--- # tasks file for apache installations - name: Apache | Enable SELinux Params - httpd_can_network_connect when: selinuxEnabled is defined and selinuxEnabled seboolean: name: httpd_can_network_connect state: yes persistent: yes tags: apache - name: Apache | Enable SELinux Params - httpd_unified when: selinuxEnabled is defined and selinuxEnabled seboolean: name: httpd_unified state: yes persistent: yes tags: apache - name: Apache | Remove Apache Modules when: - reset_apache_config - apache_packages_removed is defined yum: name: "{{item}}" state: absent with_items: - "{{ apache_packages_removed|default({}) }}" tags: apache - name: Apache | Install Apache and Modules when: apache_packages is defined yum: name: "{{item}}" state: present with_items: - "{{ apache_packages|default({}) }}" tags: apache - name: Apache | Create apache conf directories file: path="{{ apache_root }}/{{ item }}" state=directory owner=root group=root mode=0644 force=yes setype=httpd_config_t directory_mode=yes with_items: - "{{ apache_rewrites_dir_name }}" - "{{ apache_ssl_dir_name }}" - "{{ apache_vhost_dir_name }}" - "{{ apache_confd_dir_name }}" - "{{ apache_conf_modules_d_dir_name }}" - "{{ apache_conf_dir_name }}" tags: apache - name: Apache | Create apache log directory file: path="{{ logs_base_dir }}" state=directory owner=root group=root mode=0644 force=yes setype=httpd_log_t directory_mode=yes with_items: - "{{ logs_base_dir }}" tags: apache - name: Apache | Copy Modules to module dir when: apache_modules is defined and apache_module_dir_name is defined copy: src={{ playbook_dir }}/../assets/files/{{ item }} dest={{ httpd_modules_dir }}/{{ item }} owner=root group=root mode=0644 force=yes setype=httpd_modules_t with_items: - "{{ apache_modules|default({}) }}" tags: apache - name: Apache | Get existing Apache conf directory when: - reset_apache_config - httpd_conf_dir is defined shell: ls -1 {{ httpd_conf_dir }} register: http_conf_contents tags: apache - name: Apache | Remove unmanaged Apache conf files when: - reset_apache_config - httpd_conf_dir is defined - conf_files is defined and conf_files - item not in conf_files file: path={{ httpd_conf_dir }}/{{ item }} state=absent with_items: "{{ http_conf_contents.stdout_lines }}" tags: apache - name: Apache | Copy configurations to conf dir when: confd_files is defined copy: src={{ playbook_dir }}/../assets/client/apache/{{ env }}/{{ apache_conf_dir_name }}/{{ item }} dest={{ httpd_conf_dir }}/{{ item }} owner=root group=root mode=0644 force=yes setype=httpd_config_t with_items: - "{{ conf_files|default({}) }}" tags: apache - name: Apache | Get existing Apache conf.modules.d directory when: - reset_apache_config - httpd_conf_modules_d_dir is defined shell: ls -1 {{ httpd_conf_modules_d_dir }} register: http_conf_modules_d_contents tags: apache - name: Apache | Remove unmanaged Apache conf.modules.d files when: - reset_apache_config - httpd_conf_modules_d_dir is defined - conf_modules_d_files is defined and conf_modules_d_files - item not in conf_modules_d_files file: path={{ httpd_conf_modules_d_dir }}/{{ item }} state=absent with_items: "{{ http_conf_modules_d_contents.stdout_lines }}" tags: apache - name: Apache | Copy configurations to conf.modules.d dir when: conf_modules_d_files is defined copy: src={{ playbook_dir }}/../assets/client/apache/{{ env }}/{{ apache_conf_modules_d_dir_name }}/{{ item }} dest={{ httpd_conf_modules_d_dir }}/{{ item }} owner=root group=root mode=0644 force=yes setype=httpd_config_t with_items: - "{{ conf_modules_d_files|default({}) }}" tags: apache - name: Apache | Get existing Apache conf.d when: - reset_apache_config - httpd_confd_dir is defined shell: ls -1 {{ httpd_confd_dir }} register: http_confd_contents tags: apache - name: Apache | Remove unmanaged Apache conf.d files when: - reset_apache_config - httpd_confd_dir is defined - confd_files is defined and confd_files - item not in confd_files file: path={{ httpd_confd_dir }}/{{ item }} state=absent with_items: "{{ http_confd_contents.stdout_lines }}" tags: apache - name: Apache | Copy configurations to conf.d dir when: confd_files is defined copy: src={{ playbook_dir }}/../assets/client/apache/{{ env }}/{{ apache_confd_dir_name }}/{{ item }} dest={{ httpd_confd_dir }}/{{ item }} owner=root group=root mode=0644 force=yes setype=httpd_config_t with_items: - "{{ confd_files|default({}) }}" tags: apache - name: Apache | Dispatcher Conf from Template when: - dispatcher_conf is defined - reset_apache_config template: src={{ playbook_dir }}/../assets/templates/dispatcher.conf.j2 dest={{ httpd_confd_dir }}/{{ item.dispatcher_conf_name }} owner=root group=root mode=0644 force=yes setype=httpd_config_t with_items: - "{{ dispatcher_conf|default({}) }}" tags: apache - name: Apache | Dispatcher.any from Template when: - dispatcher_conf is defined - reset_apache_config template: src={{ playbook_dir }}/../assets/templates/dispatcher.any.j2 dest={{ httpd_confd_dir }}/dispatcher.any owner=root group=root mode=0644 force=yes setype=httpd_config_t tags: apache - name: Apache | Create dispatcher.farm.any from Template when: dispatcher_any is defined template: src={{ playbook_dir }}/../assets/templates/dispatcher.farm.any.j2 dest={{ httpd_confd_dir }}/dispatcher.{{ item.dispatcher_farm_name }}.any owner=root group=root mode=0644 force=yes setype=httpd_config_t with_items: - "{{ dispatcher_any|default({}) }}" tags: apache - name: Apache | serverid.conf from Template when: - server_id is defined - reset_apache_config template: src={{ playbook_dir }}/../assets/templates/serverid.conf.j2 dest={{ httpd_confd_dir }}/serverid.conf owner=root group=root mode=0644 force=yes setype=httpd_config_t tags: apache - name: Apache | Get existing Rewrites conf when: httpd_conf_dir is defined shell: ls -1 {{ httpd_rewrites_dir }} register: httpd_rewrites_dir_content tags: apache - name: Apache | Remove unmanaged Rewrites conf files when: - reset_apache_config - httpd_conf_dir is defined - rewrite_files is defined and rewrite_files - item not in rewrite_files file: path={{ httpd_rewrites_dir }}/{{ item }} state=absent with_items: "{{ httpd_rewrites_dir_content.stdout_lines }}" tags: apache - name: Apache | Copy Apache Rewrites when: - rewrite_files is defined - rewrite_files copy: src={{ playbook_dir }}/../assets/client/apache/{{ env }}/{{ apache_rewrites_dir_name }}/{{ item }} dest={{ apache_root }}/{{ apache_rewrites_dir_name }}/{{ item }} owner=root group=root mode=0644 force=yes setype=httpd_config_t with_items: - "{{ rewrite_files|default({}) }}" tags: apache - name: Apache | Get list of vhosts when: - reset_apache_config - httpd_vhosts_dir is defined shell: ls -1 {{ httpd_vhosts_dir }} register: httpd_vhosts_dir_contents tags: apache - name: Apache | Remove VirtualHosts when: - reset_apache_config - httpd_vhosts_dir is defined file: path={{ httpd_vhosts_dir }}/{{ item }} state=absent with_items: "{{ httpd_vhosts_dir_contents.stdout_lines }}" tags: apache - name: Apache | Create VirtualHosts from template when: vhosts is defined template: src={{ playbook_dir }}/../assets/templates/apache_vhost.conf.j2 dest={{ httpd_vhosts_dir }}/{{ item.servername }}-vhost.conf owner=root group=root mode=0644 force=yes setype=httpd_config_t with_items: - "{{ vhosts|default({}) }}" tags: apache - name: Apache | Create docroot base directory when: vhosts is defined file: path="{{ item }}" state=directory owner={{ apache_user }} group={{ apache_user }} mode=0755 force=yes setype=httpd_sys_content_t directory_mode=yes with_items: - "{{ http_data_dir }}" - "{{ docroot_base_dir }}" tags: apache - name: Apache | Create docroot when: vhosts is defined file: path="{{ item.docroot }}" state=directory owner={{ apache_user }} group={{ apache_user }} mode=0755 force=yes setype=httpd_sys_content_t directory_mode=yes with_items: - "{{ vhosts|default({}) }}" tags: apache - name: Apache | Copy SSL Files when: ssl_files is defined copy: src={{ playbook_dir }}/../assets/client/apache/{{ env }}/{{ apache_ssl_dir_name }}/{{ item }} dest={{ apache_root }}/{{ apache_ssl_dir_name }}/{{ item }} owner=root group=root mode=0644 force=yes setype=httpd_config_t with_items: - "{{ ssl_files|default({}) }}" # Install Google Pagespeed Modules - name: Apache | Pagespeed | Add pagespeed repository when: installPageSpeed yum_repository: name: mod_pagespeed description: Pagespeed YUM repo baseurl: http://dl.google.com/linux/mod-pagespeed/rpm/stable/x86_64 - name: Apache | Pagespeed | Import pagespeed repo public key when: installPageSpeed rpm_key: state: present key: https://dl-ssl.google.com/linux/linux_signing_key.pub - name: Apache | Pagespeed | Install Pagespeed Modules when: installPageSpeed yum: name: "{{item}}" state: present with_items: - "mod-pagespeed-stable" tags: apache - name: Apache | Pagespeed | Copy pagespeed configurations to conf.d dir when: installPageSpeed copy: src={{ playbook_dir }}/../assets/client/apache/{{ env }}/{{ apache_confd_dir_name }}/{{ item }} dest={{ httpd_confd_dir }}/{{ item }} owner=root group=root mode=0644 force=yes setype=httpd_config_t with_items: - pagespeed_libraries.conf - pagespeed.conf tags: apache # Install Mod_Security Module - name: Apache | Mod_Security | Copy Mod_Security configurations to conf.d dir when: installModSecurity copy: src={{ playbook_dir }}/../assets/client/apache/{{ env }}/{{ apache_confd_dir_name }}/{{ item }} dest={{ httpd_confd_dir }}/{{ item }} owner=root group=root mode=0644 force=yes setype=httpd_config_t with_items: - mod_security.conf tags: - apache - mod_pagespeed - name: Apache | Mod_Security | Create Mod_Security directory when: - installModSecurity file: path="{{ apache_root }}/{{ apache_mod_sec_dir_name }}" state=directory owner=root group=root mode=0644 force=yes setype=httpd_config_t directory_mode=yes tags: - apache - mod_sec - name: Apache | Mod_Security | Create Mod_Security log directory when: - installModSecurity file: path="{{ logs_base_dir }}/mod-security" state=directory owner=root group=root mode=0644 force=yes setype=httpd_log_t directory_mode=yes tags: - apache - mod_sec - name: Apache | Mod_Security | Install Mod_Security Configs when: - installModSecurity synchronize: src={{ playbook_dir }}/../assets/client/apache/{{ env }}/{{ apache_mod_sec_dir_name }}/ dest={{ apache_root }}/{{ apache_mod_sec_dir_name }}/ delete=yes owner=no group=no tags: - apache - mod_sec - name: Apache | Apache Configtest shell: apachectl -t register: apache_result ignore_errors: yes tags: apache - name: Apache | Apache configtest failure message when: apache_result|failed debug: var=apache_result.stderr ignore_errors: yes tags: apache - name: Apache | Apache configuration failure fail: msg="Apache configuration is invalid. Please check before re-running the playbook." when: apache_result|failed tags: apache # - name: Apache | Reload Apache after updates # service: # name: httpd # state: reloaded # when: apache_result|success # tags: apache