ group: root
+ mode: "0644"
+ force: no
+ when: "'log2mail' in command_result.stdout"
diff --git a/packweb-apache/tasks/awstats.yml b/packweb-apache/tasks/awstats.yml
new file mode 100644
index 00000000..1919b17d
--- /dev/null
+++ b/packweb-apache/tasks/awstats.yml
@@ -0,0 +1,48 @@
+---
+- name: Install awstats
+ apt:
+ name: awstats
+ state: present
+
+- name: Configure awstats
+ blockinfile:
+ dest: /etc/awstats/awstats.conf.local
+ marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PACKWEB"
+ block: |
+ LogFile="/var/log/apache2/access.log"
+ SiteDomain="{{ ansible_hostname }}"
+ DirData="/var/lib/awstats"
+ ShowHostsStats=0
+ ShowOriginStats=0
+ ShowPagesStats=0
+ ShowKeyphrasesStats=0
+ ShowKeywordsStats=0
+ ShowHTTPErrorsStats=0
+ LogFormat=1
+ AllowFullYearView=3
+ ErrorMessages="An error occured. Contact your Administrator"
+ mode: "0644"
+
+- name: Create conf-available/awstats-icon.conf file
+ copy:
+ dest: /etc/apache2/conf-available/awstats-icon.conf
+ content: |
+ Alias /awstats-icon/ /usr/share/awstats/icon/
+
+ Require all granted
+
+ force: no
+ mode: "0644"
+
+- name: Enable apache awstats-icon configuration
+ command: "a2enconf awstats-icon"
+ register: command_result
+ changed_when: "'Enabling' in command_result.stderr"
+ notify: reload apache
+
+- name: Create awstats cron
+ lineinfile:
+ dest: /etc/cron.d/awstats
+ create: yes
+ regexp: '-config=awstats'
+ line: "10 */6 * * * root umask 033; [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null"
diff --git a/packweb-apache/tasks/main.yml b/packweb-apache/tasks/main.yml
index 24d86cd0..8aa0f26c 100644
--- a/packweb-apache/tasks/main.yml
+++ b/packweb-apache/tasks/main.yml
@@ -36,207 +36,13 @@
regexp: '^DIR_MODE='
line: 'DIR_MODE=0750'
-- name: Check if Apache envvars have a PATH
- command: "grep -E '^export PATH ' /etc/apache2/envvars"
- failed_when: False
- changed_when: False
- register: envvar_grep_path
- check_mode: no
+- include: apache.yml
-- name: Add a PATH envvar for Apache
- blockinfile:
- dest: /etc/apache2/envvars
- marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PATH"
- block: |
- # Used for Evoadmin-web
- export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- when: envvar_grep_path.rc != 0
+- include: php.yml
-- name: Additional packages are installed
- apt:
- name: '{{ item }}'
- state: present
- with_items:
- - apache2-mpm-itk
- - libapache2-mod-evasive
- - libapache2-mod-security2
+- include: phpmyadmin.yml
-- name: Copy Apache settings for modules
- copy:
- src: "{{ item }}"
- dest: "/etc/apache2/conf-available/{{ item }}"
- owner: root
- group: root
- mode: "0644"
- force: no
- with_items:
- - evolinux-itk.conf
- - evolinux-evasive.conf
- - evolinux-modsec.conf
-
-- name: Ensure Apache modules configs are enabled
- command: "a2enconf {{ item }}"
- register: command_result
- changed_when: "'Enabling' in command_result.stderr"
- with_items:
- - evolinux-itk
- - evolinux-evasive
- - evolinux-modsec
-
-- name: Check if log2mail is installed
- command: "apt list --installed log2mail"
- register: command_result
- changed_when: False
-
-- debug:
- var: command_result
- verbosity: 1
-
-- name: Add log2mail config for Apache segfaults
- template:
- src: log2mail-apache.j2
- dest: "/etc/log2mail/config/apache"
- owner: root
- group: root
- mode: "0644"
- force: no
- when: "'log2mail' in command_result.stdout"
-
-- name: Install PHP5 packages
- apt:
