migrate to git.charlotte.sh

sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/tasks/configure-Debian.yml

@@ -0,0 +1,59 @@
+---
+- name: Configure Apache.
+  lineinfile:
+    dest: "{{ apache_server_root }}/ports.conf"
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
+    state: present
+    mode: 0644
+  with_items: "{{ apache_ports_configuration_items }}"
+  notify: restart apache
+
+- name: Enable Apache mods.
+  file:
+    src: "{{ apache_server_root }}/mods-available/{{ item }}.load"
+    dest: "{{ apache_server_root }}/mods-enabled/{{ item }}.load"
+    state: link
+    mode: 0644
+  with_items: "{{ apache_mods_enabled }}"
+  notify: restart apache
+
+- name: Disable Apache mods.
+  file:
+    path: "{{ apache_server_root }}/mods-enabled/{{ item }}.load"
+    state: absent
+  with_items: "{{ apache_mods_disabled }}"
+  notify: restart apache
+
+- name: Check whether certificates defined in vhosts exist.
+  stat: "path={{ item.certificate_file }}"
+  register: apache_ssl_certificates
+  with_items: "{{ apache_vhosts_ssl }}"
+  no_log: "{{ apache_ssl_no_log }}"
+
+- name: Add apache vhosts configuration.
+  template:
+    src: "{{ apache_vhosts_template }}"
+    dest: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}"
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart apache
+  when: apache_create_vhosts | bool
+
+- name: Add vhost symlink in sites-enabled.
+  file:
+    src: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}"
+    dest: "{{ apache_conf_path }}/sites-enabled/{{ apache_vhosts_filename }}"
+    state: link
+    mode: 0644
+    force: "{{ ansible_check_mode }}"
+  notify: restart apache
+  when: apache_create_vhosts | bool
+
+- name: Remove default vhost in sites-enabled.
+  file:
+    path: "{{ apache_conf_path }}/sites-enabled/{{ apache_default_vhost_filename }}"
+    state: absent
+  notify: restart apache
+  when: apache_remove_default_vhost

sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/tasks/configure-RedHat.yml

@@ -0,0 +1,54 @@
+---
+- name: Configure Apache.
+  lineinfile:
+    dest: "{{ apache_server_root }}/conf/{{ apache_daemon }}.conf"
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
+    state: present
+    mode: 0644
+  with_items: "{{ apache_ports_configuration_items }}"
+  notify: restart apache
+
+- name: Check whether certificates defined in vhosts exist.
+  stat: path={{ item.certificate_file }}
+  register: apache_ssl_certificates
+  with_items: "{{ apache_vhosts_ssl }}"
+  no_log: "{{ apache_ssl_no_log }}"
+
+- name: Enable Apache mods.
+  copy:
+    dest: "{{ apache_server_root }}/conf.modules.d/99-ansible-{{ item }}.conf"
+    content: |
+      LoadModule {{ item }}_module modules/mod_{{ item }}.so
+    mode: 0644
+  with_items: "{{ apache_mods_enabled }}"
+  notify: restart apache
+
+- name: Disable Apache mods
+  file:
+    path: "{{ apache_server_root }}/conf.modules.d/99-ansible-{{ item }}.conf"
+    state: absent
+  with_items: "{{ apache_mods_disabled }}"
+  notify: restart apache
+
+- name: Add apache vhosts configuration.
+  template:
+    src: "{{ apache_vhosts_template }}"
+    dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}"
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart apache
+  when: apache_create_vhosts | bool
+
+- name: Check if localhost cert exists (RHEL 8 and later).
+  stat:
+    path: /etc/pki/tls/certs/localhost.crt
+  register: localhost_cert
+  when: ansible_distribution_major_version | int >= 8
+
+- name: Ensure httpd certs are installed (RHEL 8 and later).
+  command: /usr/libexec/httpd-ssl-gencerts
+  when:
+    - ansible_distribution_major_version | int >= 8
+    - not localhost_cert.stat.exists

sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/tasks/configure-Solaris.yml

