--- - include_vars: "{{ item }}" with_first_found: - vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml - vars/{{ ansible_distribution }}.yml - vars/{{ ansible_os_family }}.yml - vars/defaults.yml tags: web - name: Install packages yum: name={{ httpd_common_packages }} tags: web - name: List httpd ports set_fact: httpd_ports={{ httpd_ports + (httpd_ansible_vhosts | selectattr('port','defined') | map(attribute='port') | list) | unique }} tags: [firewall,web] - name: Allow httpd to bind on ports seport: ports={{ httpd_ports | join(',') }} proto=tcp setype=http_port_t state=present when: ansible_selinux.status == 'enabled' tags: web - name: Creates default root directory file: path={{ item }} state=directory mode=755 with_items: - /var/www/html/default - /var/www/html/default/cgi-bin - /var/www/html/downtime - /etc/httpd/ansible_conf.d - /etc/httpd/custom_conf.d - /etc/httpd/ansible_conf.modules.d tags: web - name: Deploy an empty default index for the catch all vhost copy: src=index_default.html dest=/var/www/html/default/index.html tags: web - name: Deploy the maintenance page copy: src=index_maintenance.html dest=/var/www/html/default/maintenance.html tags: web - name: Remove obsolete configuration files file: path={{ item }} state=absent with_items: - /etc/httpd/ansible_conf.d/10-welcome.conf tags: web - name: Deploy mpm configuration template: src=10-mpm.conf.j2 dest=/etc/httpd/ansible_conf.modules.d/10-mpm.conf notify: restart httpd tags: [conf,web] - name: Deploy main httpd configuration template: src={{ item.src }} dest={{ item.dest }} with_items: - src: httpd.conf.j2 dest: /etc/httpd/conf/httpd.conf - src: common_env.inc.j2 dest: /etc/httpd/ansible_conf.d/common_env.inc - src: autoindex.conf.j2 dest: /etc/httpd/ansible_conf.d/10-autoindex.conf - src: status.conf.j2 dest: /etc/httpd/ansible_conf.d/10-status.conf - src: errors.conf.j2 dest: /etc/httpd/ansible_conf.d/10-errors.conf - src: vhost_default.conf.j2 dest: /etc/httpd/ansible_conf.d/20-vhost_default.conf - src: 00-base_mod.conf.j2 dest: /etc/httpd/ansible_conf.modules.d/00-base_mod.conf - src: 20-cgi.conf.j2 dest: /etc/httpd/ansible_conf.modules.d/20-cgi.conf notify: reload httpd tags: [conf,web] - name: Check if common config templates are present stat: path=/etc/httpd/ansible_conf.d/{{ item }} with_items: - common_perf.inc - common_filter.inc - common_force_ssl.inc - common_letsencrypt.inc - common_cache.inc - common_mod_security2.inc register: common_files tags: [conf,web] - name: Deploy dummy config files if needed copy: content="# Dummy config file. Use httpd_front / letsencrypt roles to get the real config" dest=/etc/httpd/ansible_conf.d/{{ item.item }} when: not item.stat.exists with_items: "{{ common_files.results }}" notify: reload httpd tags: [conf,web] - name: Deploy ansible vhosts configuration template: src=vhost_ansible.conf.j2 dest=/etc/httpd/ansible_conf.d/30-vhost_ansible.conf notify: reload httpd tags: [conf,web] - name: Create ansible directories file: path={{ item.path }} state=directory with_items: "{{ httpd_ansible_directories }}" tags: [conf,web] - name: Deploy ansible directories configuration template: src=dir_ansible.conf.j2 dest=/etc/httpd/ansible_conf.d/10-dir_ansible.conf notify: reload httpd tags: [conf,web] - name: Deploy custom global configuration copy: content={{ httpd_custom_conf }} dest=/etc/httpd/ansible_conf.d/10-custom_ansible.conf notify: reload httpd tags: [conf,web] - name: Configure log rotation template: src=logrotate.conf.j2 dest=/etc/logrotate.d/httpd tags: [conf,web] - name: Remove old iptables rule iptables_raw: name: httpd_port state: absent when: iptables_manage | default(True) tags: [firewall,web] - name: Handle HTTP ports iptables_raw: name: httpd_ports state: "{{ (httpd_src_ip | length > 0) | ternary('present','absent') }}" rules: "-A INPUT -m state --state new -p tcp -m multiport --dports {{ httpd_ports | join(',') }} -s {{ httpd_src_ip | join(',') }} -j ACCEPT" when: iptables_manage | default(True) tags: [firewall,web] - name: Start and enable the service service: name=httpd state=started enabled=yes tags: web - name: Allow network connections in SELinux seboolean: name={{ item }} state=yes persistent=yes with_items: - httpd_can_connect_ldap - httpd_unified - httpd_can_network_connect - httpd_mod_auth_pam when: ansible_selinux.status == 'enabled' tags: web - name: Create or update htpasswd files htpasswd: path: "{{ item[0].path }}" name: "{{ item[1].login }}" password: "{{ item[1].pass | default(omit) }}" owner: root group: "{{ httpd_user }}" mode: 0640 state: "{{ (item[1].state | default('present')) }}" with_subelements: - "{{ httpd_htpasswd }}" - users tags: web - include: filebeat.yml ...