224 lines
7.3 KiB
YAML
224 lines
7.3 KiB
YAML
---
|
|
# tasks file for ensure_apache
|
|
- name: 'include variables'
|
|
when:
|
|
- ansible_system == 'Linux'
|
|
include_vars:
|
|
file: '{{ lookup("first_found", findme ) }}'
|
|
name: 'ensure_apache'
|
|
vars:
|
|
findme:
|
|
files:
|
|
- '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}-{{ ansible_architecture }}.yml'
|
|
- '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}-default.yml'
|
|
- '{{ ansible_distribution }}-default.yml'
|
|
- '{{ ansible_os_family }}-{{ ansible_distribution_major_version }}-{{ ansible_architecture }}.yml'
|
|
- '{{ ansible_os_family }}-{{ ansible_distribution_major_version }}-default.yml'
|
|
- '{{ ansible_os_family }}-default.yml'
|
|
- 'default.yml'
|
|
paths:
|
|
- '../vars/'
|
|
errors: 'ignore'
|
|
- name: 'package discovery'
|
|
when:
|
|
- ansible_system == 'Linux'
|
|
- packages is not defined
|
|
ansible.builtin.package_facts:
|
|
- name: 'service discovery'
|
|
when:
|
|
- ansible_system == 'Linux'
|
|
- services is not defined
|
|
ansible.builtin.service_facts:
|
|
- name: 'ensure sysctl'
|
|
when:
|
|
- ansible_system == 'Linux'
|
|
- ensure_apache is defined
|
|
- ensure_apache.sysctl_list is defined
|
|
- ensure_apache.sysctl_list is iterable
|
|
ansible.posix.sysctl:
|
|
name: '{{ item.name }}'
|
|
reload: '{{ item.reload | default(omit) }}'
|
|
state: '{{ item.state }}'
|
|
sysctl_file: '{{ item.sysctl_file | default(omit) }}'
|
|
sysctl_set: '{{ item.sysctl_set | default(omit) }}'
|
|
value: '{{ item.value | default(omit) }}'
|
|
loop: '{{ ensure_apache.sysctl_list }}'
|
|
loop_control:
|
|
label: '{{ item.name }} will be {{ item.value }}'
|
|
notify:
|
|
- 'ensure_apache.package_facts'
|
|
- 'ensure_apache.service_facts'
|
|
- 'ensure_apache.service_reload'
|
|
- 'ensure_apache.services'
|
|
- name: 'ensure packages'
|
|
when:
|
|
- ansible_system == 'Linux'
|
|
- ensure_apache is defined
|
|
- ensure_apache.package_list is defined
|
|
- ensure_apache.package_list is iterable
|
|
ansible.builtin.package:
|
|
name: '{{ item.name }}'
|
|
state: '{{ item.state }}'
|
|
loop: '{{ ensure_apache.package_list }}'
|
|
loop_control:
|
|
label: '{{ item.name }} will be {{ item.state }}'
|
|
notify:
|
|
- 'ensure_apache.package_facts'
|
|
- 'ensure_apache.service_facts'
|
|
- 'ensure_apache.service_reload'
|
|
- 'ensure_apache.services'
|
|
- name: 'ensure seboolean'
|
|
when:
|
|
- ansible_system == 'Linux'
|
|
- ensure_apache is defined
|
|
- ensure_apache.seboolean_list is defined
|
|
- ensure_apache.seboolean_list is iterable
|
|
ansible.posix.seboolean:
|
|
name: '{{ item.name }}'
|
|
persistent: '{{ item.persistent }}'
|
|
state: '{{ item.state }}'
|
|
loop: '{{ ensure_apache.seboolean_list }}'
|
|
loop_control:
|
|
label: '{{ item.name }} will be {{ item.state }}'
|
|
notify:
|
|
- 'ensure_apache.package_facts'
|
|
- 'ensure_apache.service_facts'
|
|
- 'ensure_apache.service_reload'
|
|
- 'ensure_apache.services'
|
|
- name: 'ensure configurations'
|
|
when:
|
|
- ansible_system == 'Linux'
|
|
- http_vhost is defined
|
|
- ensure_apache is defined
|
|
- ensure_apache.template_list is defined
|
|
- ensure_apache.template_list is iterable
|
|
ansible.builtin.template:
|
|
backup: 'no'
|
|
dest: '{{ item.dest }}'
|
|
group: '{{ item.group | default(omit) }}'
|
|
mode: '{{ item.mode | default(omit) }}'
|
|
owner: '{{ item.owner | default(omit) }}'
|
|
selevel: '{{ iteml.selevel | default(omit) }}'
|
|
serole: '{{ item.serole | default(omit) }}'
|
|
setype: '{{ item.setype | default(omit) }}'
|
|
seuser: '{{ item.seuser | default(omit) }}'
|
|
src: '{{ item.src }}'
|
|
loop: '{{ ensure_apache.template_list }}'
|
|
loop_control:
|
|
label: '{{ item.dest }} will be ensured'
|
|
notify:
|
|
- 'ensure_apache.package_facts'
