From 5ba6a90b21dca19fcf41e47329c6feb55ddec548 Mon Sep 17 00:00:00 2001
From: Chris Croome <chris@webarchitects.co.uk>
Date: Wed, 6 Sep 2023 23:32:09 +0100
Subject: [PATCH] use a handler to restart apache
---
tasks/a2conf.yml | 2 ++
tasks/a2mod.yml | 32 ++++++++++++++++++++------------
tasks/a2site.yml | 26 ++++++++++++++------------
tasks/cloudflare.yml | 1 +
tasks/config.yml | 9 +++++++++
tasks/main.yml | 14 ++++++--------
tasks/mc3.yml | 1 +
tasks/md.yml | 2 ++
tasks/suexec.yml | 1 +
tasks/webarch.yml | 1 +
10 files changed, 57 insertions(+), 32 deletions(-)
diff --git a/tasks/a2conf.yml b/tasks/a2conf.yml
index 506f82c..d5a1052 100644
--- a/tasks/a2conf.yml
+++ b/tasks/a2conf.yml
@@ -23,6 +23,7 @@
loop_control:
loop_var: apache_conf
label: "{{ apache_conf }}"
+ notify: Restart Apache
- name: Check that all the conf to be enabled exist
ansible.builtin.stat:
@@ -49,6 +50,7 @@
loop_control:
loop_var: apache_conf
label: "{{ apache_conf }}"
+ notify: Restart Apache
tags:
- apache
diff --git a/tasks/a2mod.yml b/tasks/a2mod.yml
index fd0a565..032f9da 100644
--- a/tasks/a2mod.yml
+++ b/tasks/a2mod.yml
@@ -20,6 +20,7 @@
when:
- ( "fcgid" in apache_mods_disabled )
- ( "libapache2-mod-fcgid" in ansible_local.dpkg.installed )
+ notify: Restart Apache
- name: Apache suEXEC package absent
ansible.builtin.apt:
@@ -30,6 +31,7 @@
when:
- ( "suexec" in apache_mods_disabled )
- ( "apache2-suexec-pristine" in ansible_local.dpkg.installed )
+ notify: Restart Apache
- name: "Apache package absent {{ apache_phpfpm_mod }}"
ansible.builtin.apt:
@@ -43,6 +45,7 @@
- apache_php | bool
- ( "apache_phpfpm_mod" in apache_mods_disabled )
- ( apache_mod_php_pkg in ansible_local.dpkg.installed )
+ notify: Restart Apache
- name: Disable modules
community.general.apache2_module:
@@ -53,6 +56,7 @@
loop_control:
loop_var: apache_mod
label: "{{ apache_mod }}"
+ notify: Restart Apache
- name: Re-read Ansible local facts
ansible.builtin.setup:
@@ -77,6 +81,7 @@
when:
- ( "suexec" in apache_mods_enabled )
- ( "apache2-suexec-pristine" not in ansible_local.dpkg.installed )
+ notify: Restart Apache
- name: Apache FastCGI package present
ansible.builtin.apt:
@@ -87,6 +92,7 @@
when:
- ( "fcgid" in apache_mods_enabled )
- ( "libapache2-mod-fcgid" not in ansible_local.dpkg.installed )
+ notify: Restart Apache
- name: Apache mod_php package present
ansible.builtin.apt:
@@ -100,19 +106,20 @@
- apache_php | bool
- ( "apache_phpfpm_mod" in apache_mods_enabled )
- ( apache_mod_php_pkg not in ansible_local.dpkg.installed )
+ notify: Restart Apache
- - name: Check that all the modules to be enabled exist
- ansible.builtin.stat:
- path: "/etc/apache2/mods-available/{{ apache_mod }}.load"
- when: apache_mod not in ansible_local.a2query.modules_enabled
- register: apache_mod_path
- failed_when:
- - not ansible_check_mode | bool
- - not apache_mod_path.stat.exists | bool
- loop: "{{ apache_mods_enabled }}"
- loop_control:
- loop_var: apache_mod
- label: "{{ apache_mod }}"
+ # - name: Check that all the modules to be enabled exist
+ # ansible.builtin.stat:
+ # path: "/etc/apache2/mods-available/{{ apache_mod }}.load"
+ # when: apache_mod not in ansible_local.a2query.modules_enabled
+ # register: apache_mod_path
+ # failed_when:
+ # - not ansible_check_mode | bool
+ # - not apache_mod_path.stat.exists | bool