- name: '{{ item }}'
- state: present
- with_items:
- - libapache2-mod-php5
- - php5
- - php5-gd
- - php5-imap
- - php5-ldap
- - php5-mcrypt
- - php5-mysql
- - php5-pgsql
- - php-gettext
- - php5-curl
- - libssh2-php
- tags:
- - apache
-
-- name: Set variables for php config files
- set_fact:
- php5_apache5_defaults_file: /etc/php5/apache2/conf.d/z-evolinux_defaults.ini
- php5_apache5_custom_file: /etc/php5/apache2/conf.d/zzz-evolinux_custom.ini
-
-- name: Set default values for PHP
- ini_file:
- dest: "{{ php5_apache5_defaults_file }}"
- section: PHP
- option: "{{ item.option }}"
- value: "{{ item.value }}"
- mode: "0644"
- create: yes
- with_items:
- - { option: "short_open_tag", value: "Off" }
- - { option: "expose_php", value: "Off" }
- - { option: "display_errors", value: "Off" }
- - { option: "log_errors", value: "On" }
- - { option: "allow_url_fopen", value: "Off" }
- notify: reload apache
-
-- name: Disable PHP exec function without evoadmin
- ini_file:
- dest: "{{ php5_apache5_defaults_file }}"
- section: PHP
- option: disable_functions
- value: "exec,shell-exec,system,passthru,putenv,popen"
- when: not packweb_install_evoadmin
-
-- name: Don't disable PHP exec function with evoadmin
- ini_file:
- dest: "{{ php5_apache5_defaults_file }}"
- section: PHP
- option: disable_functions
- value: "shell-exec,system,passthru,putenv,popen"
- when: packweb_install_evoadmin
-
-- name: Custom php.ini
- copy:
- dest: "{{ php5_apache5_custom_file }}"
- content: |
- # Put customized values here.
- force: no
-
-- name: Install phpmyadmin
- apt:
- name: phpmyadmin
- state: present
-
-- name: Check if phpmyadmin default configuration is present
- stat:
- path: /etc/apache2/conf-enabled/phpmyadmin.conf
- register: pma_default_config
-
-- debug:
- var: pma_default_config
- verbosity: 1
-
-- name: Disable phpmyadmin default configuration
- command: "a2disconf phpmyadmin"
- register: command_result
- changed_when: "'Disabling' in command_result.stderr"
- when: pma_default_config.stat.exists
-
-- name: Change group to www-data for /etc/phpmyadmin/
- file:
- dest: /etc/phpmyadmin/
- group: www-data
-
-- name: Install awstats
- apt:
- name: awstats
- state: present
-
-- name: Configure awstats
- blockinfile:
- dest: /etc/awstats/awstats.conf.local
- marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PACKWEB"
- block: |
- LogFile="/var/log/apache2/access.log"
- SiteDomain="{{ ansible_hostname }}"
- DirData="/var/lib/awstats"
- ShowHostsStats=0
- ShowOriginStats=0
- ShowPagesStats=0
- ShowKeyphrasesStats=0
- ShowKeywordsStats=0
- ShowHTTPErrorsStats=0
- LogFormat=1
- AllowFullYearView=3
- ErrorMessages="An error occured. Contact your Administrator"
- mode: "0644"
-
-- name: Create conf-available/awstats-icon.conf file
- copy:
- dest: /etc/apache2/conf-available/awstats-icon.conf
- content: |
- Alias /awstats-icon/ /usr/share/awstats/icon/
-
- Require all granted
-
- force: no
- mode: "0644"
-
-- name: Enable apache awstats-icon configuration
- command: "a2enconf awstats-icon"
- register: command_result
- changed_when: "'Enabling' in command_result.stderr"
- notify: reload apache
-
-- name: Create awstats cron
- lineinfile:
- dest: /etc/cron.d/awstats
- create: yes
- regexp: '-config=awstats'
- line: "10 */6 * * * root umask 033; [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null"
+- include: awstats.yml
- name: Remove read permission on some folders (/, /etc, ...)
