packweb/evoadmin: cleanup
* extracted tasks * more variables * more templates * less bugs
This commit is contained in:
parent
2084e2e53e
commit
bae8961e99
|
@ -5,7 +5,10 @@ evoadmin_bounce_email: "{{ evoadmin_contact_email }}"
|
|||
|
||||
evoadmin_home_dir: "/home/{{ evoadmin_username }}"
|
||||
evoadmin_document_root: "{{ evoadmin_home_dir }}/www"
|
||||
evoadmin_log_dir: "{{ evoadmin_home_dir }}/log"
|
||||
evoadmin_scripts_dir: /usr/share/scripts/evoadmin/
|
||||
evoadmin_host: "evoadmin.{{ ansible_fqdn }}"
|
||||
evoadmin_username: evoadmin
|
||||
evoadmin_ssl_subject: "/CN={{ ansible_fqdn }}"
|
||||
|
||||
evoadmin_enable_vhost: True
|
||||
|
|
|
@ -39,10 +39,10 @@
|
|||
|
||||
# we use a shell command to have a "changed" thet really reflects the result.
|
||||
- name: Fix permissions
|
||||
shell: "test -f {{ item }} && chmod -R --verbose u=rwX,g=rX,o= {{ item }}"
|
||||
shell: "chmod -R --verbose u=rwX,g=rX,o= {{ item }}"
|
||||
register: command_result
|
||||
changed_when: "'changed' in command_result.stdout"
|
||||
failed_when: False
|
||||
# failed_when: False
|
||||
with_items:
|
||||
- "{{ evoadmin_home_dir}}/www"
|
||||
|
||||
|
|
|
@ -20,12 +20,21 @@
|
|||
register: cmd_a2ensite
|
||||
changed_when: "'Enabling site' in cmd_a2ensite.stdout"
|
||||
notify: reload apache2
|
||||
when: evoadmin_enable_vhost
|
||||
|
||||
- name: Disable evoadmin vhost
|
||||
command: "a2dissite evoadmin.conf"
|
||||
register: cmd_a2dissite
|
||||
changed_when: "'Disabling site' in cmd_a2dissite.stdout"
|
||||
notify: reload apache2
|
||||
when: not evoadmin_enable_vhost
|
||||
|
||||
- name: Copy config file for evoadmin
|
||||
copy:
|
||||
src: config.local.php
|
||||
dest: "{{ evoadmin_home_dir}}/www/conf/"
|
||||
template:
|
||||
src: config.local.php.j2
|
||||
dest: "{{ evoadmin_document_root}}/conf/config.local.php"
|
||||
mode: "0644"
|
||||
force: no
|
||||
|
||||
- name: add www-evoadmin to shadow group
|
||||
user:
|
||||
|
|
8
evoadmin/templates/config.local.php.j2
Normal file
8
evoadmin/templates/config.local.php.j2
Normal file
|
@ -0,0 +1,8 @@
|
|||
<?php
|
||||
|
||||
$localconf['admin']['mail'] = '{{ evoadmin_contact_email or general_alert_email | mandatory }}';
|
||||
$localconf['debug'] = FALSE;
|
||||
// Add local users that should be superadmin
|
||||
$localconf['superadmin'] = array();
|
||||
$localconf['script_path'] = '{{ evoadmin_scripts_dir }}';
|
||||
$localconf['cluster'] = FALSE;
|
|
@ -10,7 +10,7 @@
|
|||
#ServerAlias {{ evoadmin_host }}
|
||||
|
||||
# Repertoire principal
|
||||
DocumentRoot /home/evoadmin/www/htdocs/
|
||||
DocumentRoot {{ evoadmin_document_root }}/htdocs/
|
||||
|
||||
# SSL
|
||||
SSLEngine on
|
||||
|
@ -19,7 +19,7 @@
|
|||
SSLProtocol all -SSLv2 -SSLv3
|
||||
|
||||
# Propriete du repertoire
|
||||
<Directory /home/evoadmin/www/htdocs/>
|
||||
<Directory {{ evoadmin_document_root }}/htdocs/>
|
||||
#Options Indexes SymLinksIfOwnerMatch
|
||||
Options SymLinksIfOwnerMatch
|
||||
AllowOverride AuthConfig Limit FileInfo
|
||||
|
@ -31,8 +31,8 @@
|
|||
|
||||
# LOG
|
||||
CustomLog /var/log/apache2/access.log combined
|
||||
CustomLog /home/evoadmin/log/access.log combined
|
||||
ErrorLog /home/evoadmin/log/error.log
|
||||
CustomLog {{ evoadmin_log_dir }}/access.log combined
|
||||
ErrorLog {{ evoadmin_log_dir }}/error.log
|
||||
|
||||
# AWSTATS
|
||||
SetEnv AWSTATS_FORCE_CONFIG evoadmin
|
||||
|
@ -54,7 +54,6 @@
|
|||
#php_admin_value upload_max_filesize 8M
|
||||
#php_admin_flag allow_url_fopen Off
|
||||
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f www-evoadmin"
|
||||
php_admin_value error_log "/home/evoadmin/log/php.log"