+ # loop: "{{ apache_mods_enabled }}"
+ # loop_control:
+ # loop_var: apache_mod
+ # label: "{{ apache_mod }}"
- name: Apache modules enabled
community.general.apache2_module:
@@ -123,6 +130,7 @@
loop_control:
loop_var: apache_mod
label: "{{ apache_mod }}"
+ notify: Restart Apache
- name: Re-read Ansible local facts
ansible.builtin.setup:
diff --git a/tasks/a2site.yml b/tasks/a2site.yml
index c894a7c..6971771 100644
--- a/tasks/a2site.yml
+++ b/tasks/a2site.yml
@@ -23,19 +23,20 @@
loop_control:
loop_var: apache_site
label: "{{ apache_site }}"
+ notify: Restart Apache
- - name: Check that all the sites to be enabled exist
- ansible.builtin.stat:
- path: "/etc/apache2/sites-available/{{ apache_site }}.conf"
- when: apache_site not in ansible_local.a2query.sites_enabled
- register: apache_site_path
- failed_when:
- - not ansible_check_mode | bool
- - not apache_site_path.stat.exists | bool
- loop: "{{ apache_sites_enabled }}"
- loop_control:
- loop_var: apache_site
- label: "{{ apache_site }}"
+ # - name: Check that all the sites to be enabled exist
+ # ansible.builtin.stat:
+ # path: "/etc/apache2/sites-available/{{ apache_site }}.conf"
+ # when: apache_site not in ansible_local.a2query.sites_enabled
+ # register: apache_site_path
+ # failed_when:
+ # - not ansible_check_mode | bool
+ # - not apache_site_path.stat.exists | bool
+ # loop: "{{ apache_sites_enabled }}"
+ # loop_control:
+ # loop_var: apache_site
+ # label: "{{ apache_site }}"
- name: Apache sites enabled
ansible.builtin.command: "a2ensite {{ apache_site }}"
@@ -49,6 +50,7 @@
loop_control:
loop_var: apache_site
label: "{{ apache_site }}"
+ notify: Restart Apache
tags:
- apache
diff --git a/tasks/cloudflare.yml b/tasks/cloudflare.yml
index 98504a2..586a290 100644
--- a/tasks/cloudflare.yml
+++ b/tasks/cloudflare.yml
@@ -41,6 +41,7 @@
owner: root
group: root
mode: "0644"
+ notify: Restart Apache
tags:
- apache
diff --git a/tasks/config.yml b/tasks/config.yml
index 4adfa8c..c6a0625 100644
--- a/tasks/config.yml
+++ b/tasks/config.yml
@@ -38,6 +38,7 @@
loop_control:
loop_var: file
label: "{{ file }}"
+ notify: Restart Apache
- name: Custom Apache mods available in place
ansible.builtin.template:
@@ -77,6 +78,7 @@
group: root
mode: "0644"
when: ( apache_sites_enabled is defined ) and ( "000-default" in apache_sites_enabled )
+ notify: Restart Apache
- name: Conditional update default-ssl.conf
ansible.builtin.template:
@@ -86,6 +88,7 @@
group: root
mode: "0644"
when: ( apache_sites_enabled is defined ) and ( "default-ssl" in apache_sites_enabled )
+ notify: Restart Apache
- name: Apache localhost site available
ansible.builtin.template:
@@ -94,6 +97,7 @@
owner: root
group: root
mode: "0644"
+ notify: Restart Apache
- name: Conditionally include Webarchitects config
ansible.builtin.include_tasks: webarch.yml
@@ -124,6 +128,7 @@
owner: root
group: root
mode: "0644"
+ notify: Restart Apache
- name: Expires and robots conf available
ansible.builtin.template:
@@ -141,6 +146,7 @@
loop_control:
loop_var: file
label: "{{ file }}"
+ notify: Restart Apache
- name: Apache mpm_prefork.conf in place
ansible.builtin.template:
@@ -150,6 +156,7 @@
group: root
mode: "0644"
when: ( "mpm_prefork" in apache_mods_enabled )
+ notify: Restart Apache
- name: Apache ratelimit conf present
ansible.builtin.template:
@@ -159,10 +166,12 @@
