7c632352a0
The behaviour of the `include` module is badly defined (it try to choose between statically importing the tasks and dynamically including them) and can cause problems depending on any number of constraints (mostly if it choose the wrong behaviour). Replace it with the `import_tasks` (always statically import tasks) unless the `include` is in a loop in which case we replace it with `include_tasks` (always dynamically include tasks).
211 lines
4.2 KiB
YAML
211 lines
4.2 KiB
YAML
---
|
|
|
|
- name: packages are installed (Debian 9 or later)
|
|
apt:
|
|
name:
|
|
- apache2
|
|
- libapache2-mod-evasive
|
|
- apachetop
|
|
- libwww-perl
|
|
state: present
|
|
tags:
|
|
- apache
|
|
- packages
|
|
when: ansible_distribution_major_version is version('9', '>=')
|
|
|
|
- name: itk package is installed if required (Debian 9 or later)
|
|
apt:
|
|
name:
|
|
- libapache2-mpm-itk
|
|
state: present
|
|
tags:
|
|
- apache
|
|
- packages
|
|
when:
|
|
- ansible_distribution_major_version is version('9', '>=')
|
|
- apache_mpm == "itk"
|
|
|
|
- name: packages are installed (jessie)
|
|
apt:
|
|
name:
|
|
- apache2-mpm-itk
|
|
- libapache2-mod-evasive
|
|
- apachetop
|
|
- libwww-perl
|
|
state: present
|
|
tags:
|
|
- apache
|
|
- packages
|
|
when: ansible_distribution_release == "jessie"
|
|
|
|
- name: basic modules are enabled
|
|
apache2_module:
|
|
name: '{{ item }}'
|
|
state: present
|
|
loop:
|
|
- rewrite
|
|
- expires
|
|
- headers
|
|
- ssl
|
|
- include
|
|
- negotiation
|
|
- alias
|
|
notify: reload apache
|
|
tags:
|
|
- apache
|
|
|
|
- name: basic modules are enabled
|
|
apache2_module:
|
|
name: '{{ item }}'
|
|
state: present
|
|
loop:
|
|
- cgi
|
|
notify: reload apache
|
|
when: apache_mpm == "prefork" or apache_mpm == "itk"
|
|
tags:
|
|
- apache
|
|
|
|
|
|
- name: Copy Apache defaults config file
|
|
copy:
|
|
src: evolinux-defaults.conf
|
|
dest: "/etc/apache2/conf-available/z-evolinux-defaults.conf"
|
|
owner: root
|
|
group: root
|
|
mode: "0640"
|
|
force: yes
|
|
notify: reload apache
|
|
tags:
|
|
- apache
|
|
|
|
- name: Copy Apache custom config file
|
|
copy:
|
|
src: evolinux-custom.conf
|
|
dest: "/etc/apache2/conf-available/zzz-evolinux-custom.conf"
|
|
owner: root
|
|
group: root
|
|
mode: "0640"
|
|
force: no
|
|
notify: reload apache
|
|
tags:
|
|
- apache
|
|
|
|
- name: disable status.conf
|
|
file:
|
|
dest: /etc/apache2/mods-enabled/status.conf
|
|
state: absent
|
|
notify: reload apache
|
|
tags:
|
|
- apache
|
|
|
|
- name: Ensure Apache config files are enabled
|
|
command: "a2enconf {{ item }}"
|
|
register: command_result
|
|
changed_when: "'Enabling' in command_result.stderr"
|
|
loop:
|
|
- z-evolinux-defaults.conf
|
|
- zzz-evolinux-custom.conf
|
|
notify: reload apache
|
|
tags:
|
|
- apache
|
|
|
|
- import_tasks: auth.yml
|
|
tags:
|
|
- apache
|
|
|
|
- name: default vhost is installed
|
|
template:
|
|
src: evolinux-default.conf.j2
|
|
dest: /etc/apache2/sites-available/000-evolinux-default.conf
|
|
mode: "0640"
|
|
force: no
|
|
notify: reload apache
|
|
tags:
|
|
- apache
|
|
|
|
- name: default vhost is enabled
|
|
file:
|
|
src: /etc/apache2/sites-available/000-evolinux-default.conf
|
|
dest: /etc/apache2/sites-enabled/000-default.conf
|
|
state: link
|
|
force: yes
|
|
notify: reload apache
|
|
when: apache_evolinux_default_enabled | bool
|
|
tags:
|
|
- apache
|
|
|
|
- import_tasks: server_status.yml
|
|
tags:
|
|
- apache
|
|
|
|
- name: is umask already present?
|
|
command: "grep -E '^umask ' /etc/apache2/envvars"
|
|
failed_when: False
|
|
changed_when: False
|
|
register: envvar_grep_umask
|
|
check_mode: no
|
|
tags:
|
|
- apache
|
|
|
|
- name: Add a mark in envvars for umask
|
|
blockinfile:
|
|
dest: /etc/apache2/envvars
|
|
marker: "## {mark} ANSIBLE MANAGED BLOCK"
|
|
block: |
|
|
## Set umask for writing by Apache user.
|
|
## Set rights on files and directories written by Apache
|
|
umask 007
|
|
when: envvar_grep_umask.rc != 0
|
|
tags:
|
|
- apache
|
|
|
|
- include_role:
|
|
name: evolix/remount-usr
|
|
tags:
|
|
- apache
|
|
|
|
- name: /usr/share/scripts exists
|
|
file:
|
|
dest: /usr/share/scripts
|
|
mode: "0700"
|
|
owner: root
|
|
group: root
|
|
state: directory
|
|
tags:
|
|
- apache
|
|
|
|
- name: "Install save_apache_status.sh"
|
|
copy:
|
|
src: save_apache_status.sh
|
|
dest: /usr/share/scripts/save_apache_status.sh
|
|
mode: "0755"
|
|
force: no
|
|
tags:
|
|
- apache
|
|
|
|
- name: "logrotate: {{ apache_logrotate_frequency }}"
|
|
replace:
|
|
dest: /etc/logrotate.d/apache2
|
|
regexp: "(daily|weekly|monthly)"
|
|
replace: "{{ apache_logrotate_frequency }}"
|
|
tags:
|
|
- apache
|
|
|
|
- name: "logrotate: rotate {{ apache_logrotate_rotate }}"
|
|
replace:
|
|
dest: /etc/logrotate.d/apache2
|
|
regexp: '^(\s+rotate) \d+$'
|
|
replace: '\1 {{ apache_logrotate_rotate }}'
|
|
tags:
|
|
- apache
|
|
|
|
- import_tasks: log2mail.yml
|
|
when: apache_log2mail_include
|
|
tags:
|
|
- apache
|
|
|
|
- import_tasks: munin.yml
|
|
when: apache_munin_include | bool
|
|
tags:
|
|
- apache
|