|
||||
php_admin_value error_log "{{ evoadmin_home_dir }}/log/php.log"
|
||||
php_admin_value open_basedir "none"
|
||||
|
||||
</VirtualHost>
|
||||
|
|
|
@ -92,7 +92,7 @@
|
|||
- name: Apache vhost is installed
|
||||
template:
|
||||
src: default_www/apache_default_site.j2
|
||||
dest: /etc/apache2/sites-available/000-default
|
||||
dest: /etc/apache2/sites-available/000-default.conf
|
||||
mode: "0640"
|
||||
# force: yes
|
||||
notify: reload apache
|
||||
|
@ -101,8 +101,8 @@
|
|||
|
||||
- name: Apache vhost is enabled
|
||||
file:
|
||||
src: /etc/apache2/sites-available/000-default
|
||||
dest: /etc/apache2/sites-enabled/000-default
|
||||
src: /etc/apache2/sites-available/000-default.conf
|
||||
dest: /etc/apache2/sites-enabled/000-default.conf
|
||||
state: link
|
||||
notify: reload apache
|
||||
when: evolinux_default_www_apache_enabled
|
||||
|
|
|
@ -2,4 +2,4 @@
|
|||
# defaults file for packweb-apache
|
||||
general_alert_email: "root@localhost"
|
||||
log2mail_alert_email: Null
|
||||
packweb_install_evoadmin: True
|
||||
packweb_enable_evoadmin_vhost: True
|
||||
|
|
67
packweb-apache/tasks/apache.yml
Normal file
67
packweb-apache/tasks/apache.yml
Normal file
|
@ -0,0 +1,67 @@
|
|||
---
|
||||
|
||||
- name: Check if Apache envvars have a PATH
|
||||
command: "grep -E '^export PATH ' /etc/apache2/envvars"
|
||||
failed_when: False
|
||||
changed_when: False
|
||||
register: envvar_grep_path
|
||||
check_mode: no
|
||||
|
||||
- name: Add a PATH envvar for Apache
|
||||
blockinfile:
|
||||
dest: /etc/apache2/envvars
|
||||
marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PATH"
|
||||
block: |
|
||||
# Used for Evoadmin-web
|
||||
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||
when: envvar_grep_path.rc != 0
|
||||
|
||||
- name: Additional packages are installed
|
||||
apt:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
- apache2-mpm-itk
|
||||
- libapache2-mod-evasive
|
||||
- libapache2-mod-security2
|
||||
|
||||
- name: Copy Apache settings for modules
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: "/etc/apache2/conf-available/{{ item }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
force: no
|
||||
with_items:
|
||||
- evolinux-itk.conf
|
||||
- evolinux-evasive.conf
|
||||
- evolinux-modsec.conf
|
||||
|
||||
- name: Ensure Apache modules configs are enabled
|
||||
command: "a2enconf {{ item }}"
|
||||
register: command_result
|
||||
changed_when: "'Enabling' in command_result.stderr"
|
||||
with_items:
|
||||
- evolinux-itk
|
||||
- evolinux-evasive
|
||||
- evolinux-modsec
|
||||
|
||||
- name: Check if log2mail is installed
|
||||
command: "apt list --installed log2mail"
|
||||
register: command_result
|
||||
changed_when: False
|
||||
|
||||
- debug:
|
||||
var: command_result
|
||||
verbosity: 1
|
||||
|
||||
- name: Add log2mail config for Apache segfaults
|
||||
template:
|
||||
src: log2mail-apache.j2
|
||||
dest: "/etc/log2mail/config/apache"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
force: no
|
||||
when: "'log2mail' in command_result.stdout"
|
48
packweb-apache/tasks/awstats.yml
Normal file
48
packweb-apache/tasks/awstats.yml
Normal file
|
@ -0,0 +1,48 @@
|
|||
---
|
||||
- name: Install awstats
|
||||
apt:
|
||||
name: awstats
|
||||
state: present
|
||||
|
||||
- name: Configure awstats
|
||||
blockinfile:
|
||||
dest: /etc/awstats/awstats.conf.local
|
||||
marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PACKWEB"
|
||||
block: |
|
||||
LogFile="/var/log/apache2/access.log"
|
||||
SiteDomain="{{ ansible_hostname }}"
|
||||
DirData="/var/lib/awstats"
|
||||
ShowHostsStats=0
|
||||
