diff --git a/roles/awstats/tasks/apache.yml b/roles/awstats/tasks/apache.yml new file mode 100644 index 000000000..974dea5f4 --- /dev/null +++ b/roles/awstats/tasks/apache.yml @@ -0,0 +1,12 @@ +- name: Enable http://box/awstats and/or http://box/awstats/awstats.pl via Apache + command: a2ensite awstats.conf + when: awstats_enabled | bool + +- name: Disable http://box/awstats and/or http://box/awstats/awstats.pl via Apache + command: a2dissite awstats.conf + when: not awstats_enabled + +- name: Restart '{{ apache_service }}' systemd service + systemd: + name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/.yml + state: restarted diff --git a/roles/awstats/tasks/enable.yml b/roles/awstats/tasks/enable.yml deleted file mode 100644 index ae216c907..000000000 --- a/roles/awstats/tasks/enable.yml +++ /dev/null @@ -1,55 +0,0 @@ -# Apache - -- name: Enable http://box/awstats and/or http://box/awstats/awstats.pl via Apache - command: a2ensite awstats.conf - when: apache_install and awstats_enabled - -- name: Disable http://box/awstats and/or http://box/awstats/awstats.pl via Apache - command: a2dissite awstats.conf - when: apache_install and not awstats_enabled - -- name: Restart Apache systemd service ({{ apache_service }}) - systemd: - name: "{{ apache_service }}" # apache2 or httpd, as set in /opt/iiab/iiab/vars/.yml - state: restarted - when: apache_enabled | bool - -# NGINX - -- name: Enable http://box/awstats via NGINX, by installing /etc/nginx/cgi-bin.php & {{ nginx_conf_dir }}/awstats-nginx.conf from template - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - with_items: - - { src: "awstats-nginx.conf", dest: "{{ nginx_conf_dir }}/" } - - { src: "cgi-bin.php", dest: "/etc/nginx/" } - when: nginx_install and awstats_enabled - -- name: Disable http://box/awstats_url via NGINX, by removing {{ nginx_conf_dir }}/awstats-nginx.conf - file: - path: "{{ nginx_conf_dir }}/awstats-nginx.conf" - state: absent - when: nginx_install and not awstats_enabled - -- name: Restart 'nginx' systemd service - systemd: - name: nginx - state: restarted - when: nginx_enabled | bool - - -- name: Add 'awstats' variable values to {{ iiab_ini_file }} - ini_file: - path: "{{ iiab_ini_file }}" - section: awstats - option: "{{ item.option }}" - value: "{{ item.value | string }}" - with_items: - - option: name - value: AWStats - - option: description - value: '"AWStats (originally known as Advanced Web Statistics) is a package written in Perl which generates static or dynamic html summaries based upon web server logs."' - - option: install - value: "{{ awstats_install }}" - - option: enabled - value: "{{ awstats_enabled }}" diff --git a/roles/awstats/tasks/install.yml b/roles/awstats/tasks/install.yml index 5656be24d..de191701c 100644 --- a/roles/awstats/tasks/install.yml +++ b/roles/awstats/tasks/install.yml @@ -1,3 +1,10 @@ +# TO DO: +# +# - Prepare for a possible future w/o Apache by verifying/refining below... +# - 5 'when: apache_install | bool' +# - 1 'when: nginx_install | bool' +# - 8 core stanzas w/o such 'when:' clauses + - name: 'Install 3 packages: awstats, openssl, pwauth' package: name: @@ -12,33 +19,47 @@ - libapache2-mod-authnz-external - apache2-utils state: present + when: apache_install | bool -- name: Enable cgi execution via Apache +- name: Run 'a2enmod cgi' to enable cgi execution via Apache command: a2enmod cgi + when: apache_install | bool -- name: 'Mandate {{ apache_user }}:{{ apache_user }} perm 0750 dirs: {{ awstats_data_dir }} (intermediate summary storage) & {{ apache_log_dir }}' # /library/awstats & /var/log/apache2 typically +- name: Create directory... mkdir {{ apache_log_dir }}, recursively chown {{ apache_user }}:{{ apache_user }}, with chmod u+rw,g+r,g-w,o-rwx file: + state: directory + recurse: yes + path: "{{ apache_log_dir }}" # /var/log/apache2 on debuntu + owner: "{{ apache_user }}" # www-data on debuntu + group: "{{ apache_user }}" + mode: u+rw,g+r,g-w,o-rwx # '0750' turned on too many x bits + #force: yes + when: apache_install | bool + +- name: Create 2 directories... mkdir {{ awstats_data_dir }} (intermediate summary storage) and /usr/lib/cgi-bin/awstats, recursively chown {{ apache_user }}:{{ apache_user }}, with chmod u+rw,g+r,g-w,o-rwx + file: + state: directory + recurse: yes path: "{{ item }}" owner: "{{ apache_user }}" group: "{{ apache_user }}" - mode: '0750' - state: directory - recurse: yes - force: yes + mode: u+rw,g+r,g-w,o-rwx # '0750' turned on too many x bits + #force: yes with_items: - - "{{ awstats_data_dir }}" - - "{{ apache_log_dir }}" + - "{{ awstats_data_dir }}" # /library/awstats - /usr/lib/cgi-bin/awstats # create backward compatible path for awstats - name: Install /etc/{{ apache_conf_dir }}/awstats.conf from template template: src: apache-awstats.conf - dest: "/etc/{{ apache_conf_dir }}/awstats.conf" + dest: "/etc/{{ apache_conf_dir }}/awstats.conf" # apache2/sites-available on debuntu + when: apache_install | bool - name: Install /etc/logrotate.d/apache2 from template, to ensure logrotate doesn't make logs