Cleaner AWStats playbook

2025-03-09 15:40:17 +00:00 · 2020-02-02 07:55:43 -05:00 · 2020-02-02 07:55:43 -05:00 · 52a9697090
commit 52a9697090
parent 7edb7c691a
6 changed files with 119 additions and 80 deletions
--- a/roles/awstats/tasks/apache.yml
+++ b/roles/awstats/tasks/apache.yml
@ -0,0 +1,12 @@
+- name: Enable http://box/awstats and/or http://box/awstats/awstats.pl via Apache
+  command: a2ensite awstats.conf
+  when: awstats_enabled | bool
+
+- name: Disable http://box/awstats and/or http://box/awstats/awstats.pl via Apache
+  command: a2dissite awstats.conf
+  when: not awstats_enabled
+
+- name: Restart '{{ apache_service }}' systemd service
+  systemd:
+    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
+    state: restarted
--- a/roles/awstats/tasks/enable.yml
+++ b/roles/awstats/tasks/enable.yml
@ -1,55 +0,0 @@
-# Apache
-
- name: Enable http://box/awstats and/or http://box/awstats/awstats.pl via Apache
-  command: a2ensite awstats.conf
-  when: apache_install and awstats_enabled
-
- name: Disable http://box/awstats and/or http://box/awstats/awstats.pl via Apache
-  command: a2dissite awstats.conf
-  when: apache_install and not awstats_enabled
-
- name: Restart Apache systemd service ({{ apache_service }})
-  systemd:
-    name: "{{ apache_service }}"    # apache2 or httpd, as set in /opt/iiab/iiab/vars/<OS>.yml
-    state: restarted
-  when: apache_enabled | bool
-
-# NGINX
-
- name: Enable http://box/awstats via NGINX, by installing /etc/nginx/cgi-bin.php & {{ nginx_conf_dir }}/awstats-nginx.conf from template
-  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-  with_items:
-    - { src: "awstats-nginx.conf", dest: "{{ nginx_conf_dir }}/" }
-    - { src: "cgi-bin.php", dest: "/etc/nginx/" }
-  when: nginx_install and awstats_enabled
-
- name: Disable http://box/awstats_url via NGINX, by removing {{ nginx_conf_dir }}/awstats-nginx.conf
-  file:
-    path: "{{ nginx_conf_dir }}/awstats-nginx.conf"
-    state: absent
-  when: nginx_install and not awstats_enabled
-
- name: Restart 'nginx' systemd service
-  systemd:
-    name: nginx
-    state: restarted
-  when: nginx_enabled | bool
-
-
- name: Add 'awstats' variable values to {{ iiab_ini_file }}
-  ini_file:
-    path: "{{ iiab_ini_file }}"
-    section: awstats
-    option: "{{ item.option }}"
-    value: "{{ item.value | string }}"
-  with_items:
-    - option: name
-      value: AWStats
-    - option: description
-      value: '"AWStats (originally known as Advanced Web Statistics) is a package written in Perl which generates static or dynamic html summaries based upon web server logs."'
-    - option: install
-      value: "{{ awstats_install }}"
-    - option: enabled
-      value: "{{ awstats_enabled }}"
--- a/roles/awstats/tasks/install.yml
+++ b/roles/awstats/tasks/install.yml
@ -1,3 +1,10 @@
+# TO DO:
+#
+# - Prepare for a possible future w/o Apache by verifying/refining below...
+#   - 5 'when: apache_install | bool'
+#   - 1 'when: nginx_install | bool'
+#   - 8 core stanzas w/o such 'when:' clauses
+
 - name: 'Install 3 packages: awstats, openssl, pwauth'
  package:
    name:
@ -12,33 +19,47 @@
      - libapache2-mod-authnz-external
      - apache2-utils
    state: present
+  when: apache_install | bool

- name: Enable cgi execution via Apache
+- name: Run 'a2enmod cgi' to enable cgi execution via Apache
  command: a2enmod cgi
+  when: apache_install | bool

- name: 'Mandate {{ apache_user }}:{{ apache_user }} perm 0750 dirs: {{ awstats_data_dir }} (intermediate summary storage) & {{ apache_log_dir }}'    # /library/awstats & /var/log/apache2 typically
+- name: mkdir /var/log/apache2, recursively chown {{ apache_user }}:{{ apache_user }}, with chmod u+rw,g+r,g-w,o-rwx
  file:
+    state: directory
+    recurse: yes
+    path: "{{ apache_log_dir }}"
+    owner: "{{ apache_user }}"
+    group: "{{ apache_user }}"
+    mode: u+rw,g+r,g-w,o-rwx    # '0750' turned on too many x bits
+    #force: yes
+  when: apache_install | bool
+
+- name: mkdir {{ awstats_data_dir }} (intermediate summary storage) & /usr/lib/cgi-bin/awstats, recursively chown {{ apache_user }}:{{ apache_user }}, with chmod u+rw,g+r,g-w,o-rwx
+  file:
+    state: directory
+    recurse: yes
    path: "{{ item }}"
    owner: "{{ apache_user }}"
    group: "{{ apache_user }}"
-    mode: '0750'
-    state: directory
-    recurse: yes
-    force: yes
+    mode: u+rw,g+r,g-w,o-rwx    # '0750' turned on too many x bits
+    #force: yes
  with_items:
-    - "{{ awstats_data_dir }}"
-    - "{{ apache_log_dir }}"
+    - "{{ awstats_data_dir }}"    # /library/awstats
    - /usr/lib/cgi-bin/awstats    # create backward compatible path for awstats