group: root
mode: "0644"
when: '"ratelimit" in apache_mods_enabled'
+ notify: Restart Apache
- name: Cloudflare config available
ansible.builtin.include_tasks: cloudflare.yml
when: ( "remoteip" in apache_mods_enabled )
+ notify: Restart Apache
- name: Conditionally provision a Let's Encrypt cert using acmesh role
block:
diff --git a/tasks/main.yml b/tasks/main.yml
index ea65d75..8892ec0 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -46,6 +46,7 @@
- apache_pkgs_absent != []
- ansible_local.dpkg.installed is defined
- apache_pkgs_absent | ansible.builtin.intersect(ansible_local.dpkg.installed) != []
+ notify: Restart Apache
- name: Apache present from buster-backports
ansible.builtin.apt:
@@ -59,6 +60,7 @@
- apache_pkgs_present is defined
- ( "apache2" in apache_pkgs_present )
- ansible_distribution_release == "buster"
+ notify: Restart Apache
- name: Apache packages present
ansible.builtin.apt:
@@ -71,6 +73,7 @@
- apache_pkgs_present != []
- ansible_local.dpkg.installed is defined
- apache_pkgs_present | ansible.builtin.difference(ansible_local.dpkg.installed) != []
+ notify: Restart Apache
when: >-
( ( apache_pkgs_absent is defined ) and ( apache_pkgs_absent != [] ) ) or
@@ -99,6 +102,7 @@
community.crypto.openssl_dhparam:
path: "{{ apache_dhparam_path }}"
size: "{{ apache_dhparam_size }}"
+ notify: Restart Apache
- name: Include suEXEC tasks
ansible.builtin.include_tasks: suexec.yml
@@ -123,6 +127,7 @@
mode: "0755"
owner: root
group: root
+ notify: Restart Apache
- name: Include Apache check config tasks
ansible.builtin.include_tasks: check_config.yml
@@ -144,6 +149,7 @@
name: apache2
enabled: true
when: ansible_distribution_release != "stretch"
+ notify: Restart Apache
- name: Apache configtest
ansible.builtin.command: apache2ctl configtest
@@ -162,14 +168,6 @@
msg: "{{ apache_configtest.stdout_lines }}"
when: ( "Syntax OK" not in apache_configtest.stderr ) or ( apache_configtest.rc == 1 )
- - name: Apache restarted
- ansible.builtin.service:
- name: apache2
- state: restarted
- when: ( "Syntax OK" in apache_configtest.stderr ) or ( apache_configtest.rc == 0 )
- tags:
- - molecule-idempotence-notest
-
when: apache | bool
tags:
- apache
diff --git a/tasks/mc3.yml b/tasks/mc3.yml
index b73a937..f3bbe1a 100644
--- a/tasks/mc3.yml
+++ b/tasks/mc3.yml
@@ -32,6 +32,7 @@
owner: root
group: root
mode: "0644"
+ notify: Restart Apache
tags:
- apache
diff --git a/tasks/md.yml b/tasks/md.yml
index 9153493..1f94dd6 100644
--- a/tasks/md.yml
+++ b/tasks/md.yml
@@ -19,6 +19,7 @@
- libcurl4-openssl-dev
- libjansson-dev
state: present
+ notify: Restart Apache
- name: Find the latest version of mod_md
block:
@@ -66,6 +67,7 @@
community.general.make:
chdir: /usr/local/src/mod_md
target: install
+ notify: Restart Apache
when: apache_md_repo.changed
diff --git a/tasks/suexec.yml b/tasks/suexec.yml
index 0f8c23c..fa5b197 100644
--- a/tasks/suexec.yml
+++ b/tasks/suexec.yml
@@ -16,6 +16,7 @@
pkg:
- apache2-suexec-custom
state: present
+ notify: Restart Apache
- name: Apache suEXEC config directory only readable by root
ansible.builtin.file:
diff --git a/tasks/webarch.yml b/tasks/webarch.yml
index a60e578..acfa067 100644
--- a/tasks/webarch.yml
+++ b/tasks/webarch.yml
@@ -40,6 +40,7 @@
mode: "0644"
owner: root
group: root
+ notify: Restart Apache
tags:
- apache
--
GitLab