unreadable template: src: logrotate.d.apache2 dest: /etc/logrotate.d/apache2 + when: apache_install | bool - name: Does /etc/awstats/awstats.conf exist? stat: @@ -59,22 +80,25 @@ template: src: awstats.schoolserver.conf.j2 dest: /etc/awstats/awstats.schoolserver.conf - # when: awstats_enabled | bool - name: Symlink /etc/awstats/awstats.conf -> /etc/awstats/awstats.schoolserver.conf for access by IP address file: src: /etc/awstats/awstats.schoolserver.conf path: /etc/awstats/awstats.conf state: link - # when: awstats_enabled | bool # - name: On first enabling of AWStats, summarize httpd logs up to now (OS's other than debuntu) # shell: /bin/perl /usr/share/awstats/wwwroot/cgi-bin/awstats.pl -config=schoolserver -update # when: awstats_enabled and not is_debuntu -- name: On first enabling of AWStats, summarize httpd logs up to now +- name: "Summarize logs up to now: /usr/bin/perl /usr/lib/cgi-bin/awstats.pl -config=schoolserver -update" shell: /usr/bin/perl /usr/lib/cgi-bin/awstats.pl -config=schoolserver -update - # when: awstats_enabled | bool + +- name: Install /etc/nginx/cgi-bin.php from template + template: + src: cgi-bin.php + dest: /etc/nginx/ + when: nginx_install | bool # RECORD AWStats AS INSTALLED diff --git a/roles/awstats/tasks/main.yml b/roles/awstats/tasks/main.yml index 70c42ece4..ffe1af2a5 100644 --- a/roles/awstats/tasks/main.yml +++ b/roles/awstats/tasks/main.yml @@ -1,7 +1,50 @@ -- name: Install AWStats if awstats_install - include_tasks: install.yml - when: awstats_install and not awstats_installed is defined +# "How do i fail a task in Ansible if the variable contains a boolean value? +# I want to perform input validation for Ansible playbooks" +# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499 -- name: Enable AWStats - include_tasks: enable.yml - when: awstats_install or awstats_installed is defined +# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need +# to re-check whether vars are defined here. As Ansible vars cannot be unset: +# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible + +- name: Assert that "awstats_install is sameas true" (boolean not string etc) + assert: + that: awstats_install is sameas true + fail_msg: "PLEASE SET 'awstats_install: True' e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + +- name: Assert that "awstats_enabled | type_debug == 'bool'" (boolean not string etc) + assert: + that: awstats_enabled | type_debug == 'bool' + fail_msg: "PLEASE GIVE VARIABLE 'awstats_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml" + quiet: yes + + +- name: Install AWStats if 'awstats_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml + include_tasks: install.yml + when: awstats_installed is undefined + + +- name: Enable/Disable/Restart Apache if primary + include_tasks: apache.yml + when: not nginx_enabled + +- name: Enable/Disable/Restart NGINX if primary + include_tasks: nginx.yml + when: nginx_enabled | bool + + +- name: Add 'awstats' variable values to {{ iiab_ini_file }} + ini_file: + path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini + section: awstats + option: "{{ item.option }}" + value: "{{ item.value | string }}" + with_items: + - option: name + value: AWStats + - option: description + value: '"AWStats (originally known as Advanced Web Statistics) is a package written in Perl which generates static or dynamic html summaries based upon web server logs."' + - option: install + value: "{{ awstats_install }}" + - option: enabled + value: "{{ awstats_enabled }}" diff --git a/roles/awstats/tasks/nginx.yml b/roles/awstats/tasks/nginx.yml new file mode 100644 index 000000000..074fb4291 --- /dev/null +++ b/roles/awstats/tasks/nginx.yml @@ -0,0 +1,16 @@ +- name: Enable http://box/awstats via NGINX, by installing {{ nginx_conf_dir }}/awstats-nginx.conf from template + template: + src: awstats-nginx.conf + dest: "{{ nginx_conf_dir }}/" # /etc/nginx/conf.d + when: awstats_enabled | bool + +- name: Disable http://box/awstats via NGINX, by removing {{ nginx_conf_dir }}/awstats-nginx.conf + file: + path: "{{ nginx_conf_dir }}/awstats-nginx.conf" # /etc/nginx/conf.d + state: absent + when: not awstats_enabled + +- name: Restart 'nginx' systemd service + systemd: + name: nginx + state: restarted diff --git a/roles/awstats/templates/awstats-nginx.conf b/roles/awstats/templates/awstats-nginx.conf index c67c4c0fd..70dd17214 100644 --- a/roles/awstats/templates/awstats-nginx.conf +++ b/roles/awstats/templates/awstats-nginx.conf @@ -1,13 +1,13 @@ location ~ ^/awstats { - rewrite ^ /cgi-bin/awstats.pl; + rewrite ^ /cgi-bin/awstats.pl; } location ^~ /awstatsicons { - alias /usr/share/awstats/icon/; - access_log off; + alias /usr/share/awstats/icon/; + access_log off; } location ^~ /awstatsclasses { - alias /usr/share/java/awstats/; - access_log off; + alias /usr/share/java/awstats/; + access_log off; } location ~ ^/cgi-bin/.*\.(cgi|pl|py|rb) { @@ -21,4 +21,3 @@ location ~ ^/cgi-bin/.*\.(cgi|pl|py|rb) { fastcgi_param X_SCRIPT_NAME $fastcgi_script_name; fastcgi_param REMOTE_USER $remote_user; } -