dustin
/
configpolicy
1
1
Fork 0
Code Issues Releases Activity

roles/apache: Add tags to tasks 

Adding tags to tasks makes them easier to run in isolation.
jenkins-master
Dustin 2020-12-26 11:35:45 -06:00
parent aa1ab75edd
commit 59e8244a08
1 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
roles/apache/tasks/main.yml
View File

@ -14,6 +14,9 @@
group=apache group=apache
with_fileglob: with_fileglob:
- '{{ inventory_hostname }}.keytab' - '{{ inventory_hostname }}.keytab'
tags:
- apache-config
- keytab
- name: ensure tls private key exists - name: ensure tls private key exists
copy: copy:
@ -24,6 +27,8 @@
with_fileglob: with_fileglob:
- '{{ inventory_hostname }}.key' - '{{ inventory_hostname }}.key'
notify: reload httpd notify: reload httpd
tags:
- cert
- name: ensure tls certificate exists - name: ensure tls certificate exists
copy: copy:
src={{ item }} src={{ item }}
@ -32,6 +37,8 @@
setype=cert_t setype=cert_t
with_fileglob: with_fileglob:
- '{{ inventory_hostname }}.cer' - '{{ inventory_hostname }}.cer'
tags:
- cert
notify: reload httpd notify: reload httpd
- name: ensure tls ca certificate exists - name: ensure tls ca certificate exists
copy: copy:
@ -43,12 +50,16 @@
with_fileglob: with_fileglob:
- '{{ inventory_hostname }}-ca.crt' - '{{ inventory_hostname }}-ca.crt'
notify: reload httpd notify: reload httpd
tags:
- cert
- name: ensure ssl.include is populated - name: ensure ssl.include is populated
template: template:
src=ssl.include.j2 src=ssl.include.j2
dest=/etc/httpd/conf.d/ssl.include dest=/etc/httpd/conf.d/ssl.include
mode=0644 mode=0644
notify: reload httpd notify: reload httpd
tags:
- apache-config
- name: ensure mod_ssl is configured - name: ensure mod_ssl is configured
template: template:
src=ssl.conf.j2 src=ssl.conf.j2
@ -56,6 +67,8 @@
mode=0644 mode=0644
setype=httpd_config_t setype=httpd_config_t
notify: reload httpd notify: reload httpd
tags:
- apache-config
- name: ensure apache userdir module is configured - name: ensure apache userdir module is configured
template: template:
@ -63,11 +76,15 @@
dest=/etc/httpd/conf.d/userdir.conf dest=/etc/httpd/conf.d/userdir.conf
mode=0644 mode=0644
notify: reload httpd notify: reload httpd
tags:
- apache-config
- name: ensure selinux is configured for apache user directories - name: ensure selinux is configured for apache user directories
seboolean: seboolean:
name=httpd_enable_homedirs name=httpd_enable_homedirs
persistent=yes persistent=yes
state={{ 'yes' if apache_userdir is defined else 'no' }} state={{ 'yes' if apache_userdir is defined else 'no' }}
tags:
- selinux
- name: ensure apache mpm module is configured - name: ensure apache mpm module is configured
template: template:
@ -75,6 +92,8 @@
dest=/etc/httpd/conf.modules.d/00-mpm.conf dest=/etc/httpd/conf.modules.d/00-mpm.conf
mode=0644 mode=0644
setype=httpd_config_t setype=httpd_config_t
tags:
- apache-config
notify: reload httpd notify: reload httpd
- name: ensure apache server name is set - name: ensure apache server name is set
template: template:
@ -83,11 +102,15 @@
mode=0644 mode=0644
setype=httpd_config_t setype=httpd_config_t
notify: reload httpd notify: reload httpd
tags:
- apache-config
- name: ensure httpd service starts at boot - name: ensure httpd service starts at boot
service: service:
name=httpd name=httpd
enabled=yes enabled=yes
tags:
- service
- name: ensure web ports are open in firewall - name: ensure web ports are open in firewall
firewalld: >- firewalld: >-
@ -98,9 +121,13 @@
state=enabled state=enabled
with_items: '{{ web_ports }}' with_items: '{{ web_ports }}'
notify: save firewalld configuration notify: save firewalld configuration
tags:
- firewall
- name: ensure old apache logs are rotated - name: ensure old apache logs are rotated
template: template:
src=httpd.logrotate.j2 src=httpd.logrotate.j2
dest=/etc/logrotate.d/httpd dest=/etc/logrotate.d/httpd
mode=0644 mode=0644
tags:
- logrotate