packweb/evoadmin: cleanup
* extracted tasks * more variables * more templates * less bugs
This commit is contained in:
parent
2084e2e53e
commit
bae8961e99
|
@ -5,7 +5,10 @@ evoadmin_bounce_email: "{{ evoadmin_contact_email }}"
|
||||||
|
|
||||||
evoadmin_home_dir: "/home/{{ evoadmin_username }}"
|
evoadmin_home_dir: "/home/{{ evoadmin_username }}"
|
||||||
evoadmin_document_root: "{{ evoadmin_home_dir }}/www"
|
evoadmin_document_root: "{{ evoadmin_home_dir }}/www"
|
||||||
|
evoadmin_log_dir: "{{ evoadmin_home_dir }}/log"
|
||||||
evoadmin_scripts_dir: /usr/share/scripts/evoadmin/
|
evoadmin_scripts_dir: /usr/share/scripts/evoadmin/
|
||||||
evoadmin_host: "evoadmin.{{ ansible_fqdn }}"
|
evoadmin_host: "evoadmin.{{ ansible_fqdn }}"
|
||||||
evoadmin_username: evoadmin
|
evoadmin_username: evoadmin
|
||||||
evoadmin_ssl_subject: "/CN={{ ansible_fqdn }}"
|
evoadmin_ssl_subject: "/CN={{ ansible_fqdn }}"
|
||||||
|
|
||||||
|
evoadmin_enable_vhost: True
|
||||||
|
|
|
@ -39,10 +39,10 @@
|
||||||
|
|
||||||
# we use a shell command to have a "changed" thet really reflects the result.
|
# we use a shell command to have a "changed" thet really reflects the result.
|
||||||
- name: Fix permissions
|
- name: Fix permissions
|
||||||
shell: "test -f {{ item }} && chmod -R --verbose u=rwX,g=rX,o= {{ item }}"
|
shell: "chmod -R --verbose u=rwX,g=rX,o= {{ item }}"
|
||||||
register: command_result
|
register: command_result
|
||||||
changed_when: "'changed' in command_result.stdout"
|
changed_when: "'changed' in command_result.stdout"
|
||||||
failed_when: False
|
# failed_when: False
|
||||||
with_items:
|
with_items:
|
||||||
- "{{ evoadmin_home_dir}}/www"
|
- "{{ evoadmin_home_dir}}/www"
|
||||||
|
|
||||||
|
|
|
@ -20,12 +20,21 @@
|
||||||
register: cmd_a2ensite
|
register: cmd_a2ensite
|
||||||
changed_when: "'Enabling site' in cmd_a2ensite.stdout"
|
changed_when: "'Enabling site' in cmd_a2ensite.stdout"
|
||||||
notify: reload apache2
|
notify: reload apache2
|
||||||
|
when: evoadmin_enable_vhost
|
||||||
|
|
||||||
|
- name: Disable evoadmin vhost
|
||||||
|
command: "a2dissite evoadmin.conf"
|
||||||
|
register: cmd_a2dissite
|
||||||
|
changed_when: "'Disabling site' in cmd_a2dissite.stdout"
|
||||||
|
notify: reload apache2
|
||||||
|
when: not evoadmin_enable_vhost
|
||||||
|
|
||||||
- name: Copy config file for evoadmin
|
- name: Copy config file for evoadmin
|
||||||
copy:
|
template:
|
||||||
src: config.local.php
|
src: config.local.php.j2
|
||||||
dest: "{{ evoadmin_home_dir}}/www/conf/"
|
dest: "{{ evoadmin_document_root}}/conf/config.local.php"
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
force: no
|
||||||
|
|
||||||
- name: add www-evoadmin to shadow group
|
- name: add www-evoadmin to shadow group
|
||||||
user:
|
user:
|
||||||
|
|
8
evoadmin/templates/config.local.php.j2
Normal file
8
evoadmin/templates/config.local.php.j2
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
$localconf['admin']['mail'] = '{{ evoadmin_contact_email or general_alert_email | mandatory }}';
