---
- name: Check that mistakes haven't been made in the variables and arrays
block:
- name: Check that at least one module is in apache_mods_enabled and that either mpm_event or mpm_prefork is enabled
assert:
that:
- ( apache_mods_enabled is defined ) and ( apache_mods_enabled[0] is defined )
- ( "mpm_prefork" in apache_mods_enabled ) or ( "mpm_event" in apache_mods_enabled )
- name: Checks when mpm_event enabled
assert:
that:
- ( "mpm_prefork" not in apache_mods_enabled )
- ( "mpm_event" not in apache_mods_disabled )
- ( "mpm_itk" not in apache_mods_disabled )
when: ( "mpm_event" in apache_mods_enabled )
- name: Checks when mpm_prefork enabled
assert:
that:
- ( "mpm_event" not in apache_mods_enabled )
- ( "mpm_prefork" not in apache_mods_disabled )
when: ( "mpm_prefork" in apache_mods_enabled )
- name: Check that there are no duplicates in the mods arrays
assert:
that:
- apache_mods_enabled | unique | count == apache_mods_enabled | count
- apache_mods_disabled | unique | count == apache_mods_disabled | count
- name: Check that there are no duplicates in the conf arrays
assert:
that:
- apache_conf_enabled | unique | count == apache_conf_enabled | count
- apache_conf_disabled | unique | count == apache_conf_disabled | count
- name: Check that there are no duplicates in the sites arrays
assert:
that:
- apache_sites_enabled | unique | count == apache_sites_enabled | count
- apache_sites_disabled | unique | count == apache_sites_disabled | count
- name: apache_mods_enabled and apache_mods_disabled array checks
block:
- name: Debug apache_mods_enabled array
debug:
var: apache_mods_enabled
verbosity: 2
- name: Debug apache_mods_disabled array
debug:
var: apache_mods_disabled
verbosity: 2
- name: Check that no mods are enabled and disabled
assert:
that: mod not in apache_mods_disabled
loop: "{{ apache_mods_enabled }}"
loop_control:
loop_var: mod
label: "{{ mod }}"
- name: Check that no mods are disabled and enabled
assert:
that: mod not in apache_mods_enabled
loop: "{{ apache_mods_disabled }}"
loop_control:
loop_var: mod
label: "{{ mod }}"
when:
- ( apache_mods_enabled is defined ) and ( apache_mods_enabled[0] is defined )
- ( apache_mods_disabled is defined ) and ( apache_mods_disabled[0] is defined )
- name: apache_conf_enabled and apache_conf_disabled array checks
block:
- name: Debug apache_conf_enabled arrays
debug:
var: apache_conf_enabled
verbosity: 2
- name: Debug apache_conf_disabled arrays
debug:
var:
- apache_conf_disabled
verbosity: 2
- name: Check that no conf are enabled and disabled
assert:
that: conf not in apache_conf_disabled
loop: "{{ apache_conf_enabled }}"
loop_control:
loop_var: conf
label: "{{ conf }}"
- name: Check that no conf are disabled and enabled
assert:
that: conf not in apache_conf_enabled
loop: "{{ apache_conf_disabled }}"
loop_control:
loop_var: conf
label: "{{ conf }}"
when:
- ( apache_conf_enabled is defined ) and ( apache_conf_enabled[0] is defined )
- ( apache_conf_disabled is defined ) and ( apache_conf_disabled[0] is defined )
- name: apache_sites_enabled and apache_sites_disabled array checks
block:
- name: Debug apache_sites_enabled arrays
debug:
var: apache_sites_enabled
verbosity: 2
- name: Debug apache_sites_disabled arrays
debug:
var: apache_sites_disabled
verbosity: 2
- name: Check that no sites are enabled and disabled
assert:
that: site not in apache_sites_disabled
loop: "{{ apache_sites_enabled }}"
loop_control:
loop_var: site
label: "{{ site }}"
- name: Check that no sites are disabled and enabled
assert:
that: site not in apache_sites_enabled
loop: "{{ apache_sites_disabled }}"
loop_control:
loop_var: site
label: "{{ site }}"
when:
- ( apache_sites_enabled is defined ) and ( apache_sites_enabled[0] is defined )
- ( apache_sites_disabled is defined ) and ( apache_sites_disabled[0] is defined )
- name: Check the Apache version, modules and conf, loaded and enabled
block:
- name: Check the Apache version
command: apache2ctl -v
check_mode: false
changed_when: false
register: apache_version_check
- name: Debug Apache version check
debug:
msg: "{{ apache_version_check.stdout_lines[0] }}"
verbosity: 2
- name: Set a fact for the Apache version
set_fact:
apache_version: "{{ apache_version_check.stdout_lines[0].split(' ')[2] | regex_replace('^Apache[/]') }}"
- name: Debug Apache version
debug:
var: apache_version
verbosity: 1
- name: TLS versions
block:
- name: Set facts for TLS versions
set_fact:
apache_tls1_3: true
when: apache_version is version('2.4.41', '>=')
- name: Debug TLS 1.3 variable
debug:
var: apache_tls1_3
verbosity: 1
when: apache_version is version('2.4.41', '>=')
- name: Check if phpquery is installed
shell: which phpquery || echo ABSENT
check_mode: false
register: apache_phpquery_path
changed_when: '"phpquery" not in apache_phpquery_path.stdout'
- name: Set the apache_php variable to true or false
set_fact:
apache_php: "{% if apache_phpquery_path.stdout == 'ABSENT' %}false{% else %}true{% endif %}"
- name: Check PHP version
block:
- name: Run phpquery to get the PHP version
command: phpquery -V
register: apache_phpquery_version
check_mode: false
changed_when: false
- name: Set a fact for the PHP version
set_fact:
apache_php_version: "{{ apache_phpquery_version.stdout }}"
- name: Set a fact for the PHP FPM module and conf names
set_fact:
apache_phpfpm_mod: "php{{ apache_php_version }}"
apache_phpfpm_conf: "php{{ apache_php_version }}-fpm"
- name: Debug PHP FPM module and conf names
debug:
msg:
- "apache_phpfpm_mod: {{ apache_phpfpm_mod }}"
- "apache_phpfpm_conf: {{ apache_phpfpm_conf }}"
verbosity: 2
when: ( apache_php is defined ) and ( apache_php )
- name: Check the enabled MPM
command: a2query -M
check_mode: false
changed_when: false
register: apache_mpm_check
- name: Debug the enabled MPM
debug:
msg: "{{ apache_mpm_check.stdout }}"
verbosity: 2
- name: Set a fact for the enabled MPM
set_fact:
apache_mpm_loaded: "mpm_{{ apache_mpm_check.stdout | trim }}"
when: apache_mpm_check.stdout != "invalid"
- name: Set a fact for the enabled MPM
set_fact:
apache_mpm_loaded: ""
when: apache_mpm_check.stdout == "invalid"
- name: Debug the enabled MPM
debug:
var: apache_mpm_loaded
verbosity: 2
when: apache_mpm_loaded is defined
- name: "Check if a Let's Encrypt HTTPS cert is present for {{ inventory_hostname }}"
stat:
path: "/etc/ssl/le/{{ inventory_hostname }}.cert.pem"
check_mode: false
register: apache_cert
- name: Include mod checks
include_tasks: a2mod_checks.yml
- name: Include conf checks
include_tasks: a2conf_checks.yml
- name: Include site checks
include_tasks: a2site_checks.yml
tags:
- apache
...