shell: "test -d {{ item }} && chmod --verbose o-r {{ item }}"
@@ -313,8 +119,5 @@
- name: Install Evoadmin
include_role:
name: evoadmin
- when: packweb_install_evoadmin
-
-- name: Install web-add script
- include: web-add.yml
- when: not packweb_install_evoadmin
+ vars:
+ evoadmin_enable_vhost: "{{ packweb_enable_evoadmin_vhost }}"
diff --git a/packweb-apache/tasks/php.yml b/packweb-apache/tasks/php.yml
new file mode 100644
index 00000000..ee65fd2f
--- /dev/null
+++ b/packweb-apache/tasks/php.yml
@@ -0,0 +1,64 @@
+---
+
+- name: Install PHP5 packages
+ apt:
+ name: '{{ item }}'
+ state: present
+ with_items:
+ - libapache2-mod-php5
+ - php5
+ - php5-gd
+ - php5-imap
+ - php5-ldap
+ - php5-mcrypt
+ - php5-mysql
+ - php5-pgsql
+ - php-gettext
+ - php5-curl
+ - libssh2-php
+ tags:
+ - apache
+
+- name: Set variables for php config files
+ set_fact:
+ php5_apache5_defaults_file: /etc/php5/apache2/conf.d/z-evolinux_defaults.ini
+ php5_apache5_custom_file: /etc/php5/apache2/conf.d/zzz-evolinux_custom.ini
+
+- name: Set default values for PHP
+ ini_file:
+ dest: "{{ php5_apache5_defaults_file }}"
+ section: PHP
+ option: "{{ item.option }}"
+ value: "{{ item.value }}"
+ mode: "0644"
+ create: yes
+ with_items:
+ - { option: "short_open_tag", value: "Off" }
+ - { option: "expose_php", value: "Off" }
+ - { option: "display_errors", value: "Off" }
+ - { option: "log_errors", value: "On" }
+ - { option: "allow_url_fopen", value: "Off" }
+ notify: reload apache
+
+- name: Disable PHP exec function without evoadmin
+ ini_file:
+ dest: "{{ php5_apache5_defaults_file }}"
+ section: PHP
+ option: disable_functions
+ value: "exec,shell-exec,system,passthru,putenv,popen"
+ when: not packweb_enable_evoadmin_vhost
+
+- name: Don't disable PHP exec function with evoadmin
+ ini_file:
+ dest: "{{ php5_apache5_defaults_file }}"
+ section: PHP
+ option: disable_functions
+ value: "shell-exec,system,passthru,putenv,popen"
+ when: packweb_enable_evoadmin_vhost
+
+- name: Custom php.ini
+ copy:
+ dest: "{{ php5_apache5_custom_file }}"
+ content: |
+ # Put customized values here.
+ force: no
diff --git a/packweb-apache/tasks/phpmyadmin.yml b/packweb-apache/tasks/phpmyadmin.yml
new file mode 100644
index 00000000..cc34067e
--- /dev/null
+++ b/packweb-apache/tasks/phpmyadmin.yml
@@ -0,0 +1,26 @@
+---
+
+- name: Install phpmyadmin
+ apt:
+ name: phpmyadmin
+ state: present
+
+- name: Check if phpmyadmin default configuration is present
+ stat:
+ path: /etc/apache2/conf-enabled/phpmyadmin.conf
+ register: pma_default_config
+
+- debug:
+ var: pma_default_config
+ verbosity: 1
+
+- name: Disable phpmyadmin default configuration
+ command: "a2disconf phpmyadmin"
+ register: command_result
+ changed_when: "'Disabling' in command_result.stderr"
+ when: pma_default_config.stat.exists
+
+- name: Change group to www-data for /etc/phpmyadmin/
+ file:
+ dest: /etc/phpmyadmin/
+ group: www-data