lotte/ChamplainTechJournals
1
Code Activity

migrate to git.charlotte.sh

Browse source
This commit is contained in:
Charlotte Croce 2025-04-19 23:42:08 -04:00
commit fbd588721e
412 changed files with 13750 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/.ansible-lint Normal file
View file

@ -0,0 +1,3 @@
skip_list:
- 'yaml'
- 'role-name'

4
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/.github/FUNDING.yml vendored Normal file
View file

@ -0,0 +1,4 @@
# These are supported funding model platforms
---
github: geerlingguy
patreon: geerlingguy

67
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/.github/workflows/ci.yml vendored Normal file
View file

@ -0,0 +1,67 @@
---
name: CI
'on':
pull_request:
push:
branches:
- master
schedule:
- cron: "0 5 * * 0"
defaults:
run:
working-directory: 'geerlingguy.apache'
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v4
with:
path: 'geerlingguy.apache'
- name: Set up Python 3.
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install yamllint
- name: Lint code.
run: |
yamllint .
molecule:
name: Molecule
runs-on: ubuntu-latest
strategy:
matrix:
distro:
- rockylinux8
- ubuntu2004
- debian10
steps:
- name: Check out the codebase.
uses: actions/checkout@v4
with:
path: 'geerlingguy.apache'
- name: Set up Python 3.
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install ansible molecule molecule-plugins[docker] docker
- name: Run Molecule tests.
run: molecule test
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
MOLECULE_DISTRO: ${{ matrix.distro }}

40
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/.github/workflows/release.yml vendored Normal file
View file

@ -0,0 +1,40 @@
---
# This workflow requires a GALAXY_API_KEY secret present in the GitHub
# repository or organization.
#
# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy
# See: https://github.com/ansible/galaxy/issues/46
name: Release
'on':
push:
tags:
- '*'
defaults:
run:
working-directory: 'geerlingguy.apache'
jobs:
release:
name: Release
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v4
with:
path: 'geerlingguy.apache'
- name: Set up Python 3.
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Install Ansible.
run: pip3 install ansible-core
- name: Trigger a new import on Galaxy.
run: >-
ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }}
$(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2)

34
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/.github/workflows/stale.yml vendored Normal file
View file

@ -0,0 +1,34 @@
---
name: Close inactive issues
'on':
schedule:
- cron: "55 18 * * 1" # semi-random time
jobs:
close-issues:
runs-on: ubuntu-latest
permissions:
issues: write
pull-requests: write
steps:
- uses: actions/stale@v8
with:
days-before-stale: 120
days-before-close: 60
exempt-issue-labels: bug,pinned,security,planned
exempt-pr-labels: bug,pinned,security,planned
stale-issue-label: "stale"
stale-pr-label: "stale"
stale-issue-message: |
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
close-issue-message: |
This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
stale-pr-message: |
This pr has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
close-pr-message: |
This pr has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
repo-token: ${{ secrets.GITHUB_TOKEN }}

5
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/.gitignore vendored Normal file
View file

@ -0,0 +1,5 @@
*.retry
*/__pycache__
*.pyc
.cache

10
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/.yamllint Normal file
View file

@ -0,0 +1,10 @@
---
extends: default
rules:
line-length:
max: 120
level: warning
ignore: |
.github/workflows/stale.yml

20
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/LICENSE Normal file
View file

@ -0,0 +1,20 @@
The MIT License (MIT)
Copyright (c) 2017 Jeff Geerling
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

208
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/README.md Normal file
View file

