From dd06fb0a56feba126cce5ef75e84e23eb72fe7aa Mon Sep 17 00:00:00 2001
From: Michael Scherer <misc@ephaone.org>
Date: Wed, 15 Oct 2014 16:55:11 -0400
Subject: Add playbook and httpd and the rest

---
 roles/httpd/tasks/main.yml | 51 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 roles/httpd/tasks/main.yml

(limited to 'roles/httpd/tasks/main.yml')

diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml
new file mode 100644
index 0000000..b1e7342
--- /dev/null
+++ b/roles/httpd/tasks/main.yml
@@ -0,0 +1,51 @@
+---
+- yum: name={{ item }} state=installed
+  with_items:
+  - python-passlib
+  - httpd
+  - mod_ssl
+
+- service: name=httpd state=started enabled=yes
+
+- copy: src={{ item }} dest=/etc/httpd/conf.d/{{ item }} owner=root group=apache mode=0644
+  with_items:
+  - name_vhost.conf
+  - mod_filter.conf
+  - remove_sslv3.conf
+  notify: restart httpd
+
+- template: src=vhost.conf dest=/etc/httpd/conf.d/{{ website_url }}.conf owner=root group=apache mode=0644
+  notify: restart httpd
+  when: document_root is defined
+
+- template: src=vhost_redirect.conf dest=/etc/httpd/conf.d/{{ website_url }}.conf owner=root group=apache mode=0644
+  notify: restart httpd
+  when: redirect is defined
+
+- file: state=directory path={{ document_root }} setype=httpd_sys_content_t owner=root mode=755 group=root
+  when: document_root is defined
+
+- file:  path=/etc/httpd/conf.d/{{ website_url }}.conf.d/ state=directory
+  when: website_url is defined
+
+# needed for newer apache, who requires at least 1 file for include
+- file:  path=/etc/httpd/conf.d/{{ website_url }}.conf.d/placeholder.conf state=touch
+  when: website_url is defined
+
+- file: path=/etc/httpd/conf.d/password_protection.conf state=absent
+  notify: restart httpd
+
+- htpasswd: path=/etc/httpd/{{ website_url }}.htpasswd name={{ website_user }} password={{ website_password }} owner=root group=apache mode=0640
+  when: website_user is defined
+
+- shell: lokkit -s {{ item }}
+  with_items:
+  - http
+  - https
+  when: ansible_distribution_major_version == '6' and (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat')
+
+- firewalld: service={{ item }} permanent=true state=enabled
+  with_items:
+  - http
+  - https
+  when: ansible_distribution == 'Fedora' or ansible_distribution_major_version == '7'
-- 
cgit