Merge pull request #1258 from holta/fix-apache-conf-perms

Clean up roles/httpd/tasks/main.yml & html.yml
2025-03-09 15:40:17 +00:00 · 2018-10-28 03:24:45 -04:00 · 2018-10-28 03:24:45 -04:00 · b06b16d515
commit b06b16d515
parent ae19b50f16 782eaf5809
3 changed files with 52 additions and 48 deletions
--- a/roles/httpd/tasks/html.yml
+++ b/roles/httpd/tasks/html.yml
@ -59,7 +59,7 @@
  with_fileglob:
    - html/services/*

- name: Create symlink from assets to {{ iiab_ini_file }}
+- name: Create symlink from /library/www/html/common/assets/iiab.ini to {{ iiab_ini_file }}
  file:
    src: "{{ iiab_ini_file }}"
    dest: "{{ doc_root }}/common/assets/iiab.ini"
--- a/roles/httpd/tasks/main.yml
+++ b/roles/httpd/tasks/main.yml
@ -1,15 +1,15 @@
 - name: Install Apache's required packages (debian)
  package:
-    name: "{{ item }}"
+    #name: [u'apache2', u'php{{ php_version }}', u'php{{ php_version }}-curl']    # FAILS ('u' for Unicode strings)
+    #name: ['apache2', 'php{{ php_version }}', 'php{{ php_version }}-curl']       # WORKS?
+    name:
+      - apache2
+      - "php{{ php_version }}"
+      - "php{{ php_version }}-curl"
    state: present
-  with_items:
-    - apache2
-    - php{{ php_version }}
-    - php{{ php_version }}-curl
-#    - php{{ php_version }}-sqlite
+  when: is_debian
  tags:
    - download
-  when: is_debian

 - name: Debian changed SQLite name (debian-8)
  package:
@ -23,14 +23,15 @@

 - name: Install Apache's required packages (ubuntu)
  package:
-    name: "{{ item }}"
+    #name: [u'apache2', u'php']    # FAILS ('u' for Unicode strings)
+    #name: ['apache2', 'php']      # WORKS
+    name:
+      - apache2
+      - php
    state: present
-  with_items:
-    - apache2
-    - php
+  when: is_ubuntu
  tags:
    - download
-  when: is_ubuntu

 - name: SQLite3 no longer included in another package (ubuntu-18)
  package:
@ -39,17 +40,17 @@

 - name: Install Apache's required packages (redhat)
  package:
-    name: "{{ item }}"
+    #name: [u'httpd', u'php', u'php-curl', u'mod_authnz_external']    # FAILS ('u' for Unicode strings)
+    #name: ['httpd', 'php', 'php-curl', 'mod_authnz_external']        # WORKS
+    name:
+      - httpd
+      - php
+      - php-curl
+      - mod_authnz_external
    state: present
-  with_items:
-    - httpd
-    - php
-    - php-curl
-    - mod_authnz_external
-#    - php-sqlite
+  when: is_redhat
  tags:
    - download
-  when: is_redhat

 # MOVED DOWN ~58 LINES
 #- name: Remove the default apache2 config file (debuntu)
@ -65,10 +66,10 @@
    dest: "{{ item.dest }}"
    owner: root
    group: root
-    mode: "{{ item.mode }}"
+    mode: 0644
  with_items:
-    - { src: '010-iiab.conf.j2', dest: '/etc/{{ apache_config_dir }}/010-iiab.conf', mode: '0644' }
-    - { src: 'proxy_ajp.conf.j2', dest: '/etc/{{ apache_config_dir }}/proxy_ajp.conf', mode: '0644' }
+    - { src: '010-iiab.conf.j2', dest: '/etc/{{ apache_config_dir }}/010-iiab.conf' }
+    - { src: 'proxy_ajp.conf.j2', dest: '/etc/{{ apache_config_dir }}/proxy_ajp.conf' }
    #- { src: 'php.ini.j2', dest: '/etc/php.ini', mode: '0644' }    # @jvonau suggests removing this in https://github.com/iiab/iiab/issues/1147

 # For schools that use WordPress and/or Moodle intensively. See iiab/iiab #1147
@ -87,7 +88,7 @@
    - { regexp: '^max_input_time', line: 'max_input_time = 300    ; default is 60' }