@ -0,0 +1,208 @@
# Ansible Role: Apache 2.x
[![CI](https://github.com/geerlingguy/ansible-role-apache/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-apache/actions?query=workflow%3ACI)
An Ansible Role that installs Apache 2.x on RHEL/CentOS, Debian/Ubuntu, SLES and Solaris.
## Requirements
If you are using SSL/TLS, you will need to provide your own certificate and key files. You can generate a self-signed certificate with a command like `openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout example.key -out example.crt`.
If you are using Apache with PHP, I recommend using the `geerlingguy.php` role to install PHP, and you can either use mod_php (by adding the proper package, e.g. `libapache2-mod-php5` for Ubuntu, to `php_packages`), or by also using `geerlingguy.apache-php-fpm` to connect Apache to PHP via FPM. See that role's README for more info.
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
```yaml
apache_enablerepo: ""
```
The repository to use when installing Apache (only used on RHEL/CentOS systems). If you'd like later versions of Apache than are available in the OS's core repositories, use a repository like EPEL (which can be installed with the `geerlingguy.repo-epel` role).
```yaml
apache_listen_ip: "*"
apache_listen_port: 80
apache_listen_port_ssl: 443
```
The IP address and ports on which apache should be listening. Useful if you have another service (like a reverse proxy) listening on port 80 or 443 and need to change the defaults.
```yaml
apache_create_vhosts: true
apache_vhosts_filename: "vhosts.conf"
apache_vhosts_template: "vhosts.conf.j2"
```
If set to true, a vhosts file, managed by this role's variables (see below), will be created and placed in the Apache configuration folder. If set to false, you can place your own vhosts file into Apache's configuration folder and skip the convenient (but more basic) one added by this role. You can also override the template used and set a path to your own template, if you need to further customize the layout of your VirtualHosts.
```yaml
apache_remove_default_vhost: false
```
On Debian/Ubuntu, a default virtualhost is included in Apache's configuration. Set this to `true` to remove that default virtualhost configuration file.
```yaml
apache_global_vhost_settings: |
DirectoryIndex index.php index.html
# Add other global settings on subsequent lines.
```
You can add or override global Apache configuration settings in the role-provided vhosts file (assuming `apache_create_vhosts` is true) using this variable. By default it only sets the DirectoryIndex configuration.
```yaml
apache_vhosts:
# Additional optional properties: 'serveradmin, serveralias, extra_parameters'.
- servername: "local.dev"
documentroot: "/var/www/html"
```
Add a set of properties per virtualhost, including `servername` (required), `documentroot` (required), `allow_override` (optional: defaults to the value of `apache_allow_override`), `options` (optional: defaults to the value of `apache_options`), `serveradmin` (optional), `serveralias` (optional) and `extra_parameters` (optional: you can add whatever additional configuration lines you'd like in here).
Here's an example using `extra_parameters` to add a RewriteRule to redirect all requests to the `www.` site:
```yaml
- servername: "www.local.dev"
serveralias: "local.dev"
documentroot: "/var/www/html"
extra_parameters: |
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
```
The `|` denotes a multiline scalar block in YAML, so newlines are preserved in the resulting configuration file output.
```yaml
apache_vhosts_ssl: []
```
No SSL vhosts are configured by default, but you can add them using the same pattern as `apache_vhosts`, with a few additional directives, like the following example:
```yaml
apache_vhosts_ssl:
- servername: "local.dev"
documentroot: "/var/www/html"
certificate_file: "/home/vagrant/example.crt"
certificate_key_file: "/home/vagrant/example.key"
certificate_chain_file: "/path/to/certificate_chain.crt"
extra_parameters: |
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
```
Other SSL directives can be managed with other SSL-related role variables.
```yaml
apache_ssl_no_log: true
```
Whether to print SSL-related task output to the console when running the playbook.
```yaml
apache_ssl_protocol: "All -SSLv2 -SSLv3"
apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH"
```
The SSL protocols and cipher suites that are used/allowed when clients make secure connections to your server. These are secure/sane defaults, but for maximum security, performand, and/or compatibility, you may need to adjust these settings.
```yaml
apache_allow_override: "All"
apache_options: "-Indexes +FollowSymLinks"
```
The default values for the `AllowOverride` and `Options` directives for the `documentroot` directory of each vhost. A vhost can overwrite these values by specifying `allow_override` or `options`.
```yaml
apache_mods_enabled:
- rewrite
- ssl
apache_mods_disabled: []
```
Which Apache mods to enable or disable (these will be symlinked into the appropriate location). See the `mods-available` directory inside the apache configuration directory (`/etc/apache2/mods-available` on Debian/Ubuntu) for all the available mods.
```yaml
apache_packages:
- [platform-specific]
```
The list of packages to be installed. This defaults to a set of platform-specific packages for RedHat or Debian-based systems (see `vars/RedHat.yml` and `vars/Debian.yml` for the default values).
```yaml
apache_state: started
```
Set initial Apache daemon state to be enforced when this role is run. This should generally remain `started`, but you can set it to `stopped` if you need to fix the Apache config during a playbook run or otherwise would not like Apache started at the time this role is run.
```yaml
apache_enabled: yes
```
Set the Apache service boot time status. This should generally remain `yes`, but you can set it to `no` if you need to run Ansible while leaving the service disabled.
```yaml
apache_packages_state: present
```
If you have enabled any additional repositories such as _ondrej/apache2_, [geerlingguy.repo-epel](https://github.com/geerlingguy/ansible-role-repo-epel), or [geerlingguy.repo-remi](https://github.com/geerlingguy/ansible-role-repo-remi), you may want an easy way to upgrade versions. You can set this to `latest` (combined with `apache_enablerepo` on RHEL) and can directly upgrade to a different Apache version from a different repo (instead of uninstalling and reinstalling Apache).
```yaml
apache_ignore_missing_ssl_certificate: true
```
If you would like to only create SSL vhosts when the vhost certificate is present (e.g. when using Lets Encrypt), set `apache_ignore_missing_ssl_certificate` to `false`. When doing this, you might need to run your playbook more than once so all the vhosts are configured (if another part of the playbook generates the SSL certificates).
## .htaccess-based Basic Authorization
If you require Basic Auth support, you can add it either through a custom template, or by adding `extra_parameters` to a VirtualHost configuration, like so:
```yaml
extra_parameters: |
<Directory "/var/www/password-protected-directory">
Require valid-user
AuthType Basic
AuthName "Please authenticate"
AuthUserFile /var/www/password-protected-directory/.htpasswd
</Directory>
```
To password protect everything within a VirtualHost directive, use the `Location` block instead of `Directory`:
```
<Location "/">
Require valid-user
....
</Location>
```
You would need to generate/upload your own `.htpasswd` file in your own playbook. There may be other roles that support this functionality in a more integrated way.
## Dependencies
None.
## Example Playbook
```yaml
- hosts: webservers
vars_files:
- vars/main.yml
roles:
- { role: geerlingguy.apache }
```
*Inside `vars/main.yml`*:
```yaml
apache_listen_port: 8080
apache_vhosts:
- {servername: "example.com", documentroot: "/var/www/vhosts/example_com"}
```
## License
MIT / BSD
## Author Information
This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).