|
||||||
|
$localconf['debug'] = FALSE;
|
||||||
|
// Add local users that should be superadmin
|
||||||
|
$localconf['superadmin'] = array();
|
||||||
|
$localconf['script_path'] = '{{ evoadmin_scripts_dir }}';
|
||||||
|
$localconf['cluster'] = FALSE;
|
|
@ -10,7 +10,7 @@
|
||||||
#ServerAlias {{ evoadmin_host }}
|
#ServerAlias {{ evoadmin_host }}
|
||||||
|
|
||||||
# Repertoire principal
|
# Repertoire principal
|
||||||
DocumentRoot /home/evoadmin/www/htdocs/
|
DocumentRoot {{ evoadmin_document_root }}/htdocs/
|
||||||
|
|
||||||
# SSL
|
# SSL
|
||||||
SSLEngine on
|
SSLEngine on
|
||||||
|
@ -19,7 +19,7 @@
|
||||||
SSLProtocol all -SSLv2 -SSLv3
|
SSLProtocol all -SSLv2 -SSLv3
|
||||||
|
|
||||||
# Propriete du repertoire
|
# Propriete du repertoire
|
||||||
<Directory /home/evoadmin/www/htdocs/>
|
<Directory {{ evoadmin_document_root }}/htdocs/>
|
||||||
#Options Indexes SymLinksIfOwnerMatch
|
#Options Indexes SymLinksIfOwnerMatch
|
||||||
Options SymLinksIfOwnerMatch
|
Options SymLinksIfOwnerMatch
|
||||||
AllowOverride AuthConfig Limit FileInfo
|
AllowOverride AuthConfig Limit FileInfo
|
||||||
|
@ -31,8 +31,8 @@
|
||||||
|
|
||||||
# LOG
|
# LOG
|
||||||
CustomLog /var/log/apache2/access.log combined
|
CustomLog /var/log/apache2/access.log combined
|
||||||
CustomLog /home/evoadmin/log/access.log combined
|
CustomLog {{ evoadmin_log_dir }}/access.log combined
|
||||||
ErrorLog /home/evoadmin/log/error.log
|
ErrorLog {{ evoadmin_log_dir }}/error.log
|
||||||
|
|
||||||
# AWSTATS
|
# AWSTATS
|
||||||
SetEnv AWSTATS_FORCE_CONFIG evoadmin
|
SetEnv AWSTATS_FORCE_CONFIG evoadmin
|
||||||
|
@ -54,7 +54,6 @@
|
||||||
#php_admin_value upload_max_filesize 8M
|
#php_admin_value upload_max_filesize 8M
|
||||||
#php_admin_flag allow_url_fopen Off
|
#php_admin_flag allow_url_fopen Off
|
||||||
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f www-evoadmin"
|
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f www-evoadmin"
|
||||||
php_admin_value error_log "/home/evoadmin/log/php.log"
|
php_admin_value error_log "{{ evoadmin_home_dir }}/log/php.log"
|
||||||
php_admin_value open_basedir "none"
|
php_admin_value open_basedir "none"
|
||||||
|
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
|
|
|
@ -92,7 +92,7 @@
|
||||||
- name: Apache vhost is installed
|
- name: Apache vhost is installed
|
||||||
template:
|
template:
|
||||||
src: default_www/apache_default_site.j2
|
src: default_www/apache_default_site.j2
|
||||||
dest: /etc/apache2/sites-available/000-default
|
dest: /etc/apache2/sites-available/000-default.conf
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
# force: yes
|
# force: yes
|
||||||
notify: reload apache
|
notify: reload apache
|
||||||
|
@ -101,8 +101,8 @@
|
||||||
|
|
||||||
- name: Apache vhost is enabled
|
- name: Apache vhost is enabled
|
||||||
file:
|
file:
|
||||||
src: /etc/apache2/sites-available/000-default
|
src: /etc/apache2/sites-available/000-default.conf
|
||||||
dest: /etc/apache2/sites-enabled/000-default
