From 9a884c9146721072ea9fcd0e7d04a5825c91cbbe Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 28 Feb 2014 16:22:50 -0600 Subject: [PATCH 001/128] Added README.md. --- README.md | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..699d7e1 --- /dev/null +++ b/README.md @@ -0,0 +1,49 @@ +# Role Name + +Apache 2.x for RHEL/CentOS 6.x by geerlingguy. + +## Requirements + +None. + +## Role Variables + +Available variables are listed below, along with the default value (see `vars/main.yml`): + + apache_listen_port: 80 + +The port on which apache should be listening. Useful if you have another service (like a reverse proxy) listening on port 80. + + apache_vhosts: + # Additional optional properties: 'serveradmin, extra_parameters'. + - {servername: "local.dev", documentroot: "/var/www/html"} + +Add a set of properties per virtualhost, including `servername` (required), `documentroot` (required), `serveradmin` (optional: the admin email address for this server), and `extra_parameters` (you can add whatever you'd like in here). + +Note that this role doesn't configure SSL support out of the box; you would need to add in additional tasks to listen on port 443 and add your own VirtualHost directives for SSL. This may be improved in the future :) + +## Dependencies + + - geerlingguy.repo-epel (Installs the EPEL repository for CentOS 6.x). + +## Example Playbook + + - hosts: webservers + vars_files: + - vars/main.yml + roles: + - { role: geerlingguy.apache } + +*Inside `vars/main.yml`*: + + apache_listen_port: 8080 + apache_vhosts: + - {servername: "example.com", documentroot: "/var/www/vhosts/example_com"} + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by Jeff Geerling (@geerlingguy), author of Ansible for DevOps. You can find out more about the book at http://ansiblefordevops.com/, and learn about the author at http://jeffgeerling.com/. From ca82309c131707303105b71cd471bc0f4ab02286 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 28 Feb 2014 16:23:24 -0600 Subject: [PATCH 002/128] Add handlers, meta info, tasks, templates, and vars. --- handlers/main.yml | 3 + meta/main.yml | 16 + tasks/main.yml | 21 + templates/httpd.conf.j2 | 995 +++++++++++++++++++++++++++++++++++++++ templates/vhosts.conf.j2 | 26 + vars/main.yml | 5 + 6 files changed, 1066 insertions(+) create mode 100644 handlers/main.yml create mode 100644 meta/main.yml create mode 100644 tasks/main.yml create mode 100644 templates/httpd.conf.j2 create mode 100644 templates/vhosts.conf.j2 create mode 100644 vars/main.yml diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..7779d1a --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart apache + command: service httpd restart diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..b9e06d4 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,16 @@ +--- +dependencies: + - { role: repo-epel } + +galaxy_info: + author: geerlingguy + description: Apache 2.x for RHEL/CentOS 6.x. + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.4 + platforms: + - name: EL + versions: + - 6 + categories: + - web diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..7e40bee --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,21 @@ +--- +# Apache. +- name: Install Apache. + yum: name={{ item }} state=installed enablerepo=epel + with_items: + - httpd + - httpd-devel + - mod_ssl + - openssh + +# Copy httpd config into place. +- name: Copy httpd config files into place. + template: src={{ item.src }} dest={{ item.dest }} owner=root group=root mode=0644 + notify: restart apache + with_items: + - {src: 'httpd.conf.j2', dest: '/etc/httpd/conf/httpd.conf'} + - {src: 'vhosts.conf.j2', dest: '/etc/httpd/conf/vhosts.conf'} + +# Set Apache to run at startup. +- name: Ensure Apache is started. + service: name=httpd state=started enabled=yes diff --git a/templates/httpd.conf.j2 b/templates/httpd.conf.j2 new file mode 100644 index 0000000..c035833 --- /dev/null +++ b/templates/httpd.conf.j2 @@ -0,0 +1,995 @@ +# +# This is the main Apache server configuration file. It contains the +# configuration directives that give the server its instructions. +# See for detailed information. +# In particular, see +# +# for a discussion of each configuration directive. +# +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# +# The configuration directives are grouped into three basic sections: +# 1. Directives that control the operation of the Apache server process as a +# whole (the 'global environment'). +# 2. Directives that define the parameters of the 'main' or 'default' server, +# which responds to requests that aren't handled by a virtual host. +# These directives also provide default values for the settings +# of all virtual hosts. +# 3. Settings for virtual hosts, which allow Web requests to be sent to +# different IP addresses or hostnames and have them handled by the +# same Apache server process. +# +# Configuration and logfile names: If the filenames you specify for many +# of the server's control files begin with "/" (or "drive:/" for Win32), the +# server will use that explicit path. If the filenames do *not* begin +# with "/", the value of ServerRoot is prepended -- so "logs/foo.log" +# with ServerRoot set to "/etc/httpd" will be interpreted by the +# server as "/etc/httpd/logs/foo.log". +# + +### Section 1: Global Environment +# +# The directives in this section affect the overall operation of Apache, +# such as the number of concurrent requests it can handle or where it +# can find its configuration files. +# + +# +# Don't give away too much information about all the subcomponents +# we are running. Comment out this line if you don't mind remote sites +# finding out what major optional modules you are running +ServerTokens OS + +# +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# NOTE! If you intend to place this on an NFS (or otherwise network) +# mounted filesystem then please read the LockFile documentation +# (available at ); +# you will save yourself a lot of trouble. +# +# Do NOT add a slash at the end of the directory path. +# +ServerRoot "/etc/httpd" + +# +# PidFile: The file in which the server should record its process +# identification number when it starts. +# +PidFile run/httpd.pid + +# +# Timeout: The number of seconds before receives and sends time out. +# +Timeout 120 + +# +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +# +KeepAlive On + +# +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +# +MaxKeepAliveRequests 100 + +# +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +# +KeepAliveTimeout 1 + +## +## Server-Pool Size Regulation (MPM specific) +## + +# prefork MPM +# StartServers: number of server processes to start +# MinSpareServers: minimum number of server processes which are kept spare +# MaxSpareServers: maximum number of server processes which are kept spare +# ServerLimit: maximum value for MaxClients for the lifetime of the server +# MaxClients: maximum number of server processes allowed to start +# MaxRequestsPerChild: maximum number of requests a server process serves +# Flocknote uses prefork (fyi). + +StartServers 20 +MinSpareServers 5 +MaxSpareServers 20 +ServerLimit 35 +MaxClients 35 +MaxRequestsPerChild 500 + + +# worker MPM +# StartServers: initial number of server processes to start +# MaxClients: maximum number of simultaneous client connections +# MinSpareThreads: minimum number of worker threads which are kept spare +# MaxSpareThreads: maximum number of worker threads which are kept spare +# ThreadsPerChild: constant number of worker threads in each server process +# MaxRequestsPerChild: maximum number of requests a server process serves +# Flocknote DOES NOT use worker (fyi). + +StartServers 10 +MaxClients 50 +MinSpareThreads 8 +MaxSpareThreads 10 +ThreadsPerChild 20 +MaxRequestsPerChild 500 + + +# +# Listen: Allows you to bind Apache to specific IP addresses and/or +# ports, in addition to the default. See also the +# directive. +# +# Change this to Listen on specific IP addresses as shown below to +# prevent Apache from glomming onto all bound IP addresses (0.0.0.0) +# +#Listen 12.34.56.78:80 +Listen {{ apache_listen_port }} + +# +# Dynamic Shared Object (DSO) Support +# +# To be able to use the functionality of a module which was built as a DSO you +# have to place corresponding `LoadModule' lines at this location so the +# directives contained in it are actually available _before_ they are used. +# Statically compiled modules (those listed by `httpd -l') do not need +# to be loaded here. +# +# Example: +# LoadModule foo_module modules/mod_foo.so +# +LoadModule auth_basic_module modules/mod_auth_basic.so +LoadModule auth_digest_module modules/mod_auth_digest.so +LoadModule authn_file_module modules/mod_authn_file.so +LoadModule authn_alias_module modules/mod_authn_alias.so +LoadModule authn_anon_module modules/mod_authn_anon.so +LoadModule authn_dbm_module modules/mod_authn_dbm.so +LoadModule authn_default_module modules/mod_authn_default.so +LoadModule authz_host_module modules/mod_authz_host.so +LoadModule authz_user_module modules/mod_authz_user.so +LoadModule authz_owner_module modules/mod_authz_owner.so +LoadModule authz_groupfile_module modules/mod_authz_groupfile.so +LoadModule authz_dbm_module modules/mod_authz_dbm.so +LoadModule authz_default_module modules/mod_authz_default.so +LoadModule ldap_module modules/mod_ldap.so +LoadModule authnz_ldap_module modules/mod_authnz_ldap.so +LoadModule include_module modules/mod_include.so +LoadModule log_config_module modules/mod_log_config.so +LoadModule logio_module modules/mod_logio.so +LoadModule env_module modules/mod_env.so +LoadModule ext_filter_module modules/mod_ext_filter.so +LoadModule mime_magic_module modules/mod_mime_magic.so +LoadModule expires_module modules/mod_expires.so +LoadModule deflate_module modules/mod_deflate.so +LoadModule headers_module modules/mod_headers.so +LoadModule usertrack_module modules/mod_usertrack.so +LoadModule setenvif_module modules/mod_setenvif.so +LoadModule mime_module modules/mod_mime.so +LoadModule dav_module modules/mod_dav.so +LoadModule status_module modules/mod_status.so +LoadModule autoindex_module modules/mod_autoindex.so +LoadModule info_module modules/mod_info.so +LoadModule dav_fs_module modules/mod_dav_fs.so +LoadModule vhost_alias_module modules/mod_vhost_alias.so +LoadModule negotiation_module modules/mod_negotiation.so +LoadModule dir_module modules/mod_dir.so +LoadModule actions_module modules/mod_actions.so +LoadModule speling_module modules/mod_speling.so +LoadModule userdir_module modules/mod_userdir.so +LoadModule alias_module modules/mod_alias.so +LoadModule rewrite_module modules/mod_rewrite.so +LoadModule proxy_module modules/mod_proxy.so +LoadModule proxy_balancer_module modules/mod_proxy_balancer.so +LoadModule proxy_ftp_module modules/mod_proxy_ftp.so +LoadModule proxy_http_module modules/mod_proxy_http.so +LoadModule proxy_connect_module modules/mod_proxy_connect.so +LoadModule cache_module modules/mod_cache.so +LoadModule suexec_module modules/mod_suexec.so +LoadModule disk_cache_module modules/mod_disk_cache.so +LoadModule cgi_module modules/mod_cgi.so +LoadModule version_module modules/mod_version.so + +# +# The following modules are not loaded by default: +# +#LoadModule cern_meta_module modules/mod_cern_meta.so +#LoadModule asis_module modules/mod_asis.so + +# +# Load config files from the config directory "/etc/httpd/conf.d". +# +Include conf.d/*.conf + +# +# ExtendedStatus controls whether Apache will generate "full" status +# information (ExtendedStatus On) or just basic information (ExtendedStatus +# Off) when the "server-status" handler is called. The default is Off. +# +ExtendedStatus On + +# +# If you wish httpd to run as a different user or group, you must run +# httpd as root initially and it will switch. +# +# User/Group: The name (or #number) of the user/group to run httpd as. +# . On SCO (ODT 3) use "User nouser" and "Group nogroup". +# . On HPUX you may not be able to use shared memory as nobody, and the +# suggested workaround is to create a user www and use that user. +# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) +# when the value of (unsigned)Group is above 60000; +# don't use Group #-1 on these systems! +# +User apache +Group apache + +### Section 2: 'Main' server configuration +# +# The directives in this section set up the values used by the 'main' +# server, which responds to any requests that aren't handled by a +# definition. These values also provide defaults for +# any containers you may define later in the file. +# +# All of these directives may appear inside containers, +# in which case these default settings will be overridden for the +# virtual host being defined. +# + +# +# ServerAdmin: Your address, where problems with the server should be +# e-mailed. This address appears on some server-generated pages, such +# as error documents. e.g. admin@your-domain.com +# +ServerAdmin root@localhost + +# +# ServerName gives the name and port that the server uses to identify itself. +# This can often be determined automatically, but we recommend you specify +# it explicitly to prevent problems during startup. +# +# If this is not set to valid DNS name for your host, server-generated +# redirections will not work. See also the UseCanonicalName directive. +# +# If your host doesn't have a registered DNS name, enter its IP address here. +# You will have to access it by its address anyway, and this will make +# redirections work in a sensible way. +# +#ServerName www.example.com:80 + +# +# UseCanonicalName: Determines how Apache constructs self-referencing +# URLs and the SERVER_NAME and SERVER_PORT variables. +# When set "Off", Apache will use the Hostname and Port supplied +# by the client. When set "On", Apache will use the value of the +# ServerName directive. +# +UseCanonicalName Off + +# +# DocumentRoot: The directory out of which you will serve your +# documents. By default, all requests are taken from this directory, but +# symbolic links and aliases may be used to point to other locations. +# +DocumentRoot "/var/www/html" + +# +# Each directory to which Apache has access can be configured with respect +# to which services and features are allowed and/or disabled in that +# directory (and its subdirectories). +# +# First, we configure the "default" to be a very restrictive set of +# features. +# + + Options FollowSymLinks + AllowOverride None + + +# +# Note that from this point forward you must specifically allow +# particular features to be enabled - so if something's not working as +# you might expect, make sure that you have specifically enabled it +# below. +# + +# +# This should be changed to whatever you set DocumentRoot to. +# + + +# +# Possible values for the Options directive are "None", "All", +# or any combination of: +# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews +# +# Note that "MultiViews" must be named *explicitly* --- "Options All" +# doesn't give it to you. +# +# The Options directive is both complicated and important. Please see +# http://httpd.apache.org/docs/2.2/mod/core.html#options +# for more information. +# + Options Indexes FollowSymLinks + +# +# AllowOverride controls what directives may be placed in .htaccess files. +# It can be "All", "None", or any combination of the keywords: +# Options FileInfo AuthConfig Limit +# + AllowOverride None + +# +# Controls who can get stuff from this server. +# + Order allow,deny + Allow from all + + + +# +# UserDir: The name of the directory that is appended onto a user's home +# directory if a ~user request is received. +# +# The path to the end user account 'public_html' directory must be +# accessible to the webserver userid. This usually means that ~userid +# must have permissions of 711, ~userid/public_html must have permissions +# of 755, and documents contained therein must be world-readable. +# Otherwise, the client will only receive a "403 Forbidden" message. +# +# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden +# + + # + # UserDir is disabled by default since it can confirm the presence + # of a username on the system (depending on home directory + # permissions). + # + UserDir disable + + # + # To enable requests to /~user/ to serve the user's public_html + # directory, remove the "UserDir disable" line above, and uncomment + # the following line instead: + # + #UserDir public_html + + + +# +# Control access to UserDir directories. The following is an example +# for a site where these directories are restricted to read-only. +# +# +# AllowOverride FileInfo AuthConfig Limit +# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec +# +# Order allow,deny +# Allow from all +# +# +# Order deny,allow +# Deny from all +# +# + +# +# DirectoryIndex: sets the file that Apache will serve if a directory +# is requested. +# +# The index.html.var file (a type-map) is used to deliver content- +# negotiated documents. The MultiViews Option can be used for the +# same purpose, but it is much slower. +# +DirectoryIndex index.php index.html index.html.var + +# +# AccessFileName: The name of the file to look for in each directory +# for additional configuration directives. See also the AllowOverride +# directive. +# +AccessFileName .htaccess + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# + + Order allow,deny + Deny from all + + +# +# TypesConfig describes where the mime.types file (or equivalent) is +# to be found. +# +TypesConfig /etc/mime.types + +# +# DefaultType is the default MIME type the server will use for a document +# if it cannot otherwise determine one, such as from filename extensions. +# If your server contains mostly text or HTML documents, "text/plain" is +# a good value. If most of your content is binary, such as applications +# or images, you may want to use "application/octet-stream" instead to +# keep browsers from trying to display binary files as though they are +# text. +# +DefaultType text/plain + +# +# The mod_mime_magic module allows the server to use various hints from the +# contents of the file itself to determine its type. The MIMEMagicFile +# directive tells the module where the hint definitions are located. +# + +# MIMEMagicFile /usr/share/magic.mime + MIMEMagicFile conf/magic + + +# +# HostnameLookups: Log the names of clients or just their IP addresses +# e.g., www.apache.org (on) or 204.62.129.132 (off). +# The default is off because it'd be overall better for the net if people +# had to knowingly turn this feature on, since enabling it means that +# each client request will result in AT LEAST one lookup request to the +# nameserver. +# +HostnameLookups Off + +# +# EnableMMAP: Control whether memory-mapping is used to deliver +# files (assuming that the underlying OS supports it). +# The default is on; turn this off if you serve from NFS-mounted +# filesystems. On some systems, turning it off (regardless of +# filesystem) can improve performance; for details, please see +# http://httpd.apache.org/docs/2.2/mod/core.html#enablemmap +# +#EnableMMAP off + +# +# EnableSendfile: Control whether the sendfile kernel support is +# used to deliver files (assuming that the OS supports it). +# The default is on; turn this off if you serve from NFS-mounted +# filesystems. Please see +# http://httpd.apache.org/docs/2.2/mod/core.html#enablesendfile +# +#EnableSendfile off + +# +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a +# container, that host's errors will be logged there and not here. +# +ErrorLog logs/error_log + +# +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +# +LogLevel warn + +# +# The following directives define some format nicknames for use with +# a CustomLog directive (see below). +# +LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %b" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent + +# "combinedio" includes actual counts of actual bytes received (%I) and sent (%O); this +# requires the mod_logio module to be loaded. +#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio + +# +# The location and format of the access logfile (Common Logfile Format). +# If you do not define any access logfiles within a +# container, they will be logged here. Contrariwise, if you *do* +# define per- access logfiles, transactions will be +# logged therein and *not* in this file. +# +#CustomLog logs/access_log common + +# +# If you would like to have separate agent and referer logfiles, uncomment +# the following directives. +# +#CustomLog logs/referer_log referer +#CustomLog logs/agent_log agent + +# +# For a single logfile with access, agent, and referer information +# (Combined Logfile Format), use the following directive: +# +CustomLog logs/access_log combined + +# +# Optionally add a line containing the server version and virtual host +# name to server-generated pages (internal error documents, FTP directory +# listings, mod_status and mod_info output etc., but not CGI generated +# documents or custom error documents). +# Set to "EMail" to also include a mailto: link to the ServerAdmin. +# Set to one of: On | Off | EMail +# +ServerSignature On + +# +# Aliases: Add here as many aliases as you need (with no limit). The format is +# Alias fakename realname +# +# Note that if you include a trailing / on fakename then the server will +# require it to be present in the URL. So "/icons" isn't aliased in this +# example, only "/icons/". If the fakename is slash-terminated, then the +# realname must also be slash terminated, and if the fakename omits the +# trailing slash, the realname must also omit it. +# +# We include the /icons/ alias for FancyIndexed directory listings. If you +# do not use FancyIndexing, you may comment this out. +# +Alias /icons/ "/var/www/icons/" + + + Options Indexes MultiViews + AllowOverride None + Order allow,deny + Allow from all + + +# +# WebDAV module configuration section. +# + + # Location of the WebDAV lock database. + DAVLockDB /var/lib/dav/lockdb + + +# +# ScriptAlias: This controls which directories contain server scripts. +# ScriptAliases are essentially the same as Aliases, except that +# documents in the realname directory are treated as applications and +# run by the server when requested rather than as documents sent to the client. +# The same rules about trailing "/" apply to ScriptAlias directives as to +# Alias. +# +ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" + +# +# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased +# CGI directory exists, if you have that configured. +# + + AllowOverride None + Options None + Order allow,deny + Allow from all + + +# +# Redirect allows you to tell clients about documents which used to exist in +# your server's namespace, but do not anymore. This allows you to tell the +# clients where to look for the relocated document. +# Example: +# Redirect permanent /foo http://www.example.com/bar + +# +# Directives controlling the display of server-generated directory listings. +# + +# +# IndexOptions: Controls the appearance of server-generated directory +# listings. +# +IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable + +# +# AddIcon* directives tell the server which icon to show for different +# files or filename extensions. These are only displayed for +# FancyIndexed directories. +# +AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip + +AddIconByType (TXT,/icons/text.gif) text/* +AddIconByType (IMG,/icons/image2.gif) image/* +AddIconByType (SND,/icons/sound2.gif) audio/* +AddIconByType (VID,/icons/movie.gif) video/* + +AddIcon /icons/binary.gif .bin .exe +AddIcon /icons/binhex.gif .hqx +AddIcon /icons/tar.gif .tar +AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv +AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip +AddIcon /icons/a.gif .ps .ai .eps +AddIcon /icons/layout.gif .html .shtml .htm .pdf +AddIcon /icons/text.gif .txt +AddIcon /icons/c.gif .c +AddIcon /icons/p.gif .pl .py +AddIcon /icons/f.gif .for +AddIcon /icons/dvi.gif .dvi +AddIcon /icons/uuencoded.gif .uu +AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl +AddIcon /icons/tex.gif .tex +AddIcon /icons/bomb.gif core + +AddIcon /icons/back.gif .. +AddIcon /icons/hand.right.gif README +AddIcon /icons/folder.gif ^^DIRECTORY^^ +AddIcon /icons/blank.gif ^^BLANKICON^^ + +# +# DefaultIcon is which icon to show for files which do not have an icon +# explicitly set. +# +DefaultIcon /icons/unknown.gif + +# +# AddDescription allows you to place a short description after a file in +# server-generated indexes. These are only displayed for FancyIndexed +# directories. +# Format: AddDescription "description" filename +# +#AddDescription "GZIP compressed document" .gz +#AddDescription "tar archive" .tar +#AddDescription "GZIP compressed tar archive" .tgz + +# +# ReadmeName is the name of the README file the server will look for by +# default, and append to directory listings. +# +# HeaderName is the name of a file which should be prepended to +# directory indexes. +ReadmeName README.html +HeaderName HEADER.html + +# +# IndexIgnore is a set of filenames which directory indexing should ignore +# and not include in the listing. Shell-style wildcarding is permitted. +# +IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t + +# +# DefaultLanguage and AddLanguage allows you to specify the language of +# a document. You can then use content negotiation to give a browser a +# file in a language the user can understand. +# +# Specify a default language. This means that all data +# going out without a specific language tag (see below) will +# be marked with this one. You probably do NOT want to set +# this unless you are sure it is correct for all cases. +# +# * It is generally better to not mark a page as +# * being a certain language than marking it with the wrong +# * language! +# +# DefaultLanguage nl +# +# Note 1: The suffix does not have to be the same as the language +# keyword --- those with documents in Polish (whose net-standard +# language code is pl) may wish to use "AddLanguage pl .po" to +# avoid the ambiguity with the common suffix for perl scripts. +# +# Note 2: The example entries below illustrate that in some cases +# the two character 'Language' abbreviation is not identical to +# the two character 'Country' code for its country, +# E.g. 'Danmark/dk' versus 'Danish/da'. +# +# Note 3: In the case of 'ltz' we violate the RFC by using a three char +# specifier. There is 'work in progress' to fix this and get +# the reference data for rfc1766 cleaned up. +# +# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) +# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) +# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) +# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) +# Norwegian (no) - Polish (pl) - Portugese (pt) +# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) +# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) +# +AddLanguage ca .ca +AddLanguage cs .cz .cs +AddLanguage da .dk +AddLanguage de .de +AddLanguage el .el +AddLanguage en .en +AddLanguage eo .eo +AddLanguage es .es +AddLanguage et .et +AddLanguage fr .fr +AddLanguage he .he +AddLanguage hr .hr +AddLanguage it .it +AddLanguage ja .ja +AddLanguage ko .ko +AddLanguage ltz .ltz +AddLanguage nl .nl +AddLanguage nn .nn +AddLanguage no .no +AddLanguage pl .po +AddLanguage pt .pt +AddLanguage pt-BR .pt-br +AddLanguage ru .ru +AddLanguage sv .sv +AddLanguage zh-CN .zh-cn +AddLanguage zh-TW .zh-tw + +# +# LanguagePriority allows you to give precedence to some languages +# in case of a tie during content negotiation. +# +# Just list the languages in decreasing order of preference. We have +# more or less alphabetized them here. You probably want to change this. +# +LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW + +# +# ForceLanguagePriority allows you to serve a result page rather than +# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) +# [in case no accepted languages matched the available variants] +# +ForceLanguagePriority Prefer Fallback + +# +# Specify a default charset for all content served; this enables +# interpretation of all content as UTF-8 by default. To use the +# default browser choice (ISO-8859-1), or to allow the META tags +# in HTML content to override this choice, comment out this +# directive: +# +AddDefaultCharset UTF-8 + +# +# AddType allows you to add to or override the MIME configuration +# file mime.types for specific file types. +# +#AddType application/x-tar .tgz + +# +# AddEncoding allows you to have certain browsers uncompress +# information on the fly. Note: Not all browsers support this. +# Despite the name similarity, the following Add* directives have nothing +# to do with the FancyIndexing customization directives above. +# +#AddEncoding x-compress .Z +#AddEncoding x-gzip .gz .tgz + +# If the AddEncoding directives above are commented-out, then you +# probably should define those extensions to indicate media types: +# +AddType application/x-compress .Z +AddType application/x-gzip .gz .tgz + +# +# AddHandler allows you to map certain file extensions to "handlers": +# actions unrelated to filetype. These can be either built into the server +# or added with the Action directive (see below) +# +# To use CGI scripts outside of ScriptAliased directories: +# (You will also need to add "ExecCGI" to the "Options" directive.) +# +#AddHandler cgi-script .cgi + +# +# For files that include their own HTTP headers: +# +#AddHandler send-as-is asis + +# +# For type maps (negotiated resources): +# (This is enabled by default to allow the Apache "It Worked" page +# to be distributed in multiple languages.) +# +AddHandler type-map var + +# +# Filters allow you to process content before it is sent to the client. +# +# To parse .shtml files for server-side includes (SSI): +# (You will also need to add "Includes" to the "Options" directive.) +# +AddType text/html .shtml +AddOutputFilter INCLUDES .shtml + +# +# Action lets you define media types that will execute a script whenever +# a matching file is called. This eliminates the need for repeated URL +# pathnames for oft-used CGI file processors. +# Format: Action media/type /cgi-script/location +# Format: Action handler-name /cgi-script/location +# + +# +# Customizable error responses come in three flavors: +# 1) plain text 2) local redirects 3) external redirects +# +# Some examples: +#ErrorDocument 500 "The server made a boo boo." +#ErrorDocument 404 /missing.html +#ErrorDocument 404 "/cgi-bin/missing_handler.pl" +#ErrorDocument 402 http://www.example.com/subscription_info.html +# + +# +# Putting this all together, we can internationalize error responses. +# +# We use Alias to redirect any /error/HTTP_.html.var response to +# our collection of by-error message multi-language collections. We use +# includes to substitute the appropriate text. +# +# You can modify the messages' appearance without changing any of the +# default HTTP_.html.var files by adding the line: +# +# Alias /error/include/ "/your/include/path/" +# +# which allows you to create your own set of files by starting with the +# /var/www/error/include/ files and +# copying them to /your/include/path/, even on a per-VirtualHost basis. +# + +Alias /error/ "/var/www/error/" + + + + + AllowOverride None + Options IncludesNoExec + AddOutputFilter Includes html + AddHandler type-map var + Order allow,deny + Allow from all + LanguagePriority en es de fr + ForceLanguagePriority Prefer Fallback + + +# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var +# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var +# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var +# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var +# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var +# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var +# ErrorDocument 410 /error/HTTP_GONE.html.var +# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var +# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var +# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var +# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var +# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var +# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var +# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var +# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var +# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var +# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var + + + + +# +# The following directives modify normal HTTP response behavior to +# handle known problems with browser implementations. +# +BrowserMatch "Mozilla/2" nokeepalive +BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 +BrowserMatch "RealPlayer 4\.0" force-response-1.0 +BrowserMatch "Java/1\.0" force-response-1.0 +BrowserMatch "JDK/1\.0" force-response-1.0 + +# +# The following directive disables redirects on non-GET requests for +# a directory that does not include the trailing slash. This fixes a +# problem with Microsoft WebFolders which does not appropriately handle +# redirects for folders with DAV methods. +# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. +# +BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully +BrowserMatch "MS FrontPage" redirect-carefully +BrowserMatch "^WebDrive" redirect-carefully +BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully +BrowserMatch "^gnome-vfs/1.0" redirect-carefully +BrowserMatch "^XML Spy" redirect-carefully +BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully + +# +# Allow server status reports generated by mod_status, +# with the URL of http://servername/server-status +# Change the ".example.com" to match your domain to enable. +# + + SetHandler server-status + Order deny,allow + Deny from all + Allow from 127.0.0.1 72.249.55.151 flocknote.com + + +# +# Allow remote server configuration reports, with the URL of +# http://servername/server-info (requires that mod_info.c be loaded). +# Change the ".example.com" to match your domain to enable. +# +# +# SetHandler server-info +# Order deny,allow +# Deny from all +# Allow from .example.com +# + +# +# Proxy Server directives. Uncomment the following lines to +# enable the proxy server: +# +# +#ProxyRequests On +# +# +# Order deny,allow +# Deny from all +# Allow from .example.com +# + +# +# Enable/disable the handling of HTTP/1.1 "Via:" headers. +# ("Full" adds the server version; "Block" removes all outgoing Via: headers) +# Set to one of: Off | On | Full | Block +# +#ProxyVia On + +# +# To enable a cache of proxied content, uncomment the following lines. +# See http://httpd.apache.org/docs/2.2/mod/mod_cache.html for more details. +# +# +# CacheEnable disk / +# CacheRoot "/var/cache/mod_proxy" +# +# + +# +# End of proxy directives. + +### Section 3: Virtual Hosts +# +# VirtualHost: If you want to maintain multiple domains/hostnames on your +# machine you can setup VirtualHost containers for them. Most configurations +# use only name-based virtual hosts so the server doesn't need to worry about +# IP addresses. This is indicated by the asterisks in the directives below. +# +# Please see the documentation at +# +# for further details before you try to setup virtual hosts. +# +# You may use the command line option '-S' to verify your virtual host +# configuration. + +# +# Use name-based virtual hosting. +# +# NameVirtualHost *:80 +# +# NOTE: NameVirtualHost cannot be used without a port specifier +# (e.g. :80) if mod_ssl is being used, due to the nature of the +# SSL protocol. +# + +# +# VirtualHost example: +# Almost any Apache directive may go into a VirtualHost container. +# The first VirtualHost section is used for requests without a known +# server name. +# +# +# ServerAdmin webmaster@dummy-host.example.com +# DocumentRoot /www/docs/dummy-host.example.com +# ServerName dummy-host.example.com +# ErrorLog logs/dummy-host.example.com-error_log +# CustomLog logs/dummy-host.example.com-access_log common +# + +# Include virtualhost file from home directory (to prevent frequent +# editing of this httpd.conf file). +Include "/etc/httpd/conf/vhosts.conf" diff --git a/templates/vhosts.conf.j2 b/templates/vhosts.conf.j2 new file mode 100644 index 0000000..31c3fad --- /dev/null +++ b/templates/vhosts.conf.j2 @@ -0,0 +1,26 @@ + +# Set up NameVirtualHosts. +NameVirtualHost *:{{ apache_listen_port }} + +DirectoryIndex index.php index.html + +{# Set up VirtualHosts - servername and documentroot are required. #} +{% for vhost in apache_vhosts %} + + ServerName {{ vhost.servername }} + DocumentRoot {{ vhost.documentroot }} +{% if vhost.serveradmin is defined %} + ServerAdmin {{ vhost.serveradmin }} +{% endif %} + + AllowOverride All + Options -Indexes FollowSymLinks + Order allow,deny + Allow from all + +{% if vhost.extra_parameters is defined %} + {{ vhost.extra_parameters }} +{% endif %} + + +{% endfor %} diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..4919d5c --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,5 @@ +--- +apache_listen_port: 80 +apache_vhosts: + # Additional properties: 'serveradmin, extra_parameters'. + - {servername: "local.dev", documentroot: "/var/www/html"} From 87fe9ff3917247eb0130314d1216d0ec80dba29f Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 28 Feb 2014 16:37:55 -0600 Subject: [PATCH 003/128] Fix README.md. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 699d7e1..5c214b4 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -# Role Name +# Ansible Role: Apache 2.x -Apache 2.x for RHEL/CentOS 6.x by geerlingguy. +An Ansible Role that installs Apache 2.x on RedHat Enterprise Linux or CentOS 6.x servers. ## Requirements From 55e8cd1c2902f7e03f918b1de000a0801a0308a6 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 28 Feb 2014 16:39:31 -0600 Subject: [PATCH 004/128] Tiny tweak to README.md. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5c214b4..4373b39 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ None. ## Role Variables -Available variables are listed below, along with the default value (see `vars/main.yml`): +Available variables are listed below, along with default values (see `vars/main.yml`): apache_listen_port: 80 From d89722325dce54e497365f3e493c047aeeb08e96 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 28 Feb 2014 20:42:25 -0600 Subject: [PATCH 005/128] Add TODOs to readme. --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 4373b39..525af23 100644 --- a/README.md +++ b/README.md @@ -40,6 +40,11 @@ Note that this role doesn't configure SSL support out of the box; you would need apache_vhosts: - {servername: "example.com", documentroot: "/var/www/vhosts/example_com"} +## TODO + + - Use `lineinfile` rather than monolithic httpd.conf template. + - Conditionally configure Apache for Ubuntu as well (one role to rule them all). + ## License MIT / BSD From 84ae598b509103d8da8bcc9d1a0b2d88aeda16ef Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Wed, 5 Mar 2014 08:42:01 -0600 Subject: [PATCH 006/128] Updated dependencies. --- meta/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/main.yml b/meta/main.yml index b9e06d4..151b92a 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,6 +1,6 @@ --- dependencies: - - { role: repo-epel } + - { role: geerlingguy.repo-epel } galaxy_info: author: geerlingguy From 25f03a033b287d7c6a7b7622247803a070b6c269 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 14 Mar 2014 11:28:08 -0500 Subject: [PATCH 007/128] Remove EPEL repository dependency. --- README.md | 8 ++++++-- meta/main.yml | 3 +-- tasks/main.yml | 2 +- vars/main.yml | 1 + 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 525af23..4c02173 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Ansible Role: Apache 2.x -An Ansible Role that installs Apache 2.x on RedHat Enterprise Linux or CentOS 6.x servers. +An Ansible Role that installs Apache 2.x on RHEL/CentOS 6.x. ## Requirements @@ -10,6 +10,10 @@ None. Available variables are listed below, along with default values (see `vars/main.yml`): + apache_enablerepo: "" + +The repository to use when installing Apache. If you'd like later versions of Apache than are available in the OS's core repositories, use a repository like EPEL (which can be installed with the `geerlingguy.repo-epel` role). + apache_listen_port: 80 The port on which apache should be listening. Useful if you have another service (like a reverse proxy) listening on port 80. @@ -24,7 +28,7 @@ Note that this role doesn't configure SSL support out of the box; you would need ## Dependencies - - geerlingguy.repo-epel (Installs the EPEL repository for CentOS 6.x). +None. ## Example Playbook diff --git a/meta/main.yml b/meta/main.yml index 151b92a..218915c 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,6 +1,5 @@ --- -dependencies: - - { role: geerlingguy.repo-epel } +dependencies: [] galaxy_info: author: geerlingguy diff --git a/tasks/main.yml b/tasks/main.yml index 7e40bee..5f8a052 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,7 +1,7 @@ --- # Apache. - name: Install Apache. - yum: name={{ item }} state=installed enablerepo=epel + yum: name={{ item }} state=installed enablerepo={{ apache_enablerepo }} with_items: - httpd - httpd-devel diff --git a/vars/main.yml b/vars/main.yml index 4919d5c..58acd26 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,4 +1,5 @@ --- +apache_enablerepo: "" apache_listen_port: 80 apache_vhosts: # Additional properties: 'serveradmin, extra_parameters'. From a0ec89bdf0453664272dc3561837c46236d31613 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Mon, 21 Apr 2014 12:59:08 -0500 Subject: [PATCH 008/128] Updated README. --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 4c02173..380cfb3 100644 --- a/README.md +++ b/README.md @@ -55,4 +55,6 @@ MIT / BSD ## Author Information -This role was created in 2014 by Jeff Geerling (@geerlingguy), author of Ansible for DevOps. You can find out more about the book at http://ansiblefordevops.com/, and learn about the author at http://jeffgeerling.com/. +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). + +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). From 5cbf84a9a5d07b4ac80137edd5d1f32f31f7789d Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Tue, 22 Apr 2014 07:34:37 -0500 Subject: [PATCH 009/128] Make Apache role work correctly with both RHEL and Debian. --- README.md | 10 +- handlers/main.yml | 4 +- meta/main.yml | 10 +- tasks/main.yml | 35 +- tasks/setup-Debian.yml | 23 + tasks/setup-RedHat.yml | 24 + templates/httpd.conf.j2 | 995 --------------------------------------- templates/vhosts.conf.j2 | 3 - vars/Debian.yml | 12 + vars/RedHat.yml | 11 + vars/main.yml | 2 + 11 files changed, 106 insertions(+), 1023 deletions(-) create mode 100644 tasks/setup-Debian.yml create mode 100644 tasks/setup-RedHat.yml delete mode 100644 templates/httpd.conf.j2 create mode 100644 vars/Debian.yml create mode 100644 vars/RedHat.yml diff --git a/README.md b/README.md index 380cfb3..8908e30 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Ansible Role: Apache 2.x -An Ansible Role that installs Apache 2.x on RHEL/CentOS 6.x. +An Ansible Role that installs Apache 2.x on RHEL/CentOS and Debian/Ubuntu. ## Requirements @@ -12,7 +12,7 @@ Available variables are listed below, along with default values (see `vars/main. apache_enablerepo: "" -The repository to use when installing Apache. If you'd like later versions of Apache than are available in the OS's core repositories, use a repository like EPEL (which can be installed with the `geerlingguy.repo-epel` role). +The repository to use when installing Apache (only used on RHEL/CentOS systems). If you'd like later versions of Apache than are available in the OS's core repositories, use a repository like EPEL (which can be installed with the `geerlingguy.repo-epel` role). apache_listen_port: 80 @@ -44,10 +44,10 @@ None. apache_vhosts: - {servername: "example.com", documentroot: "/var/www/vhosts/example_com"} -## TODO +On Debian/Ubuntu hosts, if you get the error `Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?`, You should add a task to make sure your apt_cache is up to date, like: - - Use `lineinfile` rather than monolithic httpd.conf template. - - Conditionally configure Apache for Ubuntu as well (one role to rule them all). + - name: Update apt cache if needed. + apt: update_cache=yes cache_valid_time=3600 ## License diff --git a/handlers/main.yml b/handlers/main.yml index 7779d1a..e4ecd63 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,3 +1,5 @@ --- - name: restart apache - command: service httpd restart + service: > + name={{ apache_daemon }} + state=restarted diff --git a/meta/main.yml b/meta/main.yml index 218915c..2b97bc8 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -3,13 +3,19 @@ dependencies: [] galaxy_info: author: geerlingguy - description: Apache 2.x for RHEL/CentOS 6.x. + description: Apache 2.x for RHEL/CentOS/Debian/Ubuntu. company: "Midwestern Mac, LLC" license: "license (BSD, MIT)" min_ansible_version: 1.4 platforms: - name: EL versions: - - 6 + - all + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - all categories: - web diff --git a/tasks/main.yml b/tasks/main.yml index 5f8a052..0d4059d 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,21 +1,22 @@ --- -# Apache. -- name: Install Apache. - yum: name={{ item }} state=installed enablerepo={{ apache_enablerepo }} - with_items: - - httpd - - httpd-devel - - mod_ssl - - openssh +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" -# Copy httpd config into place. -- name: Copy httpd config files into place. - template: src={{ item.src }} dest={{ item.dest }} owner=root group=root mode=0644 +- include: setup-RedHat.yml + when: ansible_os_family == 'RedHat' + +- include: setup-Debian.yml + when: ansible_os_family == 'Debian' + +- name: Add apache vhosts configuration. + template: > + src=vhosts.conf.j2 + dest={{ apache_conf_path }}/vhosts.conf + owner=root group=root mode=644 notify: restart apache - with_items: - - {src: 'httpd.conf.j2', dest: '/etc/httpd/conf/httpd.conf'} - - {src: 'vhosts.conf.j2', dest: '/etc/httpd/conf/vhosts.conf'} -# Set Apache to run at startup. -- name: Ensure Apache is started. - service: name=httpd state=started enabled=yes +- name: Ensure Apache is started and enabled on boot. + service: > + name={{ apache_daemon }} + state=started + enabled=yes diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml new file mode 100644 index 0000000..7dc8058 --- /dev/null +++ b/tasks/setup-Debian.yml @@ -0,0 +1,23 @@ +--- +- name: Ensure Apache is installed. + apt: > + name={{ item }} + state=installed + with_items: apache_packages + +- name: Configure Apache. + lineinfile: > + dest="{{ apache_server_root }}/ports.conf" + regexp="{{ item.regexp }}" + line="{{ item.line }}" + state=present + with_items: + - { + regexp: "^Listen ", + line: "Listen {{ apache_listen_port }}" + } + - { + regexp: "^NameVirtualHost ", + line: "NameVirtualHost *:{{ apache_listen_port }}" + } + notify: restart apache diff --git a/tasks/setup-RedHat.yml b/tasks/setup-RedHat.yml new file mode 100644 index 0000000..a009406 --- /dev/null +++ b/tasks/setup-RedHat.yml @@ -0,0 +1,24 @@ +--- +- name: Ensure Apache is installed. + yum: > + name={{ item }} + state=installed + enablerepo={{ apache_enablerepo }} + with_items: apache_packages + +- name: Configure Apache. + lineinfile: > + dest={{ apache_server_root }}/conf/{{ apache_daemon }}.conf + regexp="{{ item.regexp }}" + line="{{ item.line }}" + state=present + with_items: + - { + regexp: "^Listen ", + line: "Listen {{ apache_listen_port }}" + } + - { + regexp: "^NameVirtualHost ", + line: "NameVirtualHost *:{{ apache_listen_port }}" + } + notify: restart apache diff --git a/templates/httpd.conf.j2 b/templates/httpd.conf.j2 deleted file mode 100644 index c035833..0000000 --- a/templates/httpd.conf.j2 +++ /dev/null @@ -1,995 +0,0 @@ -# -# This is the main Apache server configuration file. It contains the -# configuration directives that give the server its instructions. -# See for detailed information. -# In particular, see -# -# for a discussion of each configuration directive. -# -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# -# The configuration directives are grouped into three basic sections: -# 1. Directives that control the operation of the Apache server process as a -# whole (the 'global environment'). -# 2. Directives that define the parameters of the 'main' or 'default' server, -# which responds to requests that aren't handled by a virtual host. -# These directives also provide default values for the settings -# of all virtual hosts. -# 3. Settings for virtual hosts, which allow Web requests to be sent to -# different IP addresses or hostnames and have them handled by the -# same Apache server process. -# -# Configuration and logfile names: If the filenames you specify for many -# of the server's control files begin with "/" (or "drive:/" for Win32), the -# server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so "logs/foo.log" -# with ServerRoot set to "/etc/httpd" will be interpreted by the -# server as "/etc/httpd/logs/foo.log". -# - -### Section 1: Global Environment -# -# The directives in this section affect the overall operation of Apache, -# such as the number of concurrent requests it can handle or where it -# can find its configuration files. -# - -# -# Don't give away too much information about all the subcomponents -# we are running. Comment out this line if you don't mind remote sites -# finding out what major optional modules you are running -ServerTokens OS - -# -# ServerRoot: The top of the directory tree under which the server's -# configuration, error, and log files are kept. -# -# NOTE! If you intend to place this on an NFS (or otherwise network) -# mounted filesystem then please read the LockFile documentation -# (available at ); -# you will save yourself a lot of trouble. -# -# Do NOT add a slash at the end of the directory path. -# -ServerRoot "/etc/httpd" - -# -# PidFile: The file in which the server should record its process -# identification number when it starts. -# -PidFile run/httpd.pid - -# -# Timeout: The number of seconds before receives and sends time out. -# -Timeout 120 - -# -# KeepAlive: Whether or not to allow persistent connections (more than -# one request per connection). Set to "Off" to deactivate. -# -KeepAlive On - -# -# MaxKeepAliveRequests: The maximum number of requests to allow -# during a persistent connection. Set to 0 to allow an unlimited amount. -# We recommend you leave this number high, for maximum performance. -# -MaxKeepAliveRequests 100 - -# -# KeepAliveTimeout: Number of seconds to wait for the next request from the -# same client on the same connection. -# -KeepAliveTimeout 1 - -## -## Server-Pool Size Regulation (MPM specific) -## - -# prefork MPM -# StartServers: number of server processes to start -# MinSpareServers: minimum number of server processes which are kept spare -# MaxSpareServers: maximum number of server processes which are kept spare -# ServerLimit: maximum value for MaxClients for the lifetime of the server -# MaxClients: maximum number of server processes allowed to start -# MaxRequestsPerChild: maximum number of requests a server process serves -# Flocknote uses prefork (fyi). - -StartServers 20 -MinSpareServers 5 -MaxSpareServers 20 -ServerLimit 35 -MaxClients 35 -MaxRequestsPerChild 500 - - -# worker MPM -# StartServers: initial number of server processes to start -# MaxClients: maximum number of simultaneous client connections -# MinSpareThreads: minimum number of worker threads which are kept spare -# MaxSpareThreads: maximum number of worker threads which are kept spare -# ThreadsPerChild: constant number of worker threads in each server process -# MaxRequestsPerChild: maximum number of requests a server process serves -# Flocknote DOES NOT use worker (fyi). - -StartServers 10 -MaxClients 50 -MinSpareThreads 8 -MaxSpareThreads 10 -ThreadsPerChild 20 -MaxRequestsPerChild 500 - - -# -# Listen: Allows you to bind Apache to specific IP addresses and/or -# ports, in addition to the default. See also the -# directive. -# -# Change this to Listen on specific IP addresses as shown below to -# prevent Apache from glomming onto all bound IP addresses (0.0.0.0) -# -#Listen 12.34.56.78:80 -Listen {{ apache_listen_port }} - -# -# Dynamic Shared Object (DSO) Support -# -# To be able to use the functionality of a module which was built as a DSO you -# have to place corresponding `LoadModule' lines at this location so the -# directives contained in it are actually available _before_ they are used. -# Statically compiled modules (those listed by `httpd -l') do not need -# to be loaded here. -# -# Example: -# LoadModule foo_module modules/mod_foo.so -# -LoadModule auth_basic_module modules/mod_auth_basic.so -LoadModule auth_digest_module modules/mod_auth_digest.so -LoadModule authn_file_module modules/mod_authn_file.so -LoadModule authn_alias_module modules/mod_authn_alias.so -LoadModule authn_anon_module modules/mod_authn_anon.so -LoadModule authn_dbm_module modules/mod_authn_dbm.so -LoadModule authn_default_module modules/mod_authn_default.so -LoadModule authz_host_module modules/mod_authz_host.so -LoadModule authz_user_module modules/mod_authz_user.so -LoadModule authz_owner_module modules/mod_authz_owner.so -LoadModule authz_groupfile_module modules/mod_authz_groupfile.so -LoadModule authz_dbm_module modules/mod_authz_dbm.so -LoadModule authz_default_module modules/mod_authz_default.so -LoadModule ldap_module modules/mod_ldap.so -LoadModule authnz_ldap_module modules/mod_authnz_ldap.so -LoadModule include_module modules/mod_include.so -LoadModule log_config_module modules/mod_log_config.so -LoadModule logio_module modules/mod_logio.so -LoadModule env_module modules/mod_env.so -LoadModule ext_filter_module modules/mod_ext_filter.so -LoadModule mime_magic_module modules/mod_mime_magic.so -LoadModule expires_module modules/mod_expires.so -LoadModule deflate_module modules/mod_deflate.so -LoadModule headers_module modules/mod_headers.so -LoadModule usertrack_module modules/mod_usertrack.so -LoadModule setenvif_module modules/mod_setenvif.so -LoadModule mime_module modules/mod_mime.so -LoadModule dav_module modules/mod_dav.so -LoadModule status_module modules/mod_status.so -LoadModule autoindex_module modules/mod_autoindex.so -LoadModule info_module modules/mod_info.so -LoadModule dav_fs_module modules/mod_dav_fs.so -LoadModule vhost_alias_module modules/mod_vhost_alias.so -LoadModule negotiation_module modules/mod_negotiation.so -LoadModule dir_module modules/mod_dir.so -LoadModule actions_module modules/mod_actions.so -LoadModule speling_module modules/mod_speling.so -LoadModule userdir_module modules/mod_userdir.so -LoadModule alias_module modules/mod_alias.so -LoadModule rewrite_module modules/mod_rewrite.so -LoadModule proxy_module modules/mod_proxy.so -LoadModule proxy_balancer_module modules/mod_proxy_balancer.so -LoadModule proxy_ftp_module modules/mod_proxy_ftp.so -LoadModule proxy_http_module modules/mod_proxy_http.so -LoadModule proxy_connect_module modules/mod_proxy_connect.so -LoadModule cache_module modules/mod_cache.so -LoadModule suexec_module modules/mod_suexec.so -LoadModule disk_cache_module modules/mod_disk_cache.so -LoadModule cgi_module modules/mod_cgi.so -LoadModule version_module modules/mod_version.so - -# -# The following modules are not loaded by default: -# -#LoadModule cern_meta_module modules/mod_cern_meta.so -#LoadModule asis_module modules/mod_asis.so - -# -# Load config files from the config directory "/etc/httpd/conf.d". -# -Include conf.d/*.conf - -# -# ExtendedStatus controls whether Apache will generate "full" status -# information (ExtendedStatus On) or just basic information (ExtendedStatus -# Off) when the "server-status" handler is called. The default is Off. -# -ExtendedStatus On - -# -# If you wish httpd to run as a different user or group, you must run -# httpd as root initially and it will switch. -# -# User/Group: The name (or #number) of the user/group to run httpd as. -# . On SCO (ODT 3) use "User nouser" and "Group nogroup". -# . On HPUX you may not be able to use shared memory as nobody, and the -# suggested workaround is to create a user www and use that user. -# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) -# when the value of (unsigned)Group is above 60000; -# don't use Group #-1 on these systems! -# -User apache -Group apache - -### Section 2: 'Main' server configuration -# -# The directives in this section set up the values used by the 'main' -# server, which responds to any requests that aren't handled by a -# definition. These values also provide defaults for -# any containers you may define later in the file. -# -# All of these directives may appear inside containers, -# in which case these default settings will be overridden for the -# virtual host being defined. -# - -# -# ServerAdmin: Your address, where problems with the server should be -# e-mailed. This address appears on some server-generated pages, such -# as error documents. e.g. admin@your-domain.com -# -ServerAdmin root@localhost - -# -# ServerName gives the name and port that the server uses to identify itself. -# This can often be determined automatically, but we recommend you specify -# it explicitly to prevent problems during startup. -# -# If this is not set to valid DNS name for your host, server-generated -# redirections will not work. See also the UseCanonicalName directive. -# -# If your host doesn't have a registered DNS name, enter its IP address here. -# You will have to access it by its address anyway, and this will make -# redirections work in a sensible way. -# -#ServerName www.example.com:80 - -# -# UseCanonicalName: Determines how Apache constructs self-referencing -# URLs and the SERVER_NAME and SERVER_PORT variables. -# When set "Off", Apache will use the Hostname and Port supplied -# by the client. When set "On", Apache will use the value of the -# ServerName directive. -# -UseCanonicalName Off - -# -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. -# -DocumentRoot "/var/www/html" - -# -# Each directory to which Apache has access can be configured with respect -# to which services and features are allowed and/or disabled in that -# directory (and its subdirectories). -# -# First, we configure the "default" to be a very restrictive set of -# features. -# - - Options FollowSymLinks - AllowOverride None - - -# -# Note that from this point forward you must specifically allow -# particular features to be enabled - so if something's not working as -# you might expect, make sure that you have specifically enabled it -# below. -# - -# -# This should be changed to whatever you set DocumentRoot to. -# - - -# -# Possible values for the Options directive are "None", "All", -# or any combination of: -# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews -# -# Note that "MultiViews" must be named *explicitly* --- "Options All" -# doesn't give it to you. -# -# The Options directive is both complicated and important. Please see -# http://httpd.apache.org/docs/2.2/mod/core.html#options -# for more information. -# - Options Indexes FollowSymLinks - -# -# AllowOverride controls what directives may be placed in .htaccess files. -# It can be "All", "None", or any combination of the keywords: -# Options FileInfo AuthConfig Limit -# - AllowOverride None - -# -# Controls who can get stuff from this server. -# - Order allow,deny - Allow from all - - - -# -# UserDir: The name of the directory that is appended onto a user's home -# directory if a ~user request is received. -# -# The path to the end user account 'public_html' directory must be -# accessible to the webserver userid. This usually means that ~userid -# must have permissions of 711, ~userid/public_html must have permissions -# of 755, and documents contained therein must be world-readable. -# Otherwise, the client will only receive a "403 Forbidden" message. -# -# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden -# - - # - # UserDir is disabled by default since it can confirm the presence - # of a username on the system (depending on home directory - # permissions). - # - UserDir disable - - # - # To enable requests to /~user/ to serve the user's public_html - # directory, remove the "UserDir disable" line above, and uncomment - # the following line instead: - # - #UserDir public_html - - - -# -# Control access to UserDir directories. The following is an example -# for a site where these directories are restricted to read-only. -# -# -# AllowOverride FileInfo AuthConfig Limit -# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec -# -# Order allow,deny -# Allow from all -# -# -# Order deny,allow -# Deny from all -# -# - -# -# DirectoryIndex: sets the file that Apache will serve if a directory -# is requested. -# -# The index.html.var file (a type-map) is used to deliver content- -# negotiated documents. The MultiViews Option can be used for the -# same purpose, but it is much slower. -# -DirectoryIndex index.php index.html index.html.var - -# -# AccessFileName: The name of the file to look for in each directory -# for additional configuration directives. See also the AllowOverride -# directive. -# -AccessFileName .htaccess - -# -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. -# - - Order allow,deny - Deny from all - - -# -# TypesConfig describes where the mime.types file (or equivalent) is -# to be found. -# -TypesConfig /etc/mime.types - -# -# DefaultType is the default MIME type the server will use for a document -# if it cannot otherwise determine one, such as from filename extensions. -# If your server contains mostly text or HTML documents, "text/plain" is -# a good value. If most of your content is binary, such as applications -# or images, you may want to use "application/octet-stream" instead to -# keep browsers from trying to display binary files as though they are -# text. -# -DefaultType text/plain - -# -# The mod_mime_magic module allows the server to use various hints from the -# contents of the file itself to determine its type. The MIMEMagicFile -# directive tells the module where the hint definitions are located. -# - -# MIMEMagicFile /usr/share/magic.mime - MIMEMagicFile conf/magic - - -# -# HostnameLookups: Log the names of clients or just their IP addresses -# e.g., www.apache.org (on) or 204.62.129.132 (off). -# The default is off because it'd be overall better for the net if people -# had to knowingly turn this feature on, since enabling it means that -# each client request will result in AT LEAST one lookup request to the -# nameserver. -# -HostnameLookups Off - -# -# EnableMMAP: Control whether memory-mapping is used to deliver -# files (assuming that the underlying OS supports it). -# The default is on; turn this off if you serve from NFS-mounted -# filesystems. On some systems, turning it off (regardless of -# filesystem) can improve performance; for details, please see -# http://httpd.apache.org/docs/2.2/mod/core.html#enablemmap -# -#EnableMMAP off - -# -# EnableSendfile: Control whether the sendfile kernel support is -# used to deliver files (assuming that the OS supports it). -# The default is on; turn this off if you serve from NFS-mounted -# filesystems. Please see -# http://httpd.apache.org/docs/2.2/mod/core.html#enablesendfile -# -#EnableSendfile off - -# -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a -# container, that host's errors will be logged there and not here. -# -ErrorLog logs/error_log - -# -# LogLevel: Control the number of messages logged to the error_log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. -# -LogLevel warn - -# -# The following directives define some format nicknames for use with -# a CustomLog directive (see below). -# -LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined -LogFormat "%h %l %u %t \"%r\" %>s %b" common -LogFormat "%{Referer}i -> %U" referer -LogFormat "%{User-agent}i" agent - -# "combinedio" includes actual counts of actual bytes received (%I) and sent (%O); this -# requires the mod_logio module to be loaded. -#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - -# -# The location and format of the access logfile (Common Logfile Format). -# If you do not define any access logfiles within a -# container, they will be logged here. Contrariwise, if you *do* -# define per- access logfiles, transactions will be -# logged therein and *not* in this file. -# -#CustomLog logs/access_log common - -# -# If you would like to have separate agent and referer logfiles, uncomment -# the following directives. -# -#CustomLog logs/referer_log referer -#CustomLog logs/agent_log agent - -# -# For a single logfile with access, agent, and referer information -# (Combined Logfile Format), use the following directive: -# -CustomLog logs/access_log combined - -# -# Optionally add a line containing the server version and virtual host -# name to server-generated pages (internal error documents, FTP directory -# listings, mod_status and mod_info output etc., but not CGI generated -# documents or custom error documents). -# Set to "EMail" to also include a mailto: link to the ServerAdmin. -# Set to one of: On | Off | EMail -# -ServerSignature On - -# -# Aliases: Add here as many aliases as you need (with no limit). The format is -# Alias fakename realname -# -# Note that if you include a trailing / on fakename then the server will -# require it to be present in the URL. So "/icons" isn't aliased in this -# example, only "/icons/". If the fakename is slash-terminated, then the -# realname must also be slash terminated, and if the fakename omits the -# trailing slash, the realname must also omit it. -# -# We include the /icons/ alias for FancyIndexed directory listings. If you -# do not use FancyIndexing, you may comment this out. -# -Alias /icons/ "/var/www/icons/" - - - Options Indexes MultiViews - AllowOverride None - Order allow,deny - Allow from all - - -# -# WebDAV module configuration section. -# - - # Location of the WebDAV lock database. - DAVLockDB /var/lib/dav/lockdb - - -# -# ScriptAlias: This controls which directories contain server scripts. -# ScriptAliases are essentially the same as Aliases, except that -# documents in the realname directory are treated as applications and -# run by the server when requested rather than as documents sent to the client. -# The same rules about trailing "/" apply to ScriptAlias directives as to -# Alias. -# -ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" - -# -# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased -# CGI directory exists, if you have that configured. -# - - AllowOverride None - Options None - Order allow,deny - Allow from all - - -# -# Redirect allows you to tell clients about documents which used to exist in -# your server's namespace, but do not anymore. This allows you to tell the -# clients where to look for the relocated document. -# Example: -# Redirect permanent /foo http://www.example.com/bar - -# -# Directives controlling the display of server-generated directory listings. -# - -# -# IndexOptions: Controls the appearance of server-generated directory -# listings. -# -IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable - -# -# AddIcon* directives tell the server which icon to show for different -# files or filename extensions. These are only displayed for -# FancyIndexed directories. -# -AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip - -AddIconByType (TXT,/icons/text.gif) text/* -AddIconByType (IMG,/icons/image2.gif) image/* -AddIconByType (SND,/icons/sound2.gif) audio/* -AddIconByType (VID,/icons/movie.gif) video/* - -AddIcon /icons/binary.gif .bin .exe -AddIcon /icons/binhex.gif .hqx -AddIcon /icons/tar.gif .tar -AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv -AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip -AddIcon /icons/a.gif .ps .ai .eps -AddIcon /icons/layout.gif .html .shtml .htm .pdf -AddIcon /icons/text.gif .txt -AddIcon /icons/c.gif .c -AddIcon /icons/p.gif .pl .py -AddIcon /icons/f.gif .for -AddIcon /icons/dvi.gif .dvi -AddIcon /icons/uuencoded.gif .uu -AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl -AddIcon /icons/tex.gif .tex -AddIcon /icons/bomb.gif core - -AddIcon /icons/back.gif .. -AddIcon /icons/hand.right.gif README -AddIcon /icons/folder.gif ^^DIRECTORY^^ -AddIcon /icons/blank.gif ^^BLANKICON^^ - -# -# DefaultIcon is which icon to show for files which do not have an icon -# explicitly set. -# -DefaultIcon /icons/unknown.gif - -# -# AddDescription allows you to place a short description after a file in -# server-generated indexes. These are only displayed for FancyIndexed -# directories. -# Format: AddDescription "description" filename -# -#AddDescription "GZIP compressed document" .gz -#AddDescription "tar archive" .tar -#AddDescription "GZIP compressed tar archive" .tgz - -# -# ReadmeName is the name of the README file the server will look for by -# default, and append to directory listings. -# -# HeaderName is the name of a file which should be prepended to -# directory indexes. -ReadmeName README.html -HeaderName HEADER.html - -# -# IndexIgnore is a set of filenames which directory indexing should ignore -# and not include in the listing. Shell-style wildcarding is permitted. -# -IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t - -# -# DefaultLanguage and AddLanguage allows you to specify the language of -# a document. You can then use content negotiation to give a browser a -# file in a language the user can understand. -# -# Specify a default language. This means that all data -# going out without a specific language tag (see below) will -# be marked with this one. You probably do NOT want to set -# this unless you are sure it is correct for all cases. -# -# * It is generally better to not mark a page as -# * being a certain language than marking it with the wrong -# * language! -# -# DefaultLanguage nl -# -# Note 1: The suffix does not have to be the same as the language -# keyword --- those with documents in Polish (whose net-standard -# language code is pl) may wish to use "AddLanguage pl .po" to -# avoid the ambiguity with the common suffix for perl scripts. -# -# Note 2: The example entries below illustrate that in some cases -# the two character 'Language' abbreviation is not identical to -# the two character 'Country' code for its country, -# E.g. 