62
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/defaults/main.yml Normal file
View file

@ -0,0 +1,62 @@
---
apache_enablerepo: ""
apache_listen_ip: "*"
apache_listen_port: 80
apache_listen_port_ssl: 443
apache_create_vhosts: true
apache_vhosts_filename: "vhosts.conf"
apache_vhosts_template: "vhosts.conf.j2"
# On Debian/Ubuntu, a default virtualhost is included in Apache's configuration.
# Set this to `true` to remove that default.
apache_remove_default_vhost: false
apache_global_vhost_settings: |
DirectoryIndex index.php index.html
apache_vhosts:
# Additional properties:
# 'serveradmin, serveralias, allow_override, options, extra_parameters'.
- servername: "local.dev"
documentroot: "/var/www/html"
apache_allow_override: "All"
apache_options: "-Indexes +FollowSymLinks"
apache_vhosts_ssl: []
# Additional properties:
# 'serveradmin, serveralias, allow_override, options, extra_parameters'.
# - servername: "local.dev",
# documentroot: "/var/www/html",
# certificate_file: "/path/to/certificate.crt",
# certificate_key_file: "/path/to/certificate.key",
# # Optional.
# certificate_chain_file: "/path/to/certificate_chain.crt"
apache_ignore_missing_ssl_certificate: true
apache_ssl_no_log: true
apache_ssl_protocol: "All -SSLv2 -SSLv3"
apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH"
# Only used on Debian/Ubuntu/Redhat.
apache_mods_enabled:
- rewrite
- ssl
apache_mods_disabled: []
# Set initial apache state. Recommended values: `started` or `stopped`
apache_state: started
# Set initial apache service status. Recommended values: `true` or `false`
apache_enabled: true
# Set apache state when configuration changes are made. Recommended values:
# `restarted` or `reloaded`
apache_restart_state: restarted
# Apache package state; use `present` to make sure it's installed, or `latest`
# if you want to upgrade or switch versions using a new repo.
apache_packages_state: present

