239 lines
5.1 KiB
YAML
239 lines
5.1 KiB
YAML
---
|
|
|
|
- name: Main packages are installed
|
|
apt:
|
|
name: '{{ item }}'
|
|
state: present
|
|
with_items:
|
|
- apache2
|
|
tags:
|
|
- apache
|
|
- packages
|
|
|
|
- name: Install packages for Jessie
|
|
apt:
|
|
name: '{{ item }}'
|
|
state: present
|
|
with_items:
|
|
- apache2-mpm-prefork
|
|
tags:
|
|
- apache
|
|
- packages
|
|
when: ansible_distribution_release == "jessie"
|
|
|
|
- name: manually disable mpm_event
|
|
command: a2dismod mpm_event
|
|
register: cmd_disable_event
|
|
changed_when: "'Module mpm_event already disabled' not in cmd_disable_event.stdout"
|
|
notify: restart apache
|
|
tags:
|
|
- apache
|
|
|
|
- name: manually enable mpm_prefork
|
|
command: a2enmod mpm_prefork
|
|
register: cmd_disable_prefork
|
|
changed_when: "'Module mpm_prefork already enabled' not in cmd_disable_prefork.stdout"
|
|
notify: restart apache
|
|
tags:
|
|
- apache
|
|
|
|
# With Ansible 2.2 the module check the config for conflicts
|
|
# With 2.3 it can be disabled.
|
|
# https://docs.ansible.com/ansible/apache2_module_module.html
|
|
# - name: mpm_event modules is disabled
|
|
# apache2_module:
|
|
# name: '{{ item }}'
|
|
# state: absent
|
|
# with_items:
|
|
# - mpm_event
|
|
# tags:
|
|
# - apache
|
|
|
|
- name: Additional packages are installed
|
|
apt:
|
|
name: '{{ item }}'
|
|
state: present
|
|
with_items:
|
|
- apg
|
|
- apachetop
|
|
- libwww-perl
|
|
tags:
|
|
- apache
|
|
- packages
|
|
|
|
- name: basic modules are enabled
|
|
apache2_module:
|
|
name: '{{ item }}'
|
|
state: present
|
|
with_items:
|
|
- rewrite
|
|
- expires
|
|
- headers
|
|
- cgi
|
|
- ssl
|
|
- include
|
|
- negotiation
|
|
- alias
|
|
tags:
|
|
- apache
|
|
|
|
- name: Copy Apache defaults config file
|
|
copy:
|
|
src: evolinux-defaults.conf
|
|
dest: "/etc/apache2/conf-available/z-evolinux-defaults.conf"
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
force: yes
|
|
tags:
|
|
- apache
|
|
|
|
- name: Copy Apache localized error pages config file
|
|
copy:
|
|
src: evolinux-localized-error-pages.conf
|
|
dest: "/etc/apache2/conf-available/z-evolinux-localized-error-pages.conf"
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
force: yes
|
|
tags:
|
|
- apache
|
|
|
|
- name: Create directory which will contain apache error pages
|
|
file:
|
|
path: /usr/local/share/apache2/error
|
|
mode: u=rwX,g=rX,o=rX
|
|
owner: root
|
|
group: root
|
|
state: directory
|
|
tags:
|
|
- apache
|
|
|
|
- name: Copy apache error pages
|
|
copy:
|
|
src: error-pages/
|
|
dest: "/usr/local/share/apache2/error/"
|
|
directory_mode: u=rwX,g=rX,o=rX
|
|
mode: u=rw,g=r,o=r
|
|
owner: root
|
|
group: root
|
|
tags:
|
|
- apache
|
|
|
|
- name: Copy Apache custom config file
|
|
copy:
|
|
src: evolinux-custom.conf
|
|
dest: "/etc/apache2/conf-available/zzz-evolinux-custom.conf"
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
force: no
|
|
tags:
|
|
- apache
|
|
|
|
- name: Copy Apache SSL (strong security) config file
|
|
copy:
|
|
src: evolinux-ssl.conf
|
|
dest: "/etc/apache2/conf-available/evolinux-ssl.conf"
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
force: no
|
|
tags:
|
|
- apache
|
|
|
|
- name: Ensure Apache config files are enabled
|
|
command: "a2enconf {{ item }}"
|
|
register: command_result
|
|
changed_when: "'Enabling' in command_result.stderr"
|
|
with_items:
|
|
- z-evolinux-defaults.conf
|
|
- z-evolinux-localized-error-pages.conf
|
|
- zzz-evolinux-custom.conf
|
|
- evolinux-ssl.conf
|
|
tags:
|
|
- apache
|
|
|
|
- include: auth.yml
|
|
|
|
- name: default vhost is installed
|
|
template:
|
|
src: evolinux-default.conf.j2
|
|
dest: /etc/apache2/sites-available/000-evolinux-default.conf
|
|
mode: "0640"
|
|
# force: yes
|
|
notify: reload apache
|
|
tags:
|
|
- apache
|
|
|
|
- name: default vhost is enabled
|
|
file:
|
|
src: /etc/apache2/sites-available/000-evolinux-default.conf
|
|
dest: /etc/apache2/sites-enabled/000-default.conf
|
|
state: link
|
|
force: yes
|
|
notify: reload apache
|
|
when: apache_evolinux_default_enabled
|
|
tags:
|
|
- apache
|
|
|
|
- name: is umask already present?
|
|
command: "grep -E '^umask ' /etc/apache2/envvars"
|
|
failed_when: False
|
|
changed_when: False
|
|
register: envvar_grep_umask
|
|
check_mode: no
|
|
tags:
|
|
- apache
|
|
|
|
- name: Add a mark in envvars for umask
|
|
blockinfile:
|
|
dest: /etc/apache2/envvars
|
|
marker: "## {mark} ANSIBLE MANAGED BLOCK"
|
|
block: |
|
|
## Set umask for writing by Apache user.
|
|
## Set rights on files and directories written by Apache
|
|
umask 007
|
|
when: envvar_grep_umask.rc != 0
|
|
tags:
|
|
- apache
|
|
|
|
- name: Stat /default index
|
|
stat:
|
|
path: /var/www/index.html
|
|
register: _default_index
|
|
check_mode: no
|
|
tags:
|
|
- apache
|
|
|
|
- include: phpmyadmin.yml
|
|
when: _default_index.stat.exists
|
|
|
|
- name: Check if Munin plugins exists
|
|
stat:
|
|
path: /etc/munin/plugins/
|
|
register: _munin_plugins
|
|
check_mode: no
|
|
tags:
|
|
- apache
|
|
|
|
- include: munin.yml
|
|
when: _munin_plugins.stat.exists
|
|
|
|
# - block:
|
|
# - name: generate random string for serverstatus suffix
|
|
# command: "apg -a 1 -M N -n 1"
|
|
# changed_when: False
|
|
# register: _random_serverstatus_suffix
|
|
#
|
|
# - name: overwrite apache_serverstatus_suffix
|
|
# set_fact:
|
|
# apache_serverstatus_suffix: "{{ _random_serverstatus_suffix.stdout }}"
|
|
# when: apache_serverstatus_suffix == ""
|
|
#
|
|
# - name: replace server-status suffix in default site index
|
|
# replace:
|
|
# dest: /var/www/index.html
|
|
# regexp: '__SERVERSTATUS_SUFFIX__'
|
|
# replace: "{{ apache_serverstatus_suffix }}"
|