roles/apache: Role to deploy Apache HTTPD
The *apache* role installs and configures the Apache HTTPD server and its *mod_ssl* module. It currently only works on Fedora/RHEL-based distributions.
This commit is contained in:
100
roles/apache/tasks/main.yml
Normal file
100
roles/apache/tasks/main.yml
Normal file
@@ -0,0 +1,100 @@
|
||||
- name: ensure apache httpd is installed
|
||||
package:
|
||||
name=httpd,mod_ssl
|
||||
state=present
|
||||
tags:
|
||||
- install
|
||||
|
||||
- name: ensure http service keytab is in place
|
||||
copy:
|
||||
src={{ item }}
|
||||
dest=/etc/httpd/krb5.keytab
|
||||
mode=0440
|
||||
owner=root
|
||||
group=apache
|
||||
with_fileglob:
|
||||
- '{{ inventory_hostname }}.keytab'
|
||||
|
||||
- name: ensure tls private key exists
|
||||
copy:
|
||||
src={{ item }}
|
||||
dest={{ apache_ssl_certificate_key }}
|
||||
mode=0400
|
||||
setype=cert_t
|
||||
with_fileglob:
|
||||
- '{{ inventory_hostname }}.key'
|
||||
notify: reload httpd
|
||||
- name: ensure tls certificate exists
|
||||
copy:
|
||||
src={{ item }}
|
||||
dest={{ apache_ssl_certificate }}
|
||||
mode=0644
|
||||
setype=cert_t
|
||||
with_fileglob:
|
||||
- '{{ inventory_hostname }}.cer'
|
||||
notify: reload httpd
|
||||
- name: ensure tls ca certificate exists
|
||||
copy:
|
||||
src={{ item }}
|
||||
dest={{ apache_ssl_ca_certificate }}
|
||||
mode=0644
|
||||
setype=cert_t
|
||||
when: apache_ssl_ca_certificate is defined
|
||||
with_fileglob:
|
||||
- '{{ inventory_hostname }}-ca.crt'
|
||||
notify: reload httpd
|
||||
- name: ensure ssl.include is populated
|
||||
template:
|
||||
src=ssl.include.j2
|
||||
dest=/etc/httpd/conf.d/ssl.include
|
||||
mode=0644
|
||||
notify: reload httpd
|
||||
- name: ensure mod_ssl is configured
|
||||
template:
|
||||
src=ssl.conf.j2
|
||||
dest=/etc/httpd/conf.d/ssl.conf
|
||||
mode=0644
|
||||
setype=httpd_config_t
|
||||
notify: reload httpd
|
||||
|
||||
- name: ensure apache mpm module is configured
|
||||
template:
|
||||
src=mpm.httpd.conf.j2
|
||||
dest=/etc/httpd/conf.d/00-mpm.conf
|
||||
mode=0644
|
||||
setype=httpd_config_t
|
||||
notify: reload httpd
|
||||
- name: ensure apache server name is set
|
||||
template:
|
||||
src=servername.httpd.conf.j2
|
||||
dest=/etc/httpd/conf.d/00-servername.conf
|
||||
mode=0644
|
||||
setype=httpd_config_t
|
||||
notify: reload httpd
|
||||
|
||||
- name: ensure httpd service starts at boot
|
||||
service:
|
||||
name=httpd
|
||||
enabled=yes
|
||||
|
||||
- name: ensure web ports are open in firewall
|
||||
firewalld: >-
|
||||
port={{ item if '/' in item else omit }}
|
||||
service={{ item if '/' not in item else omit }}
|
||||
permanent=no
|
||||
immediate=yes
|
||||
state=enabled
|
||||
with_items: '{{ web_ports }}'
|
||||
notify: save firewalld configuration
|
||||
|
||||
- meta: flush_handlers
|
||||
- name: ensure httpd service is running
|
||||
service:
|
||||
name=httpd
|
||||
state=started
|
||||
|
||||
- name: ensure old apache logs are rotated
|
||||
template:
|
||||
src=httpd.logrotate.j2
|
||||
dest=/etc/logrotate.d/httpd
|
||||
mode=0644
|
||||
Reference in New Issue
Block a user