5
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/handlers/main.yml Normal file
View file

@ -0,0 +1,5 @@
---
- name: restart apache
service:
name: "{{ apache_service }}"
state: "{{ apache_restart_state }}"

2
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/meta/.galaxy_install_info Normal file
View file

@ -0,0 +1,2 @@
install_date: Sun Feb 23 19:19:22 2025
version: 4.0.0

36
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/meta/main.yml Normal file
View file

@ -0,0 +1,36 @@
---
dependencies: []
galaxy_info:
role_name: apache
author: geerlingguy
description: Apache 2.x for Linux.
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 2.10
platforms:
- name: Fedora
versions:
- all
- name: Amazon
versions:
- all
- name: Debian
versions:
- all
- name: Ubuntu
versions:
- trusty
- xenial
- bionic
- name: Solaris
versions:
- 11.3
galaxy_tags:
- web
- apache
- webserver
- html
- httpd
allow_duplicates: true

21
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/molecule/default/converge.yml Normal file
View file

@ -0,0 +1,21 @@
---
- name: Converge
hosts: all
become: true
vars:
apache_listen_port_ssl: 443
apache_create_vhosts: true
apache_vhosts_filename: "vhosts.conf"
apache_vhosts:
- servername: "example.com"
documentroot: "/var/www/vhosts/example_com"
pre_tasks:
- name: Update apt cache.
apt: update_cache=yes cache_valid_time=600
when: ansible_os_family == 'Debian'
changed_when: false
roles:
- role: geerlingguy.apache

21
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/molecule/default/molecule.yml Normal file
View file

@ -0,0 +1,21 @@
---
role_name_check: 1
dependency:
name: galaxy
options:
ignore-errors: true
driver:
name: docker
platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux8}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
cgroupns_mode: host
privileged: true
pre_build_image: true
provisioner:
name: ansible
playbooks:
converge: ${MOLECULE_PLAYBOOK:-converge.yml}

59
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/tasks/configure-Debian.yml Normal file
View file

@ -0,0 +1,59 @@
---
- name: Configure Apache.
lineinfile:
dest: "{{ apache_server_root }}/ports.conf"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: present
mode: 0644
with_items: "{{ apache_ports_configuration_items }}"
notify: restart apache
- name: Enable Apache mods.
file:
src: "{{ apache_server_root }}/mods-available/{{ item }}.load"
dest: "{{ apache_server_root }}/mods-enabled/{{ item }}.load"
state: link
mode: 0644
with_items: "{{ apache_mods_enabled }}"
notify: restart apache
- name: Disable Apache mods.
file:
path: "{{ apache_server_root }}/mods-enabled/{{ item }}.load"
state: absent
with_items: "{{ apache_mods_disabled }}"
notify: restart apache
- name: Check whether certificates defined in vhosts exist.
stat: "path={{ item.certificate_file }}"
register: apache_ssl_certificates
with_items: "{{ apache_vhosts_ssl }}"
no_log: "{{ apache_ssl_no_log }}"
- name: Add apache vhosts configuration.
template:
src: "{{ apache_vhosts_template }}"
dest: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}"
owner: root
group: root
mode: 0644
notify: restart apache
when: apache_create_vhosts | bool
- name: Add vhost symlink in sites-enabled.
file:
src: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}"
dest: "{{ apache_conf_path }}/sites-enabled/{{ apache_vhosts_filename }}"
state: link
mode: 0644
force: "{{ ansible_check_mode }}"
notify: restart apache
when: apache_create_vhosts | bool
- name: Remove default vhost in sites-enabled.
file:
path: "{{ apache_conf_path }}/sites-enabled/{{ apache_default_vhost_filename }}"
state: absent
notify: restart apache
when: apache_remove_default_vhost