'Danmark/dk' versus 'Danish/da'. -# -# Note 3: In the case of 'ltz' we violate the RFC by using a three char -# specifier. There is 'work in progress' to fix this and get -# the reference data for rfc1766 cleaned up. -# -# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) -# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) -# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) -# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) -# Norwegian (no) - Polish (pl) - Portugese (pt) -# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) -# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) -# -AddLanguage ca .ca -AddLanguage cs .cz .cs -AddLanguage da .dk -AddLanguage de .de -AddLanguage el .el -AddLanguage en .en -AddLanguage eo .eo -AddLanguage es .es -AddLanguage et .et -AddLanguage fr .fr -AddLanguage he .he -AddLanguage hr .hr -AddLanguage it .it -AddLanguage ja .ja -AddLanguage ko .ko -AddLanguage ltz .ltz -AddLanguage nl .nl -AddLanguage nn .nn -AddLanguage no .no -AddLanguage pl .po -AddLanguage pt .pt -AddLanguage pt-BR .pt-br -AddLanguage ru .ru -AddLanguage sv .sv -AddLanguage zh-CN .zh-cn -AddLanguage zh-TW .zh-tw - -# -# LanguagePriority allows you to give precedence to some languages -# in case of a tie during content negotiation. -# -# Just list the languages in decreasing order of preference. We have -# more or less alphabetized them here. You probably want to change this. -# -LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW - -# -# ForceLanguagePriority allows you to serve a result page rather than -# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) -# [in case no accepted languages matched the available variants] -# -ForceLanguagePriority Prefer Fallback - -# -# Specify a default charset for all content served; this enables -# interpretation of all content as UTF-8 by default. To use the -# default browser choice (ISO-8859-1), or to allow the META tags -# in HTML content to override this choice, comment out this -# directive: -# -AddDefaultCharset UTF-8 - -# -# AddType allows you to add to or override the MIME configuration -# file mime.types for specific file types. -# -#AddType application/x-tar .tgz - -# -# AddEncoding allows you to have certain browsers uncompress -# information on the fly. Note: Not all browsers support this. -# Despite the name similarity, the following Add* directives have nothing -# to do with the FancyIndexing customization directives above. -# -#AddEncoding x-compress .Z -#AddEncoding x-gzip .gz .tgz - -# If the AddEncoding directives above are commented-out, then you -# probably should define those extensions to indicate media types: -# -AddType application/x-compress .Z -AddType application/x-gzip .gz .tgz - -# -# AddHandler allows you to map certain file extensions to "handlers": -# actions unrelated to filetype. These can be either built into the server -# or added with the Action directive (see below) -# -# To use CGI scripts outside of ScriptAliased directories: -# (You will also need to add "ExecCGI" to the "Options" directive.) -# -#AddHandler cgi-script .cgi - -# -# For files that include their own HTTP headers: -# -#AddHandler send-as-is asis - -# -# For type maps (negotiated resources): -# (This is enabled by default to allow the Apache "It Worked" page -# to be distributed in multiple languages.) -# -AddHandler type-map var - -# -# Filters allow you to process content before it is sent to the client. -# -# To parse .shtml files for server-side includes (SSI): -# (You will also need to add "Includes" to the "Options" directive.) -# -AddType text/html .shtml -AddOutputFilter INCLUDES .shtml - -# -# Action lets you define media types that will execute a script whenever -# a matching file is called. This eliminates the need for repeated URL -# pathnames for oft-used CGI file processors. -# Format: Action media/type /cgi-script/location -# Format: Action handler-name /cgi-script/location -# - -# -# Customizable error responses come in three flavors: -# 1) plain text 2) local redirects 3) external redirects -# -# Some examples: -#ErrorDocument 500 "The server made a boo boo." -#ErrorDocument 404 /missing.html -#ErrorDocument 404 "/cgi-bin/missing_handler.pl" -#ErrorDocument 402 http://www.example.com/subscription_info.html -# - -# -# Putting this all together, we can internationalize error responses. -# -# We use Alias to redirect any /error/HTTP_.html.var response to -# our collection of by-error message multi-language collections. We use -# includes to substitute the appropriate text. -# -# You can modify the messages' appearance without changing any of the -# default HTTP_.html.var files by adding the line: -# -# Alias /error/include/ "/your/include/path/" -# -# which allows you to create your own set of files by starting with the -# /var/www/error/include/ files and -# copying them to /your/include/path/, even on a per-VirtualHost basis. -# - -Alias /error/ "/var/www/error/" - - - - - AllowOverride None - Options IncludesNoExec - AddOutputFilter Includes html - AddHandler type-map var - Order allow,deny - Allow from all - LanguagePriority en es de fr - ForceLanguagePriority Prefer Fallback - - -# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var -# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var -# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var -# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var -# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var -# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var -# ErrorDocument 410 /error/HTTP_GONE.html.var -# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var -# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var -# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var -# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var -# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var -# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var -# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var -# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var -# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var -# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var - - - - -# -# The following directives modify normal HTTP response behavior to -# handle known problems with browser implementations. -# -BrowserMatch "Mozilla/2" nokeepalive -BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 -BrowserMatch "RealPlayer 4\.0" force-response-1.0 -BrowserMatch "Java/1\.0" force-response-1.0 -BrowserMatch "JDK/1\.0" force-response-1.0 - -# -# The following directive disables redirects on non-GET requests for -# a directory that does not include the trailing slash. This fixes a -# problem with Microsoft WebFolders which does not appropriately handle -# redirects for folders with DAV methods. -# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. -# -BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully -BrowserMatch "MS FrontPage" redirect-carefully -BrowserMatch "^WebDrive" redirect-carefully -BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully -BrowserMatch "^gnome-vfs/1.0" redirect-carefully -BrowserMatch "^XML Spy" redirect-carefully -BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully - -# -# Allow server status reports generated by mod_status, -# with the URL of http://servername/server-status -# Change the ".example.com" to match your domain to enable. -# - - SetHandler server-status - Order deny,allow - Deny from all - Allow from 127.0.0.1 72.249.55.151 flocknote.com - - -# -# Allow remote server configuration reports, with the URL of -# http://servername/server-info (requires that mod_info.c be loaded). -# Change the ".example.com" to match your domain to enable. -# -# -# SetHandler server-info -# Order deny,allow -# Deny from all -# Allow from .example.com -# - -# -# Proxy Server directives. Uncomment the following lines to -# enable the proxy server: -# -# -#ProxyRequests On -# -# -# Order deny,allow -# Deny from all -# Allow from .example.com -# - -# -# Enable/disable the handling of HTTP/1.1 "Via:" headers. -# ("Full" adds the server version; "Block" removes all outgoing Via: headers) -# Set to one of: Off | On | Full | Block -# -#ProxyVia On - -# -# To enable a cache of proxied content, uncomment the following lines. -# See http://httpd.apache.org/docs/2.2/mod/mod_cache.html for more details. -# -# -# CacheEnable disk / -# CacheRoot "/var/cache/mod_proxy" -# -# - -# -# End of proxy directives. - -### Section 3: Virtual Hosts -# -# VirtualHost: If you want to maintain multiple domains/hostnames on your -# machine you can setup VirtualHost containers for them. Most configurations -# use only name-based virtual hosts so the server doesn't need to worry about -# IP addresses. This is indicated by the asterisks in the directives below. -# -# Please see the documentation at -# -# for further details before you try to setup virtual hosts. -# -# You may use the command line option '-S' to verify your virtual host -# configuration. - -# -# Use name-based virtual hosting. -# -# NameVirtualHost *:80 -# -# NOTE: NameVirtualHost cannot be used without a port specifier -# (e.g. :80) if mod_ssl is being used, due to the nature of the -# SSL protocol. -# - -# -# VirtualHost example: -# Almost any Apache directive may go into a VirtualHost container. -# The first VirtualHost section is used for requests without a known -# server name. -# -# -# ServerAdmin webmaster@dummy-host.example.com -# DocumentRoot /www/docs/dummy-host.example.com -# ServerName dummy-host.example.com -# ErrorLog logs/dummy-host.example.com-error_log -# CustomLog logs/dummy-host.example.com-access_log common -# - -# Include virtualhost file from home directory (to prevent frequent -# editing of this httpd.conf file). -Include "/etc/httpd/conf/vhosts.conf" diff --git a/templates/vhosts.conf.j2 b/templates/vhosts.conf.j2 index 31c3fad..da8d072 100644 --- a/templates/vhosts.conf.j2 +++ b/templates/vhosts.conf.j2 @@ -1,7 +1,4 @@ -# Set up NameVirtualHosts. -NameVirtualHost *:{{ apache_listen_port }} - DirectoryIndex index.php index.html {# Set up VirtualHosts - servername and documentroot are required. #} diff --git a/vars/Debian.yml b/vars/Debian.yml new file mode 100644 index 0000000..7fa40b5 --- /dev/null +++ b/vars/Debian.yml @@ -0,0 +1,12 @@ +--- +apache_daemon: apache2 +apache_server_root: /etc/apache2 +apache_conf_path: /etc/apache2/sites-enabled +apache_packages: + - apache2 + - apache2-mpm-prefork + - apache2-utils + - apache2.2-bin + - apache2.2-common +apache_vhosts: + - {servername: "local.dev", documentroot: "/var/www"} diff --git a/vars/RedHat.yml b/vars/RedHat.yml new file mode 100644 index 0000000..4dccbd6 --- /dev/null +++ b/vars/RedHat.yml @@ -0,0 +1,11 @@ +--- +apache_daemon: httpd +apache_server_root: /etc/httpd +apache_conf_path: /etc/httpd/conf.d +apache_packages: + - httpd + - httpd-devel + - mod_ssl + - openssh +apache_vhosts: + - {servername: "local.dev", documentroot: "/var/www/html"} diff --git a/vars/main.yml b/vars/main.yml index 58acd26..46a4777 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,6 +1,8 @@ --- apache_enablerepo: "" + apache_listen_port: 80 + apache_vhosts: # Additional properties: 'serveradmin, extra_parameters'. - {servername: "local.dev", documentroot: "/var/www/html"} From c9f5637003f6424a7e589ba5ba6097d10967fd67 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Tue, 22 Apr 2014 07:35:56 -0500 Subject: [PATCH 010/128] Clean up README.md. --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index 8908e30..cbcd0fb 100644 --- a/README.md +++ b/README.md @@ -56,5 +56,3 @@ MIT / BSD ## Author Information This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). - -This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). From 489dc306bb8fe5a20b9be00597ad3bd586e71d60 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Tue, 22 Apr 2014 07:39:07 -0500 Subject: [PATCH 011/128] Add Travis CI integration. --- .travis.yml | 12 ++++++++++++ tests/inventory | 1 + tests/test.yml | 8 ++++++++ 3 files changed, 21 insertions(+) create mode 100644 .travis.yml create mode 100644 tests/inventory create mode 100644 tests/test.yml diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..c4f2155 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,12 @@ +--- +language: python +python: "2.7" +env: + - SITE=test.yml +before_install: + - sudo apt-get update -qq +install: + - pip install ansible==1.5.0 +script: + - ansible-playbook -i tests/inventory tests/$SITE --syntax-check + - ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo \ No newline at end of file diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 0000000..2fbb50c --- /dev/null +++ b/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..e89cdca --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,8 @@ +--- +- hosts: all + vars_files: + - '../vars/main.yml' + tasks: + - include: '../tasks/main.yml' + handlers: + - include: '../handlers/main.yml' From 70e6ecff607469d4cd44c2ee401a7a6219a4f38a Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Tue, 22 Apr 2014 07:40:26 -0500 Subject: [PATCH 012/128] Add Travis build status to README. --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index cbcd0fb..5b577d0 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # Ansible Role: Apache 2.x +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-apache.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-apache) + An Ansible Role that installs Apache 2.x on RHEL/CentOS and Debian/Ubuntu. ## Requirements From 0e3a6bb46326254402da0681fd197f94aa788ade Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Tue, 22 Apr 2014 08:47:05 -0500 Subject: [PATCH 013/128] Added idempotence test and integration test via Travis. --- .travis.yml | 5 ++++- tests/idempotence.sh | 16 ++++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 tests/idempotence.sh diff --git a/.travis.yml b/.travis.yml index c4f2155..7449036 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,8 +5,11 @@ env: - SITE=test.yml before_install: - sudo apt-get update -qq + - sudo apt-get install -y curl install: - pip install ansible==1.5.0 script: - ansible-playbook -i tests/inventory tests/$SITE --syntax-check - - ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo \ No newline at end of file + - ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo + - ./tests/idempotence.sh + - curl http://localhost/ diff --git a/tests/idempotence.sh b/tests/idempotence.sh new file mode 100644 index 0000000..68d5dee --- /dev/null +++ b/tests/idempotence.sh @@ -0,0 +1,16 @@ +#!/bin/sh + +# Idempotency test for Ansible +# +# Runs an Ansible role/playbook, and makes sure no changes were made. +# +# @author Jeff Geerling, 2014 + +# Change directory up one level (into project root). +cd ../ + +# Run playbook, and exit with 0 status if 'changed=0' found (good). +ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo | grep -q 'changed=0' && exit 0 + +# Exit with a non-zero status if 'changed=0' was not found. +exit 1 From 626578ea9dc692dd28b78986a3d24caef8393d14 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Tue, 22 Apr 2014 08:54:04 -0500 Subject: [PATCH 014/128] Get idempotence test working. --- .travis.yml | 2 +- tests/idempotence.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) mode change 100644 => 100755 tests/idempotence.sh diff --git a/.travis.yml b/.travis.yml index 7449036..33e2e71 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,5 +11,5 @@ install: script: - ansible-playbook -i tests/inventory tests/$SITE --syntax-check - ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo - - ./tests/idempotence.sh + - bash tests/idempotence.sh - curl http://localhost/ diff --git a/tests/idempotence.sh b/tests/idempotence.sh old mode 100644 new mode 100755 index 68d5dee..ba0774d --- a/tests/idempotence.sh +++ b/tests/idempotence.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # Idempotency test for Ansible # From e4f1b37bdd4c581d7e327c41f195b3af84c4f39c Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Tue, 22 Apr 2014 08:57:50 -0500 Subject: [PATCH 015/128] Get idempotence test working - more testing. --- tests/idempotence.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/idempotence.sh b/tests/idempotence.sh index ba0774d..ea12371 100755 --- a/tests/idempotence.sh +++ b/tests/idempotence.sh @@ -10,6 +10,8 @@ cd ../ # Run playbook, and exit with 0 status if 'changed=0' found (good). +pwd +echo "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo" ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo | grep -q 'changed=0' && exit 0 # Exit with a non-zero status if 'changed=0' was not found. From 718edc6fa284207e711d48a700edfa0996f03c71 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Tue, 22 Apr 2014 09:31:45 -0500 Subject: [PATCH 016/128] More testing with Travis. --- tests/idempotence.sh | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/tests/idempotence.sh b/tests/idempotence.sh index ea12371..5560f5b 100755 --- a/tests/idempotence.sh +++ b/tests/idempotence.sh @@ -6,13 +6,10 @@ # # @author Jeff Geerling, 2014 -# Change directory up one level (into project root). -cd ../ - # Run playbook, and exit with 0 status if 'changed=0' found (good). pwd -echo "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo" -ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo | grep -q 'changed=0' && exit 0 +ls +ansible-playbook -i ../tests/inventory ../tests/$SITE --connection=local --sudo | grep -q 'changed=0' && exit 0 # Exit with a non-zero status if 'changed=0' was not found. exit 1 From 14f32f838265e0bd19ecac5587717736b4092af7 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Tue, 22 Apr 2014 09:43:36 -0500 Subject: [PATCH 017/128] Check for idempotency within .travis.yml. --- .travis.yml | 8 ++++---- tests/idempotence.sh | 15 --------------- 2 files changed, 4 insertions(+), 19 deletions(-) delete mode 100755 tests/idempotence.sh diff --git a/.travis.yml b/.travis.yml index 33e2e71..253b45e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,7 +9,7 @@ before_install: install: - pip install ansible==1.5.0 script: - - ansible-playbook -i tests/inventory tests/$SITE --syntax-check - - ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo - - bash tests/idempotence.sh - - curl http://localhost/ + - "ansible-playbook -i tests/inventory tests/$SITE --syntax-check" + - "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo" + - "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo | grep -q 'changed=0.*failed=0' && exit 0 || exit 1" + - "curl http://localhost/" diff --git a/tests/idempotence.sh b/tests/idempotence.sh deleted file mode 100755 index 5560f5b..0000000 --- a/tests/idempotence.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash - -# Idempotency test for Ansible -# -# Runs an Ansible role/playbook, and makes sure no changes were made. -# -# @author Jeff Geerling, 2014 - -# Run playbook, and exit with 0 status if 'changed=0' found (good). -pwd -ls -ansible-playbook -i ../tests/inventory ../tests/$SITE --connection=local --sudo | grep -q 'changed=0' && exit 0 - -# Exit with a non-zero status if 'changed=0' was not found. -exit 1 From ea62c96c5ad1150b6c051ce2e0abe0ca888500d2 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Tue, 22 Apr 2014 10:02:31 -0500 Subject: [PATCH 018/128] Test idempotence test in playbook. --- tasks/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tasks/main.yml b/tasks/main.yml index 0d4059d..7c20b46 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -20,3 +20,7 @@ name={{ apache_daemon }} state=started enabled=yes + +- name: Test task that always reports a change. + command: date + changed_when: true From c27d453466af814f984d7fa0285abb83043ee532 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Tue, 22 Apr 2014 10:21:44 -0500 Subject: [PATCH 019/128] Better formatting for .travis.yml. --- .travis.yml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 253b45e..f32d3b0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,7 +9,18 @@ before_install: install: - pip install ansible==1.5.0 script: + # Check the role/playbook's syntax. - "ansible-playbook -i tests/inventory tests/$SITE --syntax-check" + + # Run the role/playbook with ansible-playbook. - "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo" - - "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo | grep -q 'changed=0.*failed=0' && exit 0 || exit 1" + + # Run the role/playbook again, checking to make sure it's idempotent. + - > + ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1)" + + # Request a page via Apache, to make sure Apache is running and responds. - "curl http://localhost/" From 48251c9f5a3f50188c7d9781c9fa3146a46f8349 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Tue, 22 Apr 2014 10:36:30 -0500 Subject: [PATCH 020/128] Fixed up errant quote. --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index f32d3b0..25cef97 100644 --- a/.travis.yml +++ b/.travis.yml @@ -20,7 +20,7 @@ script: ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo | grep -q 'changed=0.*failed=0' && (echo 'Idempotence test: pass' && exit 0) - || (echo 'Idempotence test: fail' && exit 1)" + || (echo 'Idempotence test: fail' && exit 1) # Request a page via Apache, to make sure Apache is running and responds. - "curl http://localhost/" From b8bd8d5e4c91da120e8adc04a404141c15dc3f4c Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Tue, 22 Apr 2014 10:58:01 -0500 Subject: [PATCH 021/128] Back to a passing build. --- tasks/main.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index 7c20b46..0d4059d 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -20,7 +20,3 @@ name={{ apache_daemon }} state=started enabled=yes - -- name: Test task that always reports a change. - command: date - changed_when: true From 917b9edbc7fd25f4a35a1c8d6f7e5785ea40adba Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Wed, 23 Apr 2014 09:47:33 -0500 Subject: [PATCH 022/128] Add apache_create_vhosts var, and allow mods to be enabled on Debian hosts. --- README.md | 4 ++++ tasks/main.yml | 1 + tasks/setup-Debian.yml | 8 ++++++++ vars/Debian.yml | 2 ++ vars/main.yml | 2 ++ 5 files changed, 17 insertions(+) diff --git a/README.md b/README.md index 5b577d0..3a3edc9 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,10 @@ The repository to use when installing Apache (only used on RHEL/CentOS systems). The port on which apache should be listening. Useful if you have another service (like a reverse proxy) listening on port 80. + apache_create_vhosts: true + +If set to true, a vhosts file, managed by this role's variables (see below), will be created and placed in the Apache configuration folder. If set to false, you can place your own vhosts file into Apache's configuration folder and skip the convenient (but more basic) one added by this role. + apache_vhosts: # Additional optional properties: 'serveradmin, extra_parameters'. - {servername: "local.dev", documentroot: "/var/www/html"} diff --git a/tasks/main.yml b/tasks/main.yml index 0d4059d..28a4db5 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -14,6 +14,7 @@ dest={{ apache_conf_path }}/vhosts.conf owner=root group=root mode=644 notify: restart apache + when: apache_create_vhosts - name: Ensure Apache is started and enabled on boot. service: > diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 7dc8058..4fbb620 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -21,3 +21,11 @@ line: "NameVirtualHost *:{{ apache_listen_port }}" } notify: restart apache + +- name: Enable Apache mods. + file: > + src=/etc/apache2/mods-available/{{ item }} + dest=/etc/apache2/mods-enabled/{{ item }} + state=link + with_items: apache_mods_enabled + notify: restart apache diff --git a/vars/Debian.yml b/vars/Debian.yml index 7fa40b5..e4e6e51 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -10,3 +10,5 @@ apache_packages: - apache2.2-common apache_vhosts: - {servername: "local.dev", documentroot: "/var/www"} +apache_mods_enabled: + - rewrite.load diff --git a/vars/main.yml b/vars/main.yml index 46a4777..3388292 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -3,6 +3,8 @@ apache_enablerepo: "" apache_listen_port: 80 +apache_create_vhosts: true + apache_vhosts: # Additional properties: 'serveradmin, extra_parameters'. - {servername: "local.dev", documentroot: "/var/www/html"} From ca4e5f8cfec634a4722411db8da8368f464df43a Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Wed, 23 Apr 2014 09:49:55 -0500 Subject: [PATCH 023/128] Adjust Apache mod enabling on Debian/Ubuntu. --- README.md | 5 +++++ tasks/setup-Debian.yml | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 3a3edc9..c21fd2f 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,11 @@ Add a set of properties per virtualhost, including `servername` (required), `doc Note that this role doesn't configure SSL support out of the box; you would need to add in additional tasks to listen on port 443 and add your own VirtualHost directives for SSL. This may be improved in the future :) + apache_mods_enabled: + - rewrite.load + +(Debian/Ubuntu ONLY) Which Apache mods to enable (these will be symlinked into the apporopriate location). See the `mods-available` directory inside the apache configuration directory (`/etc/apache2/mods-available` by default) for all the available mods. + ## Dependencies None. diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 4fbb620..f95b48b 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -24,8 +24,8 @@ - name: Enable Apache mods. file: > - src=/etc/apache2/mods-available/{{ item }} - dest=/etc/apache2/mods-enabled/{{ item }} + src={{ apache_server_root }}/mods-available/{{ item }} + dest={{ apache_server_root }}/mods-enabled/{{ item }} state=link with_items: apache_mods_enabled notify: restart apache From 781c8cbfd8243d2fd64d3b9905e5021195067eae Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Wed, 23 Apr 2014 12:38:25 -0500 Subject: [PATCH 024/128] Update meta description. --- meta/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/main.yml b/meta/main.yml index 2b97bc8..e97f518 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -3,7 +3,7 @@ dependencies: [] galaxy_info: author: geerlingguy - description: Apache 2.x for RHEL/CentOS/Debian/Ubuntu. + description: Apache 2.x for RedHat/CentOS/Debian/Ubuntu. company: "Midwestern Mac, LLC" license: "license (BSD, MIT)" min_ansible_version: 1.4 From d2401eb840392307e07dd802125baa1d384c4f63 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Wed, 23 Apr 2014 12:59:07 -0500 Subject: [PATCH 025/128] Update Travis to test the role itself (less setup work). --- .travis.yml | 8 ++++++++ tests/test.yml | 11 ++++------- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/.travis.yml b/.travis.yml index 25cef97..84cdbda 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,13 +1,21 @@ --- language: python python: "2.7" + env: - SITE=test.yml + before_install: - sudo apt-get update -qq - sudo apt-get install -y curl + install: + # Install Ansible. - pip install ansible==1.5.0 + + # Add ansible.cfg to pick up roles path. + - "printf '[defaults]\nroles_path = ../' > ansible.cfg" + script: # Check the role/playbook's syntax. - "ansible-playbook -i tests/inventory tests/$SITE --syntax-check" diff --git a/tests/test.yml b/tests/test.yml index e89cdca..854cb52 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -1,8 +1,5 @@ --- -- hosts: all - vars_files: - - '../vars/main.yml' - tasks: - - include: '../tasks/main.yml' - handlers: - - include: '../handlers/main.yml' +- hosts: localhost + remote_user: root + roles: + - ansible-role-apache From 21845388765ad28cc6fd235403ca54e0b945ec4d Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Mon, 5 May 2014 09:45:51 -0500 Subject: [PATCH 026/128] Use defaults instead of main vars for easier overriding. --- README.md | 2 +- defaults/Debian.yml | 14 ++++++++++++++ defaults/RedHat.yml | 11 +++++++++++ defaults/main.yml | 10 ++++++++++ vars/Debian.yml | 14 +------------- vars/RedHat.yml | 11 +---------- vars/main.yml | 10 +--------- 7 files changed, 39 insertions(+), 33 deletions(-) create mode 100644 defaults/Debian.yml create mode 100644 defaults/RedHat.yml create mode 100644 defaults/main.yml diff --git a/README.md b/README.md index c21fd2f..2d219c2 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ None. ## Role Variables -Available variables are listed below, along with default values (see `vars/main.yml`): +Available variables are listed below, along with default values (see `defaults/main.yml`): apache_enablerepo: "" diff --git a/defaults/Debian.yml b/defaults/Debian.yml new file mode 100644 index 0000000..e4e6e51 --- /dev/null +++ b/defaults/Debian.yml @@ -0,0 +1,14 @@ +--- +apache_daemon: apache2 +apache_server_root: /etc/apache2 +apache_conf_path: /etc/apache2/sites-enabled +apache_packages: + - apache2 + - apache2-mpm-prefork + - apache2-utils + - apache2.2-bin + - apache2.2-common +apache_vhosts: + - {servername: "local.dev", documentroot: "/var/www"} +apache_mods_enabled: + - rewrite.load diff --git a/defaults/RedHat.yml b/defaults/RedHat.yml new file mode 100644 index 0000000..4dccbd6 --- /dev/null +++ b/defaults/RedHat.yml @@ -0,0 +1,11 @@ +--- +apache_daemon: httpd +apache_server_root: /etc/httpd +apache_conf_path: /etc/httpd/conf.d +apache_packages: + - httpd + - httpd-devel + - mod_ssl + - openssh +apache_vhosts: + - {servername: "local.dev", documentroot: "/var/www/html"} diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..3388292 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,10 @@ +--- +apache_enablerepo: "" + +apache_listen_port: 80 + +apache_create_vhosts: true + +apache_vhosts: + # Additional properties: 'serveradmin, extra_parameters'. + - {servername: "local.dev", documentroot: "/var/www/html"} diff --git a/vars/Debian.yml b/vars/Debian.yml index e4e6e51..36313d9 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -1,14 +1,2 @@ --- -apache_daemon: apache2 -apache_server_root: /etc/apache2 -apache_conf_path: /etc/apache2/sites-enabled -apache_packages: - - apache2 - - apache2-mpm-prefork - - apache2-utils - - apache2.2-bin - - apache2.2-common -apache_vhosts: - - {servername: "local.dev", documentroot: "/var/www"} -apache_mods_enabled: - - rewrite.load +# See defaults/Debian.yml diff --git a/vars/RedHat.yml b/vars/RedHat.yml index 4dccbd6..dcaacd5 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -1,11 +1,2 @@ --- -apache_daemon: httpd -apache_server_root: /etc/httpd -apache_conf_path: /etc/httpd/conf.d -apache_packages: - - httpd - - httpd-devel - - mod_ssl - - openssh -apache_vhosts: - - {servername: "local.dev", documentroot: "/var/www/html"} +# See defaults/RedHat.yml diff --git a/vars/main.yml b/vars/main.yml index 3388292..05e2673 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,10 +1,2 @@ --- -apache_enablerepo: "" - -apache_listen_port: 80 - -apache_create_vhosts: true - -apache_vhosts: - # Additional properties: 'serveradmin, extra_parameters'. - - {servername: "local.dev", documentroot: "/var/www/html"} +# See defaults/main.yml From 0318fedaf414cc5cdd6fd23ba1a9c5597a8f2b53 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Mon, 5 May 2014 09:58:15 -0500 Subject: [PATCH 027/128] Update variables to allow easier overriding of vhosts. --- defaults/Debian.yml | 14 ++++++++++++++ defaults/RedHat.yml | 11 +++++++++++ defaults/main.yml | 10 ++++++++++ vars/RedHat.yml | 2 -- vars/main.yml | 4 ---- 5 files changed, 35 insertions(+), 6 deletions(-) create mode 100644 defaults/Debian.yml create mode 100644 defaults/RedHat.yml create mode 100644 defaults/main.yml diff --git a/defaults/Debian.yml b/defaults/Debian.yml new file mode 100644 index 0000000..e4e6e51 --- /dev/null +++ b/defaults/Debian.yml @@ -0,0 +1,14 @@ +--- +apache_daemon: apache2 +apache_server_root: /etc/apache2 +apache_conf_path: /etc/apache2/sites-enabled +apache_packages: + - apache2 + - apache2-mpm-prefork + - apache2-utils + - apache2.2-bin + - apache2.2-common +apache_vhosts: + - {servername: "local.dev", documentroot: "/var/www"} +apache_mods_enabled: + - rewrite.load diff --git a/defaults/RedHat.yml b/defaults/RedHat.yml new file mode 100644 index 0000000..4dccbd6 --- /dev/null +++ b/defaults/RedHat.yml @@ -0,0 +1,11 @@ +--- +apache_daemon: httpd +apache_server_root: /etc/httpd +apache_conf_path: /etc/httpd/conf.d +apache_packages: + - httpd + - httpd-devel + - mod_ssl + - openssh +apache_vhosts: + - {servername: "local.dev", documentroot: "/var/www/html"} diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..3388292 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,10 @@ +--- +apache_enablerepo: "" + +apache_listen_port: 80 + +apache_create_vhosts: true + +apache_vhosts: + # Additional properties: 'serveradmin, extra_parameters'. + - {servername: "local.dev", documentroot: "/var/www/html"} diff --git a/vars/RedHat.yml b/vars/RedHat.yml index 4dccbd6..04a0e7b 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -7,5 +7,3 @@ apache_packages: - httpd-devel - mod_ssl - openssh -apache_vhosts: - - {servername: "local.dev", documentroot: "/var/www/html"} diff --git a/vars/main.yml b/vars/main.yml index 3388292..54c78ec 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -4,7 +4,3 @@ apache_enablerepo: "" apache_listen_port: 80 apache_create_vhosts: true - -apache_vhosts: - # Additional properties: 'serveradmin, extra_parameters'. - - {servername: "local.dev", documentroot: "/var/www/html"} From f7f52740f0bc8fd3b1be36d4da2cb722f3200e5e Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sat, 10 May 2014 13:33:06 -0500 Subject: [PATCH 028/128] Add ids for environments. --- tasks/setup-Debian.yml | 6 +++--- tasks/setup-RedHat.yml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index f95b48b..e3efa5f 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -1,11 +1,11 @@ --- -- name: Ensure Apache is installed. +- name: Ensure Apache is installed (Debian). apt: > name={{ item }} state=installed with_items: apache_packages -- name: Configure Apache. +- name: Configure Apache (Debian). lineinfile: > dest="{{ apache_server_root }}/ports.conf" regexp="{{ item.regexp }}" @@ -22,7 +22,7 @@ } notify: restart apache -- name: Enable Apache mods. +- name: Enable Apache mods (Debian). file: > src={{ apache_server_root }}/mods-available/{{ item }} dest={{ apache_server_root }}/mods-enabled/{{ item }} diff --git a/tasks/setup-RedHat.yml b/tasks/setup-RedHat.yml index a009406..f150175 100644 --- a/tasks/setup-RedHat.yml +++ b/tasks/setup-RedHat.yml @@ -1,12 +1,12 @@ --- -- name: Ensure Apache is installed. +- name: Ensure Apache is installed (RedHat). yum: > name={{ item }} state=installed enablerepo={{ apache_enablerepo }} with_items: apache_packages -- name: Configure Apache. +- name: Configure Apache (RedHat). lineinfile: > dest={{ apache_server_root }}/conf/{{ apache_daemon }}.conf regexp="{{ item.regexp }}" From 1a06c728850314709273334832f9074f0e84727b Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sun, 3 Aug 2014 21:45:04 -0500 Subject: [PATCH 029/128] Install current version of Ansible when testing instead of 1.5.0. --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 84cdbda..d1b9c3d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,7 +11,7 @@ before_install: install: # Install Ansible. - - pip install ansible==1.5.0 + - pip install ansible # Add ansible.cfg to pick up roles path. - "printf '[defaults]\nroles_path = ../' > ansible.cfg" From 6820a17c92ad3f19f12cb03936743311039c927f Mon Sep 17 00:00:00 2001 From: Sebastian Schwarz Date: Wed, 10 Sep 2014 11:22:40 +0200 Subject: [PATCH 030/128] Make apache_mods_enabled work. The variable apache_mods_enabled was always overridden by vars/Debian.yml. It should be placed in defaults/main.yml instead so the user's changes take effect as specied in the README. Also deleted superfluous files defaults/Debian.yml, defaults/RedHat.yml and vars/main.yml. The former two were never read and the contents of the latter one should be placed in defaults/main.yml. --- defaults/Debian.yml | 14 -------------- defaults/RedHat.yml | 11 ----------- defaults/main.yml | 3 +++ vars/Debian.yml | 2 -- vars/main.yml | 6 ------ 5 files changed, 3 insertions(+), 33 deletions(-) delete mode 100644 defaults/Debian.yml delete mode 100644 defaults/RedHat.yml delete mode 100644 vars/main.yml diff --git a/defaults/Debian.yml b/defaults/Debian.yml deleted file mode 100644 index e4e6e51..0000000 --- a/defaults/Debian.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apache_daemon: apache2 -apache_server_root: /etc/apache2 -apache_conf_path: /etc/apache2/sites-enabled -apache_packages: - - apache2 - - apache2-mpm-prefork - - apache2-utils - - apache2.2-bin - - apache2.2-common -apache_vhosts: - - {servername: "local.dev", documentroot: "/var/www"} -apache_mods_enabled: - - rewrite.load diff --git a/defaults/RedHat.yml b/defaults/RedHat.yml deleted file mode 100644 index 4dccbd6..0000000 --- a/defaults/RedHat.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apache_daemon: httpd -apache_server_root: /etc/httpd -apache_conf_path: /etc/httpd/conf.d -apache_packages: - - httpd - - httpd-devel - - mod_ssl - - openssh -apache_vhosts: - - {servername: "local.dev", documentroot: "/var/www/html"} diff --git a/defaults/main.yml b/defaults/main.yml index 3388292..4dfc8df 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -3,6 +3,9 @@ apache_enablerepo: "" apache_listen_port: 80 +apache_mods_enabled: + - rewrite.load + apache_create_vhosts: true apache_vhosts: diff --git a/vars/Debian.yml b/vars/Debian.yml index 8c40f38..d2d1706 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -8,5 +8,3 @@ apache_packages: - apache2-utils - apache2.2-bin - apache2.2-common -apache_mods_enabled: - - rewrite.load diff --git a/vars/main.yml b/vars/main.yml deleted file mode 100644 index 54c78ec..0000000 --- a/vars/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -apache_enablerepo: "" - -apache_listen_port: 80 - -apache_create_vhosts: true From 83ab160cff53d7ca43db4af04d33adb4eb5acbd3 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sun, 5 Oct 2014 08:02:17 -0500 Subject: [PATCH 031/128] Issue #5: Allow apache_packages to be overridden. --- tasks/main.yml | 10 ++++++++++ vars/{Debian.yml => Debian-precise.yml} | 2 +- vars/Debian-trusty.yml | 9 +++++++++ vars/RedHat.yml | 2 +- 4 files changed, 21 insertions(+), 2 deletions(-) rename vars/{Debian.yml => Debian-precise.yml} (91%) create mode 100644 vars/Debian-trusty.yml diff --git a/tasks/main.yml b/tasks/main.yml index 28a4db5..db0d99e 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,6 +1,16 @@ --- - name: Include OS-specific variables. include_vars: "{{ ansible_os_family }}.yml" + when: ansible_os_family == 'RedHat' + +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}-{{ ansible_lsb.codename }}.yml" + when: ansible_os_family == 'Debian' + +- name: Define apache_packages. + set_fact: + apache_packages: "{{ __apache_packages | list }}" + when: apache_packages is not defined - include: setup-RedHat.yml when: ansible_os_family == 'RedHat' diff --git a/vars/Debian.yml b/vars/Debian-precise.yml similarity index 91% rename from vars/Debian.yml rename to vars/Debian-precise.yml index d2d1706..62f51e2 100644 --- a/vars/Debian.yml +++ b/vars/Debian-precise.yml @@ -2,7 +2,7 @@ apache_daemon: apache2 apache_server_root: /etc/apache2 apache_conf_path: /etc/apache2/sites-enabled -apache_packages: +__apache_packages: - apache2 - apache2-mpm-prefork - apache2-utils diff --git a/vars/Debian-trusty.yml b/vars/Debian-trusty.yml new file mode 100644 index 0000000..cfcaa8a --- /dev/null +++ b/vars/Debian-trusty.yml @@ -0,0 +1,9 @@ +--- +apache_daemon: apache2 +apache_server_root: /etc/apache2 +apache_conf_path: /etc/apache2/sites-enabled +__apache_packages: + - apache2 + - apache2-mpm-prefork + - apache2-utils + - apache2-bin diff --git a/vars/RedHat.yml b/vars/RedHat.yml index 04a0e7b..e69d549 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -2,7 +2,7 @@ apache_daemon: httpd apache_server_root: /etc/httpd apache_conf_path: /etc/httpd/conf.d -apache_packages: +__apache_packages: - httpd - httpd-devel - mod_ssl From 3a277cbff6e53f57a4b16082d2095ecc96165ac8 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sun, 5 Oct 2014 18:15:56 -0500 Subject: [PATCH 032/128] Issue #1: Add updated vhosts file for Apache 2.4. --- tasks/main.yml | 2 +- tasks/setup-RedHat.yml | 4 ++-- .../{vhosts.conf.j2 => vhosts-2.2.conf.j2} | 0 templates/vhosts-2.4.conf.j2 | 22 +++++++++++++++++++ vars/Debian-precise.yml | 1 + vars/Debian-trusty.yml | 1 + vars/RedHat.yml | 1 + 7 files changed, 28 insertions(+), 3 deletions(-) rename templates/{vhosts.conf.j2 => vhosts-2.2.conf.j2} (100%) create mode 100644 templates/vhosts-2.4.conf.j2 diff --git a/tasks/main.yml b/tasks/main.yml index db0d99e..db35de4 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -20,7 +20,7 @@ - name: Add apache vhosts configuration. template: > - src=vhosts.conf.j2 + src=vhosts-{{ apache_vhosts_version }}.conf.j2 dest={{ apache_conf_path }}/vhosts.conf owner=root group=root mode=644 notify: restart apache diff --git a/tasks/setup-RedHat.yml b/tasks/setup-RedHat.yml index f150175..a009406 100644 --- a/tasks/setup-RedHat.yml +++ b/tasks/setup-RedHat.yml @@ -1,12 +1,12 @@ --- -- name: Ensure Apache is installed (RedHat). +- name: Ensure Apache is installed. yum: > name={{ item }} state=installed enablerepo={{ apache_enablerepo }} with_items: apache_packages -- name: Configure Apache (RedHat). +- name: Configure Apache. lineinfile: > dest={{ apache_server_root }}/conf/{{ apache_daemon }}.conf regexp="{{ item.regexp }}" diff --git a/templates/vhosts.conf.j2 b/templates/vhosts-2.2.conf.j2 similarity index 100% rename from templates/vhosts.conf.j2 rename to templates/vhosts-2.2.conf.j2 diff --git a/templates/vhosts-2.4.conf.j2 b/templates/vhosts-2.4.conf.j2 new file mode 100644 index 0000000..496f27a --- /dev/null +++ b/templates/vhosts-2.4.conf.j2 @@ -0,0 +1,22 @@ + +DirectoryIndex index.php index.html + +{# Set up VirtualHosts - servername and documentroot are required. #} +{% for vhost in apache_vhosts %} + + ServerName {{ vhost.servername }} + DocumentRoot {{ vhost.documentroot }} +{% if vhost.serveradmin is defined %} + ServerAdmin {{ vhost.serveradmin }} +{% endif %} + + AllowOverride All + Options -Indexes +FollowSymLinks + Require all granted + +{% if vhost.extra_parameters is defined %} + {{ vhost.extra_parameters }} +{% endif %} + + +{% endfor %} diff --git a/vars/Debian-precise.yml b/vars/Debian-precise.yml index 62f51e2..8a10280 100644 --- a/vars/Debian-precise.yml +++ b/vars/Debian-precise.yml @@ -2,6 +2,7 @@ apache_daemon: apache2 apache_server_root: /etc/apache2 apache_conf_path: /etc/apache2/sites-enabled +apache_vhosts_version: "2.2" __apache_packages: - apache2 - apache2-mpm-prefork diff --git a/vars/Debian-trusty.yml b/vars/Debian-trusty.yml index cfcaa8a..d989b78 100644 --- a/vars/Debian-trusty.yml +++ b/vars/Debian-trusty.yml @@ -2,6 +2,7 @@ apache_daemon: apache2 apache_server_root: /etc/apache2 apache_conf_path: /etc/apache2/sites-enabled +apache_vhosts_version: "2.4" __apache_packages: - apache2 - apache2-mpm-prefork diff --git a/vars/RedHat.yml b/vars/RedHat.yml index e69d549..550c79a 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -2,6 +2,7 @@ apache_daemon: httpd apache_server_root: /etc/httpd apache_conf_path: /etc/httpd/conf.d +apache_vhosts_version: "2.2" __apache_packages: - httpd - httpd-devel From d191d3a7fd203995d43c26bcfd469ec3fb33a04f Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sun, 5 Oct 2014 18:58:35 -0500 Subject: [PATCH 033/128] Issue #12: Use sites-available and sites-enabled Debian convention. --- meta/main.yml | 5 ++++- tasks/setup-Debian.yml | 30 ++++++++++++++++++------------ tasks/setup-RedHat.yml | 10 +--------- vars/Debian-precise.yml | 13 ++++++++++++- vars/Debian-trusty.yml | 9 ++++++++- vars/RedHat.yml | 12 ++++++++++++ 6 files changed, 55 insertions(+), 24 deletions(-) diff --git a/meta/main.yml b/meta/main.yml index e97f518..297842f 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -16,6 +16,9 @@ galaxy_info: - all - name: Ubuntu versions: - - all + - precise + - raring + - saucy + - trusty categories: - web diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index e3efa5f..add94c8 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -1,31 +1,37 @@ --- -- name: Ensure Apache is installed (Debian). +- name: Ensure Apache is installed. apt: > name={{ item }} state=installed with_items: apache_packages -- name: Configure Apache (Debian). +- name: Configure Apache. lineinfile: > dest="{{ apache_server_root }}/ports.conf" regexp="{{ item.regexp }}" line="{{ item.line }}" state=present - with_items: - - { - regexp: "^Listen ", - line: "Listen {{ apache_listen_port }}" - } - - { - regexp: "^NameVirtualHost ", - line: "NameVirtualHost *:{{ apache_listen_port }}" - } + with_items: apache_ports_configuration_items notify: restart apache -- name: Enable Apache mods (Debian). +- name: Enable Apache mods. file: > src={{ apache_server_root }}/mods-available/{{ item }} dest={{ apache_server_root }}/mods-enabled/{{ item }} state=link with_items: apache_mods_enabled notify: restart apache + +- name: Add apache vhosts configuration. + template: > + src=vhosts-{{ apache_vhosts_version }}.conf.j2 + dest={{ apache_conf_path }}/sites-available/vhosts.conf + owner=root group=root mode=644 + notify: restart apache + when: apache_create_vhosts + +- name: Add vhost symlink in sites-enabled. + file: + src: "{{ apache_conf_path }}/sites-available/vhosts.conf" + dest: "{{ apache_conf_path }}/sites-enabled/vhosts.conf" + state: link diff --git a/tasks/setup-RedHat.yml b/tasks/setup-RedHat.yml index a009406..d35076b 100644 --- a/tasks/setup-RedHat.yml +++ b/tasks/setup-RedHat.yml @@ -12,13 +12,5 @@ regexp="{{ item.regexp }}" line="{{ item.line }}" state=present - with_items: - - { - regexp: "^Listen ", - line: "Listen {{ apache_listen_port }}" - } - - { - regexp: "^NameVirtualHost ", - line: "NameVirtualHost *:{{ apache_listen_port }}" - } + with_items: apache_ports_configuration_items notify: restart apache diff --git a/vars/Debian-precise.yml b/vars/Debian-precise.yml index 8a10280..0ba9bc8 100644 --- a/vars/Debian-precise.yml +++ b/vars/Debian-precise.yml @@ -1,11 +1,22 @@ --- apache_daemon: apache2 apache_server_root: /etc/apache2 -apache_conf_path: /etc/apache2/sites-enabled +apache_conf_path: /etc/apache2 apache_vhosts_version: "2.2" + __apache_packages: - apache2 - apache2-mpm-prefork - apache2-utils - apache2.2-bin - apache2.2-common + +apache_ports_configuration_items: + - { + regexp: "^Listen ", + line: "Listen {{ apache_listen_port }}" + } + - { + regexp: "^NameVirtualHost ", + line: "NameVirtualHost *:{{ apache_listen_port }}" + } diff --git a/vars/Debian-trusty.yml b/vars/Debian-trusty.yml index d989b78..f789f83 100644 --- a/vars/Debian-trusty.yml +++ b/vars/Debian-trusty.yml @@ -1,10 +1,17 @@ --- apache_daemon: apache2 apache_server_root: /etc/apache2 -apache_conf_path: /etc/apache2/sites-enabled +apache_conf_path: /etc/apache2 apache_vhosts_version: "2.4" + __apache_packages: - apache2 - apache2-mpm-prefork - apache2-utils - apache2-bin + +apache_ports_configuration_items: + - { + regexp: "^Listen ", + line: "Listen {{ apache_listen_port }}" + } diff --git a/vars/RedHat.yml b/vars/RedHat.yml index 550c79a..607c3ff 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -2,9 +2,21 @@ apache_daemon: httpd apache_server_root: /etc/httpd apache_conf_path: /etc/httpd/conf.d + apache_vhosts_version: "2.2" + __apache_packages: - httpd - httpd-devel - mod_ssl - openssh + +apache_ports_configuration_items: + - { + regexp: "^Listen ", + line: "Listen {{ apache_listen_port }}" + } + - { + regexp: "^NameVirtualHost ", + line: "NameVirtualHost *:{{ apache_listen_port }}" + } \ No newline at end of file From 034bdb7949f06235c51a1df2c1686be8ec9ce86b Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sun, 5 Oct 2014 19:13:00 -0500 Subject: [PATCH 034/128] Code style cleanup. --- handlers/main.yml | 6 +++--- tasks/main.yml | 18 ++++++++++-------- tasks/setup-Debian.yml | 32 ++++++++++++++++---------------- tasks/setup-RedHat.yml | 18 +++++++++--------- vars/Debian-precise.yml | 10 +++++----- vars/Debian-trusty.yml | 8 ++++---- 6 files changed, 47 insertions(+), 45 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index e4ecd63..8e7921f 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: restart apache - service: > - name={{ apache_daemon }} - state=restarted + service: + name: "{{ apache_daemon }}" + state: restarted diff --git a/tasks/main.yml b/tasks/main.yml index db35de4..80f8d95 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -19,15 +19,17 @@ when: ansible_os_family == 'Debian' - name: Add apache vhosts configuration. - template: > - src=vhosts-{{ apache_vhosts_version }}.conf.j2 - dest={{ apache_conf_path }}/vhosts.conf - owner=root group=root mode=644 + template: + src: "vhosts-{{ apache_vhosts_version }}.conf.j2" + dest: "{{ apache_conf_path }}/vhosts.conf" + owner: root + group: root + mode: 0644 notify: restart apache when: apache_create_vhosts - name: Ensure Apache is started and enabled on boot. - service: > - name={{ apache_daemon }} - state=started - enabled=yes + service: + name: "{{ apache_daemon }}" + state: started + enabled: yes diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index add94c8..bb8eec8 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -1,32 +1,32 @@ --- - name: Ensure Apache is installed. - apt: > - name={{ item }} - state=installed + apt: "name={{ item }} state=installed" with_items: apache_packages - name: Configure Apache. - lineinfile: > - dest="{{ apache_server_root }}/ports.conf" - regexp="{{ item.regexp }}" - line="{{ item.line }}" - state=present + lineinfile: + dest: "{{ apache_server_root }}/ports.conf" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present with_items: apache_ports_configuration_items notify: restart apache - name: Enable Apache mods. - file: > - src={{ apache_server_root }}/mods-available/{{ item }} - dest={{ apache_server_root }}/mods-enabled/{{ item }} - state=link + file: + src: "{{ apache_server_root }}/mods-available/{{ item }}" + dest: "{{ apache_server_root }}/mods-enabled/{{ item }}" + state: link with_items: apache_mods_enabled notify: restart apache - name: Add apache vhosts configuration. - template: > - src=vhosts-{{ apache_vhosts_version }}.conf.j2 - dest={{ apache_conf_path }}/sites-available/vhosts.conf - owner=root group=root mode=644 + template: + src: "vhosts-{{ apache_vhosts_version }}.conf.j2" + dest: "{{ apache_conf_path }}/sites-available/vhosts.conf" + owner: root + group: root + mode: 0644 notify: restart apache when: apache_create_vhosts diff --git a/tasks/setup-RedHat.yml b/tasks/setup-RedHat.yml index d35076b..1d66081 100644 --- a/tasks/setup-RedHat.yml +++ b/tasks/setup-RedHat.yml @@ -1,16 +1,16 @@ --- - name: Ensure Apache is installed. - yum: > - name={{ item }} - state=installed - enablerepo={{ apache_enablerepo }} + yum: + name: "{{ item }}" + state: installed + enablerepo: "{{ apache_enablerepo }}" with_items: apache_packages - name: Configure Apache. - lineinfile: > - dest={{ apache_server_root }}/conf/{{ apache_daemon }}.conf - regexp="{{ item.regexp }}" - line="{{ item.line }}" - state=present + lineinfile: + dest: "{{ apache_server_root }}/conf/{{ apache_daemon }}.conf" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present with_items: apache_ports_configuration_items notify: restart apache diff --git a/vars/Debian-precise.yml b/vars/Debian-precise.yml index 0ba9bc8..6d33ea4 100644 --- a/vars/Debian-precise.yml +++ b/vars/Debian-precise.yml @@ -5,11 +5,11 @@ apache_conf_path: /etc/apache2 apache_vhosts_version: "2.2" __apache_packages: - - apache2 - - apache2-mpm-prefork - - apache2-utils - - apache2.2-bin - - apache2.2-common + - apache2 + - apache2-mpm-prefork + - apache2-utils + - apache2.2-bin + - apache2.2-common apache_ports_configuration_items: - { diff --git a/vars/Debian-trusty.yml b/vars/Debian-trusty.yml index f789f83..c21aaca 100644 --- a/vars/Debian-trusty.yml +++ b/vars/Debian-trusty.yml @@ -5,10 +5,10 @@ apache_conf_path: /etc/apache2 apache_vhosts_version: "2.4" __apache_packages: - - apache2 - - apache2-mpm-prefork - - apache2-utils - - apache2-bin + - apache2 + - apache2-mpm-prefork + - apache2-utils + - apache2-bin apache_ports_configuration_items: - { From 4da5f5266878e6dd0fc5b2f5f22f8c7dcb02c9b0 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 10 Oct 2014 09:41:19 -0500 Subject: [PATCH 035/128] Update apt cache if necessary. --- tasks/setup-Debian.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index bb8eec8..1f74d09 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -1,4 +1,7 @@ --- +- name: Update apt cache. + apt: update_cache=yes cache_valid_time=86400 + - name: Ensure Apache is installed. apt: "name={{ item }} state=installed" with_items: apache_packages From aff1f3a524896e1930d07fde8f955a98338acc22 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Wed, 15 Oct 2014 08:39:44 -0500 Subject: [PATCH 036/128] Issue #15: Role broken on non-Ubuntu Precise and Trusty Debians. --- vars/Debian-wheezy.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 vars/Debian-wheezy.yml diff --git a/vars/Debian-wheezy.yml b/vars/Debian-wheezy.yml new file mode 100644 index 0000000..6d33ea4 --- /dev/null +++ b/vars/Debian-wheezy.yml @@ -0,0 +1,22 @@ +--- +apache_daemon: apache2 +apache_server_root: /etc/apache2 +apache_conf_path: /etc/apache2 +apache_vhosts_version: "2.2" + +__apache_packages: + - apache2 + - apache2-mpm-prefork + - apache2-utils + - apache2.2-bin + - apache2.2-common + +apache_ports_configuration_items: + - { + regexp: "^Listen ", + line: "Listen {{ apache_listen_port }}" + } + - { + regexp: "^NameVirtualHost ", + line: "NameVirtualHost *:{{ apache_listen_port }}" + } From d687bb21c58b0227a4ea0e59b0c2cf431e74b146 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Wed, 22 Oct 2014 13:41:14 -0500 Subject: [PATCH 037/128] Issue #14: Fix Apache version detection and related configuration for more flexibility. --- defaults/main.yml | 2 ++ tasks/configure-Debian.yml | 33 +++++++++++++++++++ tasks/configure-RedHat.yml | 19 +++++++++++ tasks/main.yml | 38 ++++++++++++++-------- tasks/setup-Debian.yml | 33 ------------------- tasks/setup-RedHat.yml | 9 ----- vars/Debian-wheezy.yml | 22 ------------- vars/{Debian-trusty.yml => Debian.yml} | 2 -- vars/{Debian-precise.yml => apache-22.yml} | 11 ------- vars/apache-24.yml | 7 ++++ 10 files changed, 85 insertions(+), 91 deletions(-) create mode 100644 tasks/configure-Debian.yml create mode 100644 tasks/configure-RedHat.yml delete mode 100644 vars/Debian-wheezy.yml rename vars/{Debian-trusty.yml => Debian.yml} (86%) rename vars/{Debian-precise.yml => apache-22.yml} (54%) create mode 100644 vars/apache-24.yml diff --git a/defaults/main.yml b/defaults/main.yml index 4dfc8df..3dde26c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -11,3 +11,5 @@ apache_create_vhosts: true apache_vhosts: # Additional properties: 'serveradmin, extra_parameters'. - {servername: "local.dev", documentroot: "/var/www/html"} + +apache_vhosts_version: "2.2" diff --git a/tasks/configure-Debian.yml b/tasks/configure-Debian.yml new file mode 100644 index 0000000..34d0531 --- /dev/null +++ b/tasks/configure-Debian.yml @@ -0,0 +1,33 @@ +--- +- name: Configure Apache. + lineinfile: + dest: "{{ apache_server_root }}/ports.conf" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present + with_items: apache_ports_configuration_items + notify: restart apache + +- name: Enable Apache mods. + file: + src: "{{ apache_server_root }}/mods-available/{{ item }}" + dest: "{{ apache_server_root }}/mods-enabled/{{ item }}" + state: link + with_items: apache_mods_enabled + notify: restart apache + +- name: Add apache vhosts configuration. + template: + src: "vhosts-{{ apache_vhosts_version }}.conf.j2" + dest: "{{ apache_conf_path }}/sites-available/vhosts.conf" + owner: root + group: root + mode: 0644 + notify: restart apache + when: apache_create_vhosts + +- name: Add vhost symlink in sites-enabled. + file: + src: "{{ apache_conf_path }}/sites-available/vhosts.conf" + dest: "{{ apache_conf_path }}/sites-enabled/vhosts.conf" + state: link diff --git a/tasks/configure-RedHat.yml b/tasks/configure-RedHat.yml new file mode 100644 index 0000000..2c1c01b --- /dev/null +++ b/tasks/configure-RedHat.yml @@ -0,0 +1,19 @@ +--- +- name: Configure Apache. + lineinfile: + dest: "{{ apache_server_root }}/conf/{{ apache_daemon }}.conf" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present + with_items: apache_ports_configuration_items + notify: restart apache + +- name: Add apache vhosts configuration. + template: + src: "vhosts-{{ apache_vhosts_version }}.conf.j2" + dest: "{{ apache_conf_path }}/vhosts.conf" + owner: root + group: root + mode: 0644 + notify: restart apache + when: apache_create_vhosts diff --git a/tasks/main.yml b/tasks/main.yml index 80f8d95..e416dcb 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,32 +1,42 @@ --- +# Include variables and define needed variables. - name: Include OS-specific variables. include_vars: "{{ ansible_os_family }}.yml" - when: ansible_os_family == 'RedHat' - -- name: Include OS-specific variables. - include_vars: "{{ ansible_os_family }}-{{ ansible_lsb.codename }}.yml" - when: ansible_os_family == 'Debian' - name: Define apache_packages. set_fact: apache_packages: "{{ __apache_packages | list }}" when: apache_packages is not defined +# Setup/install tasks. - include: setup-RedHat.yml when: ansible_os_family == 'RedHat' - include: setup-Debian.yml when: ansible_os_family == 'Debian' -- name: Add apache vhosts configuration. - template: - src: "vhosts-{{ apache_vhosts_version }}.conf.j2" - dest: "{{ apache_conf_path }}/vhosts.conf" - owner: root - group: root - mode: 0644 - notify: restart apache - when: apache_create_vhosts +# Figure out what version of Apache is installed. +- name: Get installed version of Apache. + command: "{{ apache_daemon }} -v" + changed_when: false + register: _apache_version + +- name: Create apache_version variable. + set_fact: + apache_version: "{{ _apache_version.stdout.split()[2].split('/')[1] }}" + +- include_vars: apache-22.yml + when: "apache_version.split('.')[1] == '2'" + +- include_vars: apache-24.yml + when: "apache_version.split('.')[1] == '4'" + +# Configure Apache. +- include: configure-RedHat.yml + when: ansible_os_family == 'RedHat' + +- include: configure-Debian.yml + when: ansible_os_family == 'Debian' - name: Ensure Apache is started and enabled on boot. service: diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 1f74d09..e6ee8ba 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -5,36 +5,3 @@ - name: Ensure Apache is installed. apt: "name={{ item }} state=installed" with_items: apache_packages - -- name: Configure Apache. - lineinfile: - dest: "{{ apache_server_root }}/ports.conf" - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - state: present - with_items: apache_ports_configuration_items - notify: restart apache - -- name: Enable Apache mods. - file: - src: "{{ apache_server_root }}/mods-available/{{ item }}" - dest: "{{ apache_server_root }}/mods-enabled/{{ item }}" - state: link - with_items: apache_mods_enabled - notify: restart apache - -- name: Add apache vhosts configuration. - template: - src: "vhosts-{{ apache_vhosts_version }}.conf.j2" - dest: "{{ apache_conf_path }}/sites-available/vhosts.conf" - owner: root - group: root - mode: 0644 - notify: restart apache - when: apache_create_vhosts - -- name: Add vhost symlink in sites-enabled. - file: - src: "{{ apache_conf_path }}/sites-available/vhosts.conf" - dest: "{{ apache_conf_path }}/sites-enabled/vhosts.conf" - state: link diff --git a/tasks/setup-RedHat.yml b/tasks/setup-RedHat.yml index 1d66081..e523b2b 100644 --- a/tasks/setup-RedHat.yml +++ b/tasks/setup-RedHat.yml @@ -5,12 +5,3 @@ state: installed enablerepo: "{{ apache_enablerepo }}" with_items: apache_packages - -- name: Configure Apache. - lineinfile: - dest: "{{ apache_server_root }}/conf/{{ apache_daemon }}.conf" - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - state: present - with_items: apache_ports_configuration_items - notify: restart apache diff --git a/vars/Debian-wheezy.yml b/vars/Debian-wheezy.yml deleted file mode 100644 index 6d33ea4..0000000 --- a/vars/Debian-wheezy.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -apache_daemon: apache2 -apache_server_root: /etc/apache2 -apache_conf_path: /etc/apache2 -apache_vhosts_version: "2.2" - -__apache_packages: - - apache2 - - apache2-mpm-prefork - - apache2-utils - - apache2.2-bin - - apache2.2-common - -apache_ports_configuration_items: - - { - regexp: "^Listen ", - line: "Listen {{ apache_listen_port }}" - } - - { - regexp: "^NameVirtualHost ", - line: "NameVirtualHost *:{{ apache_listen_port }}" - } diff --git a/vars/Debian-trusty.yml b/vars/Debian.yml similarity index 86% rename from vars/Debian-trusty.yml rename to vars/Debian.yml index c21aaca..d91ad0a 100644 --- a/vars/Debian-trusty.yml +++ b/vars/Debian.yml @@ -2,13 +2,11 @@ apache_daemon: apache2 apache_server_root: /etc/apache2 apache_conf_path: /etc/apache2 -apache_vhosts_version: "2.4" __apache_packages: - apache2 - apache2-mpm-prefork - apache2-utils - - apache2-bin apache_ports_configuration_items: - { diff --git a/vars/Debian-precise.yml b/vars/apache-22.yml similarity index 54% rename from vars/Debian-precise.yml rename to vars/apache-22.yml index 6d33ea4..e0c6ac9 100644 --- a/vars/Debian-precise.yml +++ b/vars/apache-22.yml @@ -1,16 +1,5 @@ --- -apache_daemon: apache2 -apache_server_root: /etc/apache2 -apache_conf_path: /etc/apache2 apache_vhosts_version: "2.2" - -__apache_packages: - - apache2 - - apache2-mpm-prefork - - apache2-utils - - apache2.2-bin - - apache2.2-common - apache_ports_configuration_items: - { regexp: "^Listen ", diff --git a/vars/apache-24.yml b/vars/apache-24.yml new file mode 100644 index 0000000..c783ce4 --- /dev/null +++ b/vars/apache-24.yml @@ -0,0 +1,7 @@ +--- +apache_vhosts_version: "2.4" +apache_ports_configuration_items: + - { + regexp: "^Listen ", + line: "Listen {{ apache_listen_port }}" + } From b13cb7d4ba0e5d9c2bd9e8517f8039055414c260 Mon Sep 17 00:00:00 2001 From: Guillaume Dedrie Date: Tue, 4 Nov 2014 18:02:42 +0100 Subject: [PATCH 038/128] Prevent task symlink vhost for Debian to failed. When vhost has not been created (using apache_create_vhosts: no), the tasks should not be executed, otherwise it'll failed as the vhosts.conf file has not been created and cannot been linked. --- tasks/configure-Debian.