|
dest: /etc/apache2/sites-enabled/000-default.conf
|
||||||
state: link
|
state: link
|
||||||
notify: reload apache
|
notify: reload apache
|
||||||
when: evolinux_default_www_apache_enabled
|
when: evolinux_default_www_apache_enabled
|
||||||
|
|
|
@ -2,4 +2,4 @@
|
||||||
# defaults file for packweb-apache
|
# defaults file for packweb-apache
|
||||||
general_alert_email: "root@localhost"
|
general_alert_email: "root@localhost"
|
||||||
log2mail_alert_email: Null
|
log2mail_alert_email: Null
|
||||||
packweb_install_evoadmin: True
|
packweb_enable_evoadmin_vhost: True
|
||||||
|
|
67
packweb-apache/tasks/apache.yml
Normal file
67
packweb-apache/tasks/apache.yml
Normal file
|
@ -0,0 +1,67 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Check if Apache envvars have a PATH
|
||||||
|
command: "grep -E '^export PATH ' /etc/apache2/envvars"
|
||||||
|
failed_when: False
|
||||||
|
changed_when: False
|
||||||
|
register: envvar_grep_path
|
||||||
|
check_mode: no
|
||||||
|
|
||||||
|
- name: Add a PATH envvar for Apache
|
||||||
|
blockinfile:
|
||||||
|
dest: /etc/apache2/envvars
|
||||||
|
marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PATH"
|
||||||
|
block: |
|
||||||
|
# Used for Evoadmin-web
|
||||||
|
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||||
|
when: envvar_grep_path.rc != 0
|
||||||
|
|
||||||
|
- name: Additional packages are installed
|
||||||
|
apt:
|
||||||
|
name: '{{ item }}'
|
||||||
|
state: present
|
||||||
|
with_items:
|
||||||
|
- apache2-mpm-itk
|
||||||
|
- libapache2-mod-evasive
|
||||||
|
- libapache2-mod-security2
|
||||||
|
|
||||||
|
- name: Copy Apache settings for modules
|
||||||
|
copy:
|
||||||
|
src: "{{ item }}"
|
||||||
|
dest: "/etc/apache2/conf-available/{{ item }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
force: no
|
||||||
|
with_items:
|
||||||
|
- evolinux-itk.conf
|
||||||
|
- evolinux-evasive.conf
|
||||||
|
- evolinux-modsec.conf
|
||||||
|
|
||||||
|
- name: Ensure Apache modules configs are enabled
|
||||||
|
command: "a2enconf {{ item }}"
|
||||||
|
register: command_result
|
||||||
|
changed_when: "'Enabling' in command_result.stderr"
|
||||||
|
with_items:
|
||||||
|
- evolinux-itk
|
||||||
|
- evolinux-evasive
|
||||||
|
- evolinux-modsec
|
||||||
|
|
||||||
|
- name: Check if log2mail is installed
|
||||||
|
command: "apt list --installed log2mail"
|
||||||
|
register: command_result
|
||||||
|
changed_when: False
|
||||||
|
|
||||||
|
- debug:
|
||||||
|
var: command_result
|
||||||
|
verbosity: 1
|
||||||
|
|
||||||
|
- name: Add log2mail config for Apache segfaults
|
||||||
|
template:
|
||||||
|
src: log2mail-apache.j2
|
||||||
|
dest: "/etc/log2mail/config/apache"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
force: no
|
||||||
|
when: "'log2mail' in command_result.stdout"
|
48
packweb-apache/tasks/awstats.yml
Normal file
48
packweb-apache/tasks/awstats.yml
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
---
|
||||||
|
- name: Install awstats
|
||||||
|
apt:
|
||||||