54
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/tasks/configure-RedHat.yml Normal file
View file

@ -0,0 +1,54 @@
---
- name: Configure Apache.
lineinfile:
dest: "{{ apache_server_root }}/conf/{{ apache_daemon }}.conf"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: present
mode: 0644
with_items: "{{ apache_ports_configuration_items }}"
notify: restart apache
- name: Check whether certificates defined in vhosts exist.
stat: path={{ item.certificate_file }}
register: apache_ssl_certificates
with_items: "{{ apache_vhosts_ssl }}"
no_log: "{{ apache_ssl_no_log }}"
- name: Enable Apache mods.
copy:
dest: "{{ apache_server_root }}/conf.modules.d/99-ansible-{{ item }}.conf"
content: |
LoadModule {{ item }}_module modules/mod_{{ item }}.so
mode: 0644
with_items: "{{ apache_mods_enabled }}"
notify: restart apache
- name: Disable Apache mods
file:
path: "{{ apache_server_root }}/conf.modules.d/99-ansible-{{ item }}.conf"
state: absent
with_items: "{{ apache_mods_disabled }}"
notify: restart apache
- name: Add apache vhosts configuration.
template:
src: "{{ apache_vhosts_template }}"
dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}"
owner: root
group: root
mode: 0644
notify: restart apache
when: apache_create_vhosts | bool
- name: Check if localhost cert exists (RHEL 8 and later).
stat:
path: /etc/pki/tls/certs/localhost.crt
register: localhost_cert
when: ansible_distribution_major_version | int >= 8
- name: Ensure httpd certs are installed (RHEL 8 and later).
command: /usr/libexec/httpd-ssl-gencerts
when:
- ansible_distribution_major_version | int >= 8
- not localhost_cert.stat.exists

20
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/tasks/configure-Solaris.yml Normal file
View file

@ -0,0 +1,20 @@
---
- name: Configure Apache.
lineinfile:
dest: "{{ apache_server_root }}/{{ apache_daemon }}.conf"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: present
mode: 0644
with_items: "{{ apache_ports_configuration_items }}"
notify: restart apache
- name: Add apache vhosts configuration.
template:
src: "{{ apache_vhosts_template }}"
dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}"
owner: root
group: root
mode: 0644
notify: restart apache
when: apache_create_vhosts | bool

26
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/tasks/configure-Suse.yml Normal file
View file

@ -0,0 +1,26 @@
---
- name: Configure Apache.
lineinfile:
dest: "{{ apache_server_root }}/listen.conf"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: present
mode: 0644
with_items: "{{ apache_ports_configuration_items }}"
notify: restart apache
- name: Check whether certificates defined in vhosts exist.
stat: path={{ item.certificate_file }}
register: apache_ssl_certificates
with_items: "{{ apache_vhosts_ssl }}"
no_log: "{{ apache_ssl_no_log }}"
- name: Add apache vhosts configuration.
template:
src: "{{ apache_vhosts_template }}"
dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}"
owner: root
group: root
mode: 0644
notify: restart apache
when: apache_create_vhosts | bool

47
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/tasks/main.yml Normal file
View file

@ -0,0 +1,47 @@
---
# Include variables and define needed variables.
- name: Include OS-specific variables.
include_vars: "{{ ansible_os_family }}.yml"
- name: Include variables for Amazon Linux.
include_vars: "AmazonLinux.yml"
when:
- ansible_distribution == "Amazon"
- ansible_distribution_major_version == "NA"
- name: Define apache_packages.
set_fact:
apache_packages: "{{ __apache_packages | list }}"
when: apache_packages is not defined
# Setup/install tasks.
- include_tasks: "setup-{{ ansible_os_family }}.yml"
# Figure out what version of Apache is installed.
- name: Get installed version of Apache.
command: "{{ apache_daemon_path }}{{ apache_daemon }} -v"
changed_when: false
check_mode: false
register: _apache_version
- name: Create apache_version variable.
set_fact:
apache_version: "{{ _apache_version.stdout.split()[2].split('/')[1] }}"
- name: Include Apache 2.2 variables.
include_vars: apache-22.yml
when: "apache_version.split('.')[1] == '2'"
- name: Include Apache 2.4 variables.
include_vars: apache-24.yml
when: "apache_version.split('.')[1] == '4'"
# Configure Apache.
- name: Configure Apache.
include_tasks: "configure-{{ ansible_os_family }}.yml"
- name: Ensure Apache has selected state and enabled on boot.
service:
name: "{{ apache_service }}"
state: "{{ apache_state }}"
enabled: "{{ apache_enabled }}"