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/configure-Debian.yml b/tasks/configure-Debian.yml index 34d0531..1e67072 100644 --- a/tasks/configure-Debian.yml +++ b/tasks/configure-Debian.yml @@ -31,3 +31,4 @@ src: "{{ apache_conf_path }}/sites-available/vhosts.conf" dest: "{{ apache_conf_path }}/sites-enabled/vhosts.conf" state: link + when: apache_create_vhosts From 8abd97bb32459af3034fec13c5b9e89f05d5a9ad Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Wed, 5 Nov 2014 10:07:20 -0600 Subject: [PATCH 039/128] Issue #17: SSL Support. --- README.md | 31 +++++++++++++++++++++++-------- defaults/main.yml | 22 +++++++++++++++++++--- templates/vhosts-2.2.conf.j2 | 35 ++++++++++++++++++++++++++++++++++- templates/vhosts-2.4.conf.j2 | 35 ++++++++++++++++++++++++++++++++++- 4 files changed, 110 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 2d219c2..4b430f9 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ An Ansible Role that installs Apache 2.x on RHEL/CentOS and Debian/Ubuntu. ## Requirements -None. +If you are using SSL/TLS, you will need to provide your own certificate and key files. You can generate a self-signed certificate with a command like `openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout example.key -out example.crt`. ## Role Variables @@ -17,8 +17,9 @@ Available variables are listed below, along with default values (see `defaults/m The repository to use when installing Apache (only used on RHEL/CentOS systems). If you'd like later versions of Apache than are available in the OS's core repositories, use a repository like EPEL (which can be installed with the `geerlingguy.repo-epel` role). apache_listen_port: 80 + apache_listen_port_ssl: 443 -The port on which apache should be listening. Useful if you have another service (like a reverse proxy) listening on port 80. +The ports on which apache should be listening. Useful if you have another service (like a reverse proxy) listening on port 80 or 443 and need to change the defaults. apache_create_vhosts: true @@ -30,10 +31,29 @@ If set to true, a vhosts file, managed by this role's variables (see below), wil Add a set of properties per virtualhost, including `servername` (required), `documentroot` (required), `serveradmin` (optional: the admin email address for this server), and `extra_parameters` (you can add whatever you'd like in here). -Note that this role doesn't configure SSL support out of the box; you would need to add in additional tasks to listen on port 443 and add your own VirtualHost directives for SSL. This may be improved in the future :) + apache_vhosts_ssl: [] + +No SSL vhosts are configured by default, but you can add them using the same pattern as `apache_vhosts`, with a few additional directives, like the following example: + + apache_vhosts_ssl: + - { + servername: "local.dev", + documentroot: "/var/www/html", + certificate_file: "/home/vagrant/example.crt", + certificate_key_file: "/home/vagrant/example.key", + certificate_chain_file: "/path/to/certificate_chain.crt" + } + +Other SSL directives can be managed with other SSL-related role variables. + + apache_ssl_protocol: "All -SSLv2 -SSLv3" + apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH" + +The SSL protocols and cipher suites that are used/allowed when clients make secure connections to your server. These are secure/sane defaults, but for maximum security, performand, and/or compatibility, you may need to adjust these settings. apache_mods_enabled: - rewrite.load + - ssl.load (Debian/Ubuntu ONLY) Which Apache mods to enable (these will be symlinked into the apporopriate location). See the `mods-available` directory inside the apache configuration directory (`/etc/apache2/mods-available` by default) for all the available mods. @@ -55,11 +75,6 @@ None. apache_vhosts: - {servername: "example.com", documentroot: "/var/www/vhosts/example_com"} -On Debian/Ubuntu hosts, if you get the error `Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?`, You should add a task to make sure your apt_cache is up to date, like: - - - name: Update apt cache if needed. - apt: update_cache=yes cache_valid_time=3600 - ## License MIT / BSD diff --git a/defaults/main.yml b/defaults/main.yml index 3dde26c..059cc6f 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -2,9 +2,7 @@ apache_enablerepo: "" apache_listen_port: 80 - -apache_mods_enabled: - - rewrite.load +apache_listen_port_ssl: 443 apache_create_vhosts: true @@ -12,4 +10,22 @@ apache_vhosts: # Additional properties: 'serveradmin, extra_parameters'. - {servername: "local.dev", documentroot: "/var/www/html"} +apache_vhosts_ssl: [] + # Additional properties: 'serveradmin, extra_parameters'. + # - { + # servername: "local.dev", + # documentroot: "/var/www/html", + # certificate_file: "/path/to/certificate.crt", + # certificate_key_file: "/path/to/certificate.key", + # # Optional. + # certificate_chain_file: "/path/to/certificate_chain.crt" + # } + +apache_ssl_protocol: "All -SSLv2 -SSLv3" +apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH" + apache_vhosts_version: "2.2" + +apache_mods_enabled: + - rewrite.load + - ssl.load diff --git a/templates/vhosts-2.2.conf.j2 b/templates/vhosts-2.2.conf.j2 index da8d072..5e10913 100644 --- a/templates/vhosts-2.2.conf.j2 +++ b/templates/vhosts-2.2.conf.j2 @@ -1,11 +1,44 @@ DirectoryIndex index.php index.html -{# Set up VirtualHosts - servername and documentroot are required. #} +{# Set up VirtualHosts #} {% for vhost in apache_vhosts %} ServerName {{ vhost.servername }} DocumentRoot {{ vhost.documentroot }} + +{% if vhost.serveradmin is defined %} + ServerAdmin {{ vhost.serveradmin }} +{% endif %} + + AllowOverride All + Options -Indexes FollowSymLinks + Order allow,deny + Allow from all + +{% if vhost.extra_parameters is defined %} + {{ vhost.extra_parameters }} +{% endif %} + + +{% endfor %} + +{# Set up SSL VirtualHosts. #} +{% for vhost in apache_vhosts_ssl %} + + ServerName {{ vhost.servername }} + DocumentRoot {{ vhost.documentroot }} + + SSLEngine on + SSLCipherSuite {{ apache_ssl_cipher_suite }} + SSLProtocol {{ apache_ssl_protocol }} + SSLHonorCipherOrder On + SSLCertificateFile {{ vhost.certificate_file }} + SSLCertificateKeyFile {{ vhost.certificate_key_file }} +{% if vhost.certificate_chain_file is defined %} + SSLCertificateChainFile {{ vhost.certificate_chain_file }} +{% endif %} + {% if vhost.serveradmin is defined %} ServerAdmin {{ vhost.serveradmin }} {% endif %} diff --git a/templates/vhosts-2.4.conf.j2 b/templates/vhosts-2.4.conf.j2 index 496f27a..1dd127d 100644 --- a/templates/vhosts-2.4.conf.j2 +++ b/templates/vhosts-2.4.conf.j2 @@ -1,11 +1,44 @@ DirectoryIndex index.php index.html -{# Set up VirtualHosts - servername and documentroot are required. #} +{# Set up VirtualHosts #} {% for vhost in apache_vhosts %} ServerName {{ vhost.servername }} DocumentRoot {{ vhost.documentroot }} + +{% if vhost.serveradmin is defined %} + ServerAdmin {{ vhost.serveradmin }} +{% endif %} + + AllowOverride All + Options -Indexes +FollowSymLinks + Require all granted + +{% if vhost.extra_parameters is defined %} + {{ vhost.extra_parameters }} +{% endif %} + + +{% endfor %} + +{# Set up SSL VirtualHosts #} +{% for vhost in apache_vhosts_ssl %} + + ServerName {{ vhost.servername }} + DocumentRoot {{ vhost.documentroot }} + + SSLEngine on + SSLCipherSuite {{ apache_ssl_cipher_suite }} + SSLProtocol {{ apache_ssl_protocol }} + SSLHonorCipherOrder On + SSLCompression off + SSLCertificateFile {{ vhost.certificate_file }} + SSLCertificateKeyFile {{ vhost.certificate_key_file }} +{% if vhost.certificate_chain_file is defined %} + SSLCertificateChainFile {{ vhost.certificate_chain_file }} +{% endif %} + {% if vhost.serveradmin is defined %} ServerAdmin {{ vhost.serveradmin }} {% endif %} From 2dfd2026ef78b1f2e6d925bcda38130dc260c4f4 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sat, 8 Nov 2014 14:31:56 -0600 Subject: [PATCH 040/128] Update test. --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index d1b9c3d..e7bf93b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,7 +14,7 @@ install: - pip install ansible # Add ansible.cfg to pick up roles path. - - "printf '[defaults]\nroles_path = ../' > ansible.cfg" + - "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg" script: # Check the role/playbook's syntax. From c4b6fa8bb4227dbca791d6e840e13b8e96fb38d5 Mon Sep 17 00:00:00 2001 From: Kevin ARBOUIN Date: Mon, 29 Dec 2014 21:56:03 +0100 Subject: [PATCH 041/128] Add parameters ServerAlias --- defaults/main.yml | 2 +- templates/vhosts-2.2.conf.j2 | 6 ++++++ templates/vhosts-2.4.conf.j2 | 6 ++++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 059cc6f..6deceda 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -7,7 +7,7 @@ apache_listen_port_ssl: 443 apache_create_vhosts: true apache_vhosts: - # Additional properties: 'serveradmin, extra_parameters'. + # Additional properties: 'serveradmin, serveralias, extra_parameters'. - {servername: "local.dev", documentroot: "/var/www/html"} apache_vhosts_ssl: [] diff --git a/templates/vhosts-2.2.conf.j2 b/templates/vhosts-2.2.conf.j2 index 5e10913..3c27677 100644 --- a/templates/vhosts-2.2.conf.j2 +++ b/templates/vhosts-2.2.conf.j2 @@ -5,6 +5,9 @@ DirectoryIndex index.php index.html {% for vhost in apache_vhosts %} ServerName {{ vhost.servername }} +{% if vhost.serveralias is defined %} + ServerAlias {{ vhost.serveralias }} +{% endif %} DocumentRoot {{ vhost.documentroot }} {% if vhost.serveradmin is defined %} @@ -27,6 +30,9 @@ DirectoryIndex index.php index.html {% for vhost in apache_vhosts_ssl %} ServerName {{ vhost.servername }} +{% if vhost.serveralias is defined %} + ServerAlias {{ vhost.serveralias }} +{% endif %} DocumentRoot {{ vhost.documentroot }} SSLEngine on diff --git a/templates/vhosts-2.4.conf.j2 b/templates/vhosts-2.4.conf.j2 index 1dd127d..50f908c 100644 --- a/templates/vhosts-2.4.conf.j2 +++ b/templates/vhosts-2.4.conf.j2 @@ -5,6 +5,9 @@ DirectoryIndex index.php index.html {% for vhost in apache_vhosts %} ServerName {{ vhost.servername }} +{% if vhost.serveralias is defined %} + ServerAlias {{ vhost.serveralias }} +{% endif %} DocumentRoot {{ vhost.documentroot }} {% if vhost.serveradmin is defined %} @@ -26,6 +29,9 @@ DirectoryIndex index.php index.html {% for vhost in apache_vhosts_ssl %} ServerName {{ vhost.servername }} +{% if vhost.serveralias is defined %} + ServerAlias {{ vhost.serveralias }} +{% endif %} DocumentRoot {{ vhost.documentroot }} SSLEngine on From 5eeace69bbbcacdf68752061656b11d52003de7f Mon Sep 17 00:00:00 2001 From: Lewis Wright Date: Thu, 8 Jan 2015 17:29:36 +0000 Subject: [PATCH 042/128] Made the vhost.conf filename configurable --- defaults/main.yml | 1 + tasks/configure-Debian.yml | 6 +++--- tasks/configure-RedHat.yml | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 059cc6f..e6815ac 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -25,6 +25,7 @@ apache_ssl_protocol: "All -SSLv2 -SSLv3" apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH" apache_vhosts_version: "2.2" +apache_vhosts_filename: "vhosts.conf" apache_mods_enabled: - rewrite.load diff --git a/tasks/configure-Debian.yml b/tasks/configure-Debian.yml index 1e67072..f653e8c 100644 --- a/tasks/configure-Debian.yml +++ b/tasks/configure-Debian.yml @@ -19,7 +19,7 @@ - name: Add apache vhosts configuration. template: src: "vhosts-{{ apache_vhosts_version }}.conf.j2" - dest: "{{ apache_conf_path }}/sites-available/vhosts.conf" + dest: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}" owner: root group: root mode: 0644 @@ -28,7 +28,7 @@ - name: Add vhost symlink in sites-enabled. file: - src: "{{ apache_conf_path }}/sites-available/vhosts.conf" - dest: "{{ apache_conf_path }}/sites-enabled/vhosts.conf" + src: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}" + dest: "{{ apache_conf_path }}/sites-enabled/{{ apache_vhosts_filename }}" state: link when: apache_create_vhosts diff --git a/tasks/configure-RedHat.yml b/tasks/configure-RedHat.yml index 2c1c01b..695a9cf 100644 --- a/tasks/configure-RedHat.yml +++ b/tasks/configure-RedHat.yml @@ -11,7 +11,7 @@ - name: Add apache vhosts configuration. template: src: "vhosts-{{ apache_vhosts_version }}.conf.j2" - dest: "{{ apache_conf_path }}/vhosts.conf" + dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}" owner: root group: root mode: 0644 From 0fe7d43213c0ea47318dfbf65ba89a3ec77c9d6e Mon Sep 17 00:00:00 2001 From: Lewis Wright Date: Thu, 8 Jan 2015 17:32:06 +0000 Subject: [PATCH 043/128] Updated readme with apache_vhosts_filename --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 4b430f9..4b5b8e2 100644 --- a/README.md +++ b/README.md @@ -51,6 +51,10 @@ Other SSL directives can be managed with other SSL-related role variables. The SSL protocols and cipher suites that are used/allowed when clients make secure connections to your server. These are secure/sane defaults, but for maximum security, performand, and/or compatibility, you may need to adjust these settings. + apache_vhosts_filename: 'vhosts.conf' + +The filename used for the vhost configuration. + apache_mods_enabled: - rewrite.load - ssl.load From 17a99089ab12215ae113e3bb015001739cb66cff Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 9 Jan 2015 23:30:07 -0600 Subject: [PATCH 044/128] Update documentation and fix a few variables for vhosts configuration. --- README.md | 9 +++------ defaults/main.yml | 4 +--- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 4b5b8e2..c48efba 100644 --- a/README.md +++ b/README.md @@ -22,14 +22,15 @@ The repository to use when installing Apache (only used on RHEL/CentOS systems). The ports on which apache should be listening. Useful if you have another service (like a reverse proxy) listening on port 80 or 443 and need to change the defaults. apache_create_vhosts: true + apache_vhosts_filename: "vhosts.conf" If set to true, a vhosts file, managed by this role's variables (see below), will be created and placed in the Apache configuration folder. If set to false, you can place your own vhosts file into Apache's configuration folder and skip the convenient (but more basic) one added by this role. apache_vhosts: - # Additional optional properties: 'serveradmin, extra_parameters'. + # Additional optional properties: 'serveradmin, serveralias, extra_parameters'. - {servername: "local.dev", documentroot: "/var/www/html"} -Add a set of properties per virtualhost, including `servername` (required), `documentroot` (required), `serveradmin` (optional: the admin email address for this server), and `extra_parameters` (you can add whatever you'd like in here). +Add a set of properties per virtualhost, including `servername` (required), `documentroot` (required), `serveradmin` (optional), `serveralias` (optional) and `extra_parameters` (optional: you can add whatever additional configuration lines you'd like in here). apache_vhosts_ssl: [] @@ -51,10 +52,6 @@ Other SSL directives can be managed with other SSL-related role variables. The SSL protocols and cipher suites that are used/allowed when clients make secure connections to your server. These are secure/sane defaults, but for maximum security, performand, and/or compatibility, you may need to adjust these settings. - apache_vhosts_filename: 'vhosts.conf' - -The filename used for the vhost configuration. - apache_mods_enabled: - rewrite.load - ssl.load diff --git a/defaults/main.yml b/defaults/main.yml index fecd353..105245c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -5,6 +5,7 @@ apache_listen_port: 80 apache_listen_port_ssl: 443 apache_create_vhosts: true +apache_vhosts_filename: "vhosts.conf" apache_vhosts: # Additional properties: 'serveradmin, serveralias, extra_parameters'. @@ -24,9 +25,6 @@ apache_vhosts_ssl: [] apache_ssl_protocol: "All -SSLv2 -SSLv3" apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH" -apache_vhosts_version: "2.2" -apache_vhosts_filename: "vhosts.conf" - apache_mods_enabled: - rewrite.load - ssl.load From e5e6ece01ad4346f56692effb0bd3ad75ead7cc5 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 9 Jan 2015 23:43:17 -0600 Subject: [PATCH 045/128] Add --check test. --- .travis.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.travis.yml b/.travis.yml index e7bf93b..fa61b44 100644 --- a/.travis.yml +++ b/.travis.yml @@ -30,5 +30,12 @@ script: && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && exit 1) + # Run the role/playbook a third time, in --check mode. + - > + ansible-playbook -i tests/inventory tests/$SITE --connection=local --check --sudo + | grep -q 'changed=0.*failed=0' + && (echo 'Check mode: pass' && exit 0) + || (echo 'Check mode: fail' && exit 1) + # Request a page via Apache, to make sure Apache is running and responds. - "curl http://localhost/" From 36d79e5f2661b81fceee565b9862a22f7e016b4b Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 9 Jan 2015 23:46:28 -0600 Subject: [PATCH 046/128] Revert test and add always_run to solve #20. --- .travis.yml | 7 ------- tasks/main.yml | 1 + 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/.travis.yml b/.travis.yml index fa61b44..e7bf93b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -30,12 +30,5 @@ script: && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && exit 1) - # Run the role/playbook a third time, in --check mode. - - > - ansible-playbook -i tests/inventory tests/$SITE --connection=local --check --sudo - | grep -q 'changed=0.*failed=0' - && (echo 'Check mode: pass' && exit 0) - || (echo 'Check mode: fail' && exit 1) - # Request a page via Apache, to make sure Apache is running and responds. - "curl http://localhost/" diff --git a/tasks/main.yml b/tasks/main.yml index e416dcb..d6cdb61 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -19,6 +19,7 @@ - name: Get installed version of Apache. command: "{{ apache_daemon }} -v" changed_when: false + always_run: yes register: _apache_version - name: Create apache_version variable. From 2abee5155caf66c5ff53d92a46b96a604244cc42 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 9 Jan 2015 23:51:13 -0600 Subject: [PATCH 047/128] Issue #4: Document apache_packages variable. --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index c48efba..3c60598 100644 --- a/README.md +++ b/README.md @@ -58,6 +58,11 @@ The SSL protocols and cipher suites that are used/allowed when clients make secu (Debian/Ubuntu ONLY) Which Apache mods to enable (these will be symlinked into the apporopriate location). See the `mods-available` directory inside the apache configuration directory (`/etc/apache2/mods-available` by default) for all the available mods. + apache_packages: + - [platform-specific] + +The list of packages to be installed. This defaults to a set of platform-specific packages for RedHat or Debian-based systems (see `vars/RedHat.yml` and `vars/Debian.yml` for the default values). + ## Dependencies None. From 8e71d656f4153b465ba11acc1aaf4ab852b161b1 Mon Sep 17 00:00:00 2001 From: Thijs Feryn Date: Wed, 28 Jan 2015 13:54:09 +0100 Subject: [PATCH 048/128] Allowing the default vhost to be removed. Causes issues because it is linked to port 80, even if you change apache_listen_port --- defaults/main.yml | 1 + tasks/configure-Debian.yml | 6 ++++++ vars/apache-22.yml | 1 + vars/apache-24.yml | 1 + 4 files changed, 9 insertions(+) diff --git a/defaults/main.yml b/defaults/main.yml index 105245c..53c957a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -4,6 +4,7 @@ apache_enablerepo: "" apache_listen_port: 80 apache_listen_port_ssl: 443 +apache_remove_default_vhost: false apache_create_vhosts: true apache_vhosts_filename: "vhosts.conf" diff --git a/tasks/configure-Debian.yml b/tasks/configure-Debian.yml index f653e8c..f2a9b23 100644 --- a/tasks/configure-Debian.yml +++ b/tasks/configure-Debian.yml @@ -32,3 +32,9 @@ dest: "{{ apache_conf_path }}/sites-enabled/{{ apache_vhosts_filename }}" state: link when: apache_create_vhosts + +- name: Remove default vhost symlink in sites-enabled. + file: + path: "{{ apache_conf_path }}/sites-enabled/{{ apache_default_vhost_filename }}" + state: absent + when: apache_remove_default_vhost diff --git a/vars/apache-22.yml b/vars/apache-22.yml index e0c6ac9..eb856be 100644 --- a/vars/apache-22.yml +++ b/vars/apache-22.yml @@ -1,5 +1,6 @@ --- apache_vhosts_version: "2.2" +apache_default_vhost_filename: 000-default apache_ports_configuration_items: - { regexp: "^Listen ", diff --git a/vars/apache-24.yml b/vars/apache-24.yml index c783ce4..449a444 100644 --- a/vars/apache-24.yml +++ b/vars/apache-24.yml @@ -1,5 +1,6 @@ --- apache_vhosts_version: "2.4" +apache_default_vhost_filename: 000-default.conf apache_ports_configuration_items: - { regexp: "^Listen ", From e9d5dedc70276305dab7a95b929606196ab0be31 Mon Sep 17 00:00:00 2001 From: Felix Peters Date: Fri, 6 Feb 2015 13:21:51 +0100 Subject: [PATCH 049/128] Fix #25 Get installed version of Apache. failed Add absolute path for apache/httpd to avoid command not found error --- tasks/main.yml | 2 +- vars/Debian.yml | 1 + vars/RedHat.yml | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/tasks/main.yml b/tasks/main.yml index d6cdb61..a318c7b 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -17,7 +17,7 @@ # Figure out what version of Apache is installed. - name: Get installed version of Apache. - command: "{{ apache_daemon }} -v" + shell: "{{apache_daemon_path}}{{ apache_daemon }} -v" changed_when: false always_run: yes register: _apache_version diff --git a/vars/Debian.yml b/vars/Debian.yml index d91ad0a..59cd7c3 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -1,5 +1,6 @@ --- apache_daemon: apache2 +apache_daemon_path: /usr/sbin/ apache_server_root: /etc/apache2 apache_conf_path: /etc/apache2 diff --git a/vars/RedHat.yml b/vars/RedHat.yml index 607c3ff..8911b3d 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -1,5 +1,6 @@ --- apache_daemon: httpd +apache_daemon_path: /usr/sbin/ apache_server_root: /etc/httpd apache_conf_path: /etc/httpd/conf.d From 0424fbcd87a3f10fd20f4dca95fa0d12fbead244 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sun, 31 May 2015 16:01:27 -0500 Subject: [PATCH 050/128] Issue #34: Add ability to 'disable' Apache mods on Ubuntu/Debian. --- README.md | 3 ++- defaults/main.yml | 2 ++ tasks/configure-Debian.yml | 7 +++++++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3c60598..a88c26b 100644 --- a/README.md +++ b/README.md @@ -55,8 +55,9 @@ The SSL protocols and cipher suites that are used/allowed when clients make secu apache_mods_enabled: - rewrite.load - ssl.load + apache_mods_disabled: [] -(Debian/Ubuntu ONLY) Which Apache mods to enable (these will be symlinked into the apporopriate location). See the `mods-available` directory inside the apache configuration directory (`/etc/apache2/mods-available` by default) for all the available mods. +(Debian/Ubuntu ONLY) Which Apache mods to enable or disable (these will be symlinked into the appropriate location). See the `mods-available` directory inside the apache configuration directory (`/etc/apache2/mods-available` by default) for all the available mods. apache_packages: - [platform-specific] diff --git a/defaults/main.yml b/defaults/main.yml index 105245c..36a4334 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -25,6 +25,8 @@ apache_vhosts_ssl: [] apache_ssl_protocol: "All -SSLv2 -SSLv3" apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH" +# Only used on Debian/Ubuntu. apache_mods_enabled: - rewrite.load - ssl.load +apache_mods_disabled: [] diff --git a/tasks/configure-Debian.yml b/tasks/configure-Debian.yml index f653e8c..6ed3a4a 100644 --- a/tasks/configure-Debian.yml +++ b/tasks/configure-Debian.yml @@ -16,6 +16,13 @@ with_items: apache_mods_enabled notify: restart apache +- name: Disable Apache mods. + file: + path: "{{ apache_server_root }}/mods-enabled/{{ item }}" + state: absent + with_items: apache_mods_disabled + notify: restart apache + - name: Add apache vhosts configuration. template: src: "vhosts-{{ apache_vhosts_version }}.conf.j2" From cfda9d6dfb914af0f1dede69902cf096009a3354 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Thu, 23 Jul 2015 11:58:03 -0500 Subject: [PATCH 051/128] PR #26: Fix spacing for variable name. --- tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/main.yml b/tasks/main.yml index a318c7b..c3e4087 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -17,7 +17,7 @@ # Figure out what version of Apache is installed. - name: Get installed version of Apache. - shell: "{{apache_daemon_path}}{{ apache_daemon }} -v" + shell: "{{ apache_daemon_path }}{{ apache_daemon }} -v" changed_when: false always_run: yes register: _apache_version From f98accbb086cb63980836ded89e20e0a187ece35 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Thu, 23 Jul 2015 12:04:31 -0500 Subject: [PATCH 052/128] PR #24: Clean up default vhost removal options and document the new var. --- README.md | 4 ++++ defaults/main.yml | 5 ++++- tasks/configure-Debian.yml | 6 ++++-- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index a88c26b..2e237e1 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,10 @@ The ports on which apache should be listening. Useful if you have another servic If set to true, a vhosts file, managed by this role's variables (see below), will be created and placed in the Apache configuration folder. If set to false, you can place your own vhosts file into Apache's configuration folder and skip the convenient (but more basic) one added by this role. + apache_remove_default_vhost: false + +On Debian/Ubuntu, a default virtualhost is included in Apache's configuration. Set this to `true` to remove that default virtualhost configuration file. + apache_vhosts: # Additional optional properties: 'serveradmin, serveralias, extra_parameters'. - {servername: "local.dev", documentroot: "/var/www/html"} diff --git a/defaults/main.yml b/defaults/main.yml index 8c1a3a4..1d2597a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -4,10 +4,13 @@ apache_enablerepo: "" apache_listen_port: 80 apache_listen_port_ssl: 443 -apache_remove_default_vhost: false apache_create_vhosts: true apache_vhosts_filename: "vhosts.conf" +# On Debian/Ubuntu, a default virtualhost is included in Apache's configuration. +# Set this to `true` to remove that default. +apache_remove_default_vhost: false + apache_vhosts: # Additional properties: 'serveradmin, serveralias, extra_parameters'. - {servername: "local.dev", documentroot: "/var/www/html"} diff --git a/tasks/configure-Debian.yml b/tasks/configure-Debian.yml index fbe90ad..b39e191 100644 --- a/tasks/configure-Debian.yml +++ b/tasks/configure-Debian.yml @@ -38,10 +38,12 @@ src: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}" dest: "{{ apache_conf_path }}/sites-enabled/{{ apache_vhosts_filename }}" state: link + notify: restart apache when: apache_create_vhosts - -- name: Remove default vhost symlink in sites-enabled. + +- name: Remove default vhost in sites-enabled. file: path: "{{ apache_conf_path }}/sites-enabled/{{ apache_default_vhost_filename }}" state: absent + notify: restart apache when: apache_remove_default_vhost From 35e662cd00c2d929b0fbfd7b6c5657ca015bf7e5 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Wed, 19 Aug 2015 09:27:11 -0700 Subject: [PATCH 053/128] Don't install apache2-mpm-prefork in default Debian packages. --- vars/Debian.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/vars/Debian.yml b/vars/Debian.yml index 59cd7c3..9ad65d3 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -6,7 +6,6 @@ apache_conf_path: /etc/apache2 __apache_packages: - apache2 - - apache2-mpm-prefork - apache2-utils apache_ports_configuration_items: From 8a4f5f3ff2e179526cbb780e4556446ba5f4e70d Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Thu, 3 Sep 2015 16:16:04 -0500 Subject: [PATCH 054/128] Fixes #27 and #42: Add example of multiline configuration in apache_vhosts entries. --- README.md | 14 +++++++++++++- defaults/main.yml | 7 +++---- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 2e237e1..a5ff12c 100644 --- a/README.md +++ b/README.md @@ -32,10 +32,22 @@ On Debian/Ubuntu, a default virtualhost is included in Apache's configuration. S apache_vhosts: # Additional optional properties: 'serveradmin, serveralias, extra_parameters'. - - {servername: "local.dev", documentroot: "/var/www/html"} + - servername: "local.dev" + documentroot: "/var/www/html" Add a set of properties per virtualhost, including `servername` (required), `documentroot` (required), `serveradmin` (optional), `serveralias` (optional) and `extra_parameters` (optional: you can add whatever additional configuration lines you'd like in here). +Here's an example using `extra_parameters` to add a RewriteRule to redirect all requests to the `www.` site: + + - servername: "www.local.dev" + serveralias: "local.dev" + documentroot: "/var/www/html" + extra_parameters: | + RewriteCond %{HTTP_HOST} !^www\. [NC] + RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] + +The `|` denotes a multiline scalar block in YAML, so newlines are preserved in the resulting configuration file output. + apache_vhosts_ssl: [] No SSL vhosts are configured by default, but you can add them using the same pattern as `apache_vhosts`, with a few additional directives, like the following example: diff --git a/defaults/main.yml b/defaults/main.yml index 1d2597a..f4a05d8 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -13,18 +13,17 @@ apache_remove_default_vhost: false apache_vhosts: # Additional properties: 'serveradmin, serveralias, extra_parameters'. - - {servername: "local.dev", documentroot: "/var/www/html"} + - servername: "local.dev" + documentroot: "/var/www/html" apache_vhosts_ssl: [] # Additional properties: 'serveradmin, extra_parameters'. - # - { - # servername: "local.dev", + # - servername: "local.dev", # documentroot: "/var/www/html", # certificate_file: "/path/to/certificate.crt", # certificate_key_file: "/path/to/certificate.key", # # Optional. # certificate_chain_file: "/path/to/certificate_chain.crt" - # } apache_ssl_protocol: "All -SSLv2 -SSLv3" apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH" From 5cee545c8fd4df25b66d857dcfd30b0e3f405096 Mon Sep 17 00:00:00 2001 From: Gilad Peleg Date: Thu, 24 Sep 2015 12:16:52 +0300 Subject: [PATCH 055/128] Make apache start optional at task end - Closes #45 --- README.md | 4 ++++ defaults/main.yml | 3 +++ tasks/main.yml | 4 ++-- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a5ff12c..c3f5663 100644 --- a/README.md +++ b/README.md @@ -80,6 +80,10 @@ The SSL protocols and cipher suites that are used/allowed when clients make secu The list of packages to be installed. This defaults to a set of platform-specific packages for RedHat or Debian-based systems (see `vars/RedHat.yml` and `vars/Debian.yml` for the default values). + apache_state: started + +Set initial apache state. Recommended values: `started` or `stopped` + ## Dependencies None. diff --git a/defaults/main.yml b/defaults/main.yml index f4a05d8..20ead1d 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -33,3 +33,6 @@ apache_mods_enabled: - rewrite.load - ssl.load apache_mods_disabled: [] + +# Set initial apache state. Recommended values: `started` or `stopped` +apache_state: started diff --git a/tasks/main.yml b/tasks/main.yml index c3e4087..58fb930 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -39,8 +39,8 @@ - include: configure-Debian.yml when: ansible_os_family == 'Debian' -- name: Ensure Apache is started and enabled on boot. +- name: Ensure Apache has selected state and enabled on boot. service: name: "{{ apache_daemon }}" - state: started + state: "{{ apache_state }}" enabled: yes From d57725cf0bc2c8f08765ea95c752ac16f62c7d29 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sat, 31 Oct 2015 21:42:34 -0500 Subject: [PATCH 056/128] Remove multiline config from default vars. --- vars/Debian.yml | 4 +--- vars/RedHat.yml | 8 ++------ 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/vars/Debian.yml b/vars/Debian.yml index 9ad65d3..7eb18ec 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -9,7 +9,5 @@ __apache_packages: - apache2-utils apache_ports_configuration_items: - - { - regexp: "^Listen ", + - regexp: "^Listen " line: "Listen {{ apache_listen_port }}" - } diff --git a/vars/RedHat.yml b/vars/RedHat.yml index 8911b3d..6036a40 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -13,11 +13,7 @@ __apache_packages: - openssh apache_ports_configuration_items: - - { - regexp: "^Listen ", + - regexp: "^Listen " line: "Listen {{ apache_listen_port }}" - } - - { - regexp: "^NameVirtualHost ", + - regexp: "^NameVirtualHost " line: "NameVirtualHost *:{{ apache_listen_port }}" - } \ No newline at end of file From ac77f7835eb9585072776422957c73567f65cb41 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sat, 31 Oct 2015 21:44:03 -0500 Subject: [PATCH 057/128] PR --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c3f5663..286313c 100644 --- a/README.md +++ b/README.md @@ -82,7 +82,7 @@ The list of packages to be installed. This defaults to a set of platform-specifi apache_state: started -Set initial apache state. Recommended values: `started` or `stopped` +Set initial Apache daemon state to be enforced when this role is run. This should generally remain `started`, but you can set it to `stopped` if you need to fix the Apache config during a playbook run or otherwise would not like Apache started at the time this role is run. ## Dependencies From ea4186e79476624b16e1f8c4defdf7c3600247d3 Mon Sep 17 00:00:00 2001 From: Solomon Gifford Date: Mon, 16 Nov 2015 23:20:54 -0500 Subject: [PATCH 058/128] Leaves the NameVirtualHost in the same location in the file --- vars/RedHat.yml | 2 +- vars/apache-22.