@@ -0,0 +1,20 @@
+---
+- name: Configure Apache.
+  lineinfile:
+    dest: "{{ apache_server_root }}/{{ apache_daemon }}.conf"
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
+    state: present
+    mode: 0644
+  with_items: "{{ apache_ports_configuration_items }}"
+  notify: restart apache
+
+- name: Add apache vhosts configuration.
+  template:
+    src: "{{ apache_vhosts_template }}"
+    dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}"
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart apache
+  when: apache_create_vhosts | bool

sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/tasks/configure-Suse.yml

@@ -0,0 +1,26 @@
+---
+- name: Configure Apache.
+  lineinfile:
+    dest: "{{ apache_server_root }}/listen.conf"
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
+    state: present
+    mode: 0644
+  with_items: "{{ apache_ports_configuration_items }}"
+  notify: restart apache
+
+- name: Check whether certificates defined in vhosts exist.
+  stat: path={{ item.certificate_file }}
+  register: apache_ssl_certificates
+  with_items: "{{ apache_vhosts_ssl }}"
+  no_log: "{{ apache_ssl_no_log }}"
+
+- name: Add apache vhosts configuration.
+  template:
+    src: "{{ apache_vhosts_template }}"
+    dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}"
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart apache
+  when: apache_create_vhosts | bool

sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/tasks/main.yml

@@ -0,0 +1,47 @@
+---
+# Include variables and define needed variables.
+- name: Include OS-specific variables.
+  include_vars: "{{ ansible_os_family }}.yml"
+
+- name: Include variables for Amazon Linux.
+  include_vars: "AmazonLinux.yml"
+  when:
+    - ansible_distribution == "Amazon"
+    - ansible_distribution_major_version == "NA"
+
+- name: Define apache_packages.
+  set_fact:
+    apache_packages: "{{ __apache_packages | list }}"
+  when: apache_packages is not defined
+
+# Setup/install tasks.
+- include_tasks: "setup-{{ ansible_os_family }}.yml"
+
+# Figure out what version of Apache is installed.
+- name: Get installed version of Apache.
+  command: "{{ apache_daemon_path }}{{ apache_daemon }} -v"
+  changed_when: false
+  check_mode: false
+  register: _apache_version
+
+- name: Create apache_version variable.
+  set_fact:
+    apache_version: "{{ _apache_version.stdout.split()[2].split('/')[1] }}"
+
+- name: Include Apache 2.2 variables.
+  include_vars: apache-22.yml
+  when: "apache_version.split('.')[1] == '2'"
+
+- name: Include Apache 2.4 variables.
+  include_vars: apache-24.yml
+  when: "apache_version.split('.')[1] == '4'"
+
+# Configure Apache.
+- name: Configure Apache.
+  include_tasks: "configure-{{ ansible_os_family }}.yml"
+
+- name: Ensure Apache has selected state and enabled on boot.
+  service:
+    name: "{{ apache_service }}"
+    state: "{{ apache_state }}"
+    enabled: "{{ apache_enabled }}"

sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/tasks/setup-Debian.yml

@@ -0,0 +1,6 @@
+---
+- name: Update apt cache.
+  apt: update_cache=yes cache_valid_time=3600
+
+- name: Ensure Apache is installed on Debian.
+  apt: "name={{ apache_packages }} state={{ apache_packages_state }}"

sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/tasks/setup-RedHat.yml

@@ -0,0 +1,6 @@
+---
+- name: Ensure Apache is installed on RHEL.
+  package:
+    name: "{{ apache_packages }}"
+    state: "{{ apache_packages_state }}"
+    enablerepo: "{{ apache_enablerepo | default(omit, true) }}"

sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/tasks/setup-Solaris.yml

@@ -0,0 +1,5 @@
+---
+- name: Ensure Apache is installed on Solaris.
+  pkg5:
+    name: "{{ apache_packages }}"
+    state: "{{ apache_packages_state }}"

sysadmin-ii-sys265/configs/controller/ansible/roles/geerlingguy.apache/tasks/setup-Suse.yml

@@ -0,0 +1,5 @@
+---
+- name: Ensure Apache is installed on Suse.
+  zypper:
+    name: "{{ apache_packages }}"
+    state: "{{ apache_packages_state }}"