Merge pull request #1258 from holta/fix-apache-conf-perms

Clean up roles/httpd/tasks/main.yml & html.yml

roles/httpd/tasks/html.yml

@@ -59,7 +59,7 @@
   with_fileglob:
     - html/services/*
 
-- name: Create symlink from assets to {{ iiab_ini_file }}
+- name: Create symlink from /library/www/html/common/assets/iiab.ini to {{ iiab_ini_file }}
   file:
     src: "{{ iiab_ini_file }}"
     dest: "{{ doc_root }}/common/assets/iiab.ini"

roles/httpd/tasks/main.yml

@@ -1,15 +1,15 @@
 - name: Install Apache's required packages (debian)
   package:
-    name: "{{ item }}"
+    #name: [u'apache2', u'php{{ php_version }}', u'php{{ php_version }}-curl']    # FAILS ('u' for Unicode strings)
+    #name: ['apache2', 'php{{ php_version }}', 'php{{ php_version }}-curl']       # WORKS?
+    name:
+      - apache2
+      - "php{{ php_version }}"
+      - "php{{ php_version }}-curl"
     state: present
-  with_items:
+  when: is_debian
-    - apache2
-    - php{{ php_version }}
-    - php{{ php_version }}-curl
-#    - php{{ php_version }}-sqlite
   tags:
     - download
-  when: is_debian
 
 - name: Debian changed SQLite name (debian-8)
   package:
@@ -23,14 +23,15 @@
 
 - name: Install Apache's required packages (ubuntu)
   package:
-    name: "{{ item }}"
+    #name: [u'apache2', u'php']    # FAILS ('u' for Unicode strings)
+    #name: ['apache2', 'php']      # WORKS
+    name:
+      - apache2
+      - php
     state: present
-  with_items:
+  when: is_ubuntu
-    - apache2
-    - php
   tags:
     - download
-  when: is_ubuntu
 
 - name: SQLite3 no longer included in another package (ubuntu-18)
   package:
@@ -39,17 +40,17 @@
 
 - name: Install Apache's required packages (redhat)
   package:
-    name: "{{ item }}"
+    #name: [u'httpd', u'php', u'php-curl', u'mod_authnz_external']    # FAILS ('u' for Unicode strings)
+    #name: ['httpd', 'php', 'php-curl', 'mod_authnz_external']        # WORKS
+    name:
+      - httpd
+      - php
+      - php-curl
+      - mod_authnz_external
     state: present
-  with_items:
+  when: is_redhat
-    - httpd
-    - php
-    - php-curl
-    - mod_authnz_external
-#    - php-sqlite
   tags:
     - download
-  when: is_redhat
 
 # MOVED DOWN ~58 LINES
 #- name: Remove the default apache2 config file (debuntu)
@@ -65,10 +66,10 @@
     dest: "{{ item.dest }}"
     owner: root
     group: root
-    mode: "{{ item.mode }}"
+    mode: 0644
   with_items:
-    - { src: '010-iiab.conf.j2', dest: '/etc/{{ apache_config_dir }}/010-iiab.conf', mode: '0644' }
+    - { src: '010-iiab.conf.j2', dest: '/etc/{{ apache_config_dir }}/010-iiab.conf' }
-    - { src: 'proxy_ajp.conf.j2', dest: '/etc/{{ apache_config_dir }}/proxy_ajp.conf', mode: '0644' }
+    - { src: 'proxy_ajp.conf.j2', dest: '/etc/{{ apache_config_dir }}/proxy_ajp.conf' }
     #- { src: 'php.ini.j2', dest: '/etc/php.ini', mode: '0644' }    # @jvonau suggests removing this in https://github.com/iiab/iiab/issues/1147
 
 # For schools that use WordPress and/or Moodle intensively. See iiab/iiab #1147
@@ -87,7 +88,7 @@
     - { regexp: '^max_input_time', line: 'max_input_time = 300    ; default is 60' }
 
 # remove symlinks for mpm-event, replace with mpm-prefork
-- name: Remove mpm event links (debuntu)
+- name: Remove mpm event symlinks (debuntu)
   file:
     path: "/etc/apache2/mods-enabled/{{ item }}"
     state: absent
@@ -98,8 +99,8 @@
 