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/RedHat.yml b/vars/RedHat.yml index 6036a40..72aa3d2 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -15,5 +15,5 @@ __apache_packages: apache_ports_configuration_items: - regexp: "^Listen " line: "Listen {{ apache_listen_port }}" - - regexp: "^NameVirtualHost " + - regexp: "^#?NameVirtualHost " line: "NameVirtualHost *:{{ apache_listen_port }}" diff --git a/vars/apache-22.yml b/vars/apache-22.yml index eb856be..97fba44 100644 --- a/vars/apache-22.yml +++ b/vars/apache-22.yml @@ -7,6 +7,6 @@ apache_ports_configuration_items: line: "Listen {{ apache_listen_port }}" } - { - regexp: "^NameVirtualHost ", + regexp: "^#?NameVirtualHost ", line: "NameVirtualHost *:{{ apache_listen_port }}" } From 53990ee9979c5c7dfaf3babf434608015e4c5fe9 Mon Sep 17 00:00:00 2001 From: Teun Ouwehand Date: Tue, 8 Dec 2015 21:03:13 +0100 Subject: [PATCH 059/128] Add global config variable --- defaults/main.yml | 3 +++ templates/vhosts-2.2.conf.j2 | 3 +-- templates/vhosts-2.4.conf.j2 | 3 +-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 20ead1d..65bcb1d 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,6 +1,9 @@ --- apache_enablerepo: "" +apache_global_settings: | + DirectoryIndex index.php index.html + apache_listen_port: 80 apache_listen_port_ssl: 443 diff --git a/templates/vhosts-2.2.conf.j2 b/templates/vhosts-2.2.conf.j2 index 3c27677..ef4c5c2 100644 --- a/templates/vhosts-2.2.conf.j2 +++ b/templates/vhosts-2.2.conf.j2 @@ -1,5 +1,4 @@ - -DirectoryIndex index.php index.html +{{ apache_global_settings }} {# Set up VirtualHosts #} {% for vhost in apache_vhosts %} diff --git a/templates/vhosts-2.4.conf.j2 b/templates/vhosts-2.4.conf.j2 index 50f908c..bc6b0b1 100644 --- a/templates/vhosts-2.4.conf.j2 +++ b/templates/vhosts-2.4.conf.j2 @@ -1,5 +1,4 @@ - -DirectoryIndex index.php index.html +{{ apache_global_settings }} {# Set up VirtualHosts #} {% for vhost in apache_vhosts %} From 8f974b4fdc72f188adc1b64af70964b63f691f5d Mon Sep 17 00:00:00 2001 From: Teun Ouwehand Date: Tue, 8 Dec 2015 21:13:03 +0100 Subject: [PATCH 060/128] Add README text for apache_global_settigs --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 286313c..0d66f49 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,12 @@ The repository to use when installing Apache (only used on RHEL/CentOS systems). apache_listen_port: 80 apache_listen_port_ssl: 443 + +This role doesn't manage the apache configuration files (yet), however you can set/overwrite apache config inside the vhost file but outside the VirtualHost config. In order to do this change the `apache_global_settigs` variable. + + apache_global_settigs: | + DirectoryIndex index.php index.html + # Other apache global settings The ports on which apache should be listening. Useful if you have another service (like a reverse proxy) listening on port 80 or 443 and need to change the defaults. From 50d42a0a4391dd3fe0bb6426cf61fbc09a63132e Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Tue, 8 Dec 2015 14:23:54 -0600 Subject: [PATCH 061/128] PR #56 follow-up: Change ordering and description of new variable. --- README.md | 12 ++++++------ defaults/main.yml | 6 +++--- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 0d66f49..c1d37aa 100644 --- a/README.md +++ b/README.md @@ -18,12 +18,6 @@ The repository to use when installing Apache (only used on RHEL/CentOS systems). apache_listen_port: 80 apache_listen_port_ssl: 443 - -This role doesn't manage the apache configuration files (yet), however you can set/overwrite apache config inside the vhost file but outside the VirtualHost config. In order to do this change the `apache_global_settigs` variable. - - apache_global_settigs: | - DirectoryIndex index.php index.html - # Other apache global settings The ports on which apache should be listening. Useful if you have another service (like a reverse proxy) listening on port 80 or 443 and need to change the defaults. @@ -36,6 +30,12 @@ If set to true, a vhosts file, managed by this role's variables (see below), wil On Debian/Ubuntu, a default virtualhost is included in Apache's configuration. Set this to `true` to remove that default virtualhost configuration file. + apache_global_settings: | + DirectoryIndex index.php index.html + # Add other global settings on subsequent lines. + +You can add or override global Apache configuration settings in the role-provided vhosts file (assuming `apache_create_vhosts` is true) using this variable. By default it only sets the DirectoryIndex configuration. + apache_vhosts: # Additional optional properties: 'serveradmin, serveralias, extra_parameters'. - servername: "local.dev" diff --git a/defaults/main.yml b/defaults/main.yml index 65bcb1d..e254aca 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,9 +1,6 @@ --- apache_enablerepo: "" -apache_global_settings: | - DirectoryIndex index.php index.html - apache_listen_port: 80 apache_listen_port_ssl: 443 @@ -14,6 +11,9 @@ apache_vhosts_filename: "vhosts.conf" # Set this to `true` to remove that default. apache_remove_default_vhost: false +apache_global_settings: | + DirectoryIndex index.php index.html + apache_vhosts: # Additional properties: 'serveradmin, serveralias, extra_parameters'. - servername: "local.dev" From 906b1094d6dd24df34e941e8bb02d79a7be5cd64 Mon Sep 17 00:00:00 2001 From: Solomon Gifford Date: Thu, 10 Dec 2015 15:39:55 -0500 Subject: [PATCH 062/128] rename apache_global_settings to apache_global_vhost_settings to avoid confusion of where the globals are placed --- README.md | 2 +- defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c1d37aa..cd4ade4 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ If set to true, a vhosts file, managed by this role's variables (see below), wil On Debian/Ubuntu, a default virtualhost is included in Apache's configuration. Set this to `true` to remove that default virtualhost configuration file. - apache_global_settings: | + apache_global_vhost_settings: | DirectoryIndex index.php index.html # Add other global settings on subsequent lines. diff --git a/defaults/main.yml b/defaults/main.yml index e254aca..d827d1a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -11,7 +11,7 @@ apache_vhosts_filename: "vhosts.conf" # Set this to `true` to remove that default. apache_remove_default_vhost: false -apache_global_settings: | +apache_global_vhost_settings: | DirectoryIndex index.php index.html apache_vhosts: From 6584e7afb6134f392f3132c7f4f60aed8c2063c9 Mon Sep 17 00:00:00 2001 From: Solomon Gifford Date: Thu, 10 Dec 2015 16:40:51 -0500 Subject: [PATCH 063/128] rename apache_global_settings to apache_global_vhost_settings to avoid confusion of where the globals are placed part 2 --- templates/vhosts-2.2.conf.j2 | 2 +- templates/vhosts-2.4.conf.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/vhosts-2.2.conf.j2 b/templates/vhosts-2.2.conf.j2 index ef4c5c2..d549b23 100644 --- a/templates/vhosts-2.2.conf.j2 +++ b/templates/vhosts-2.2.conf.j2 @@ -1,4 +1,4 @@ -{{ apache_global_settings }} +{{ apache_global_vhosts_settings }} {# Set up VirtualHosts #} {% for vhost in apache_vhosts %} diff --git a/templates/vhosts-2.4.conf.j2 b/templates/vhosts-2.4.conf.j2 index bc6b0b1..3151a59 100644 --- a/templates/vhosts-2.4.conf.j2 +++ b/templates/vhosts-2.4.conf.j2 @@ -1,4 +1,4 @@ -{{ apache_global_settings }} +{{ apache_global_vhost_settings }} {# Set up VirtualHosts #} {% for vhost in apache_vhosts %} From 31fcb4859ba729db55a3b091248225341a8b603d Mon Sep 17 00:00:00 2001 From: Solomon Gifford Date: Thu, 10 Dec 2015 16:46:54 -0500 Subject: [PATCH 064/128] rename apache_global_settings to apache_global_vhost_settings to avoid confusion of where the globals are placed part 3 --- templates/vhosts-2.2.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhosts-2.2.conf.j2 b/templates/vhosts-2.2.conf.j2 index d549b23..3368d65 100644 --- a/templates/vhosts-2.2.conf.j2 +++ b/templates/vhosts-2.2.conf.j2 @@ -1,4 +1,4 @@ -{{ apache_global_vhosts_settings }} +{{ apache_global_vhost_settings }} {# Set up VirtualHosts #} {% for vhost in apache_vhosts %} From 43c25c03028095cd8bec4656b6e9c633ef0e3320 Mon Sep 17 00:00:00 2001 From: Bert Van Vreckem Date: Sat, 12 Dec 2015 11:17:40 +0100 Subject: [PATCH 065/128] Run multi-platform test on Travis-CI --- .travis.yml | 55 ++++++++++++++++++++++------------------- tests/Dockerfile.centos | 26 +++++++++++++++++++ tests/Dockerfile.ubuntu | 12 +++++++++ tests/inventory | 1 - tests/requirements.yml | 1 + tests/test.yml | 5 ++-- 6 files changed, 70 insertions(+), 30 deletions(-) create mode 100644 tests/Dockerfile.centos create mode 100644 tests/Dockerfile.ubuntu delete mode 100644 tests/inventory create mode 100644 tests/requirements.yml diff --git a/.travis.yml b/.travis.yml index e7bf93b..acd0162 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,34 +1,37 @@ ---- -language: python -python: "2.7" - +sudo: required env: - - SITE=test.yml + - CONTAINER_ID=$(mktemp) + +services: + - docker before_install: - - sudo apt-get update -qq - - sudo apt-get install -y curl - -install: - # Install Ansible. - - pip install ansible - - # Add ansible.cfg to pick up roles path. - - "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg" + - sudo apt-get update + # Pull containers + - sudo docker pull centos:7 + - sudo docker pull ubuntu:14.04 + # Customize containers + - sudo docker build --rm=true --file=Dockerfile.centos --tag=centos:ansible tests + - sudo docker build --rm=true --file=Dockerfile.ubuntu --tag=ubuntu:ansible tests script: - # Check the role/playbook's syntax. - - "ansible-playbook -i tests/inventory tests/$SITE --syntax-check" + # + # Run test playbook on Ubuntu container + # + - sudo docker run ubuntu:ansible ansible-playbook /etc/ansible/test.yml --syntax-check + - sudo docker run ubuntu:ansible ansible-playbook /etc/ansible/test.yml - # Run the role/playbook with ansible-playbook. - - "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo" + # + # Run test playbook on CentOS container + # - # Run the role/playbook again, checking to make sure it's idempotent. - - > - ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo - | grep -q 'changed=0.*failed=0' - && (echo 'Idempotence test: pass' && exit 0) - || (echo 'Idempotence test: fail' && exit 1) + # Run container in detached state + - sudo docker run --detach --privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro centos:ansible /usr/lib/systemd/systemd > "${CONTAINER_ID}" - # Request a page via Apache, to make sure Apache is running and responds. - - "curl http://localhost/" + - sudo docker exec "$(cat ${CONTAINER_ID})" ansible-playbook /etc/ansible/test.yml --syntax-check + - sudo docker exec "$(cat ${CONTAINER_ID})" ansible-playbook /etc/ansible/test.yml + # Clean up + - sudo docker stop "$(cat ${CONTAINER_ID})" + +notifications: + email: false diff --git a/tests/Dockerfile.centos b/tests/Dockerfile.centos new file mode 100644 index 0000000..dc27b87 --- /dev/null +++ b/tests/Dockerfile.centos @@ -0,0 +1,26 @@ +FROM centos:7 +# Install systemd -- See https://hub.docker.com/_/centos/ +RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs +RUN yum -y update; yum clean all; \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*; \ +rm -f /etc/systemd/system/*.wants/*; \ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*; \ +rm -f /lib/systemd/system/anaconda.target.wants/*; +# Install Ansible +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts +COPY requirements.yml /etc/ansible/requirements.yml +COPY test.yml /etc/ansible/test.yml +RUN ansible-galaxy install -r /etc/ansible/requirements.yml +VOLUME [ "/sys/fs/cgroup" ] +CMD ["/usr/sbin/init"] + diff --git a/tests/Dockerfile.ubuntu b/tests/Dockerfile.ubuntu new file mode 100644 index 0000000..bb37040 --- /dev/null +++ b/tests/Dockerfile.ubuntu @@ -0,0 +1,12 @@ +FROM ubuntu:14.04 +# Install Ansible +RUN apt-get install -y software-properties-common git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts +COPY requirements.yml /etc/ansible/requirements.yml +COPY test.yml /etc/ansible/test.yml +RUN ansible-galaxy install -r /etc/ansible/requirements.yml + diff --git a/tests/inventory b/tests/inventory deleted file mode 100644 index 2fbb50c..0000000 --- a/tests/inventory +++ /dev/null @@ -1 +0,0 @@ -localhost diff --git a/tests/requirements.yml b/tests/requirements.yml new file mode 100644 index 0000000..9302d4d --- /dev/null +++ b/tests/requirements.yml @@ -0,0 +1 @@ +- src: geerlingguy.apache diff --git a/tests/test.yml b/tests/test.yml index 854cb52..09d3cf6 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -1,5 +1,4 @@ --- -- hosts: localhost - remote_user: root +- hosts: all roles: - - ansible-role-apache + - geerlingguy.apache From 5d73dbbb9424ff7af9a378ed11a0758bf37c9e8c Mon Sep 17 00:00:00 2001 From: Bert Van Vreckem Date: Sat, 12 Dec 2015 11:20:32 +0100 Subject: [PATCH 066/128] Fix path to Dockerfile --- .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index acd0162..a795b1b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,8 +11,8 @@ before_install: - sudo docker pull centos:7 - sudo docker pull ubuntu:14.04 # Customize containers - - sudo docker build --rm=true --file=Dockerfile.centos --tag=centos:ansible tests - - sudo docker build --rm=true --file=Dockerfile.ubuntu --tag=ubuntu:ansible tests + - sudo docker build --rm=true --file=tests/Dockerfile.centos --tag=centos:ansible tests + - sudo docker build --rm=true --file=tests/Dockerfile.ubuntu --tag=ubuntu:ansible tests script: # From 0060d6d1c8b60cf1fa96ec0527ce6eb4518c7029 Mon Sep 17 00:00:00 2001 From: Bert Van Vreckem Date: Sat, 12 Dec 2015 11:29:05 +0100 Subject: [PATCH 067/128] Add idempotence test --- .travis.yml | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index a795b1b..1582316 100644 --- a/.travis.yml +++ b/.travis.yml @@ -18,19 +18,37 @@ script: # # Run test playbook on Ubuntu container # + + # Syntax check - sudo docker run ubuntu:ansible ansible-playbook /etc/ansible/test.yml --syntax-check + # Test role - sudo docker run ubuntu:ansible ansible-playbook /etc/ansible/test.yml + # Idempotence test + - > + sudo docker run ubuntu:ansible ansible-playbook /etc/ansible/test.yml + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) # # Run test playbook on CentOS container # - # Run container in detached state + # Run container in detached state - sudo docker run --detach --privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro centos:ansible /usr/lib/systemd/systemd > "${CONTAINER_ID}" + # Syntax check - sudo docker exec "$(cat ${CONTAINER_ID})" ansible-playbook /etc/ansible/test.yml --syntax-check + # Test role - sudo docker exec "$(cat ${CONTAINER_ID})" ansible-playbook /etc/ansible/test.yml - # Clean up + # Idempotence test + - > + sudo docker exec "$(cat ${CONTAINER_ID})" ansible-playbook /etc/ansible/test.yml + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Clean up - sudo docker stop "$(cat ${CONTAINER_ID})" notifications: From 5260215d2892bcd85f938d34f938cf0cf654c1ec Mon Sep 17 00:00:00 2001 From: Bert Van Vreckem Date: Sat, 12 Dec 2015 11:36:33 +0100 Subject: [PATCH 068/128] Change order in build process --- tests/Dockerfile.centos | 2 +- tests/Dockerfile.ubuntu | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/Dockerfile.centos b/tests/Dockerfile.centos index dc27b87..fcab1d2 100644 --- a/tests/Dockerfile.centos +++ b/tests/Dockerfile.centos @@ -19,8 +19,8 @@ RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers # Install Ansible inventory file RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts COPY requirements.yml /etc/ansible/requirements.yml -COPY test.yml /etc/ansible/test.yml RUN ansible-galaxy install -r /etc/ansible/requirements.yml +COPY test.yml /etc/ansible/test.yml VOLUME [ "/sys/fs/cgroup" ] CMD ["/usr/sbin/init"] diff --git a/tests/Dockerfile.ubuntu b/tests/Dockerfile.ubuntu index bb37040..f48ad29 100644 --- a/tests/Dockerfile.ubuntu +++ b/tests/Dockerfile.ubuntu @@ -7,6 +7,6 @@ RUN apt-get install -y ansible # Install Ansible inventory file RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts COPY requirements.yml /etc/ansible/requirements.yml -COPY test.yml /etc/ansible/test.yml RUN ansible-galaxy install -r /etc/ansible/requirements.yml +COPY test.yml /etc/ansible/test.yml From 609812fb484b1fd86a6b6e0ee289c4936287999b Mon Sep 17 00:00:00 2001 From: Bert Van Vreckem Date: Sat, 12 Dec 2015 11:36:56 +0100 Subject: [PATCH 069/128] Set some role variables in the test playbook --- tests/test.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/test.yml b/tests/test.yml index 09d3cf6..0bf4014 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -1,4 +1,11 @@ --- - hosts: all + vars: + apache_listen_port_ssl: 443 + apache_create_vhosts: true + apache_vhosts_filename: "vhosts.conf" + apache_vhosts: + - servername: "example.com" + documentroot: "/var/www/vhosts/example_com" roles: - geerlingguy.apache From 33c4876d51f19a5381ca1dbdde5c77f311a5b5fb Mon Sep 17 00:00:00 2001 From: Bert Van Vreckem Date: Sat, 12 Dec 2015 13:36:52 +0100 Subject: [PATCH 070/128] Fix docker run on Ubuntu --- .travis.yml | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 1582316..c571912 100644 --- a/.travis.yml +++ b/.travis.yml @@ -19,17 +19,24 @@ script: # Run test playbook on Ubuntu container # + # Run container in detached state + - sudo docker run --detach ubuntu:ansible /sbin/init > "${CONTAINER_ID}" + + # Syntax check - - sudo docker run ubuntu:ansible ansible-playbook /etc/ansible/test.yml --syntax-check + - sudo docker exec "$(cat ${CONTAINER_ID})" ansible-playbook /etc/ansible/test.yml --syntax-check # Test role - - sudo docker run ubuntu:ansible ansible-playbook /etc/ansible/test.yml + - sudo docker exec "$(cat ${CONTAINER_ID})" ansible-playbook /etc/ansible/test.yml # Idempotence test - > - sudo docker run ubuntu:ansible ansible-playbook /etc/ansible/test.yml + sudo docker exec "$(cat ${CONTAINER_ID})" ansible-playbook /etc/ansible/test.yml | grep -q 'changed=0.*failed=0' && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && exit 1) + # Clean up + - sudo docker stop "$(cat ${CONTAINER_ID})" + # # Run test playbook on CentOS container # From 940968d86f97fb058f0fbcb1fe01a8b03e64c4a3 Mon Sep 17 00:00:00 2001 From: Bert Van Vreckem Date: Sat, 12 Dec 2015 13:42:26 +0100 Subject: [PATCH 071/128] Remove duplicate code, use build matrix --- .travis.yml | 47 ++++++++++++----------------------------------- 1 file changed, 12 insertions(+), 35 deletions(-) diff --git a/.travis.yml b/.travis.yml index c571912..9eed15f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,62 +1,39 @@ sudo: required env: - - CONTAINER_ID=$(mktemp) + - container_id=$(mktemp) distribution=centos version=7 + - container_id=$(mktemp) distribution=ubuntu version=14.04 services: - docker before_install: - sudo apt-get update - # Pull containers - - sudo docker pull centos:7 - - sudo docker pull ubuntu:14.04 - # Customize containers - - sudo docker build --rm=true --file=tests/Dockerfile.centos --tag=centos:ansible tests - - sudo docker build --rm=true --file=tests/Dockerfile.ubuntu --tag=ubuntu:ansible tests + # Pull container + - sudo docker pull ${distribution}:${version} + # Customize container + - sudo docker build --rm=true --file=tests/Dockerfile.${distribution} --tag=${distribution}:ansible tests script: # - # Run test playbook on Ubuntu container + # Run test playbook # # Run container in detached state - - sudo docker run --detach ubuntu:ansible /sbin/init > "${CONTAINER_ID}" - + - sudo docker run --detach ${distribution}:ansible /sbin/init > "${container_id}" # Syntax check - - sudo docker exec "$(cat ${CONTAINER_ID})" ansible-playbook /etc/ansible/test.yml --syntax-check + - sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/test.yml --syntax-check # Test role - - sudo docker exec "$(cat ${CONTAINER_ID})" ansible-playbook /etc/ansible/test.yml + - sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/test.yml # Idempotence test - > - sudo docker exec "$(cat ${CONTAINER_ID})" ansible-playbook /etc/ansible/test.yml + sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/test.yml | grep -q 'changed=0.*failed=0' && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && exit 1) # Clean up - - sudo docker stop "$(cat ${CONTAINER_ID})" - - # - # Run test playbook on CentOS container - # - - # Run container in detached state - - sudo docker run --detach --privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro centos:ansible /usr/lib/systemd/systemd > "${CONTAINER_ID}" - - # Syntax check - - sudo docker exec "$(cat ${CONTAINER_ID})" ansible-playbook /etc/ansible/test.yml --syntax-check - # Test role - - sudo docker exec "$(cat ${CONTAINER_ID})" ansible-playbook /etc/ansible/test.yml - # Idempotence test - - > - sudo docker exec "$(cat ${CONTAINER_ID})" ansible-playbook /etc/ansible/test.yml - | grep -q 'changed=0.*failed=0' - && (echo 'Idempotence test: pass' && exit 0) - || (echo 'Idempotence test: fail' && exit 1) - - # Clean up - - sudo docker stop "$(cat ${CONTAINER_ID})" + - sudo docker stop "$(cat ${container_id})" notifications: email: false From 1ac286c4ddfa12523ac4a5b0ae8eb7a6a5005287 Mon Sep 17 00:00:00 2001 From: Bert Van Vreckem Date: Sat, 12 Dec 2015 13:48:44 +0100 Subject: [PATCH 072/128] Fix differences in init systems --- .travis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 9eed15f..8d87722 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,7 +1,7 @@ sudo: required env: - - container_id=$(mktemp) distribution=centos version=7 - - container_id=$(mktemp) distribution=ubuntu version=14.04 + - container_id=$(mktemp) distribution=centos version=7 init=/usr/lib/systemd/systemd + - container_id=$(mktemp) distribution=ubuntu version=14.04 init=/sbin/init services: - docker @@ -19,7 +19,7 @@ script: # # Run container in detached state - - sudo docker run --detach ${distribution}:ansible /sbin/init > "${container_id}" + - sudo docker run --detach ${distribution}:ansible "${init}" > "${container_id}" # Syntax check - sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/test.yml --syntax-check From b9d629ae98d241bbc72260d6823dfc16ae1fe03c Mon Sep 17 00:00:00 2001 From: Bert Van Vreckem Date: Sat, 12 Dec 2015 13:54:56 +0100 Subject: [PATCH 073/128] CentOS build should mount cgroups and run privileged --- .travis.yml | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 8d87722..7db524c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,7 +1,17 @@ sudo: required env: - - container_id=$(mktemp) distribution=centos version=7 init=/usr/lib/systemd/systemd - - container_id=$(mktemp) distribution=ubuntu version=14.04 init=/sbin/init + - > + container_id=$(mktemp) + distribution=centos + version=7 + init=/usr/lib/systemd/systemd + run_opts="--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + - > + container_id=$(mktemp) + distribution=ubuntu + version=14.04 + init=/sbin/init + run_opts="" services: - docker @@ -19,7 +29,7 @@ script: # # Run container in detached state - - sudo docker run --detach ${distribution}:ansible "${init}" > "${container_id}" + - sudo docker run --detach ${run_opts} ${distribution}:ansible "${init}" > "${container_id}" # Syntax check - sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/test.yml --syntax-check From 840423b1b9187fb1a43e29f04da50ac8f26d1807 Mon Sep 17 00:00:00 2001 From: Bert Van Vreckem Date: Sun, 13 Dec 2015 10:14:50 +0100 Subject: [PATCH 074/128] Test the current code, not the last release on Galaxy; colored output --- .travis.yml | 8 ++++---- tests/Dockerfile.centos | 3 --- tests/test.yml | 2 +- 3 files changed, 5 insertions(+), 8 deletions(-) diff --git a/.travis.yml b/.travis.yml index 7db524c..0253d7d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -29,15 +29,15 @@ script: # # Run container in detached state - - sudo docker run --detach ${run_opts} ${distribution}:ansible "${init}" > "${container_id}" + - sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}:ansible "${init}" > "${container_id}" # Syntax check - - sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/test.yml --syntax-check + - sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check # Test role - - sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/test.yml + - sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml # Idempotence test - > - sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/test.yml + sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml | grep -q 'changed=0.*failed=0' && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && exit 1) diff --git a/tests/Dockerfile.centos b/tests/Dockerfile.centos index fcab1d2..888d502 100644 --- a/tests/Dockerfile.centos +++ b/tests/Dockerfile.centos @@ -18,9 +18,6 @@ RUN yum clean all RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers # Install Ansible inventory file RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts -COPY requirements.yml /etc/ansible/requirements.yml -RUN ansible-galaxy install -r /etc/ansible/requirements.yml -COPY test.yml /etc/ansible/test.yml VOLUME [ "/sys/fs/cgroup" ] CMD ["/usr/sbin/init"] diff --git a/tests/test.yml b/tests/test.yml index 0bf4014..1edb57a 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -8,4 +8,4 @@ - servername: "example.com" documentroot: "/var/www/vhosts/example_com" roles: - - geerlingguy.apache + - role_under_test From d8d1770482affdbe2cf3b04b872d62a939ae46ef Mon Sep 17 00:00:00 2001 From: Bert Van Vreckem Date: Sun, 13 Dec 2015 19:27:21 +0100 Subject: [PATCH 075/128] =?UTF-8?q?Don=E2=80=99t=20install=20test=20code?= =?UTF-8?q?=20on=20Ubuntu=20Docker=20container,=20remove=20requirements.ym?= =?UTF-8?q?l?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- tests/Dockerfile.ubuntu | 3 --- tests/requirements.yml | 1 - 2 files changed, 4 deletions(-) delete mode 100644 tests/requirements.yml diff --git a/tests/Dockerfile.ubuntu b/tests/Dockerfile.ubuntu index f48ad29..3dd5383 100644 --- a/tests/Dockerfile.ubuntu +++ b/tests/Dockerfile.ubuntu @@ -6,7 +6,4 @@ RUN apt-get update RUN apt-get install -y ansible # Install Ansible inventory file RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts -COPY requirements.yml /etc/ansible/requirements.yml -RUN ansible-galaxy install -r /etc/ansible/requirements.yml -COPY test.yml /etc/ansible/test.yml diff --git a/tests/requirements.yml b/tests/requirements.yml deleted file mode 100644 index 9302d4d..0000000 --- a/tests/requirements.yml +++ /dev/null @@ -1 +0,0 @@ -- src: geerlingguy.apache From 379953325c08626e8ac2e3d5edf3555c75b1d7ac Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sun, 13 Dec 2015 14:06:12 -0600 Subject: [PATCH 076/128] PR #60: Small syntax tweaks for better highlighting. --- .travis.yml | 58 +++++++++++++++++++---------------------- tests/Dockerfile.centos | 8 ++++-- tests/Dockerfile.ubuntu | 3 ++- tests/test.yml | 2 ++ 4 files changed, 37 insertions(+), 34 deletions(-) diff --git a/.travis.yml b/.travis.yml index 0253d7d..15ed377 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,49 +1,45 @@ sudo: required + env: - - > - container_id=$(mktemp) - distribution=centos - version=7 - init=/usr/lib/systemd/systemd - run_opts="--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" - - > - container_id=$(mktemp) - distribution=ubuntu - version=14.04 - init=/sbin/init - run_opts="" + # CentOS 7. + - container_id: $(mktemp) + distribution: centos + version: 7 + init: /usr/lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + # Ubuntu 14.04. + - container_id: $(mktemp) + distribution: ubuntu + version: 14.04 + init: /sbin/init + run_opts: "" services: - docker before_install: - sudo apt-get update - # Pull container - - sudo docker pull ${distribution}:${version} - # Customize container - - sudo docker build --rm=true --file=tests/Dockerfile.${distribution} --tag=${distribution}:ansible tests + # Pull container. + - "sudo docker pull ${distribution}:${version}" + # Customize container. + - "sudo docker build --rm=true --file=tests/Dockerfile.${distribution} --tag=${distribution}:ansible tests" script: - # - # Run test playbook - # - - # Run container in detached state + # Run container in detached state. - sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}:ansible "${init}" > "${container_id}" - # Syntax check - - sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check - # Test role - - sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml - # Idempotence test + # Ansible syntax check. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check' + + # Test role. + - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml' + + # Test role idempotence. - > sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml | grep -q 'changed=0.*failed=0' && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && exit 1) - # Clean up - - sudo docker stop "$(cat ${container_id})" - -notifications: - email: false + # Clean up + - 'sudo docker stop "$(cat ${container_id})"' diff --git a/tests/Dockerfile.centos b/tests/Dockerfile.centos index 888d502..8aa0654 100644 --- a/tests/Dockerfile.centos +++ b/tests/Dockerfile.centos @@ -1,4 +1,5 @@ FROM centos:7 + # Install systemd -- See https://hub.docker.com/_/centos/ RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs RUN yum -y update; yum clean all; \ @@ -10,14 +11,17 @@ rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ rm -f /lib/systemd/system/basic.target.wants/*; \ rm -f /lib/systemd/system/anaconda.target.wants/*; + # Install Ansible RUN yum -y install epel-release RUN yum -y install git ansible sudo RUN yum clean all + # Disable requiretty RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + # Install Ansible inventory file RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts -VOLUME [ "/sys/fs/cgroup" ] -CMD ["/usr/sbin/init"] +VOLUME ["/sys/fs/cgroup"] +CMD ["/usr/sbin/init"] diff --git a/tests/Dockerfile.ubuntu b/tests/Dockerfile.ubuntu index 3dd5383..1475a46 100644 --- a/tests/Dockerfile.ubuntu +++ b/tests/Dockerfile.ubuntu @@ -1,9 +1,10 @@ FROM ubuntu:14.04 + # Install Ansible RUN apt-get install -y software-properties-common git RUN apt-add-repository -y ppa:ansible/ansible RUN apt-get update RUN apt-get install -y ansible + # Install Ansible inventory file RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts - diff --git a/tests/test.yml b/tests/test.yml index 1edb57a..f5c5ca6 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -1,5 +1,6 @@ --- - hosts: all + vars: apache_listen_port_ssl: 443 apache_create_vhosts: true @@ -7,5 +8,6 @@ apache_vhosts: - servername: "example.com" documentroot: "/var/www/vhosts/example_com" + roles: - role_under_test From 49437eaeb4d4fb7746347c580d7863263ff37bc1 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sun, 13 Dec 2015 14:19:26 -0600 Subject: [PATCH 077/128] PR #60: Prepare to add Ubuntu 12.04. --- .travis.yml | 10 ++++++++-- tests/{Dockerfile.centos => Dockerfile.centos.7} | 0 tests/{Dockerfile.ubuntu => Dockerfile.ubuntu.12.04} | 0 tests/Dockerfile.ubuntu.14.04 | 10 ++++++++++ 4 files changed, 18 insertions(+), 2 deletions(-) rename tests/{Dockerfile.centos => Dockerfile.centos.7} (100%) rename tests/{Dockerfile.ubuntu => Dockerfile.ubuntu.12.04} (100%) create mode 100644 tests/Dockerfile.ubuntu.14.04 diff --git a/.travis.yml b/.travis.yml index 15ed377..3fda027 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,6 +7,12 @@ env: version: 7 init: /usr/lib/systemd/systemd run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + # Ubuntu 12.04. + # - container_id: $(mktemp) + # distribution: ubuntu + # version: 12.04 + # init: /sbin/init + # run_opts: "" # Ubuntu 14.04. - container_id: $(mktemp) distribution: ubuntu @@ -22,11 +28,11 @@ before_install: # Pull container. - "sudo docker pull ${distribution}:${version}" # Customize container. - - "sudo docker build --rm=true --file=tests/Dockerfile.${distribution} --tag=${distribution}:ansible tests" + - "sudo docker build --rm=true --file=tests/Dockerfile.${distribution}.${version} --tag=${distribution}:${version}:ansible tests" script: # Run container in detached state. - - sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}:ansible "${init}" > "${container_id}" + - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}:${version}:ansible "${init}" > "${container_id}"' # Ansible syntax check. - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check' diff --git a/tests/Dockerfile.centos b/tests/Dockerfile.centos.7 similarity index 100% rename from tests/Dockerfile.centos rename to tests/Dockerfile.centos.7 diff --git a/tests/Dockerfile.ubuntu b/tests/Dockerfile.ubuntu.12.04 similarity index 100% rename from tests/Dockerfile.ubuntu rename to tests/Dockerfile.ubuntu.12.04 diff --git a/tests/Dockerfile.ubuntu.14.04 b/tests/Dockerfile.ubuntu.14.04 new file mode 100644 index 0000000..1475a46 --- /dev/null +++ b/tests/Dockerfile.ubuntu.14.04 @@ -0,0 +1,10 @@ +FROM ubuntu:14.04 + +# Install Ansible +RUN apt-get install -y software-properties-common git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts From 7628bd8637e6bd17e3b8d9dce04276b7a847adde Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sun, 13 Dec 2015 14:23:51 -0600 Subject: [PATCH 078/128] PR #60: Prepare to add Ubuntu 12.04 again. --- .travis.yml | 8 ++++---- tests/Dockerfile.centos.7 | 27 --------------------------- tests/Dockerfile.ubuntu.14.04 | 10 ---------- 3 files changed, 4 insertions(+), 41 deletions(-) delete mode 100644 tests/Dockerfile.centos.7 delete mode 100644 tests/Dockerfile.ubuntu.14.04 diff --git a/.travis.yml b/.travis.yml index 3fda027..303f87c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,13 +10,13 @@ env: # Ubuntu 12.04. # - container_id: $(mktemp) # distribution: ubuntu - # version: 12.04 + # version: precise # init: /sbin/init # run_opts: "" # Ubuntu 14.04. - container_id: $(mktemp) distribution: ubuntu - version: 14.04 + version: trusty init: /sbin/init run_opts: "" @@ -28,11 +28,11 @@ before_install: # Pull container. - "sudo docker pull ${distribution}:${version}" # Customize container. - - "sudo docker build --rm=true --file=tests/Dockerfile.${distribution}.${version} --tag=${distribution}:${version}:ansible tests" + - "sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests" script: # Run container in detached state. - - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}:${version}:ansible "${init}" > "${container_id}"' + - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' # Ansible syntax check. - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check' diff --git a/tests/Dockerfile.centos.7 b/tests/Dockerfile.centos.7 deleted file mode 100644 index 8aa0654..0000000 --- a/tests/Dockerfile.centos.7 +++ /dev/null @@ -1,27 +0,0 @@ -FROM centos:7 - -# Install systemd -- See https://hub.docker.com/_/centos/ -RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs -RUN yum -y update; yum clean all; \ -(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ -rm -f /lib/systemd/system/multi-user.target.wants/*; \ -rm -f /etc/systemd/system/*.wants/*; \ -rm -f /lib/systemd/system/local-fs.target.wants/*; \ -rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ -rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ -rm -f /lib/systemd/system/basic.target.wants/*; \ -rm -f /lib/systemd/system/anaconda.target.wants/*; - -# Install Ansible -RUN yum -y install epel-release -RUN yum -y install git ansible sudo -RUN yum clean all - -# Disable requiretty -RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers - -# Install Ansible inventory file -RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts - -VOLUME ["/sys/fs/cgroup"] -CMD ["/usr/sbin/init"] diff --git a/tests/Dockerfile.ubuntu.14.04 b/tests/Dockerfile.ubuntu.14.04 deleted file mode 100644 index 1475a46..0000000 --- a/tests/Dockerfile.ubuntu.14.04 +++ /dev/null @@ -1,10 +0,0 @@ -FROM ubuntu:14.04 - -# Install Ansible -RUN apt-get install -y software-properties-common git -RUN apt-add-repository -y ppa:ansible/ansible -RUN apt-get update -RUN apt-get install -y ansible - -# Install Ansible inventory file -RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts From 219cd5feacb450c1435f5dc5b7982bd20afcb170 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sun, 13 Dec 2015 14:27:47 -0600 Subject: [PATCH 079/128] PR #60: Prepare to add Ubuntu 12.04 a third time. --- .travis.yml | 6 +++--- tests/Dockerfile.ubuntu.12.04 | 10 ---------- 2 files changed, 3 insertions(+), 13 deletions(-) delete mode 100644 tests/Dockerfile.ubuntu.12.04 diff --git a/.travis.yml b/.travis.yml index 303f87c..cdb8a7a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,7 +4,7 @@ env: # CentOS 7. - container_id: $(mktemp) distribution: centos - version: 7 + version: "7" init: /usr/lib/systemd/systemd run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" # Ubuntu 12.04. @@ -28,11 +28,11 @@ before_install: # Pull container. - "sudo docker pull ${distribution}:${version}" # Customize container. - - "sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests" + - "sudo docker build --rm=true --file=tests/Dockerfile.