|
name: awstats
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Configure awstats
|
||||||
|
blockinfile:
|
||||||
|
dest: /etc/awstats/awstats.conf.local
|
||||||
|
marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PACKWEB"
|
||||||
|
block: |
|
||||||
|
LogFile="/var/log/apache2/access.log"
|
||||||
|
SiteDomain="{{ ansible_hostname }}"
|
||||||
|
DirData="/var/lib/awstats"
|
||||||
|
ShowHostsStats=0
|
||||||
|
ShowOriginStats=0
|
||||||
|
ShowPagesStats=0
|
||||||
|
ShowKeyphrasesStats=0
|
||||||
|
ShowKeywordsStats=0
|
||||||
|
ShowHTTPErrorsStats=0
|
||||||
|
LogFormat=1
|
||||||
|
AllowFullYearView=3
|
||||||
|
ErrorMessages="An error occured. Contact your Administrator"
|
||||||
|
mode: "0644"
|
||||||
|
|
||||||
|
- name: Create conf-available/awstats-icon.conf file
|
||||||
|
copy:
|
||||||
|
dest: /etc/apache2/conf-available/awstats-icon.conf
|
||||||
|
content: |
|
||||||
|
Alias /awstats-icon/ /usr/share/awstats/icon/
|
||||||
|
<Directory /usr/share/awstats/icon/>
|
||||||
|
Require all granted
|
||||||
|
</Directory>
|
||||||
|
force: no
|
||||||
|
mode: "0644"
|
||||||
|
|
||||||
|
- name: Enable apache awstats-icon configuration
|
||||||
|
command: "a2enconf awstats-icon"
|
||||||
|
register: command_result
|
||||||
|
changed_when: "'Enabling' in command_result.stderr"
|
||||||
|
notify: reload apache
|
||||||
|
|
||||||
|
- name: Create awstats cron
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/cron.d/awstats
|
||||||
|
create: yes
|
||||||
|
regexp: '-config=awstats'
|
||||||
|
line: "10 */6 * * * root umask 033; [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null"
|
|
@ -36,207 +36,13 @@
|
||||||
regexp: '^DIR_MODE='
|
regexp: '^DIR_MODE='
|
||||||
line: 'DIR_MODE=0750'
|
line: 'DIR_MODE=0750'
|
||||||
|
|
||||||
- name: Check if Apache envvars have a PATH
|
- include: apache.yml
|
||||||
command: "grep -E '^export PATH ' /etc/apache2/envvars"
|
|
||||||
failed_when: False
|
|
||||||
changed_when: False
|
|
||||||
register: envvar_grep_path
|
|
||||||
check_mode: no
|
|
||||||
|
|
||||||
- name: Add a PATH envvar for Apache
|
- include: php.yml
|
||||||
blockinfile:
|
|
||||||
dest: /etc/apache2/envvars
|
|
||||||
marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PATH"
|
|
||||||
block: |
|
|
||||||
# Used for Evoadmin-web
|
|
||||||
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
|
||||||
when: envvar_grep_path.rc != 0
|
|
||||||
|
|
||||||
- name: Additional packages are installed
|
- include: phpmyadmin.yml
|
||||||
apt:
|
|
||||||
name: '{{ item }}'
|
|
||||||
state: present
|
|
||||||
with_items:
|
|
||||||
- apache2-mpm-itk
|
|
||||||
- libapache2-mod-evasive
|
|
||||||
- libapache2-mod-security2
|
|
||||||
|
|
||||||
- name: Copy Apache settings for modules
|
- include: awstats.yml
|
||||||
copy:
|
|
||||||
src: "{{ item }}"
|
|
||||||
dest: "/etc/apache2/conf-available/{{ item }}"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: "0644"
|
|
||||||
force: no
|
|
||||||
with_items:
|
|
||||||
- evolinux-itk.conf