 - name: Create symlinks for mpm-prefork (debuntu)
   file:
-    path: "/etc/apache2/mods-enabled/{{ item }}"
     src: "/etc/apache2/mods-available/{{ item }}"
+    path: "/etc/apache2/mods-enabled/{{ item }}"
     state: link
   with_items:
     - mpm_prefork.conf
@@ -115,13 +116,11 @@
     - rewrite
   when: is_debuntu
 
-- name: Create symlinks for enabling our site (debuntu)
+- name: Create 010-iiab.conf symlink enabling our site (debuntu)
   file:
-    path: "/etc/apache2/sites-enabled/{{ item }}"
+    src: "/etc/{{ apache_config_dir }}/010-iiab.conf"
-    src: "/etc/apache2/sites-available/{{ item }}"
+    path: /etc/apache2/sites-enabled/010-iiab.conf
     state: link
-  with_items:
-    - 010-iiab.conf
   when: is_debuntu
 
 - name: Remove apache2 default config files (debuntu)
@@ -146,7 +145,7 @@
     name: admin
     state: present
 
-- name: Add {{ apache_user }} (from variable apache_user) to admin group
+- name: Add user {{ apache_user }} (from variable apache_user) to admin group
   user:
     name: "{{ apache_user }}"
     groups: admin
@@ -166,7 +165,7 @@
     name: "{{ apache_service }}"
     enabled: yes
 
-- name: Create iiab-info directory
+- name: Create /library/www/html/info directory for http://box/info offline docs
   file:
     path: "{{ doc_root }}/info"
     mode: 0755
@@ -174,16 +173,20 @@
     group: "{{ apache_user }}"
     state: directory
 
-- name: Remove iiab-info.conf
+# roles/httpd/templates/iiab-info.conf.j2.deprecated is no longer needed, as
-  file:
+# Apache serves http://box/info directly from above /library/www/html/info
-    dest: "/etc/{{ apache_config_dir }}/iiab-info.conf"
+# directly (as generated by /usr/bin/iiab-refresh-wiki-docs)
-    state: absent
+#
-
+#- name: Remove iiab-info.conf
-- name: Remove iiab-info.conf symlink (debuntu)
+#  file:
-  file:
+#    path: "/etc/{{ apache_config_dir }}/iiab-info.conf"
-    dest: /etc/apache2/sites-enabled/iiab-info.conf
+#    state: absent
-    state: absent
+#
-  when: is_debuntu
+#- name: Remove iiab-info.conf symlink (debuntu)
+#  file:
+#    path: /etc/apache2/sites-enabled/iiab-info.conf
+#    state: absent
+#  when: is_debuntu
 
 # SEE https://github.com/iiab/iiab/issues/1143 as the old roles/osm playbook is rarely used as of late 2018 (if anybody still uses roles/osm, they can overwrite osm.conf using the original osm playbook, or in other ways)
 - name: Copy osm.conf for http://box/maps (all OS's)
@@ -195,10 +198,11 @@
     mode: 0644
     backup: yes
 
-- name: Create link from sites-enabled to sites-available (debuntu)
+- name: Create osm.conf symlink from sites-enabled to sites-available (debuntu)
   file:
     src: "/etc/{{ apache_config_dir }}/osm.conf"
-    dest: /etc/apache2/sites-enabled/osm.conf
+    path: /etc/apache2/sites-enabled/osm.conf
+    #path: "/etc/{{ apache_service }}/sites-enabled/osm.conf"
     state: link
   when: is_debuntu
 
@@ -217,15 +221,15 @@
     dest: /usr/bin/iiab-refresh-wiki-docs
     mode: 0755
 
-- name: Give apache_user permission to poweroff
+- name: Give {{ apache_user }} (per variable apache_user) permission to poweroff
   template:
     src: 020_apache_poweroff.j2
     dest: /etc/sudoers.d/020_apache_poweroff
     mode: 0755
   when: apache_allow_sudo
 
-- name: Remove apache_user permission to poweroff
+- name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff
   file:
-    dest: /etc/sudoers.d/020_apache_poweroff
+    path: /etc/sudoers.d/020_apache_poweroff
     state: absent
   when: not apache_allow_sudo