${distribution}${version} --tag=${distribution}${version}:ansible tests" script: # Run container in detached state. - - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' + - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}${version}:ansible "${init}" > "${container_id}"' # Ansible syntax check. - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check' diff --git a/tests/Dockerfile.ubuntu.12.04 b/tests/Dockerfile.ubuntu.12.04 deleted file mode 100644 index 1475a46..0000000 --- a/tests/Dockerfile.ubuntu.12.04 +++ /dev/null @@ -1,10 +0,0 @@ -FROM ubuntu:14.04 - -# Install Ansible -RUN apt-get install -y software-properties-common git -RUN apt-add-repository -y ppa:ansible/ansible -RUN apt-get update -RUN apt-get install -y ansible - -# Install Ansible inventory file -RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts From 28274b530f30bd98db5d404d8c19681247fab669 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sun, 13 Dec 2015 14:30:05 -0600 Subject: [PATCH 080/128] PR #60: Back to a working state, will debug locally. --- .travis.yml | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/.travis.yml b/.travis.yml index cdb8a7a..d74e515 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,19 +4,14 @@ env: # CentOS 7. - container_id: $(mktemp) distribution: centos - version: "7" + version: 7 init: /usr/lib/systemd/systemd run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" - # Ubuntu 12.04. - # - container_id: $(mktemp) - # distribution: ubuntu - # version: precise - # init: /sbin/init - # run_opts: "" + # Ubuntu 14.04. - container_id: $(mktemp) distribution: ubuntu - version: trusty + version: 14.04 init: /sbin/init run_opts: "" @@ -28,11 +23,11 @@ before_install: # Pull container. - "sudo docker pull ${distribution}:${version}" # Customize container. - - "sudo docker build --rm=true --file=tests/Dockerfile.${distribution}${version} --tag=${distribution}${version}:ansible tests" + - "sudo docker build --rm=true --file=tests/Dockerfile.${distribution} --tag=${distribution}:ansible tests" script: # Run container in detached state. - - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}${version}:ansible "${init}" > "${container_id}"' + - sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}:ansible "${init}" > "${container_id}" # Ansible syntax check. - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check' From a3f86ab91268daa6c1a49801e72437b5eece2bf5 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sun, 13 Dec 2015 14:30:46 -0600 Subject: [PATCH 081/128] PR #60: Back to a working state, will debug locally. --- tests/Dockerfile.centos | 27 +++++++++++++++++++++++++++ tests/Dockerfile.ubuntu | 10 ++++++++++ 2 files changed, 37 insertions(+) create mode 100644 tests/Dockerfile.centos create mode 100644 tests/Dockerfile.ubuntu diff --git a/tests/Dockerfile.centos b/tests/Dockerfile.centos new file mode 100644 index 0000000..8aa0654 --- /dev/null +++ b/tests/Dockerfile.centos @@ -0,0 +1,27 @@ +FROM centos:7 + +# Install systemd -- See https://hub.docker.com/_/centos/ +RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs +RUN yum -y update; yum clean all; \ +(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ +rm -f /lib/systemd/system/multi-user.target.wants/*; \ +rm -f /etc/systemd/system/*.wants/*; \ +rm -f /lib/systemd/system/local-fs.target.wants/*; \ +rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ +rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ +rm -f /lib/systemd/system/basic.target.wants/*; \ +rm -f /lib/systemd/system/anaconda.target.wants/*; + +# Install Ansible +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +VOLUME ["/sys/fs/cgroup"] +CMD ["/usr/sbin/init"] diff --git a/tests/Dockerfile.ubuntu b/tests/Dockerfile.ubuntu new file mode 100644 index 0000000..1475a46 --- /dev/null +++ b/tests/Dockerfile.ubuntu @@ -0,0 +1,10 @@ +FROM ubuntu:14.04 + +# Install Ansible +RUN apt-get install -y software-properties-common git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts From 1b64ceefbb9ab07b306f14791c577836a6318f8a Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sun, 13 Dec 2015 15:07:40 -0600 Subject: [PATCH 082/128] Issue #61: Attempt to set dockerfile name via varaible. --- .travis.yml | 4 +++- tests/{Dockerfile.centos => Dockerfile.centos-7} | 0 tests/{Dockerfile.ubuntu => Dockerfile.ubuntu-14} | 0 3 files changed, 3 insertions(+), 1 deletion(-) rename tests/{Dockerfile.centos => Dockerfile.centos-7} (100%) rename tests/{Dockerfile.ubuntu => Dockerfile.ubuntu-14} (100%) diff --git a/.travis.yml b/.travis.yml index d74e515..d6fa544 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,6 +3,7 @@ sudo: required env: # CentOS 7. - container_id: $(mktemp) + dockerfile: Dockerfile.centos-7 distribution: centos version: 7 init: /usr/lib/systemd/systemd @@ -10,6 +11,7 @@ env: # Ubuntu 14.04. - container_id: $(mktemp) + dockerfile: Dockerfile.ubuntu-14 distribution: ubuntu version: 14.04 init: /sbin/init @@ -23,7 +25,7 @@ before_install: # Pull container. - "sudo docker pull ${distribution}:${version}" # Customize container. - - "sudo docker build --rm=true --file=tests/Dockerfile.${distribution} --tag=${distribution}:ansible tests" + - "sudo docker build --rm=true --file=tests/${dockerfile} --tag=${distribution}:ansible tests" script: # Run container in detached state. diff --git a/tests/Dockerfile.centos b/tests/Dockerfile.centos-7 similarity index 100% rename from tests/Dockerfile.centos rename to tests/Dockerfile.centos-7 diff --git a/tests/Dockerfile.ubuntu b/tests/Dockerfile.ubuntu-14 similarity index 100% rename from tests/Dockerfile.ubuntu rename to tests/Dockerfile.ubuntu-14 From fda9e90f9d48b5d73112dac49efca3243fb03593 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sun, 13 Dec 2015 15:29:44 -0600 Subject: [PATCH 083/128] Issue #61: Add Ubuntu 12.04 and rearrange env vars for readability. --- .travis.yml | 20 ++++++++++++++------ tests/Dockerfile.ubuntu-12 | 10 ++++++++++ 2 files changed, 24 insertions(+), 6 deletions(-) create mode 100644 tests/Dockerfile.ubuntu-12 diff --git a/.travis.yml b/.travis.yml index d6fa544..b8cac51 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,18 +2,26 @@ sudo: required env: # CentOS 7. - - container_id: $(mktemp) - dockerfile: Dockerfile.centos-7 - distribution: centos + - distribution: centos version: 7 + container_id: $(mktemp) + dockerfile: Dockerfile.centos-7 init: /usr/lib/systemd/systemd run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + # Ubuntu 12.04. + - distribution: ubuntu + version: 12.04 + container_id: $(mktemp) + dockerfile: Dockerfile.ubuntu-12 + init: /sbin/init + run_opts: "" + # Ubuntu 14.04. - - container_id: $(mktemp) - dockerfile: Dockerfile.ubuntu-14 - distribution: ubuntu + - distribution: ubuntu version: 14.04 + container_id: $(mktemp) + dockerfile: Dockerfile.ubuntu-14 init: /sbin/init run_opts: "" diff --git a/tests/Dockerfile.ubuntu-12 b/tests/Dockerfile.ubuntu-12 new file mode 100644 index 0000000..8e326d5 --- /dev/null +++ b/tests/Dockerfile.ubuntu-12 @@ -0,0 +1,10 @@ +FROM ubuntu:12.04 + +# Install Ansible +RUN apt-get install -y software-properties-common git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible + +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts From c1f932a6418313c71af8cf7ef767a4f158e74a62 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sun, 13 Dec 2015 15:33:07 -0600 Subject: [PATCH 084/128] Issue #61: Ensure apt-add-repository is present on Ubuntu 12.04. --- tests/Dockerfile.ubuntu-12 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/Dockerfile.ubuntu-12 b/tests/Dockerfile.ubuntu-12 index 8e326d5..35ca2c6 100644 --- a/tests/Dockerfile.ubuntu-12 +++ b/tests/Dockerfile.ubuntu-12 @@ -1,5 +1,8 @@ FROM ubuntu:12.04 +# Add `apt-add-repository`. +sudo apt-get install python-software-properties + # Install Ansible RUN apt-get install -y software-properties-common git RUN apt-add-repository -y ppa:ansible/ansible From 1526d4f74c5c17fa0a4639ed80603a0a81c41d8f Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sun, 13 Dec 2015 15:37:43 -0600 Subject: [PATCH 085/128] Issue #61: Dockerfile, not shell script. --- tests/Dockerfile.ubuntu-12 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Dockerfile.ubuntu-12 b/tests/Dockerfile.ubuntu-12 index 35ca2c6..be76319 100644 --- a/tests/Dockerfile.ubuntu-12 +++ b/tests/Dockerfile.ubuntu-12 @@ -1,7 +1,7 @@ FROM ubuntu:12.04 # Add `apt-add-repository`. -sudo apt-get install python-software-properties +RUN apt-get install python-software-properties # Install Ansible RUN apt-get install -y software-properties-common git From a24482638bad9b806a8b2a5bffea66d9f2c14cea Mon Sep 17 00:00:00 2001 From: Bert Van Vreckem Date: Mon, 14 Dec 2015 00:00:39 +0100 Subject: [PATCH 086/128] Add Ubuntu 12.04 as a platform to test --- .travis.yml | 31 ++++++++++--------- ...{Dockerfile.centos => Dockerfile.centos-7} | 0 tests/Dockerfile.ubuntu-12.04 | 9 ++++++ ...kerfile.ubuntu => Dockerfile.ubuntu-14.04} | 0 4 files changed, 26 insertions(+), 14 deletions(-) rename tests/{Dockerfile.centos => Dockerfile.centos-7} (100%) create mode 100644 tests/Dockerfile.ubuntu-12.04 rename tests/{Dockerfile.ubuntu => Dockerfile.ubuntu-14.04} (100%) diff --git a/.travis.yml b/.travis.yml index 0253d7d..93dfd45 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,17 +1,20 @@ sudo: required env: - - > - container_id=$(mktemp) - distribution=centos - version=7 - init=/usr/lib/systemd/systemd - run_opts="--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" - - > - container_id=$(mktemp) - distribution=ubuntu - version=14.04 - init=/sbin/init - run_opts="" + - distribution: centos + version: 7 + init: /usr/lib/systemd/systemd + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + container_id: $(mktemp) + - distribution: ubuntu + version: 14.04 + init: /sbin/init + run_opts: "" + container_id: $(mktemp) + - distribution: ubuntu + version: 12.04 + init: /sbin/init + run_opts: "" + container_id: $(mktemp) services: - docker @@ -21,7 +24,7 @@ before_install: # Pull container - sudo docker pull ${distribution}:${version} # Customize container - - sudo docker build --rm=true --file=tests/Dockerfile.${distribution} --tag=${distribution}:ansible tests + - sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests script: # @@ -29,7 +32,7 @@ script: # # Run container in detached state - - sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}:ansible "${init}" > "${container_id}" + - sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}" # Syntax check - sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check diff --git a/tests/Dockerfile.centos b/tests/Dockerfile.centos-7 similarity index 100% rename from tests/Dockerfile.centos rename to tests/Dockerfile.centos-7 diff --git a/tests/Dockerfile.ubuntu-12.04 b/tests/Dockerfile.ubuntu-12.04 new file mode 100644 index 0000000..d8b373e --- /dev/null +++ b/tests/Dockerfile.ubuntu-12.04 @@ -0,0 +1,9 @@ +FROM ubuntu:12.04 +# Install Ansible +RUN apt-get install -y software-properties-common git +RUN apt-add-repository -y ppa:ansible/ansible +RUN apt-get update +RUN apt-get install -y ansible +# Install Ansible inventory file +RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts + diff --git a/tests/Dockerfile.ubuntu b/tests/Dockerfile.ubuntu-14.04 similarity index 100% rename from tests/Dockerfile.ubuntu rename to tests/Dockerfile.ubuntu-14.04 From 5ca9ccc7c3641248042af3982be33d28567886cd Mon Sep 17 00:00:00 2001 From: Bert Van Vreckem Date: Mon, 14 Dec 2015 00:15:55 +0100 Subject: [PATCH 087/128] Install apt-add-repository --- tests/Dockerfile.ubuntu-12.04 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Dockerfile.ubuntu-12.04 b/tests/Dockerfile.ubuntu-12.04 index d8b373e..71534b6 100644 --- a/tests/Dockerfile.ubuntu-12.04 +++ b/tests/Dockerfile.ubuntu-12.04 @@ -1,6 +1,6 @@ FROM ubuntu:12.04 # Install Ansible -RUN apt-get install -y software-properties-common git +RUN apt-get install -y python-software-properties software-properties-common git RUN apt-add-repository -y ppa:ansible/ansible RUN apt-get update RUN apt-get install -y ansible From e5d0d58ffe0e9288cc4138dcf551bcd1e2289a8d Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sun, 13 Dec 2015 20:11:16 -0600 Subject: [PATCH 088/128] Issue #61: Fix Ubuntu 12.04 Dockerfile. --- tests/Dockerfile.ubuntu-12 | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/tests/Dockerfile.ubuntu-12 b/tests/Dockerfile.ubuntu-12 index be76319..40be740 100644 --- a/tests/Dockerfile.ubuntu-12 +++ b/tests/Dockerfile.ubuntu-12 @@ -1,10 +1,7 @@ FROM ubuntu:12.04 -# Add `apt-add-repository`. -RUN apt-get install python-software-properties - # Install Ansible -RUN apt-get install -y software-properties-common git +RUN apt-get install -y software-properties-common python-software-properties git RUN apt-add-repository -y ppa:ansible/ansible RUN apt-get update RUN apt-get install -y ansible From 60726db64b20b37512b03f14bb2965d4c9ab938e Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sun, 13 Dec 2015 20:20:24 -0600 Subject: [PATCH 089/128] Issue #61: Add CentOS 6. --- .travis.yml | 10 +++++++++- tests/Dockerfile.centos-6 | 11 +++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 tests/Dockerfile.centos-6 diff --git a/.travis.yml b/.travis.yml index b8cac51..d68da56 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,6 +1,14 @@ sudo: required env: + # CentOS 6. + - distribution: centos + version: 6 + container_id: $(mktemp) + dockerfile: Dockerfile.centos-6 + init: /sbin/init + run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" + # CentOS 7. - distribution: centos version: 7 @@ -37,7 +45,7 @@ before_install: script: # Run container in detached state. - - sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}:ansible "${init}" > "${container_id}" + - 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}:ansible "${init}" > "${container_id}"' # Ansible syntax check. - 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check' diff --git a/tests/Dockerfile.centos-6 b/tests/Dockerfile.centos-6 new file mode 100644 index 0000000..ab22d8c --- /dev/null +++ b/tests/Dockerfile.centos-6 @@ -0,0 +1,11 @@ +FROM centos:6 + +# Install Ansible +RUN rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm +RUN yum install -y ansible + +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts From 533703d32d597a00f7f0f5658e2c1bb269c78eb3 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sun, 13 Dec 2015 20:22:55 -0600 Subject: [PATCH 090/128] Issue #61: Make CentOS 6 work. --- tests/Dockerfile.centos-6 | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/Dockerfile.centos-6 b/tests/Dockerfile.centos-6 index ab22d8c..e6b4f44 100644 --- a/tests/Dockerfile.centos-6 +++ b/tests/Dockerfile.centos-6 @@ -4,8 +4,5 @@ FROM centos:6 RUN rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm RUN yum install -y ansible -# Disable requiretty -RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers - # Install Ansible inventory file RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts From f696c0c89d34a1364b71b84f8c5cffb216b41e73 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sun, 13 Dec 2015 20:34:08 -0600 Subject: [PATCH 091/128] Issue #61: Make CentOS 6 work x2. --- tests/Dockerfile.centos-6 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/Dockerfile.centos-6 b/tests/Dockerfile.centos-6 index e6b4f44..bad0cc6 100644 --- a/tests/Dockerfile.centos-6 +++ b/tests/Dockerfile.centos-6 @@ -6,3 +6,5 @@ RUN yum install -y ansible # Install Ansible inventory file RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts + +CMD ["/sbin/init"] From 91a0a99f0af77724ceb8f095890453f45a74d6d0 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sun, 13 Dec 2015 20:39:36 -0600 Subject: [PATCH 092/128] Issue #61: Looks like CentOS 6 will be a no-go. --- .travis.yml | 8 -------- tests/Dockerfile.centos-6 | 10 ---------- 2 files changed, 18 deletions(-) delete mode 100644 tests/Dockerfile.centos-6 diff --git a/.travis.yml b/.travis.yml index d68da56..ad9f33a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,14 +1,6 @@ sudo: required env: - # CentOS 6. - - distribution: centos - version: 6 - container_id: $(mktemp) - dockerfile: Dockerfile.centos-6 - init: /sbin/init - run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" - # CentOS 7. - distribution: centos version: 7 diff --git a/tests/Dockerfile.centos-6 b/tests/Dockerfile.centos-6 deleted file mode 100644 index bad0cc6..0000000 --- a/tests/Dockerfile.centos-6 +++ /dev/null @@ -1,10 +0,0 @@ -FROM centos:6 - -# Install Ansible -RUN rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm -RUN yum install -y ansible - -# Install Ansible inventory file -RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts - -CMD ["/sbin/init"] From 7c41dd113e92a844ebd9c91462e94dedcef63eba Mon Sep 17 00:00:00 2001 From: Bert Van Vreckem Date: Mon, 14 Dec 2015 07:18:01 +0100 Subject: [PATCH 093/128] Added Centos 6 as target platform --- .travis.yml | 5 +++++ tests/Dockerfile.centos-6 | 11 +++++++++++ 2 files changed, 16 insertions(+) create mode 100644 tests/Dockerfile.centos-6 diff --git a/.travis.yml b/.travis.yml index 93dfd45..425627c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,5 +1,10 @@ sudo: required env: + - distribution: centos + version: 6 + init: /sbin/init + run_opts: "" + container_id: $(mktemp) - distribution: centos version: 7 init: /usr/lib/systemd/systemd diff --git a/tests/Dockerfile.centos-6 b/tests/Dockerfile.centos-6 new file mode 100644 index 0000000..ccffa0b --- /dev/null +++ b/tests/Dockerfile.centos-6 @@ -0,0 +1,11 @@ +FROM centos:6 +RUN yum -y update; yum clean all; +RUN yum -y install epel-release +RUN yum -y install git ansible sudo +RUN yum clean all +# Disable requiretty +RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers +# Install Ansible inventory file +RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts +CMD ["/usr/sbin/init"] + From a4746557a4948abfcc47a8b44cadac940c0e44c4 Mon Sep 17 00:00:00 2001 From: Bert Van Vreckem Date: Mon, 14 Dec 2015 08:59:26 +0100 Subject: [PATCH 094/128] Delete --- tests/Dockerfile.ubuntu-12 | 13 ------------- 1 file changed, 13 deletions(-) delete mode 100644 tests/Dockerfile.ubuntu-12 diff --git a/tests/Dockerfile.ubuntu-12 b/tests/Dockerfile.ubuntu-12 deleted file mode 100644 index be76319..0000000 --- a/tests/Dockerfile.ubuntu-12 +++ /dev/null @@ -1,13 +0,0 @@ -FROM ubuntu:12.04 - -# Add `apt-add-repository`. -RUN apt-get install python-software-properties - -# Install Ansible -RUN apt-get install -y software-properties-common git -RUN apt-add-repository -y ppa:ansible/ansible -RUN apt-get update -RUN apt-get install -y ansible - -# Install Ansible inventory file -RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts From 3a993606b22d1162ecea3a8f595b3d17410a8450 Mon Sep 17 00:00:00 2001 From: Bert Van Vreckem Date: Mon, 14 Dec 2015 09:07:17 +0100 Subject: [PATCH 095/128] Remove container_id from env: --- .travis.yml | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/.travis.yml b/.travis.yml index 6e484ce..07e4c6a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,26 +1,22 @@ sudo: required env: - - distribution: centos - version: 6 - init: /sbin/init - run_opts: "" - container_id: $(mktemp) + - distribution: centos # Linux distribution + version: 6 # Distribution version + init: /sbin/init # Path to init executable (differs for SysVInit/Systemd) + run_opts: "" # Additional options for running the Docker container - distribution: centos version: 7 init: /usr/lib/systemd/systemd run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" - container_id: $(mktemp) - distribution: ubuntu version: 14.04 init: /sbin/init run_opts: "" - container_id: $(mktemp) - distribution: ubuntu version: 12.04 init: /sbin/init run_opts: "" - container_id: $(mktemp) services: - docker @@ -37,6 +33,7 @@ script: # Run test playbook # + - container_id=$(mktemp) # Run container in detached state - sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}" From 7a15ff5fd63b88c93329685b096bf7332d224a75 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Mon, 14 Dec 2015 08:38:39 -0600 Subject: [PATCH 096/128] PR #61: Consistency in Dockerfile formatting. --- tests/Dockerfile.centos-6 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/Dockerfile.centos-6 b/tests/Dockerfile.centos-6 index ccffa0b..4a4e7b8 100644 --- a/tests/Dockerfile.centos-6 +++ b/tests/Dockerfile.centos-6 @@ -1,11 +1,15 @@ FROM centos:6 + +# Install Ansible RUN yum -y update; yum clean all; RUN yum -y install epel-release RUN yum -y install git ansible sudo RUN yum clean all + # Disable requiretty RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers + # Install Ansible inventory file RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts -CMD ["/usr/sbin/init"] +CMD ["/usr/sbin/init"] From a8e0f1c72ac7456847e811bb97101000af2e51b8 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Mon, 14 Dec 2015 09:13:01 -0600 Subject: [PATCH 097/128] Bypass updating apt while Travis is having a bad day. --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index e75f770..38bb7f5 100644 --- a/.travis.yml +++ b/.travis.yml @@ -22,7 +22,7 @@ services: - docker before_install: - - sudo apt-get update + # - sudo apt-get update # Pull container - 'sudo docker pull ${distribution}:${version}' # Customize container From 2387c79d756506775f01def749dae6dad7029b35 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Mon, 14 Dec 2015 09:17:30 -0600 Subject: [PATCH 098/128] Fix a couple missed merge conflicts. --- tests/Dockerfile.ubuntu-12.04 | 7 +------ tests/Dockerfile.ubuntu-14.04 | 3 ++- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/tests/Dockerfile.ubuntu-12.04 b/tests/Dockerfile.ubuntu-12.04 index acd0a84..40be740 100644 --- a/tests/Dockerfile.ubuntu-12.04 +++ b/tests/Dockerfile.ubuntu-12.04 @@ -1,15 +1,10 @@ FROM ubuntu:12.04 -<<<<<<< HEAD:tests/Dockerfile.ubuntu-12 # Install Ansible RUN apt-get install -y software-properties-common python-software-properties git -======= -# Install Ansible -RUN apt-get install -y python-software-properties software-properties-common git ->>>>>>> 3a993606b22d1162ecea3a8f595b3d17410a8450:tests/Dockerfile.ubuntu-12.04 RUN apt-add-repository -y ppa:ansible/ansible RUN apt-get update RUN apt-get install -y ansible + # Install Ansible inventory file RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts - diff --git a/tests/Dockerfile.ubuntu-14.04 b/tests/Dockerfile.ubuntu-14.04 index 3dd5383..1475a46 100644 --- a/tests/Dockerfile.ubuntu-14.04 +++ b/tests/Dockerfile.ubuntu-14.04 @@ -1,9 +1,10 @@ FROM ubuntu:14.04 + # Install Ansible RUN apt-get install -y software-properties-common git RUN apt-add-repository -y ppa:ansible/ansible RUN apt-get update RUN apt-get install -y ansible + # Install Ansible inventory file RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts - From 55a5b2d07fc707c78a157e2b811c42b80dbda5c1 Mon Sep 17 00:00:00 2001 From: liquidat Date: Tue, 29 Dec 2015 21:57:25 +0100 Subject: [PATCH 099/128] Prepare role when service differs from daemon name - introduce new apache_service in addition to apache_daemon for systems where service name is different from daemon name - replace apache_daemon by apache_service in service status check --- tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/main.yml b/tasks/main.yml index 58fb930..8fb7caa 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -41,6 +41,6 @@ - name: Ensure Apache has selected state and enabled on boot. service: - name: "{{ apache_daemon }}" + name: "{{ apache_service }}" state: "{{ apache_state }}" enabled: yes From 8393eef81e95b08fa74877884a9ad4ac7459310a Mon Sep 17 00:00:00 2001 From: liquidat Date: Tue, 29 Dec 2015 22:09:09 +0100 Subject: [PATCH 100/128] Prepare Debian and Red Hat vars for apache_service - add apache_service variable with same content as apache_daemon --- vars/Debian.yml | 1 + vars/RedHat.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/vars/Debian.yml b/vars/Debian.yml index 7eb18ec..7ff09c5 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -1,4 +1,5 @@ --- +apache_service: apache2 apache_daemon: apache2 apache_daemon_path: /usr/sbin/ apache_server_root: /etc/apache2 diff --git a/vars/RedHat.yml b/vars/RedHat.yml index 72aa3d2..32f5bd2 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -1,4 +1,5 @@ --- +apache_service: httpd apache_daemon: httpd apache_daemon_path: /usr/sbin/ apache_server_root: /etc/httpd From 18099303cd8e43888bfa997965b71bb3f4e88355 Mon Sep 17 00:00:00 2001 From: liquidat Date: Tue, 29 Dec 2015 22:09:41 +0100 Subject: [PATCH 101/128] Add Solaris variables --- vars/Solaris.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 vars/Solaris.yml diff --git a/vars/Solaris.yml b/vars/Solaris.yml new file mode 100644 index 0000000..351fefa --- /dev/null +++ b/vars/Solaris.yml @@ -0,0 +1,19 @@ +--- +apache_service: apache24 +apache_daemon: httpd +apache_daemon_path: /usr/apache2/2.4/bin/ +apache_server_root: /etc/apache2/2.4/ +apache_conf_path: /etc/apache2/2.4/conf.d + +apache_vhosts_version: "2.2" + +__apache_packages: + - web/server/apache-24 + - web/server/apache-24/module/apache-ssl + - web/server/apache-24/module/apache-security + +apache_ports_configuration_items: + - regexp: "^Listen " + line: "Listen {{ apache_listen_port }}" + - regexp: "^#?NameVirtualHost " + line: "NameVirtualHost *:{{ apache_listen_port }}" From d472d0881d424e0e377e5294d7d8caf0376f5054 Mon Sep 17 00:00:00 2001 From: liquidat Date: Tue, 29 Dec 2015 22:03:26 +0100 Subject: [PATCH 102/128] Add Solaris configuration - add Solaris os family to main role definition - add Solaris setup file - add Solaris configuration --- tasks/configure-Solaris.yml | 19 +++++++++++++++++++ tasks/main.yml | 3 +++ tasks/setup-Solaris.yml | 6 ++++++ 3 files changed, 28 insertions(+) create mode 100644 tasks/configure-Solaris.yml create mode 100644 tasks/setup-Solaris.yml diff --git a/tasks/configure-Solaris.yml b/tasks/configure-Solaris.yml new file mode 100644 index 0000000..695a9cf --- /dev/null +++ b/tasks/configure-Solaris.yml @@ -0,0 +1,19 @@ +--- +- name: Configure Apache. + lineinfile: + dest: "{{ apache_server_root }}/conf/{{ apache_daemon }}.conf" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present + with_items: apache_ports_configuration_items + notify: restart apache + +- name: Add apache vhosts configuration. + template: + src: "vhosts-{{ apache_vhosts_version }}.conf.j2" + dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}" + owner: root + group: root + mode: 0644 + notify: restart apache + when: apache_create_vhosts diff --git a/tasks/main.yml b/tasks/main.yml index 8fb7caa..1b712c0 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -15,6 +15,9 @@ - include: setup-Debian.yml when: ansible_os_family == 'Debian' +- include: setup-Solaris.yml + when: ansible_os_family == 'Solaris' + # Figure out what version of Apache is installed. - name: Get installed version of Apache. shell: "{{ apache_daemon_path }}{{ apache_daemon }} -v" diff --git a/tasks/setup-Solaris.yml b/tasks/setup-Solaris.yml new file mode 100644 index 0000000..185470a --- /dev/null +++ b/tasks/setup-Solaris.yml @@ -0,0 +1,6 @@ +--- +- name: Ensure Apache is installed. + pkg5: + name: "{{ item }}" + state: installed + with_items: apache_packages From b0e6b7ed5a5ca1660cbffa1cd3e809ef2523225f Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Tue, 29 Dec 2015 16:46:39 -0600 Subject: [PATCH 103/128] Always run apt-get update inside Docker containers. --- tests/Dockerfile.ubuntu-12.04 | 1 + tests/Dockerfile.ubuntu-14.04 | 1 + 2 files changed, 2 insertions(+) diff --git a/tests/Dockerfile.ubuntu-12.04 b/tests/Dockerfile.ubuntu-12.04 index 40be740..d0c130c 100644 --- a/tests/Dockerfile.ubuntu-12.04 +++ b/tests/Dockerfile.ubuntu-12.04 @@ -1,4 +1,5 @@ FROM ubuntu:12.04 +RUN apt-get update # Install Ansible RUN apt-get install -y software-properties-common python-software-properties git diff --git a/tests/Dockerfile.ubuntu-14.04 b/tests/Dockerfile.ubuntu-14.04 index 1475a46..ca33287 100644 --- a/tests/Dockerfile.ubuntu-14.04 +++ b/tests/Dockerfile.ubuntu-14.04 @@ -1,4 +1,5 @@ FROM ubuntu:14.04 +RUN apt-get update # Install Ansible RUN apt-get install -y software-properties-common git From 8bcd140b27dc299d22177d3bb02133f51dd9cb01 Mon Sep 17 00:00:00 2001 From: liquidat Date: Sat, 2 Jan 2016 20:42:43 +0100 Subject: [PATCH 104/128] Add Solaris as platform - add Solaris as platform in meta/main.yml - version: 11.3 - add Solaris in description in meta/main.yml --- meta/main.