 # remove symlinks for mpm-event, replace with mpm-prefork
- name: Remove mpm event links (debuntu)
+- name: Remove mpm event symlinks (debuntu)
  file:
    path: "/etc/apache2/mods-enabled/{{ item }}"
    state: absent
@ -98,8 +99,8 @@

 - name: Create symlinks for mpm-prefork (debuntu)
  file:
-    path: "/etc/apache2/mods-enabled/{{ item }}"
    src: "/etc/apache2/mods-available/{{ item }}"
+    path: "/etc/apache2/mods-enabled/{{ item }}"
    state: link
  with_items:
    - mpm_prefork.conf
@ -115,13 +116,11 @@
    - rewrite
  when: is_debuntu

- name: Create symlinks for enabling our site (debuntu)
+- name: Create 010-iiab.conf symlink enabling our site (debuntu)
  file:
-    path: "/etc/apache2/sites-enabled/{{ item }}"
-    src: "/etc/apache2/sites-available/{{ item }}"
+    src: "/etc/{{ apache_config_dir }}/010-iiab.conf"
+    path: /etc/apache2/sites-enabled/010-iiab.conf
    state: link
-  with_items:
-    - 010-iiab.conf
  when: is_debuntu

 - name: Remove apache2 default config files (debuntu)
@ -146,7 +145,7 @@
    name: admin
    state: present

- name: Add {{ apache_user }} (from variable apache_user) to admin group
+- name: Add user {{ apache_user }} (from variable apache_user) to admin group
  user:
    name: "{{ apache_user }}"
    groups: admin
@ -166,7 +165,7 @@
    name: "{{ apache_service }}"
    enabled: yes

- name: Create iiab-info directory
+- name: Create /library/www/html/info directory for http://box/info offline docs
  file:
    path: "{{ doc_root }}/info"
    mode: 0755
@ -174,16 +173,20 @@
    group: "{{ apache_user }}"
    state: directory

- name: Remove iiab-info.conf
-  file:
-    dest: "/etc/{{ apache_config_dir }}/iiab-info.conf"
-    state: absent
-
- name: Remove iiab-info.conf symlink (debuntu)
-  file:
-    dest: /etc/apache2/sites-enabled/iiab-info.conf
-    state: absent
-  when: is_debuntu
+# roles/httpd/templates/iiab-info.conf.j2.deprecated is no longer needed, as
+# Apache serves http://box/info directly from above /library/www/html/info
+# directly (as generated by /usr/bin/iiab-refresh-wiki-docs)
+#
+#- name: Remove iiab-info.conf
+#  file:
+#    path: "/etc/{{ apache_config_dir }}/iiab-info.conf"
+#    state: absent
+#
+#- name: Remove iiab-info.conf symlink (debuntu)
+#  file:
+#    path: /etc/apache2/sites-enabled/iiab-info.conf
+#    state: absent
+#  when: is_debuntu

 # SEE https://github.com/iiab/iiab/issues/1143 as the old roles/osm playbook is rarely used as of late 2018 (if anybody still uses roles/osm, they can overwrite osm.conf using the original osm playbook, or in other ways)
 - name: Copy osm.conf for http://box/maps (all OS's)
@ -195,10 +198,11 @@
    mode: 0644
    backup: yes

- name: Create link from sites-enabled to sites-available (debuntu)
+- name: Create osm.conf symlink from sites-enabled to sites-available (debuntu)
  file:
    src: "/etc/{{ apache_config_dir }}/osm.conf"
-    dest: /etc/apache2/sites-enabled/osm.conf
+    path: /etc/apache2/sites-enabled/osm.conf
+    #path: "/etc/{{ apache_service }}/sites-enabled/osm.conf"
    state: link
  when: is_debuntu

@ -217,15 +221,15 @@
    dest: /usr/bin/iiab-refresh-wiki-docs
    mode: 0755

- name: Give apache_user permission to poweroff
+- name: Give {{ apache_user }} (per variable apache_user) permission to poweroff
  template:
    src: 020_apache_poweroff.j2
    dest: /etc/sudoers.d/020_apache_poweroff
    mode: 0755
  when: apache_allow_sudo

- name: Remove apache_user permission to poweroff
+- name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff
  file:
-    dest: /etc/sudoers.d/020_apache_poweroff
+    path: /etc/sudoers.d/020_apache_poweroff
    state: absent
  when: not apache_allow_sudo
--- a/roles/httpd/templates/iiab-info.conf.j2.deprecated
+++ b/roles/httpd/templates/iiab-info.conf.j2.deprecated