|
|
||||||
- evolinux-evasive.conf
|
|
||||||
- evolinux-modsec.conf
|
|
||||||
|
|
||||||
- name: Ensure Apache modules configs are enabled
|
|
||||||
command: "a2enconf {{ item }}"
|
|
||||||
register: command_result
|
|
||||||
changed_when: "'Enabling' in command_result.stderr"
|
|
||||||
with_items:
|
|
||||||
- evolinux-itk
|
|
||||||
- evolinux-evasive
|
|
||||||
- evolinux-modsec
|
|
||||||
|
|
||||||
- name: Check if log2mail is installed
|
|
||||||
command: "apt list --installed log2mail"
|
|
||||||
register: command_result
|
|
||||||
changed_when: False
|
|
||||||
|
|
||||||
- debug:
|
|
||||||
var: command_result
|
|
||||||
verbosity: 1
|
|
||||||
|
|
||||||
- name: Add log2mail config for Apache segfaults
|
|
||||||
template:
|
|
||||||
src: log2mail-apache.j2
|
|
||||||
dest: "/etc/log2mail/config/apache"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: "0644"
|
|
||||||
force: no
|
|
||||||
when: "'log2mail' in command_result.stdout"
|
|
||||||
|
|
||||||
- name: Install PHP5 packages
|
|
||||||
apt:
|
|
||||||
name: '{{ item }}'
|
|
||||||
state: present
|
|
||||||
with_items:
|
|
||||||
- libapache2-mod-php5
|
|
||||||
- php5
|
|
||||||
- php5-gd
|
|
||||||
- php5-imap
|
|
||||||
- php5-ldap
|
|
||||||
- php5-mcrypt
|
|
||||||
- php5-mysql
|
|
||||||
- php5-pgsql
|
|
||||||
- php-gettext
|
|
||||||
- php5-curl
|
|
||||||
- libssh2-php
|
|
||||||
tags:
|
|
||||||
- apache
|
|
||||||
|
|
||||||
- name: Set variables for php config files
|
|
||||||
set_fact:
|
|
||||||
php5_apache5_defaults_file: /etc/php5/apache2/conf.d/z-evolinux_defaults.ini
|
|
||||||
php5_apache5_custom_file: /etc/php5/apache2/conf.d/zzz-evolinux_custom.ini
|
|
||||||
|
|
||||||
- name: Set default values for PHP
|
|
||||||
ini_file:
|
|
||||||
dest: "{{ php5_apache5_defaults_file }}"
|
|
||||||
section: PHP
|
|
||||||
option: "{{ item.option }}"
|
|
||||||
value: "{{ item.value }}"
|
|
||||||
mode: "0644"
|
|
||||||
create: yes
|
|
||||||
with_items:
|
|
||||||
- { option: "short_open_tag", value: "Off" }
|
|
||||||
- { option: "expose_php", value: "Off" }
|
|
||||||
- { option: "display_errors", value: "Off" }
|
|
||||||
- { option: "log_errors", value: "On" }
|
|
||||||
- { option: "allow_url_fopen", value: "Off" }
|
|
||||||
notify: reload apache
|
|
||||||
|
|
||||||
- name: Disable PHP exec function without evoadmin
|
|
||||||
ini_file:
|
|
||||||
dest: "{{ php5_apache5_defaults_file }}"
|
|
||||||
section: PHP
|
|
||||||
option: disable_functions
|
|
||||||
value: "exec,shell-exec,system,passthru,putenv,popen"
|
|
||||||
when: not packweb_install_evoadmin
|
|
||||||
|
|
||||||
- name: Don't disable PHP exec function with evoadmin
|
|
||||||
ini_file:
|
|
||||||
dest: "{{ php5_apache5_defaults_file }}"
|
|
||||||
section: PHP
|
|
||||||
option: disable_functions
|
|
||||||
value: "shell-exec,system,passthru,putenv,popen"
|
|
||||||
when: packweb_install_evoadmin
|
|
||||||
|
|
||||||
- name: Custom php.ini
|
|
||||||
copy:
|
|
||||||
dest: "{{ php5_apache5_custom_file }}"