|
|
- 'ensure_apache.service_facts'
|
|
- 'ensure_apache.service_reload'
|
|
- 'ensure_apache.services'
|
|
- name: 'ensure firewall'
|
|
when:
|
|
- ansible_system == 'Linux'
|
|
- packages["firewalld"] is defined
|
|
- packages["python3-firewall"] is defined
|
|
- ensure_apache is defined
|
|
- ensure_apache.firewall_list is defined
|
|
- ensure_apache.firewall_list is iterable
|
|
ansible.posix.firewalld:
|
|
permanent: '{{ item.permanent }}'
|
|
service: '{{ item.service }}'
|
|
state: '{{ item.state }}'
|
|
loop: '{{ ensure_apache.firewall_list }}'
|
|
loop_control:
|
|
label: '{{ item.service }} will be {{ item.state }}'
|
|
notify:
|
|
- 'ensure_apache.package_facts'
|
|
- 'ensure_apache.service_facts'
|
|
- 'ensure_apache.service_reload'
|
|
- 'ensure_apache.services'
|
|
- name: 'ensure permissions'
|
|
when:
|
|
- ansible_system == 'Linux'
|
|
- ensure_apache is defined
|
|
- http_vhost is defined
|
|
- http_vhost is iterable
|
|
- ensure_apache.permission_list is defined
|
|
- ensure_apache.permission_list is iterable
|
|
ansible.builtin.file:
|
|
attributes: '{{ item.attributes | default(omit) }}'
|
|
follow: '{{ item.follow | default(omit) }}'
|
|
force: '{{ item.force | default(omit) }}'
|
|
group: '{{ item.group | default(omit) }}'
|
|
owner: '{{ item.owner | default(omit) }}'
|
|
mode: '{{ item.mode | default(omit) }}'
|
|
path: '{{ item.path }}'
|
|
reuse: '{{ item.reuse | default(omit) }}'
|
|
selevel: '{{ item.selevel | default(omit) }}'
|
|
serole: '{{ item.serole | default(omit) }}'
|
|
setype: '{{ item.setype | default(omit) }}'
|
|
seuser: '{{ item.seuser | default(omit) }}'
|
|
src: '{{ item.src | default(omit) }}'
|
|
state: '{{ item.state }}'
|
|
loop: '{{ ensure_apache.permission_list }}'
|
|
loop_control:
|
|
label: '{{ item.path }} will be ensured'
|
|
notify:
|
|
- 'ensure_apache.package_facts'
|
|
- 'ensure_apache.service_facts'
|
|
- 'ensure_apache.service_reload'
|
|
- 'ensure_apache.services'
|
|
- name: 'ensure vhost document roots'
|
|
when:
|
|
- ansible_system == 'Linux'
|
|
- ensure_apache is defined
|
|
- http_vhost is defined
|
|
- http_vhost is iterable
|
|
- item.fqdn is defined
|
|
ansible.builtin.file:
|
|
path: '/srv/http/{{ item.fqdn }}'
|
|
state: 'directory'
|
|
setype: 'httpd_sys_content_t'
|
|
loop: '{{ http_vhost }}'
|
|
loop_control:
|
|
label: '/srv/http/{{ item.fqdn }} will be ensured'
|
|
notify:
|
|
- 'ensure_apache.package_facts'
|
|
- 'ensure_apache.service_facts'
|
|
- 'ensure_apache.service_reload'
|
|
- 'ensure_apache.services'
|
|
- name: 'ensure website content from git repos'
|
|
when:
|
|
- ansible_system == 'Linux'
|
|
- ensure_apache is defined
|
|
- http_vhost is defined
|
|
- http_vhost is iterable
|
|
- item.fqdn is defined
|
|
- item.repo is defined
|
|
ansible.builtin.git:
|
|
accept_hostkey: 'yes'
|
|
dest: '/srv/http/{{ item.fqdn }}'
|
|
repo: '{{ item.repo }}'
|
|
loop: '{{ http_vhost }}'
|
|
loop_control:
|
|
label: '/srv/http/{{ item.fqdn }} will be populated...'
|
|
notify:
|
|
- 'ensure_apache.package_facts'
|
|
- 'ensure_apache.service_facts'
|
|
- 'ensure_apache.service_reload'
|
|
- 'ensure_apache.services'
|
|
- name: 'ensure services'
|
|
when:
|
|
- ansible_system == 'Linux'
|
|
- ensure_apache is defined
|
|
- ensure_apache.service_list is defined
|
|
- ensure_apache.service_list is iterable
|
|
ansible.builtin.service:
|
|
enabled: '{{ item.enabled }}'
|
|
name: '{{ item.name }}'
|
|
state: '{{ item.state }}'
|
|
loop: '{{ ensure_apache.service_list }}'
|
|
loop_control:
|
|
label: '{{ item.name }} will be {{ item.state }}'
|
|
notify:
|
|
- 'ensure_apache.package_facts'
|
|
- 'ensure_apache.service_facts'
|
|
- 'ensure_apache.service_reload'
|
|
- 'ensure_apache.services'
|
|
- name: 'flush handlers'
|
|
meta: 'flush_handlers'
|