6
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/tasks/setup-Debian.yml Normal file
View file

@ -0,0 +1,6 @@
---
- name: Update apt cache.
apt: update_cache=yes cache_valid_time=3600
- name: Ensure Apache is installed on Debian.
apt: "name={{ apache_packages }} state={{ apache_packages_state }}"

6
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/tasks/setup-RedHat.yml Normal file
View file

@ -0,0 +1,6 @@
---
- name: Ensure Apache is installed on RHEL.
package:
name: "{{ apache_packages }}"
state: "{{ apache_packages_state }}"
enablerepo: "{{ apache_enablerepo | default(omit, true) }}"

5
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/tasks/setup-Solaris.yml Normal file
View file

@ -0,0 +1,5 @@
---
- name: Ensure Apache is installed on Solaris.
pkg5:
name: "{{ apache_packages }}"
state: "{{ apache_packages_state }}"

5
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/tasks/setup-Suse.yml Normal file
View file

@ -0,0 +1,5 @@
---
- name: Ensure Apache is installed on Suse.
zypper:
name: "{{ apache_packages }}"
state: "{{ apache_packages_state }}"

82
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/templates/vhosts.conf.j2 Normal file
View file

@ -0,0 +1,82 @@
{{ apache_global_vhost_settings }}
{# Set up VirtualHosts #}
{% for vhost in apache_vhosts %}
<VirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}>
ServerName {{ vhost.servername }}
{% if vhost.serveralias is defined %}
ServerAlias {{ vhost.serveralias }}
{% endif %}
{% if vhost.documentroot is defined %}
DocumentRoot "{{ vhost.documentroot }}"
{% endif %}
{% if vhost.serveradmin is defined %}
ServerAdmin {{ vhost.serveradmin }}
{% endif %}
{% if vhost.documentroot is defined %}
<Directory "{{ vhost.documentroot }}">
AllowOverride {{ vhost.allow_override | default(apache_allow_override) }}
Options {{ vhost.options | default(apache_options) }}
{% if apache_vhosts_version == "2.2" %}
Order allow,deny
Allow from all
{% else %}
Require all granted
{% endif %}
</Directory>
{% endif %}
{% if vhost.extra_parameters is defined %}
{{ vhost.extra_parameters | indent(width=2, first=True) }}
{% endif %}
</VirtualHost>
{% endfor %}
{# Set up SSL VirtualHosts #}
{% for vhost in apache_vhosts_ssl %}
{% if apache_ignore_missing_ssl_certificate or apache_ssl_certificates.results[loop.index0].stat.exists %}
<VirtualHost {{ apache_listen_ip }}:{{ apache_listen_port_ssl }}>
ServerName {{ vhost.servername }}
{% if vhost.serveralias is defined %}
ServerAlias {{ vhost.serveralias }}
{% endif %}
{% if vhost.documentroot is defined %}
DocumentRoot "{{ vhost.documentroot }}"
{% endif %}
SSLEngine on
SSLCipherSuite {{ apache_ssl_cipher_suite }}
SSLProtocol {{ apache_ssl_protocol }}
SSLHonorCipherOrder On
{% if apache_vhosts_version == "2.4" %}
SSLCompression off
{% endif %}
SSLCertificateFile {{ vhost.certificate_file }}
SSLCertificateKeyFile {{ vhost.certificate_key_file }}
{% if vhost.certificate_chain_file is defined %}
SSLCertificateChainFile {{ vhost.certificate_chain_file }}
{% endif %}
{% if vhost.serveradmin is defined %}
ServerAdmin {{ vhost.serveradmin }}
{% endif %}
{% if vhost.documentroot is defined %}
<Directory "{{ vhost.documentroot }}">
AllowOverride {{ vhost.allow_override | default(apache_allow_override) }}
Options {{ vhost.options | default(apache_options) }}
{% if apache_vhosts_version == "2.2" %}
Order allow,deny
Allow from all
{% else %}
Require all granted
{% endif %}
</Directory>
{% endif %}
{% if vhost.extra_parameters is defined %}
{{ vhost.extra_parameters | indent(width=2, first=True) }}
{% endif %}
</VirtualHost>
{% endif %}
{% endfor %}