|
|
||||||
content: |
|
|
||||||
# Put customized values here.
|
|
||||||
force: no
|
|
||||||
|
|
||||||
- name: Install phpmyadmin
|
|
||||||
apt:
|
|
||||||
name: phpmyadmin
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Check if phpmyadmin default configuration is present
|
|
||||||
stat:
|
|
||||||
path: /etc/apache2/conf-enabled/phpmyadmin.conf
|
|
||||||
register: pma_default_config
|
|
||||||
|
|
||||||
- debug:
|
|
||||||
var: pma_default_config
|
|
||||||
verbosity: 1
|
|
||||||
|
|
||||||
- name: Disable phpmyadmin default configuration
|
|
||||||
command: "a2disconf phpmyadmin"
|
|
||||||
register: command_result
|
|
||||||
changed_when: "'Disabling' in command_result.stderr"
|
|
||||||
when: pma_default_config.stat.exists
|
|
||||||
|
|
||||||
- name: Change group to www-data for /etc/phpmyadmin/
|
|
||||||
file:
|
|
||||||
dest: /etc/phpmyadmin/
|
|
||||||
group: www-data
|
|
||||||
|
|
||||||
- name: Install awstats
|
|
||||||
apt:
|
|
||||||
name: awstats
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Configure awstats
|
|
||||||
blockinfile:
|
|
||||||
dest: /etc/awstats/awstats.conf.local
|
|
||||||
marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PACKWEB"
|
|
||||||
block: |
|
|
||||||
LogFile="/var/log/apache2/access.log"
|
|
||||||
SiteDomain="{{ ansible_hostname }}"
|
|
||||||
DirData="/var/lib/awstats"
|
|
||||||
ShowHostsStats=0
|
|
||||||
ShowOriginStats=0
|
|
||||||
ShowPagesStats=0
|
|
||||||
ShowKeyphrasesStats=0
|
|
||||||
ShowKeywordsStats=0
|
|
||||||
ShowHTTPErrorsStats=0
|
|
||||||
LogFormat=1
|
|
||||||
AllowFullYearView=3
|
|
||||||
ErrorMessages="An error occured. Contact your Administrator"
|
|
||||||
mode: "0644"
|
|
||||||
|
|
||||||
- name: Create conf-available/awstats-icon.conf file
|
|
||||||
copy:
|
|
||||||
dest: /etc/apache2/conf-available/awstats-icon.conf
|
|
||||||
content: |
|
|
||||||
Alias /awstats-icon/ /usr/share/awstats/icon/
|
|
||||||
<Directory /usr/share/awstats/icon/>
|
|
||||||
Require all granted
|
|
||||||
</Directory>
|
|
||||||
force: no
|
|
||||||
mode: "0644"
|
|
||||||
|
|
||||||
- name: Enable apache awstats-icon configuration
|
|
||||||
command: "a2enconf awstats-icon"
|
|
||||||
register: command_result
|
|
||||||
changed_when: "'Enabling' in command_result.stderr"
|
|
||||||
notify: reload apache
|
|
||||||
|
|
||||||
- name: Create awstats cron
|
|
||||||
lineinfile:
|
|
||||||
dest: /etc/cron.d/awstats
|
|
||||||
create: yes
|
|
||||||
regexp: '-config=awstats'
|
|
||||||
line: "10 */6 * * * root umask 033; [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null"
|
|
||||||
|
|
||||||
- name: Remove read permission on some folders (/, /etc, ...)
|
- name: Remove read permission on some folders (/, /etc, ...)