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/meta/main.yml b/meta/main.yml index 297842f..984731c 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -3,7 +3,7 @@ dependencies: [] galaxy_info: author: geerlingguy - description: Apache 2.x for RedHat/CentOS/Debian/Ubuntu. + description: Apache 2.x for RedHat/CentOS/Debian/Ubuntu/Solaris. company: "Midwestern Mac, LLC" license: "license (BSD, MIT)" min_ansible_version: 1.4 @@ -20,5 +20,8 @@ galaxy_info: - raring - saucy - trusty + - name: Solaris + versions: + - 11.3 categories: - web From c627b6c29376a5a1c1853c9b1839db81a5fa1c9f Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Tue, 29 Dec 2015 16:46:39 -0600 Subject: [PATCH 105/128] Always run apt-get update inside Docker containers. --- tests/Dockerfile.ubuntu-12.04 | 1 + tests/Dockerfile.ubuntu-14.04 | 1 + 2 files changed, 2 insertions(+) diff --git a/tests/Dockerfile.ubuntu-12.04 b/tests/Dockerfile.ubuntu-12.04 index 40be740..d0c130c 100644 --- a/tests/Dockerfile.ubuntu-12.04 +++ b/tests/Dockerfile.ubuntu-12.04 @@ -1,4 +1,5 @@ FROM ubuntu:12.04 +RUN apt-get update # Install Ansible RUN apt-get install -y software-properties-common python-software-properties git diff --git a/tests/Dockerfile.ubuntu-14.04 b/tests/Dockerfile.ubuntu-14.04 index 1475a46..ca33287 100644 --- a/tests/Dockerfile.ubuntu-14.04 +++ b/tests/Dockerfile.ubuntu-14.04 @@ -1,4 +1,5 @@ FROM ubuntu:14.04 +RUN apt-get update # Install Ansible RUN apt-get install -y software-properties-common git From 2f9c001145a12255432eda38fa29f107f25ef25b Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sat, 2 Jan 2016 22:25:49 -0600 Subject: [PATCH 106/128] Fixes #28: Allow for virtualhost without documentroot. --- templates/vhosts-2.2.conf.j2 | 2 ++ templates/vhosts-2.4.conf.j2 | 2 ++ 2 files changed, 4 insertions(+) diff --git a/templates/vhosts-2.2.conf.j2 b/templates/vhosts-2.2.conf.j2 index 3368d65..6fd67aa 100644 --- a/templates/vhosts-2.2.conf.j2 +++ b/templates/vhosts-2.2.conf.j2 @@ -7,7 +7,9 @@ {% if vhost.serveralias is defined %} ServerAlias {{ vhost.serveralias }} {% endif %} +{% if vhost.documentroot is defined %} DocumentRoot {{ vhost.documentroot }} +{% endif %} {% if vhost.serveradmin is defined %} ServerAdmin {{ vhost.serveradmin }} diff --git a/templates/vhosts-2.4.conf.j2 b/templates/vhosts-2.4.conf.j2 index 3151a59..602cf3f 100644 --- a/templates/vhosts-2.4.conf.j2 +++ b/templates/vhosts-2.4.conf.j2 @@ -7,7 +7,9 @@ {% if vhost.serveralias is defined %} ServerAlias {{ vhost.serveralias }} {% endif %} +{% if vhost.documentroot is defined %} DocumentRoot {{ vhost.documentroot }} +{% endif %} {% if vhost.serveradmin is defined %} ServerAdmin {{ vhost.serveradmin }} From 554c74730ccf45fd0f76ad10b62f5c44fa684c0d Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sat, 2 Jan 2016 22:46:25 -0600 Subject: [PATCH 107/128] Actually fixes #28: Allow for virtualhost without documentroot. --- templates/vhosts-2.2.conf.j2 | 6 ++++++ templates/vhosts-2.4.conf.j2 | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/templates/vhosts-2.2.conf.j2 b/templates/vhosts-2.2.conf.j2 index 6fd67aa..4f922f4 100644 --- a/templates/vhosts-2.2.conf.j2 +++ b/templates/vhosts-2.2.conf.j2 @@ -14,12 +14,14 @@ {% if vhost.serveradmin is defined %} ServerAdmin {{ vhost.serveradmin }} {% endif %} +{% if vhost.documentroot is defined %} AllowOverride All Options -Indexes FollowSymLinks Order allow,deny Allow from all +{% endif %} {% if vhost.extra_parameters is defined %} {{ vhost.extra_parameters }} {% endif %} @@ -34,7 +36,9 @@ {% if vhost.serveralias is defined %} ServerAlias {{ vhost.serveralias }} {% endif %} +{% if vhost.documentroot is defined %} DocumentRoot {{ vhost.documentroot }} +{% endif %} SSLEngine on SSLCipherSuite {{ apache_ssl_cipher_suite }} @@ -49,12 +53,14 @@ {% if vhost.serveradmin is defined %} ServerAdmin {{ vhost.serveradmin }} {% endif %} +{% if vhost.documentroot is defined %} AllowOverride All Options -Indexes FollowSymLinks Order allow,deny Allow from all +{% endif %} {% if vhost.extra_parameters is defined %} {{ vhost.extra_parameters }} {% endif %} diff --git a/templates/vhosts-2.4.conf.j2 b/templates/vhosts-2.4.conf.j2 index 602cf3f..fe1b3b8 100644 --- a/templates/vhosts-2.4.conf.j2 +++ b/templates/vhosts-2.4.conf.j2 @@ -14,11 +14,13 @@ {% if vhost.serveradmin is defined %} ServerAdmin {{ vhost.serveradmin }} {% endif %} +{% if vhost.documentroot is defined %} AllowOverride All Options -Indexes +FollowSymLinks Require all granted +{% endif %} {% if vhost.extra_parameters is defined %} {{ vhost.extra_parameters }} {% endif %} @@ -33,7 +35,9 @@ {% if vhost.serveralias is defined %} ServerAlias {{ vhost.serveralias }} {% endif %} +{% if vhost.documentroot is defined %} DocumentRoot {{ vhost.documentroot }} +{% endif %} SSLEngine on SSLCipherSuite {{ apache_ssl_cipher_suite }} @@ -49,11 +53,13 @@ {% if vhost.serveradmin is defined %} ServerAdmin {{ vhost.serveradmin }} {% endif %} +{% if vhost.documentroot is defined %} AllowOverride All Options -Indexes +FollowSymLinks Require all granted +{% endif %} {% if vhost.extra_parameters is defined %} {{ vhost.extra_parameters }} {% endif %} From 6e5b5bdadb5270a9d2aa9f851d4e7bf2fe5ce73b Mon Sep 17 00:00:00 2001 From: liquidat Date: Thu, 14 Jan 2016 10:35:04 +0100 Subject: [PATCH 108/128] Add configure Solaris part --- tasks/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tasks/main.yml b/tasks/main.yml index 1b712c0..d60a115 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -42,6 +42,9 @@ - include: configure-Debian.yml when: ansible_os_family == 'Debian' +- include: configure-Solaris.yml + when: ansible_os_family == 'Solaris' + - name: Ensure Apache has selected state and enabled on boot. service: name: "{{ apache_service }}" From 49f6feb4d90e83f65908d21f22209ef81c3a59cb Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Thu, 14 Jan 2016 21:04:09 -0600 Subject: [PATCH 109/128] Add notes about using geerlingguy.apache-php-fpm role with this role. --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index cd4ade4..f173879 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,8 @@ An Ansible Role that installs Apache 2.x on RHEL/CentOS and Debian/Ubuntu. If you are using SSL/TLS, you will need to provide your own certificate and key files. You can generate a self-signed certificate with a command like `openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout example.key -out example.crt`. +If you are using Apache with PHP, I recommend using the `geerlingguy.php` role to install PHP, and you can either use mod_php (by adding the proper package, e.g. `libapache2-mod-php5` for Ubuntu, to `php_packages`), or by also using `geerlingguy.apache-php-fpm` to connect Apache to PHP via FPM. See that role's README for more info. + ## Role Variables Available variables are listed below, along with default values (see `defaults/main.yml`): From 097ddd2eb46c2cd74142a1bf519486e15f4408ea Mon Sep 17 00:00:00 2001 From: Andreas Wolf Date: Sat, 16 Jan 2016 16:55:07 +0100 Subject: [PATCH 110/128] Only create vHosts if certificate exists --- README.md | 4 ++++ defaults/main.yml | 2 ++ tasks/configure-Debian.yml | 5 +++++ tasks/configure-RedHat.yml | 5 +++++ templates/vhosts-2.4.conf.j2 | 2 ++ 5 files changed, 18 insertions(+) diff --git a/README.md b/README.md index f173879..d9bf1b9 100644 --- a/README.md +++ b/README.md @@ -92,6 +92,10 @@ The list of packages to be installed. This defaults to a set of platform-specifi Set initial Apache daemon state to be enforced when this role is run. This should generally remain `started`, but you can set it to `stopped` if you need to fix the Apache config during a playbook run or otherwise would not like Apache started at the time this role is run. + apache_ignore_missing_ssl_certificate: true + +Create SSL vHosts regardless of whether their certificate exists or not. It might be handy to set this to `false` if you e.g. use Let’s encrypt, which triggers certificate generation with a running webserver. You might need to run your playbook multiple times to really get all SSL vHosts going if another part of your playbook takes care of certificate generation. (but OTOH Apache won’t complain about missing certificates anymore). + ## Dependencies None. diff --git a/defaults/main.yml b/defaults/main.yml index d827d1a..84f95a3 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -28,6 +28,8 @@ apache_vhosts_ssl: [] # # Optional. # certificate_chain_file: "/path/to/certificate_chain.crt" +apache_ignore_missing_ssl_certificate: true + apache_ssl_protocol: "All -SSLv2 -SSLv3" apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH" diff --git a/tasks/configure-Debian.yml b/tasks/configure-Debian.yml index b39e191..8a3abfe 100644 --- a/tasks/configure-Debian.yml +++ b/tasks/configure-Debian.yml @@ -23,6 +23,11 @@ with_items: apache_mods_disabled notify: restart apache +- name: Check whether certificates defined in vhosts exist. + stat: path={{ item.certificate_file }} + register: apache_ssl_certificates + with_items: apache_vhosts_ssl + - name: Add apache vhosts configuration. template: src: "vhosts-{{ apache_vhosts_version }}.conf.j2" diff --git a/tasks/configure-RedHat.yml b/tasks/configure-RedHat.yml index 695a9cf..3df9692 100644 --- a/tasks/configure-RedHat.yml +++ b/tasks/configure-RedHat.yml @@ -8,6 +8,11 @@ with_items: apache_ports_configuration_items notify: restart apache +- name: Check whether certificates defined in vhosts exist. + stat: path={{ item.certificate_file }} + register: apache_ssl_certificates + with_items: apache_vhosts_ssl + - name: Add apache vhosts configuration. template: src: "vhosts-{{ apache_vhosts_version }}.conf.j2" diff --git a/templates/vhosts-2.4.conf.j2 b/templates/vhosts-2.4.conf.j2 index fe1b3b8..c120fc2 100644 --- a/templates/vhosts-2.4.conf.j2 +++ b/templates/vhosts-2.4.conf.j2 @@ -30,6 +30,7 @@ {# Set up SSL VirtualHosts #} {% for vhost in apache_vhosts_ssl %} +{% if apache_ignore_missing_ssl_certificate or apache_ssl_certificates.results[loop.index0].stat.exists %} ServerName {{ vhost.servername }} {% if vhost.serveralias is defined %} @@ -65,4 +66,5 @@ {% endif %} +{% endif %} {% endfor %} From 4e1dc8434aab847b8755c9f31d423d5ca2d83d81 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Mon, 18 Jan 2016 10:40:40 -0600 Subject: [PATCH 111/128] PR #69: Adjust the wording for new variable. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d9bf1b9..a505193 100644 --- a/README.md +++ b/README.md @@ -94,7 +94,7 @@ Set initial Apache daemon state to be enforced when this role is run. This shoul apache_ignore_missing_ssl_certificate: true -Create SSL vHosts regardless of whether their certificate exists or not. It might be handy to set this to `false` if you e.g. use Let’s encrypt, which triggers certificate generation with a running webserver. You might need to run your playbook multiple times to really get all SSL vHosts going if another part of your playbook takes care of certificate generation. (but OTOH Apache won’t complain about missing certificates anymore). +If you would like to only create SSL vhosts when the vhost certificate is present (e.g. when using Let’s Encrypt), set `apache_ignore_missing_ssl_certificate` to `false`. When doing this, you might need to run your playbook more than once so all the vhosts are configured (if another part of the playbook generates the SSL certificates). ## Dependencies From 170a9c2446184130721e393dc608068d90069a34 Mon Sep 17 00:00:00 2001 From: liquidat Date: Mon, 1 Feb 2016 10:37:57 +0100 Subject: [PATCH 112/128] Add Suse support - set proper package and service name apache2 - configure given packages for Suse - install packages - start service --- tasks/configure-Suse.yml | 24 ++++++++++++++++++++++++ tasks/main.yml | 6 ++++++ tasks/setup-Suse.yml | 6 ++++++ vars/Suse.yml | 19 +++++++++++++++++++ 4 files changed, 55 insertions(+) create mode 100644 tasks/configure-Suse.yml create mode 100644 tasks/setup-Suse.yml create mode 100644 vars/Suse.yml diff --git a/tasks/configure-Suse.yml b/tasks/configure-Suse.yml new file mode 100644 index 0000000..3df9692 --- /dev/null +++ b/tasks/configure-Suse.yml @@ -0,0 +1,24 @@ +--- +- name: Configure Apache. + lineinfile: + dest: "{{ apache_server_root }}/conf/{{ apache_daemon }}.conf" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + state: present + with_items: apache_ports_configuration_items + notify: restart apache + +- name: Check whether certificates defined in vhosts exist. + stat: path={{ item.certificate_file }} + register: apache_ssl_certificates + with_items: apache_vhosts_ssl + +- name: Add apache vhosts configuration. + template: + src: "vhosts-{{ apache_vhosts_version }}.conf.j2" + dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}" + owner: root + group: root + mode: 0644 + notify: restart apache + when: apache_create_vhosts diff --git a/tasks/main.yml b/tasks/main.yml index d60a115..0715fc2 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -12,6 +12,9 @@ - include: setup-RedHat.yml when: ansible_os_family == 'RedHat' +- include: setup-Suse.yml + when: ansible_os_family == 'Suse' + - include: setup-Debian.yml when: ansible_os_family == 'Debian' @@ -39,6 +42,9 @@ - include: configure-RedHat.yml when: ansible_os_family == 'RedHat' +- include: configure-Suse.yml + when: ansible_os_family == 'Suse' + - include: configure-Debian.yml when: ansible_os_family == 'Debian' diff --git a/tasks/setup-Suse.yml b/tasks/setup-Suse.yml new file mode 100644 index 0000000..21e4967 --- /dev/null +++ b/tasks/setup-Suse.yml @@ -0,0 +1,6 @@ +--- +- name: Ensure Apache is installed. + zypper: + name: "{{ item }}" + state: installed + with_items: apache_packages diff --git a/vars/Suse.yml b/vars/Suse.yml new file mode 100644 index 0000000..38ec749 --- /dev/null +++ b/vars/Suse.yml @@ -0,0 +1,19 @@ +--- +apache_service: apache2 +apache_daemon: apache2 +apache_daemon_path: /usr/sbin/ +apache_server_root: /etc/apache2 +apache_conf_path: /etc/apache2/conf.d + +apache_vhosts_version: "2.2" + +__apache_packages: + - apache2 + - apache2-devel + - openssh + +apache_ports_configuration_items: + - regexp: "^Listen " + line: "Listen {{ apache_listen_port }}" + - regexp: "^#?NameVirtualHost " + line: "NameVirtualHost *:{{ apache_listen_port }}" From 8c39811daa5d126d6c7be2c20f050967e8f88559 Mon Sep 17 00:00:00 2001 From: liquidat Date: Mon, 1 Feb 2016 10:48:41 +0100 Subject: [PATCH 113/128] Add distribution to task name --- tasks/setup-Debian.yml | 2 +- tasks/setup-RedHat.yml | 2 +- tasks/setup-Solaris.yml | 2 +- tasks/setup-Suse.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index e6ee8ba..0d9de95 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -2,6 +2,6 @@ - name: Update apt cache. apt: update_cache=yes cache_valid_time=86400 -- name: Ensure Apache is installed. +- name: Ensure Apache is installed on Debian. apt: "name={{ item }} state=installed" with_items: apache_packages diff --git a/tasks/setup-RedHat.yml b/tasks/setup-RedHat.yml index e523b2b..09f62bd 100644 --- a/tasks/setup-RedHat.yml +++ b/tasks/setup-RedHat.yml @@ -1,5 +1,5 @@ --- -- name: Ensure Apache is installed. +- name: Ensure Apache is installed on RHEL. yum: name: "{{ item }}" state: installed diff --git a/tasks/setup-Solaris.yml b/tasks/setup-Solaris.yml index 185470a..5c322b1 100644 --- a/tasks/setup-Solaris.yml +++ b/tasks/setup-Solaris.yml @@ -1,5 +1,5 @@ --- -- name: Ensure Apache is installed. +- name: Ensure Apache is installed on Solaris. pkg5: name: "{{ item }}" state: installed diff --git a/tasks/setup-Suse.yml b/tasks/setup-Suse.yml index 21e4967..8ea7339 100644 --- a/tasks/setup-Suse.yml +++ b/tasks/setup-Suse.yml @@ -1,5 +1,5 @@ --- -- name: Ensure Apache is installed. +- name: Ensure Apache is installed on Suse. zypper: name: "{{ item }}" state: installed From 8b8d4280621c56f797db31b2339da5abdc62cc13 Mon Sep 17 00:00:00 2001 From: liquidat Date: Mon, 1 Feb 2016 10:49:03 +0100 Subject: [PATCH 114/128] Correct bin name in Suse is httpd2 --- vars/Suse.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/vars/Suse.yml b/vars/Suse.yml index 38ec749..ad26609 100644 --- a/vars/Suse.yml +++ b/vars/Suse.yml @@ -1,6 +1,6 @@ --- apache_service: apache2 -apache_daemon: apache2 +apache_daemon: httpd2 apache_daemon_path: /usr/sbin/ apache_server_root: /etc/apache2 apache_conf_path: /etc/apache2/conf.d @@ -9,7 +9,6 @@ apache_vhosts_version: "2.2" __apache_packages: - apache2 - - apache2-devel - openssh apache_ports_configuration_items: From 7aa1f2e0c8fd964c458918ebf0f020a9dcdb77a1 Mon Sep 17 00:00:00 2001 From: liquidat Date: Mon, 1 Feb 2016 11:17:20 +0100 Subject: [PATCH 115/128] Add Suse configuration and proper service handling - Suse listen configuration points to listen.conf file - service handler uses service variable --- handlers/main.yml | 2 +- tasks/configure-Suse.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index 8e7921f..25d14ec 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,5 +1,5 @@ --- - name: restart apache service: - name: "{{ apache_daemon }}" + name: "{{ apache_service }}" state: restarted diff --git a/tasks/configure-Suse.yml b/tasks/configure-Suse.yml index 3df9692..87a0c0f 100644 --- a/tasks/configure-Suse.yml +++ b/tasks/configure-Suse.yml @@ -1,7 +1,7 @@ --- - name: Configure Apache. lineinfile: - dest: "{{ apache_server_root }}/conf/{{ apache_daemon }}.conf" + dest: "{{ apache_server_root }}/listen.conf" regexp: "{{ item.regexp }}" line: "{{ item.line }}" state: present From 77a766e4fb20c72b7eec5c5b02ecf4797c635cbb Mon Sep 17 00:00:00 2001 From: liquidat Date: Mon, 1 Feb 2016 11:29:10 +0100 Subject: [PATCH 116/128] Fix configuration path in Solaris --- tasks/configure-Solaris.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/configure-Solaris.yml b/tasks/configure-Solaris.yml index 695a9cf..c5abe0b 100644 --- a/tasks/configure-Solaris.yml +++ b/tasks/configure-Solaris.yml @@ -1,7 +1,7 @@ --- - name: Configure Apache. lineinfile: - dest: "{{ apache_server_root }}/conf/{{ apache_daemon }}.conf" + dest: "{{ apache_server_root }}/{{ apache_daemon }}.conf" regexp: "{{ item.regexp }}" line: "{{ item.line }}" state: present From 1c310efaa4a469578179ea04df0ba2ab249805e6 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Mon, 1 Feb 2016 12:21:26 -0600 Subject: [PATCH 117/128] Add notifications for Galaxy. --- .travis.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.travis.yml b/.travis.yml index 38bb7f5..82d773d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -48,3 +48,6 @@ script: # Clean up - 'sudo docker stop "$(cat ${container_id})"' + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ From be4f9a20db27f8b9354bcb258a09d4654180e1ff Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Mon, 1 Feb 2016 12:22:12 -0600 Subject: [PATCH 118/128] Add note about Suse support, and fix galaxy_tags. --- meta/main.yml | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/meta/main.yml b/meta/main.yml index 984731c..25a3913 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -3,25 +3,25 @@ dependencies: [] galaxy_info: author: geerlingguy - description: Apache 2.x for RedHat/CentOS/Debian/Ubuntu/Solaris. + description: Apache 2.x for RedHat/CentOS/Debian/Ubuntu/Solaris/Suse. company: "Midwestern Mac, LLC" license: "license (BSD, MIT)" min_ansible_version: 1.4 platforms: - - name: EL - versions: - - all - - name: Debian - versions: - - all - - name: Ubuntu - versions: - - precise - - raring - - saucy - - trusty - - name: Solaris - versions: - - 11.3 - categories: + - name: EL + versions: + - all + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - precise + - raring + - saucy + - trusty + - name: Solaris + versions: + - 11.3 + galaxy_tags: - web From 656dc8a252d7c38647b66b10802af22177cd0d2e Mon Sep 17 00:00:00 2001 From: liquidat Date: Mon, 1 Feb 2016 21:56:48 +0100 Subject: [PATCH 119/128] Add Suse version to meta/main.yml --- meta/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/main.yml b/meta/main.yml index 25a3913..ea66f76 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -20,6 +20,8 @@ galaxy_info: - raring - saucy - trusty + - name: Suse + - all - name: Solaris versions: - 11.3 From 9d9443aedd639fdd91fec338ecd4e15113d3f219 Mon Sep 17 00:00:00 2001 From: liquidat Date: Tue, 2 Feb 2016 15:46:03 +0100 Subject: [PATCH 120/128] Add missing versions string --- meta/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/main.yml b/meta/main.yml index ea66f76..00baac2 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -21,6 +21,7 @@ galaxy_info: - saucy - trusty - name: Suse + versions: - all - name: Solaris versions: From cf462e2f276cd4495da95fa4051b35eb4e08f5d6 Mon Sep 17 00:00:00 2001 From: liquidat Date: Sat, 6 Feb 2016 11:27:02 +0100 Subject: [PATCH 121/128] Update README to include Solaris and SLES --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a505193..0b2ee2c 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![Build Status](https://travis-ci.org/geerlingguy/ansible-role-apache.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-apache) -An Ansible Role that installs Apache 2.x on RHEL/CentOS and Debian/Ubuntu. +An Ansible Role that installs Apache 2.x on RHEL/CentOS, Debian/Ubuntu, SLES and Solaris. ## Requirements From 9e4aa0d36121693e5ab630cffb0f2fabb3a824ee Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Mon, 8 Feb 2016 13:50:39 -0600 Subject: [PATCH 122/128] Fix spacing in Travis file. --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 82d773d..22ff8ce 100644 --- a/.travis.yml +++ b/.travis.yml @@ -50,4 +50,4 @@ script: - 'sudo docker stop "$(cat ${container_id})"' notifications: - webhooks: https://galaxy.ansible.com/api/v1/notifications/ + webhooks: https://galaxy.ansible.com/api/v1/notifications/ From 2b44f305e97f65e2689ac4cbc9e440654e3732ed Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Mon, 8 Feb 2016 23:01:57 -0600 Subject: [PATCH 123/128] Fix Travis tests. --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index 22ff8ce..163e4c3 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,3 +1,4 @@ +--- sudo: required env: From 1bbf949a9fca969fe1b90e679ec0c40559e7efc5 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sun, 28 Feb 2016 23:32:02 -0600 Subject: [PATCH 124/128] Fix deprecation warnings in Ansible 2.x. Bump required version. --- meta/main.yml | 2 +- tasks/configure-Debian.yml | 10 +++++----- tasks/configure-RedHat.yml | 4 ++-- tasks/configure-Solaris.yml | 2 +- tasks/configure-Suse.yml | 4 ++-- tasks/setup-Debian.yml | 2 +- tasks/setup-RedHat.yml | 2 +- tasks/setup-Solaris.yml | 2 +- tasks/setup-Suse.yml | 2 +- 9 files changed, 15 insertions(+), 15 deletions(-) diff --git a/meta/main.yml b/meta/main.yml index 00baac2..0e4c3a8 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -6,7 +6,7 @@ galaxy_info: description: Apache 2.x for RedHat/CentOS/Debian/Ubuntu/Solaris/Suse. company: "Midwestern Mac, LLC" license: "license (BSD, MIT)" - min_ansible_version: 1.4 + min_ansible_version: 1.9 platforms: - name: EL versions: diff --git a/tasks/configure-Debian.yml b/tasks/configure-Debian.yml index 8a3abfe..023f687 100644 --- a/tasks/configure-Debian.yml +++ b/tasks/configure-Debian.yml @@ -5,7 +5,7 @@ regexp: "{{ item.regexp }}" line: "{{ item.line }}" state: present - with_items: apache_ports_configuration_items + with_items: "{{ apache_ports_configuration_items }}" notify: restart apache - name: Enable Apache mods. @@ -13,20 +13,20 @@ src: "{{ apache_server_root }}/mods-available/{{ item }}" dest: "{{ apache_server_root }}/mods-enabled/{{ item }}" state: link - with_items: apache_mods_enabled + with_items: "{{ apache_mods_enabled }}" notify: restart apache - name: Disable Apache mods. file: path: "{{ apache_server_root }}/mods-enabled/{{ item }}" state: absent - with_items: apache_mods_disabled + with_items: "{{ apache_mods_disabled }}" notify: restart apache - name: Check whether certificates defined in vhosts exist. - stat: path={{ item.certificate_file }} + stat: "path={{ item.certificate_file }}" register: apache_ssl_certificates - with_items: apache_vhosts_ssl + with_items: "{{ apache_vhosts_ssl }}" - name: Add apache vhosts configuration. template: diff --git a/tasks/configure-RedHat.yml b/tasks/configure-RedHat.yml index 3df9692..d20cfa0 100644 --- a/tasks/configure-RedHat.yml +++ b/tasks/configure-RedHat.yml @@ -5,13 +5,13 @@ regexp: "{{ item.regexp }}" line: "{{ item.line }}" state: present - with_items: apache_ports_configuration_items + with_items: "{{ apache_ports_configuration_items }}" notify: restart apache - name: Check whether certificates defined in vhosts exist. stat: path={{ item.certificate_file }} register: apache_ssl_certificates - with_items: apache_vhosts_ssl + with_items: "{{ apache_vhosts_ssl }}" - name: Add apache vhosts configuration. template: diff --git a/tasks/configure-Solaris.yml b/tasks/configure-Solaris.yml index c5abe0b..9b6505b 100644 --- a/tasks/configure-Solaris.yml +++ b/tasks/configure-Solaris.yml @@ -5,7 +5,7 @@ regexp: "{{ item.regexp }}" line: "{{ item.line }}" state: present - with_items: apache_ports_configuration_items + with_items: "{{ apache_ports_configuration_items }}" notify: restart apache - name: Add apache vhosts configuration. diff --git a/tasks/configure-Suse.yml b/tasks/configure-Suse.yml index 87a0c0f..5166f0a 100644 --- a/tasks/configure-Suse.yml +++ b/tasks/configure-Suse.yml @@ -5,13 +5,13 @@ regexp: "{{ item.regexp }}" line: "{{ item.line }}" state: present - with_items: apache_ports_configuration_items + with_items: "{{ apache_ports_configuration_items }}" notify: restart apache - name: Check whether certificates defined in vhosts exist. stat: path={{ item.certificate_file }} register: apache_ssl_certificates - with_items: apache_vhosts_ssl + with_items: "{{ apache_vhosts_ssl }}" - name: Add apache vhosts configuration. template: diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 0d9de95..8d72deb 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -4,4 +4,4 @@ - name: Ensure Apache is installed on Debian. apt: "name={{ item }} state=installed" - with_items: apache_packages + with_items: "{{ apache_packages }}" diff --git a/tasks/setup-RedHat.yml b/tasks/setup-RedHat.yml index 09f62bd..f4a838f 100644 --- a/tasks/setup-RedHat.yml +++ b/tasks/setup-RedHat.yml @@ -4,4 +4,4 @@ name: "{{ item }}" state: installed enablerepo: "{{ apache_enablerepo }}" - with_items: apache_packages + with_items: "{{ apache_packages }}" diff --git a/tasks/setup-Solaris.yml b/tasks/setup-Solaris.yml index 5c322b1..989e32e 100644 --- a/tasks/setup-Solaris.yml +++ b/tasks/setup-Solaris.yml @@ -3,4 +3,4 @@ pkg5: name: "{{ item }}" state: installed - with_items: apache_packages + with_items: "{{ apache_packages }}" diff --git a/tasks/setup-Suse.yml b/tasks/setup-Suse.yml index 8ea7339..80c65ca 100644 --- a/tasks/setup-Suse.yml +++ b/tasks/setup-Suse.yml @@ -3,4 +3,4 @@ zypper: name: "{{ item }}" state: installed - with_items: apache_packages + with_items: "{{ apache_packages }}" From 547c0b404c8a613be4d03b0a40a059dd9676288e Mon Sep 17 00:00:00 2001 From: Adam Papai Date: Wed, 20 Apr 2016 11:46:12 +0200 Subject: [PATCH 125/128] Add configuration for listen address By default I leave it as "*", but for many cases, we don't want to bind our apache to all network addresses available for the server. For example if we want to only bind the apache to the localhost, we can use the following configuration: apache_listen_ip: "127.0.0.1" --- defaults/main.yml | 1 + templates/vhosts-2.2.conf.j2 | 4 ++-- templates/vhosts-2.4.conf.j2 | 4 ++-- vars/RedHat.yml | 2 +- vars/Solaris.yml | 2 +- vars/Suse.yml | 2 +- vars/apache-22.yml | 2 +- 7 files changed, 9 insertions(+), 8 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 84f95a3..4acdfce 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,6 +1,7 @@ --- apache_enablerepo: "" +apache_listen_ip: "*" apache_listen_port: 80 apache_listen_port_ssl: 443 diff --git a/templates/vhosts-2.2.conf.j2 b/templates/vhosts-2.2.conf.j2 index 4f922f4..3a173f5 100644 --- a/templates/vhosts-2.2.conf.j2 +++ b/templates/vhosts-2.2.conf.j2 @@ -2,7 +2,7 @@ {# Set up VirtualHosts #} {% for vhost in apache_vhosts %} - + ServerName {{ vhost.servername }} {% if vhost.serveralias is defined %} ServerAlias {{ vhost.serveralias }} @@ -31,7 +31,7 @@ {# Set up SSL VirtualHosts. #} {% for vhost in apache_vhosts_ssl %} - + ServerName {{ vhost.servername }} {% if vhost.serveralias is defined %} ServerAlias {{ vhost.serveralias }} diff --git a/templates/vhosts-2.4.conf.j2 b/templates/vhosts-2.4.conf.j2 index c120fc2..88294a9 100644 --- a/templates/vhosts-2.4.conf.j2 +++ b/templates/vhosts-2.4.conf.j2 @@ -2,7 +2,7 @@ {# Set up VirtualHosts #} {% for vhost in apache_vhosts %} - + ServerName {{ vhost.servername }} {% if vhost.serveralias is defined %} ServerAlias {{ vhost.serveralias }} @@ -31,7 +31,7 @@ {# Set up SSL VirtualHosts #} {% for vhost in apache_vhosts_ssl %} {% if apache_ignore_missing_ssl_certificate or apache_ssl_certificates.results[loop.index0].stat.exists %} - + ServerName {{ vhost.servername }} {% if vhost.serveralias is defined %} ServerAlias {{ vhost.serveralias }} diff --git a/vars/RedHat.yml b/vars/RedHat.yml index 32f5bd2..d79fa5a 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -17,4 +17,4 @@ apache_ports_configuration_items: - regexp: "^Listen " line: "Listen {{ apache_listen_port }}" - regexp: "^#?NameVirtualHost " - line: "NameVirtualHost *:{{ apache_listen_port }}" + line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" diff --git a/vars/Solaris.yml b/vars/Solaris.yml index 351fefa..576291e 100644 --- a/vars/Solaris.yml +++ b/vars/Solaris.yml @@ -16,4 +16,4 @@ apache_ports_configuration_items: - regexp: "^Listen " line: "Listen {{ apache_listen_port }}" - regexp: "^#?NameVirtualHost " - line: "NameVirtualHost *:{{ apache_listen_port }}" + line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" diff --git a/vars/Suse.yml b/vars/Suse.yml index ad26609..27703f3 100644 --- a/vars/Suse.yml +++ b/vars/Suse.yml @@ -15,4 +15,4 @@ apache_ports_configuration_items: - regexp: "^Listen " line: "Listen {{ apache_listen_port }}" - regexp: "^#?NameVirtualHost " - line: "NameVirtualHost *:{{ apache_listen_port }}" + line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" diff --git a/vars/apache-22.yml b/vars/apache-22.yml index 97fba44..c932f93 100644 --- a/vars/apache-22.yml +++ b/vars/apache-22.yml @@ -8,5 +8,5 @@ apache_ports_configuration_items: } - { regexp: "^#?NameVirtualHost ", - line: "NameVirtualHost *:{{ apache_listen_port }}" + line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" } From 14e14f94c337fd1e7a3934cf840aca49a62d039b Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Wed, 20 Apr 2016 21:09:41 -0500 Subject: [PATCH 126/128] PR #83 follow-up --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0b2ee2c..100614d 100644 --- a/README.md +++ b/README.md @@ -18,10 +18,11 @@ Available variables are listed below, along with default values (see `defaults/m The repository to use when installing Apache (only used on RHEL/CentOS systems). If you'd like later versions of Apache than are available in the OS's core repositories, use a repository like EPEL (which can be installed with the `geerlingguy.repo-epel` role). + apache_listen_ip: "*" apache_listen_port: 80 apache_listen_port_ssl: 443 -The ports on which apache should be listening. Useful if you have another service (like a reverse proxy) listening on port 80 or 443 and need to change the defaults. +The IP address and ports on which apache should be listening. Useful if you have another service (like a reverse proxy) listening on port 80 or 443 and need to change the defaults. apache_create_vhosts: true apache_vhosts_filename: "vhosts.conf" From 1c536ef995efcb25bb230ccd43b2c159cd1fb5c4 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 22 Apr 2016 14:06:50 -0500 Subject: [PATCH 127/128] Add Xenial to supported Ubuntu versions. --- meta/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/main.yml b/meta/main.yml index 0e4c3a8..12200db 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -20,6 +20,7 @@ galaxy_info: - raring - saucy - trusty + - xenial - name: Suse versions: - all From ae3a1a6332fa478bb6e587f7d3216b3bf1d56aae Mon Sep 17 00:00:00 2001 From: Christoph Dittmann Date: Mon, 25 Apr 2016 15:56:30 +0200 Subject: [PATCH 128/128] Merge the templates for 2.2 and 2.4 The only real difference between apache version 2.2 and 2.4 are the "Order/Allow" directives which have been replaced with "Require", so there seems to be no need to maintain two separate templates. As a side-effect, this merges geerlingguy/ansible-role-apache#69 into the apache 2.2 config. --- tasks/configure-Debian.yml | 2 +- tasks/configure-RedHat.yml | 2 +- tasks/configure-Solaris.yml | 2 +- tasks/configure-Suse.yml | 2 +- templates/vhosts-2.2.conf.j2 | 69 ------------------- .../{vhosts-2.4.conf.j2 => vhosts.conf.j2} | 12 ++++ 6 files changed, 16 insertions(+), 73 deletions(-) delete mode 100644 templates/vhosts-2.2.conf.j2 rename templates/{vhosts-2.4.conf.j2 => vhosts.conf.j2} (88%) diff --git a/tasks/configure-Debian.yml b/tasks/configure-Debian.yml index 023f687..94b9b23 100644 --- a/tasks/configure-Debian.yml +++ b/tasks/configure-Debian.yml @@ -30,7 +30,7 @@ - name: Add apache vhosts configuration. template: - src: "vhosts-{{ apache_vhosts_version }}.conf.j2" + src: "vhosts.conf.j2" dest: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}" owner: root group: root diff --git a/tasks/configure-RedHat.yml b/tasks/configure-RedHat.yml index d20cfa0..0c3a01f 100644 --- a/tasks/configure-RedHat.yml +++ b/tasks/configure-RedHat.yml @@ -15,7 +15,7 @@ - name: Add apache vhosts configuration. template: - src: "vhosts-{{ apache_vhosts_version }}.conf.j2" + src: "vhosts.conf.j2" dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}" owner: root group: root diff --git a/tasks/configure-Solaris.yml b/tasks/configure-Solaris.yml index 9b6505b..a95654b 100644 --- a/tasks/configure-Solaris.yml +++ b/tasks/configure-Solaris.yml @@ -10,7 +10,7 @@ - name: Add apache vhosts configuration. template: - src: "vhosts-{{ apache_vhosts_version }}.conf.j2" + src: "vhosts.conf.j2" dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}" owner: root group: root diff --git a/tasks/configure-Suse.yml b/tasks/configure-Suse.yml index 5166f0a..16d89f8 100644 --- a/tasks/configure-Suse.yml +++ b/tasks/configure-Suse.yml @@ -15,7 +15,7 @@ - name: Add apache vhosts configuration. template: - src: "vhosts-{{ apache_vhosts_version }}.conf.j2" + src: "vhosts.conf.j2" dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}" owner: root group: root diff --git a/templates/vhosts-2.2.conf.j2 b/templates/vhosts-2.2.conf.j2 deleted file mode 100644 index 3a173f5..0000000 --- a/templates/vhosts-2.2.conf.j2 +++ /dev/null @@ -1,69 +0,0 @@ -{{ apache_global_vhost_settings }} - -{# Set up VirtualHosts #} -{% for vhost in apache_vhosts %} - - ServerName {{ vhost.servername }} -{% if vhost.serveralias is defined %} - ServerAlias {{ vhost.serveralias }} -{% endif %} -{% if vhost.documentroot is defined %} - DocumentRoot {{ vhost.documentroot }} -{% endif %} - -{% if vhost.serveradmin is defined %} - ServerAdmin {{ vhost.serveradmin }} -{% endif %} -{% if vhost.documentroot is defined %} - - AllowOverride All - Options -Indexes FollowSymLinks - Order allow,deny - Allow from all - -{% endif %} -{% if vhost.extra_parameters is defined %} - {{ vhost.extra_parameters }} -{% endif %} - - -{% endfor %} - -{# Set up SSL VirtualHosts. #} -{% for vhost in apache_vhosts_ssl %} - - ServerName {{ vhost.servername }} -{% if vhost.serveralias is defined %} - ServerAlias {{ vhost.serveralias }} -{% endif %} -{% if vhost.documentroot is defined %} - DocumentRoot {{ vhost.documentroot }} -{% endif %} - - SSLEngine on - SSLCipherSuite {{ apache_ssl_cipher_suite }} - SSLProtocol {{ apache_ssl_protocol }} - SSLHonorCipherOrder On - SSLCertificateFile {{ vhost.certificate_file }} - SSLCertificateKeyFile {{ vhost.certificate_key_file }} -{% if vhost.certificate_chain_file is defined %} - SSLCertificateChainFile {{ vhost.certificate_chain_file }} -{% endif %} - -{% if vhost.serveradmin is defined %} - ServerAdmin {{ vhost.serveradmin }} -{% endif %} -{% if vhost.documentroot is defined %} - - AllowOverride All - Options -Indexes FollowSymLinks - Order allow,deny - Allow from all - -{% endif %} -{% if vhost.extra_parameters is defined %} - {{ vhost.extra_parameters }} -{% endif %} - - -{% endfor %} diff --git a/templates/vhosts-2.4.conf.j2 b/templates/vhosts.conf.j2 similarity index 88% rename from templates/vhosts-2.4.conf.j2 rename to templates/vhosts.conf.j2 index 88294a9..766554f 100644 --- a/templates/vhosts-2.4.conf.j2 +++ b/templates/vhosts.conf.j2 @@ -18,7 +18,12 @@ AllowOverride All Options -Indexes +FollowSymLinks +{% if apache_vhosts_version == "2.2" %} + Order allow,deny + Allow from all +{% else %} Require all granted +{% endif %} {% endif %} {% if vhost.extra_parameters is defined %} @@ -44,7 +49,9 @@ SSLCipherSuite {{ apache_ssl_cipher_suite }} SSLProtocol {{ apache_ssl_protocol }} SSLHonorCipherOrder On +{% if apache_vhosts_version == "2.4" %} SSLCompression off +{% endif %} SSLCertificateFile {{ vhost.certificate_file }} SSLCertificateKeyFile {{ vhost.certificate_key_file }} {% if vhost.certificate_chain_file is defined %} @@ -58,7 +65,12 @@ AllowOverride All Options -Indexes +FollowSymLinks +{% if apache_vhosts_version == "2.2" %} + Order allow,deny + Allow from all +{% else %} Require all granted +{% endif %} {% endif %} {% if vhost.extra_parameters is defined %}