18
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/vars/AmazonLinux.yml Normal file
View file

@ -0,0 +1,18 @@
---
apache_service: httpd
apache_daemon: httpd
apache_daemon_path: /usr/sbin/
apache_server_root: /etc/httpd
apache_conf_path: /etc/httpd/conf.d
apache_vhosts_version: "2.4"
__apache_packages:
- httpd24
- httpd24-devel
- mod24_ssl
- openssh
apache_ports_configuration_items:
- regexp: "^Listen "
line: "Listen {{ apache_listen_port }}"

14
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/vars/Debian.yml Normal file
View file

@ -0,0 +1,14 @@
---
apache_service: apache2
apache_daemon: apache2
apache_daemon_path: /usr/sbin/
apache_server_root: /etc/apache2
apache_conf_path: /etc/apache2
__apache_packages:
- apache2
- apache2-utils
apache_ports_configuration_items:
- regexp: "^Listen "
line: "Listen {{ apache_listen_port }}"

20
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/vars/RedHat.yml Normal file
View file

@ -0,0 +1,20 @@
---
apache_service: httpd
apache_daemon: httpd
apache_daemon_path: /usr/sbin/
apache_server_root: /etc/httpd
apache_conf_path: /etc/httpd/conf.d
apache_vhosts_version: "2.2"
__apache_packages:
- httpd
- httpd-devel
- mod_ssl
- openssh
apache_ports_configuration_items:
- regexp: "^Listen "
line: "Listen {{ apache_listen_port }}"
- regexp: "^#?NameVirtualHost "
line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}"

19
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/vars/Solaris.yml Normal file
View file

@ -0,0 +1,19 @@
---
apache_service: apache24
apache_daemon: httpd
apache_daemon_path: /usr/apache2/2.4/bin/
apache_server_root: /etc/apache2/2.4/
apache_conf_path: /etc/apache2/2.4/conf.d
apache_vhosts_version: "2.2"
__apache_packages:
- web/server/apache-24
- web/server/apache-24/module/apache-ssl
- web/server/apache-24/module/apache-security
apache_ports_configuration_items:
- regexp: "^Listen "
line: "Listen {{ apache_listen_port }}"
- regexp: "^#?NameVirtualHost "
line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}"

18
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/vars/Suse.yml Normal file
View file

@ -0,0 +1,18 @@
---
apache_service: apache2
apache_daemon: httpd2
apache_daemon_path: /usr/sbin/
apache_server_root: /etc/apache2
apache_conf_path: /etc/apache2/conf.d
apache_vhosts_version: "2.2"
__apache_packages:
- apache2
- openssh
apache_ports_configuration_items:
- regexp: "^Listen "
line: "Listen {{ apache_listen_port }}"
- regexp: "^#?NameVirtualHost "
line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}"

12
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/vars/apache-22.yml Normal file
View file

@ -0,0 +1,12 @@
---
apache_vhosts_version: "2.2"
apache_default_vhost_filename: 000-default
apache_ports_configuration_items:
- {
regexp: "^Listen ",
line: "Listen {{ apache_listen_port }}"
}
- {
regexp: "^#?NameVirtualHost ",
line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}"
}

8
sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/vars/apache-24.yml Normal file
View file

@ -0,0 +1,8 @@
---
apache_vhosts_version: "2.4"
apache_default_vhost_filename: 000-default.conf
apache_ports_configuration_items:
- {
regexp: "^Listen ",
line: "Listen {{ (apache_listen_ip == '*') | ternary('', apache_listen_ip + ':') }}{{ apache_listen_port }}"
}