 - name: Install /etc/{{ apache_conf_dir }}/awstats.conf from template
  template:
    src: apache-awstats.conf
-    dest: "/etc/{{ apache_conf_dir }}/awstats.conf"
+    dest: "/etc/{{ apache_conf_dir }}/awstats.conf"    # apache2/sites-available (on debuntu)
+  when: apache_install | bool

 - name: Install /etc/logrotate.d/apache2 from template, to ensure logrotate doesn't make logs unreadable
  template:
    src: logrotate.d.apache2
    dest: /etc/logrotate.d/apache2
+  when: apache_install | bool

 - name: Does /etc/awstats/awstats.conf exist?
  stat:
@ -59,22 +80,25 @@
  template:
    src: awstats.schoolserver.conf.j2
    dest: /etc/awstats/awstats.schoolserver.conf
-  # when: awstats_enabled | bool

 - name: Symlink /etc/awstats/awstats.conf -> /etc/awstats/awstats.schoolserver.conf for access by IP address
  file:
    src: /etc/awstats/awstats.schoolserver.conf
    path: /etc/awstats/awstats.conf
    state: link
-  # when: awstats_enabled | bool

 # - name: On first enabling of AWStats, summarize httpd logs up to now (OS's other than debuntu)
 #   shell: /bin/perl /usr/share/awstats/wwwroot/cgi-bin/awstats.pl -config=schoolserver -update
 #   when: awstats_enabled and not is_debuntu

- name: On first enabling of AWStats, summarize httpd logs up to now
+- name: "Summarize logs up to now: /usr/bin/perl /usr/lib/cgi-bin/awstats.pl -config=schoolserver -update"
  shell: /usr/bin/perl /usr/lib/cgi-bin/awstats.pl -config=schoolserver -update
-  # when: awstats_enabled | bool
+
+- name: Install /etc/nginx/cgi-bin.php from template
+  template:
+    src: cgi-bin.php
+    dest: /etc/nginx/
+  when: nginx_install | bool


 # RECORD AWStats AS INSTALLED
--- a/roles/awstats/tasks/main.yml
+++ b/roles/awstats/tasks/main.yml
@ -1,7 +1,50 @@
- name: Install AWStats if awstats_install
-  include_tasks: install.yml
-  when: awstats_install and not awstats_installed is defined
+# "How do i fail a task in Ansible if the variable contains a boolean value?
+# I want to perform input validation for Ansible playbooks"
+# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499

- name: Enable AWStats
-  include_tasks: enable.yml
-  when: awstats_install or awstats_installed is defined
+# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
+# to re-check whether vars are defined here.  As Ansible vars cannot be unset:
+# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
+
+- name: Assert that "awstats_install is sameas true" (boolean not string etc)
+  assert:
+    that: awstats_install is sameas true
+    fail_msg: "PLEASE SET 'awstats_install: True' e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+
+- name: Assert that "awstats_enabled | type_debug == 'bool'" (boolean not string etc)
+  assert:
+    that: awstats_enabled | type_debug == 'bool'
+    fail_msg: "PLEASE GIVE VARIABLE 'awstats_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
+    quiet: yes
+
+
+- name: Install AWStats if 'awstats_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
+  include_tasks: install.yml
+  when: awstats_installed is undefined
+
+
+- name: Enable/Disable/Restart Apache if primary
+  include_tasks: apache.yml
+  when: not nginx_enabled
+
+- name: Enable/Disable/Restart NGINX if primary
+  include_tasks: nginx.yml
+  when: nginx_enabled | bool
+
+
+- name: Add 'awstats' variable values to {{ iiab_ini_file }}
+  ini_file:
+    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
+    section: awstats
+    option: "{{ item.option }}"
+    value: "{{ item.value | string }}"
+  with_items:
+    - option: name
+      value: AWStats
+    - option: description
+      value: '"AWStats (originally known as Advanced Web Statistics) is a package written in Perl which generates static or dynamic html summaries based upon web server logs."'
+    - option: install
+      value: "{{ awstats_install }}"
+    - option: enabled
+      value: "{{ awstats_enabled }}"
--- a/roles/awstats/tasks/nginx.yml
+++ b/roles/awstats/tasks/nginx.yml
@ -0,0 +1,16 @@
+- name: Enable http://box/awstats via NGINX, by installing {{ nginx_conf_dir }}/awstats-nginx.conf from template
+  template:
+    src: awstats-nginx.conf
+    dest: "{{ nginx_conf_dir }}/"    # /etc/nginx/conf.d
+  when: awstats_enabled | bool
+
+- name: Disable http://box/awstats via NGINX, by removing {{ nginx_conf_dir }}/awstats-nginx.conf
+  file:
+    path: "{{ nginx_conf_dir }}/awstats-nginx.conf"    # /etc/nginx/conf.d
+    state: absent
+  when: not awstats_enabled
+
+- name: Restart 'nginx' systemd service
+  systemd:
+    name: nginx
+    state: restarted
--- a/roles/awstats/templates/awstats-nginx.conf
+++ b/roles/awstats/templates/awstats-nginx.conf
@ -21,4 +21,3 @@ location ~ ^/cgi-bin/.*\.(cgi|pl|py|rb) {
    fastcgi_param   X_SCRIPT_NAME      $fastcgi_script_name;
    fastcgi_param   REMOTE_USER        $remote_user;
 }
-