# Copyright 2018-2023 Chris Croome
#
# This file is part of the Webarchitects Apache Ansible role.
#
# The Webarchitects Apache Ansible role is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
#
# The Webarchitects Apache Ansible role is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with the Webarchitects Apache Ansible role. If not, see <https://www.gnu.org/licenses/>.
---
- name: Apache role skipped
ansible.builtin.debug:
msg: "The tasks in the Apache role are not being run since the apache variable is not true."
when: not apache | bool
tags:
- apache
- name: Install and configure Apache
block:
- name: Verify variables that start with apache_
ansible.builtin.include_tasks: verify.yml
when:
- apache_verify is defined
- apache_verify | bool
- name: Include apt role local fact tasks
ansible.builtin.include_role:
name: apt
tasks_from: local_facts.yml
when: >-
( ansible_local.dpkg.arch is not defined ) or
( ansible_local.gpg.version is not defined ) or
( ansible_local.bash.path is not defined )
- name: Packages present and absent
block:
- name: Apache packages absent
ansible.builtin.apt:
pkg: "{{ apache_pkgs_absent }}"
state: absent
update_cache: true
cache_valid_time: 60
when:
- apache_pkgs_absent is defined
- apache_pkgs_absent != []
- ansible_local.dpkg.installed is defined
- apache_pkgs_absent | ansible.builtin.intersect(ansible_local.dpkg.installed) != []
notify: Restart Apache
- name: Apache present from buster-backports
ansible.builtin.apt:
pkg:
- apache2
state: latest
install_recommends: true
default_release: buster-backports
update_cache: true
cache_valid_time: 60
when:
- apache_pkgs_present is defined
- ( "apache2" in apache_pkgs_present )
- ansible_distribution_release == "buster"
notify: Restart Apache
- name: Apache packages present
ansible.builtin.apt:
pkg: "{{ apache_pkgs_present }}"
state: present
install_recommends: true
update_cache: true
cache_valid_time: 60
when:
- apache_pkgs_present is defined
- apache_pkgs_present != []
- ansible_local.dpkg.installed is defined
- apache_pkgs_present | ansible.builtin.difference(ansible_local.dpkg.installed) != []
notify: Restart Apache
when: >-
( ( apache_pkgs_absent is defined ) and ( apache_pkgs_absent != [] ) ) or
( ( apache_pkgs_present is defined ) and ( apache_pkgs_present != [] ) )
- name: Include local facts tasks
ansible.builtin.include_tasks: local_facts.yml
when: ansible_local.a2query is not defined
- name: Include Apache checks
ansible.builtin.include_tasks: checks.yml
- name: Apache DocumentRoot present
ansible.builtin.file:
path: "{{ apache_document_root }}"
state: directory
mode: "0755"
owner: root
group: root
- name: Include MPM switching tasks
ansible.builtin.include_tasks: mpm.yml
when: ansible_local.a2query.mpm not in apache_mods_enabled
- name: Apache DH parameters file present
community.crypto.openssl_dhparam:
path: "{{ apache_dhparam_path }}"
size: "{{ apache_dhparam_size }}"
notify: Restart Apache
- name: Include suEXEC tasks
ansible.builtin.include_tasks: suexec.yml
when:
- apache_suexec is defined
- apache_suexec | bool
- name: Install specific version of mod_md
ansible.builtin.include_tasks: md.yml
when:
- ( "md" in apache_mods_enabled )
- apache_md_version is defined
- apache_md_version != "default"
- name: Apache config available
ansible.builtin.include_tasks: config.yml
- name: Apache envars in place
ansible.builtin.template:
src: templates/envvars.j2
dest: /etc/apache2/envvars
mode: "0755"
owner: root
group: root
notify: Restart Apache
- name: Include Apache check config tasks
ansible.builtin.include_tasks: check_config.yml
- name: Apache modules disabled and enabled
ansible.builtin.include_tasks: a2mod.yml
when: ( apache_mods_disabled is defined ) or ( apache_mods_enabled is defined )
- name: Apache conf disabled and enabled
ansible.builtin.include_tasks: a2conf.yml
when: ( apache_sites_disabled is defined ) or ( apache_conf_enabled is defined )
- name: Apache sites disabled and enabled
ansible.builtin.include_tasks: a2site.yml
when: ( apache_sites_disabled is defined ) or ( apache_sites_enabled is defined )
- name: Apache enabled for systemd servers
ansible.builtin.systemd:
name: apache2
enabled: true
when: ansible_distribution_release != "stretch"
notify: Restart Apache
- name: Apache configtest
ansible.builtin.command: apache2ctl configtest
check_mode: false
changed_when: false
register: apache_configtest
failed_when: apache_configtest.rc is not regex('^0|1$')
- name: Print the apache2ctl configtest standard error
ansible.builtin.debug:
msg: "{{ apache_configtest.stderr }}"
verbosity: 1
- name: Fail if Apache configtest is not OK
ansible.builtin.fail:
msg: "{{ apache_configtest.stdout_lines }}"
when: ( "Syntax OK" not in apache_configtest.stderr ) or ( apache_configtest.rc == 1 )
when: apache | bool
tags:
- apache
...