ShowOriginStats=0
|
||||
ShowPagesStats=0
|
||||
ShowKeyphrasesStats=0
|
||||
ShowKeywordsStats=0
|
||||
ShowHTTPErrorsStats=0
|
||||
LogFormat=1
|
||||
AllowFullYearView=3
|
||||
ErrorMessages="An error occured. Contact your Administrator"
|
||||
mode: "0644"
|
||||
|
||||
- name: Create conf-available/awstats-icon.conf file
|
||||
copy:
|
||||
dest: /etc/apache2/conf-available/awstats-icon.conf
|
||||
content: |
|
||||
Alias /awstats-icon/ /usr/share/awstats/icon/
|
||||
<Directory /usr/share/awstats/icon/>
|
||||
Require all granted
|
||||
</Directory>
|
||||
force: no
|
||||
mode: "0644"
|
||||
|
||||
- name: Enable apache awstats-icon configuration
|
||||
command: "a2enconf awstats-icon"
|
||||
register: command_result
|
||||
changed_when: "'Enabling' in command_result.stderr"
|
||||
notify: reload apache
|
||||
|
||||
- name: Create awstats cron
|
||||
lineinfile:
|
||||
dest: /etc/cron.d/awstats
|
||||
create: yes
|
||||
regexp: '-config=awstats'
|
||||
line: "10 */6 * * * root umask 033; [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null"
|
|
@ -36,207 +36,13 @@
|
|||
regexp: '^DIR_MODE='
|
||||
line: 'DIR_MODE=0750'
|
||||
|
||||
- name: Check if Apache envvars have a PATH
|
||||
command: "grep -E '^export PATH ' /etc/apache2/envvars"
|
||||
failed_when: False
|
||||
changed_when: False
|
||||
register: envvar_grep_path
|
||||
check_mode: no
|
||||
- include: apache.yml
|
||||
|
||||
- name: Add a PATH envvar for Apache
|
||||
blockinfile:
|
||||
dest: /etc/apache2/envvars
|
||||
marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PATH"
|
||||
block: |
|
||||
# Used for Evoadmin-web
|
||||
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||
when: envvar_grep_path.rc != 0
|
||||
- include: php.yml
|
||||
|
||||
- name: Additional packages are installed
|
||||
apt:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
- apache2-mpm-itk
|
||||
- libapache2-mod-evasive
|
||||
- libapache2-mod-security2
|
||||
- include: phpmyadmin.yml
|
||||
|
||||
- name: Copy Apache settings for modules
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: "/etc/apache2/conf-available/{{ item }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
force: no
|
||||
with_items:
|
||||
- evolinux-itk.conf
|
||||
- evolinux-evasive.conf
|
||||
- evolinux-modsec.conf
|
||||
|
||||
- name: Ensure Apache modules configs are enabled
|
||||
command: "a2enconf {{ item }}"
|
||||
register: command_result
|
||||
changed_when: "'Enabling' in command_result.stderr"
|
||||
with_items:
|
||||
- evolinux-itk
|
||||
- evolinux-evasive
|
||||
- evolinux-modsec
|
||||
|
||||
- name: Check if log2mail is installed
|
||||
command: "apt list --installed log2mail"
|
||||
register: command_result
|
||||
changed_when: False
|
||||
|
||||
- debug:
|
||||
var: command_result
|
||||
verbosity: 1
|
||||
|
||||
- name: Add log2mail config for Apache segfaults
|
||||
template:
|
||||
src: log2mail-apache.j2
|
||||
dest: "/etc/log2mail/config/apache"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
force: no
|
||||
when: "'log2mail' in command_result.stdout"
|
||||
|
||||
- name: Install PHP5 packages
|
||||
apt:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
- libapache2-mod-php5
|
||||
- php5
|
||||
- php5-gd
|
||||
- php5-imap
|
||||
- php5-ldap
|
||||
- php5-mcrypt
|
||||
- php5-mysql
|
||||
- php5-pgsql
|
||||
- php-gettext
|
||||
- php5-curl
|
||||
- libssh2-php
|
||||
tags:
|
||||
- apache
|
||||
|
||||
- name: Set variables for php config files
|
||||
set_fact:
|
||||
php5_apache5_defaults_file: /etc/php5/apache2/conf.d/z-evolinux_defaults.ini
|
||||
php5_apache5_custom_file: /etc/php5/apache2/conf.d/zzz-evolinux_custom.ini