|
||||||
shell: "test -d {{ item }} && chmod --verbose o-r {{ item }}"
|
shell: "test -d {{ item }} && chmod --verbose o-r {{ item }}"
|
||||||
|
@ -313,8 +119,5 @@
|
||||||
- name: Install Evoadmin
|
- name: Install Evoadmin
|
||||||
include_role:
|
include_role:
|
||||||
name: evoadmin
|
name: evoadmin
|
||||||
when: packweb_install_evoadmin
|
vars:
|
||||||
|
evoadmin_enable_vhost: "{{ packweb_enable_evoadmin_vhost }}"
|
||||||
- name: Install web-add script
|
|
||||||
include: web-add.yml
|
|
||||||
when: not packweb_install_evoadmin
|
|
||||||
|
|
64
packweb-apache/tasks/php.yml
Normal file
64
packweb-apache/tasks/php.yml
Normal file
|
@ -0,0 +1,64 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Install PHP5 packages
|
||||||
|
apt:
|
||||||
|
name: '{{ item }}'
|
||||||
|
state: present
|
||||||
|
with_items:
|
||||||
|
- libapache2-mod-php5
|
||||||
|
- php5
|
||||||
|
- php5-gd
|
||||||
|
- php5-imap
|
||||||
|
- php5-ldap
|
||||||
|
- php5-mcrypt
|
||||||
|
- php5-mysql
|
||||||
|
- php5-pgsql
|
||||||
|
- php-gettext
|
||||||
|
- php5-curl
|
||||||
|
- libssh2-php
|
||||||
|
tags:
|
||||||
|
- apache
|
||||||
|
|
||||||
|
- name: Set variables for php config files
|
||||||
|
set_fact:
|
||||||
|
php5_apache5_defaults_file: /etc/php5/apache2/conf.d/z-evolinux_defaults.ini
|
||||||
|
php5_apache5_custom_file: /etc/php5/apache2/conf.d/zzz-evolinux_custom.ini
|
||||||
|
|
||||||
|
- name: Set default values for PHP
|
||||||
|
ini_file:
|
||||||
|
dest: "{{ php5_apache5_defaults_file }}"
|
||||||
|
section: PHP
|
||||||
|
option: "{{ item.option }}"
|
||||||
|
value: "{{ item.value }}"
|
||||||
|
mode: "0644"
|
||||||
|
create: yes
|
||||||
|
with_items:
|
||||||
|
- { option: "short_open_tag", value: "Off" }
|
||||||
|
- { option: "expose_php", value: "Off" }
|
||||||
|
- { option: "display_errors", value: "Off" }
|
||||||
|
- { option: "log_errors", value: "On" }
|
||||||
|
- { option: "allow_url_fopen", value: "Off" }
|
||||||
|
notify: reload apache
|
||||||
|
|
||||||
|
- name: Disable PHP exec function without evoadmin
|
||||||
|
ini_file:
|
||||||
|
dest: "{{ php5_apache5_defaults_file }}"
|
||||||
|
section: PHP
|
||||||
|
option: disable_functions
|
||||||
|
value: "exec,shell-exec,system,passthru,putenv,popen"
|
||||||
|
when: not packweb_enable_evoadmin_vhost
|
||||||
|
|
||||||
|
- name: Don't disable PHP exec function with evoadmin
|
||||||
|
ini_file:
|
||||||
|
dest: "{{ php5_apache5_defaults_file }}"
|
||||||
|
section: PHP
|
||||||
|
option: disable_functions
|
||||||
|
value: "shell-exec,system,passthru,putenv,popen"
|
||||||
|
when: packweb_enable_evoadmin_vhost
|
||||||
|
|
||||||
|
- name: Custom php.ini
|
||||||
|
copy:
|
||||||
|
dest: "{{ php5_apache5_custom_file }}"
|
||||||
|
content: |
|
||||||
|
# Put customized values here.
|
||||||
|
force: no
|
26
packweb-apache/tasks/phpmyadmin.yml
Normal file
26
packweb-apache/tasks/phpmyadmin.yml
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Install phpmyadmin
|
||||||
|
apt:
|
||||||
|
name: phpmyadmin
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Check if phpmyadmin default configuration is present
|
||||||
|
stat:
|
||||||
|
path: /etc/apache2/conf-enabled/phpmyadmin.conf
|
||||||
|
register: pma_default_config
|
||||||
|
|
||||||
|
- debug:
|
||||||
|
var: pma_default_config
|
||||||
|
verbosity: 1
|
||||||
|
|
||||||
|
- name: Disable phpmyadmin default configuration
|
||||||
|
command: "a2disconf phpmyadmin"
|
||||||
|
register: command_result
|
||||||
|
changed_when: "'Disabling' in command_result.stderr"
|
||||||
|
when: pma_default_config.stat.exists
|
||||||
|
|
||||||
|
- name: Change group to www-data for /etc/phpmyadmin/
|
||||||
|
file:
|
||||||
|
dest: /etc/phpmyadmin/
|
||||||
|
group: www-data
|
Loading…
Reference in a new issue