evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 33 Wiki Activity

update apache role

Browse source
This commit is contained in:
Gabriel Périard-Tremblay 2016-11-04 17:15:13 -04:00 committed by Jérémy Lecour
parent d510f8aee8
commit dda436a53d
3 changed files with 46 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
apache/README.md
View file

@ -1,7 +1,11 @@
# apache # Apache
Install Apache Install Apache
## Tasks ## Tasks
Everything is in the `tasks/main.yml` file for now. Everything is in the `tasks/main.yml` file for now.
## Variables
To add IP to apache whitelist, define apache_ipaddr_whitelist variable as list.

2
apache/defaults/main.yml
View file

@ -1 +1 @@
apache_ipaddr_whitelist: [ "1.2.3.4" ] apache_ipaddr_whitelist: []

58
apache/tasks/main.yml
View file

@ -1,43 +1,65 @@
- name: ensure packages are installed - name: Ensure packages are installed
apt: apt:
name: '{{ item }}' name: '{{ item }}'
state: installed state: present
with_items: with_items:
- apache2-mpm-itk - apache2-mpm-itk
- apachetop - apachetop
- libapache2-mod-evasive - libapache2-mod-evasive
- libwww-perl - libwww-perl
- name: ensure basic modules are enabled - name: Ensure basic modules are enabled
command: a2enmod rewrite expires headers rewrite cgi apache2_module:
changed_when: false name: '{{ item }}'
state: present
with_items:
- rewrite
- expires
- headers
- rewrite
- cgi
- name : copy Apache default config - name: Copy Apache config files
copy: src=z_evolix.conf dest=/etc/apache2/conf-available/z_evolix.conf owner=root group=root mode=0644 copy:
src: "{{ item.file }}"
dest: "/etc/apache2/conf-available/{{ item.file }}"
owner: root
group: root
mode: "{{ item.mode }}"
with_items:
- { file: z_evolix.conf, mode: 0644 }
- { file: zzz_evolix.conf, mode: 0640 }
- name : copy Apache override config - name: Ensure Apache default config is enabled
copy: src=zzz_evolix.conf dest=/etc/apache2/conf-available/zzz_evolix.conf owner=root group=root mode=0640 force=no
- name: ensure Apache default config is enabled
command: a2enconf z_evolix.conf zzz_evolix.conf command: a2enconf z_evolix.conf zzz_evolix.conf
changed_when: false register: command_result
changed_when: "'Enabling' in command_result.stderr"
- name: init ipaddr_whitelist.conf file - name: Init ipaddr_whitelist.conf file
copy: src=ipaddr_whitelist.conf dest=/etc/apache2/ipaddr_whitelist.conf owner=root group=root mode=0640 force=no copy:
src: ipaddr_whitelist.conf
dest: /etc/apache2/ipaddr_whitelist.conf
owner: root
group: root
mode: 0640
force: no
- name: add IP addresses to private IP whitelist - name: Add IP addresses to private IP whitelist if defined
lineinfile: lineinfile:
dest: /etc/apache2/ipaddr_whitelist.conf dest: /etc/apache2/ipaddr_whitelist.conf
line: "Allow from {{ item }}" line: "Allow from {{ item }}"
state: present state: present
with_items: "{{ apache_ipaddr_whitelist }}" with_items: "{{ apache_ipaddr_whitelist }}"
- name: add a mark in envvars for umask - name: Add a mark in envvars for umask
blockinfile: blockinfile:
dest: /etc/apache2/envvars dest: /etc/apache2/envvars
block: | block: |
## Set umask for writing by Apache user. ## Set umask for writing by Apache user.
## Set rights on files and directories written by Apache ## Set rights on files and directories written by Apache
- name : ensure umask is set in envvars (default is umask 007) - name : Ensure umask is set in envvars (default is umask 007)
lineinfile: dest=/etc/apache2/envvars regexp="^umask" line="umask 007" lineinfile:
dest: /etc/apache2/envvars
regexp: "^umask"
line: "umask 007"