|
||||
|
||||
- name: Set default values for PHP
|
||||
ini_file:
|
||||
dest: "{{ php5_apache5_defaults_file }}"
|
||||
section: PHP
|
||||
option: "{{ item.option }}"
|
||||
value: "{{ item.value }}"
|
||||
mode: "0644"
|
||||
create: yes
|
||||
with_items:
|
||||
- { option: "short_open_tag", value: "Off" }
|
||||
- { option: "expose_php", value: "Off" }
|
||||
- { option: "display_errors", value: "Off" }
|
||||
- { option: "log_errors", value: "On" }
|
||||
- { option: "allow_url_fopen", value: "Off" }
|
||||
notify: reload apache
|
||||
|
||||
- name: Disable PHP exec function without evoadmin
|
||||
ini_file:
|
||||
dest: "{{ php5_apache5_defaults_file }}"
|
||||
section: PHP
|
||||
option: disable_functions
|
||||
value: "exec,shell-exec,system,passthru,putenv,popen"
|
||||
when: not packweb_install_evoadmin
|
||||
|
||||
- name: Don't disable PHP exec function with evoadmin
|
||||
ini_file:
|
||||
dest: "{{ php5_apache5_defaults_file }}"
|
||||
section: PHP
|
||||
option: disable_functions
|
||||
value: "shell-exec,system,passthru,putenv,popen"
|
||||
when: packweb_install_evoadmin
|
||||
|
||||
- name: Custom php.ini
|
||||
copy:
|
||||
dest: "{{ php5_apache5_custom_file }}"
|
||||
content: |
|
||||
# Put customized values here.
|
||||
force: no
|
||||
|
||||
- name: Install phpmyadmin
|
||||
apt:
|
||||
name: phpmyadmin
|
||||
state: present
|
||||
|
||||
- name: Check if phpmyadmin default configuration is present
|
||||
stat:
|
||||
path: /etc/apache2/conf-enabled/phpmyadmin.conf
|
||||
register: pma_default_config
|
||||
|
||||
- debug:
|
||||
var: pma_default_config
|
||||
verbosity: 1
|
||||
|
||||
- name: Disable phpmyadmin default configuration
|
||||
command: "a2disconf phpmyadmin"
|
||||
register: command_result
|
||||
changed_when: "'Disabling' in command_result.stderr"
|
||||
when: pma_default_config.stat.exists
|
||||
|
||||
- name: Change group to www-data for /etc/phpmyadmin/
|
||||
file:
|
||||
dest: /etc/phpmyadmin/
|
||||
group: www-data
|
||||
|
||||
- name: Install awstats
|
||||
apt:
|
||||
name: awstats
|
||||
state: present
|
||||
|
||||
- name: Configure awstats
|
||||
blockinfile:
|
||||
dest: /etc/awstats/awstats.conf.local
|
||||
marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PACKWEB"
|
||||
block: |
|
||||
LogFile="/var/log/apache2/access.log"
|
||||
SiteDomain="{{ ansible_hostname }}"
|
||||
DirData="/var/lib/awstats"
|
||||
ShowHostsStats=0
|
||||
ShowOriginStats=0
|
||||
ShowPagesStats=0
|
||||
ShowKeyphrasesStats=0
|
||||
ShowKeywordsStats=0
|
||||
ShowHTTPErrorsStats=0
|
||||
LogFormat=1
|
||||
AllowFullYearView=3
|
||||
ErrorMessages="An error occured. Contact your Administrator"
|
||||
mode: "0644"
|
||||
|
||||
- name: Create conf-available/awstats-icon.conf file
|
||||
copy:
|
||||
dest: /etc/apache2/conf-available/awstats-icon.conf
|
||||
content: |
|
||||
Alias /awstats-icon/ /usr/share/awstats/icon/
|
||||
<Directory /usr/share/awstats/icon/>
|
||||
Require all granted
|
||||
</Directory>
|
||||
force: no
|
||||
mode: "0644"
|
||||
|
||||
- name: Enable apache awstats-icon configuration
|
||||
command: "a2enconf awstats-icon"
|
||||
register: command_result
|
||||
changed_when: "'Enabling' in command_result.stderr"
|
||||
notify: reload apache
|
||||
|
||||
- name: Create awstats cron
|
||||
lineinfile:
|
||||
dest: /etc/cron.d/awstats
|
||||
create: yes
|
||||
regexp: '-config=awstats'
|
||||
line: "10 */6 * * * root umask 033; [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null"
|
||||
- include: awstats.yml
|
||||
|
||||
- name: Remove read permission on some folders (/, /etc, ...)
|
||||
shell: "test -d {{ item }} && chmod --verbose o-r {{ item }}"
|
||||
|
@ -313,8 +119,5 @@
|
|||
- name: Install Evoadmin
|
||||
include_role:
|
||||
name: evoadmin
|
||||
when: packweb_install_evoadmin
|
||||
|
||||
- name: Install web-add script
|
||||
include: web-add.yml
|
||||
when: not packweb_install_evoadmin
|
||||
vars:
|
||||
evoadmin_enable_vhost: "{{ packweb_enable_evoadmin_vhost }}"
|
||||
|
|
64
packweb-apache/tasks/php.yml
Normal file
64
packweb-apache/tasks/php.yml
Normal file
|
@ -0,0 +1,64 @@
|
|||
---
|
||||
|
||||
- name: Install PHP5 packages
|
||||
apt:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
- libapache2-mod-php5
|
||||
- php5
|
||||
- php5-gd
|
||||
- php5-imap
|
||||
- php5-ldap
|
||||
- php5-mcrypt
|
||||
- php5-mysql
|
||||
- php5-pgsql
|
||||
- php-gettext
|
||||
- php5-curl
|
||||
- libssh2-php
|
||||
tags:
|
||||
- apache
|
||||
|
||||
- name: Set variables for php config files
|
||||
set_fact:
|
||||
php5_apache5_defaults_file: /etc/php5/apache2/conf.d/z-evolinux_defaults.ini
|
||||
php5_apache5_custom_file: /etc/php5/apache2/conf.d/zzz-evolinux_custom.ini
|
||||
|
||||
- name: Set default values for PHP
|
||||
ini_file:
|
||||
dest: "{{ php5_apache5_defaults_file }}"
|
||||
section: PHP
|
||||
option: "{{ item.option }}"
|
||||
value: "{{ item.value }}"
|
||||
mode: "0644"
|
||||
create: yes
|
||||
with_items:
|
||||
- { option: "short_open_tag", value: "Off" }
|
||||
- { option: "expose_php", value: "Off" }
|
||||
- { option: "display_errors", value: "Off" }
|
||||
- { option: "log_errors", value: "On" }
|
||||
- { option: "allow_url_fopen", value: "Off" }
|
||||
notify: reload apache
|
||||
|
||||
- name: Disable PHP exec function without evoadmin
|
||||
ini_file:
|
||||
dest: "{{ php5_apache5_defaults_file }}"
|
||||
section: PHP
|
||||
option: disable_functions
|
||||
value: "exec,shell-exec,system,passthru,putenv,popen"
|
||||
when: not packweb_enable_evoadmin_vhost
|
||||
|
||||
- name: Don't disable PHP exec function with evoadmin
|
||||
ini_file:
|
||||
dest: "{{ php5_apache5_defaults_file }}"
|
||||
section: PHP
|
||||
option: disable_functions
|
||||
value: "shell-exec,system,passthru,putenv,popen"
|
||||
when: packweb_enable_evoadmin_vhost
|
||||
|
||||
- name: Custom php.ini
|
||||
copy:
|
||||
dest: "{{ php5_apache5_custom_file }}"
|
||||
content: |
|
||||
# Put customized values here.
|
||||
force: no
|
26
packweb-apache/tasks/phpmyadmin.yml
Normal file
26
packweb-apache/tasks/phpmyadmin.yml
Normal file
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
|
||||
- name: Install phpmyadmin
|
||||
apt:
|
||||
name: phpmyadmin
|
||||
state: present
|
||||
|
||||
- name: Check if phpmyadmin default configuration is present
|
||||
stat:
|
||||
path: /etc/apache2/conf-enabled/phpmyadmin.conf
|
||||
register: pma_default_config
|
||||
|
||||
- debug:
|
||||
var: pma_default_config
|
||||
verbosity: 1
|
||||
|
||||
- name: Disable phpmyadmin default configuration
|
||||
command: "a2disconf phpmyadmin"
|
||||
register: command_result
|
||||
changed_when: "'Disabling' in command_result.stderr"
|
||||
when: pma_default_config.stat.exists
|
||||
|
||||
- name: Change group to www-data for /etc/phpmyadmin/
|
||||
file:
|
||||
dest: /etc/phpmyadmin/
|
||||
group: www-data
|
Loading…
Reference in a new issue