diff --git a/ansible/roles/apache/defaults/main.yml b/ansible/roles/apache/defaults/main.yml new file mode 100644 index 0000000..372da7b --- /dev/null +++ b/ansible/roles/apache/defaults/main.yml @@ -0,0 +1,2 @@ +--- +collectd_apache: true diff --git a/ansible/roles/apache/files/httpd.logrotate b/ansible/roles/apache/files/httpd.logrotate new file mode 100644 index 0000000..171befe --- /dev/null +++ b/ansible/roles/apache/files/httpd.logrotate @@ -0,0 +1,13 @@ +/var/log/httpd/*log { + daily + rotate 7 + missingok + ifempty + compress + compresscmd /usr/bin/xz + uncompresscmd /usr/bin/xz + compressext .xz + dateext + sharedscripts + copytruncate +} diff --git a/ansible/roles/apache/handlers/main.yml b/ansible/roles/apache/handlers/main.yml new file mode 100644 index 0000000..f599732 --- /dev/null +++ b/ansible/roles/apache/handlers/main.yml @@ -0,0 +1,2 @@ +- name: restart apache + command: /usr/local/bin/conditional-restart.sh httpd httpd diff --git a/ansible/roles/apache/tasks/main.yml b/ansible/roles/apache/tasks/main.yml new file mode 100644 index 0000000..2d377b7 --- /dev/null +++ b/ansible/roles/apache/tasks/main.yml @@ -0,0 +1,77 @@ +--- +# install apache(httpd) +- name: install apache (package) + package: + state: present + name: + - httpd + - httpd-tools + tags: + - packages + - apache + when: ansible_cmdline.ostree is not defined + +- name: set apache running/enabled + service: name=httpd enabled=yes + ignore_errors: true + notify: + - reload apache + tags: + - service + - apache + +# install hash randomization hotfix +- name: hotfix - copy over new httpd init script + copy: src="{{ files }}/hotfix/httpd/httpd.init" dest=/etc/init.d/httpd + owner=root group=root mode=0755 + when: ansible_distribution_major_version|int <= 8 and ansible_distribution == 'RedHat' + notify: + - reload apache + tags: + - config + - hotfix + - apache + +- name: hotfix - copy over new httpd sysconfig (el7) + copy: src="{{ files }}/hotfix/httpd/httpd.sysconfig" dest=/etc/sysconfig/httpd + when: ansible_distribution_major_version|int == 7 and ansible_distribution == 'RedHat' + notify: + - reload apache + tags: + - config + - hotfix + - apache + +- name: add appserver headers.conf + template: src="headers.conf.j2" dest=/etc/httpd/conf.d/headers.conf + notify: + - reload apache + tags: + - config + - apache + - apache/headers + +- name: add appserver h2.conf + template: src="h2.conf.j2" dest=/etc/httpd/conf.d/h2.conf + when: ansible_distribution == 'Fedora' + notify: + - reload apache + tags: + - config + - apache + - h2 + +- name: add apache_status location for collectd + template: src="apachestatus.conf" dest=/etc/httpd/conf.d/apachestatus.conf + notify: + - reload apache + tags: + - config + - apache + - apachestatus + +- name: setup logrotate to our needs + copy: src="httpd.logrotate" dest=/etc/logrotate.d/httpd + tags: + - config + - apache diff --git a/ansible/roles/apache/templates/apachestatus.conf b/ansible/roles/apache/templates/apachestatus.conf new file mode 100644 index 0000000..cfd4993 --- /dev/null +++ b/ansible/roles/apache/templates/apachestatus.conf @@ -0,0 +1,14 @@ +ExtendedStatus on + + + SetHandler server-status + + # Apache 2.4 + + Require ip 127.0.0.1 + Require ip ::1 + Require host localhost + Require valid-user + + + diff --git a/ansible/roles/apache/templates/h2.conf.j2 b/ansible/roles/apache/templates/h2.conf.j2 new file mode 100644 index 0000000..2627ea8 --- /dev/null +++ b/ansible/roles/apache/templates/h2.conf.j2 @@ -0,0 +1 @@ +Protocols h2 {% if not inventory_hostname.startswith('proxy') %} h2c {% endif %} http/1.1 diff --git a/ansible/roles/apache/templates/headers.conf.j2 b/ansible/roles/apache/templates/headers.conf.j2 new file mode 100644 index 0000000..dfe9854 --- /dev/null +++ b/ansible/roles/apache/templates/headers.conf.j2 @@ -0,0 +1,10 @@ +ServerTokens ProductOnly + +Header set AppTime "%D" +PassEnv HOSTNAME +{% if 'proxy' in inventory_hostname %} +Header set X-Fedora-ProxyServer "{{ inventory_hostname }}" +{% else %} +Header set X-Fedora-AppServer "{{ inventory_hostname }}" +{% endif %} + diff --git a/ansible/roles/mod_wsgi/files/wsgi.conf b/ansible/roles/mod_wsgi/files/wsgi.conf new file mode 100644 index 0000000..6c32a15 --- /dev/null +++ b/ansible/roles/mod_wsgi/files/wsgi.conf @@ -0,0 +1,14 @@ +LoadModule wsgi_module modules/mod_wsgi.so + +# Some apps, notably anything that uses hg, need these off +WSGIRestrictStdin Off +WSGIRestrictStdout Off + +# Put the socket somewhere writable +WSGISocketPrefix run/wsgi + +# Do not Optimize without stripping docstrings +WSGIPythonOptimize 0 + +# Set WSGIApplicationGroup to global +WSGIApplicationGroup %{GLOBAL} diff --git a/ansible/roles/mod_wsgi/meta/main.yml b/ansible/roles/mod_wsgi/meta/main.yml new file mode 100644 index 0000000..7f15145 --- /dev/null +++ b/ansible/roles/mod_wsgi/meta/main.yml @@ -0,0 +1,3 @@ +dependencies: +- role: apache + when: wsgi_wants_apache diff --git a/ansible/roles/mod_wsgi/tasks/main.yml b/ansible/roles/mod_wsgi/tasks/main.yml new file mode 100644 index 0000000..db90b46 --- /dev/null +++ b/ansible/roles/mod_wsgi/tasks/main.yml @@ -0,0 +1,32 @@ +--- +# install mod_wsgi +- name: install mod_wsgi + package: + name: mod_wsgi + state: present + tags: + - packages + when: ansible_distribution_major_version|int < 8 and ansible_distribution == 'RedHat' + +- name: install mod_wsgi + package: + name: python3-mod_wsgi + state: present + tags: + - packages + when: ansible_distribution_major_version|int == 8 and ansible_distribution == 'RedHat' + +- name: install mod_wsgi + package: + name: mod_wsgi + state: present + tags: + - packages + when: ansible_distribution == 'Fedora' + +- name: wsgi.conf + copy: src="wsgi.conf" dest=/etc/httpd/conf.d/wsgi.conf + notify: + - restart apache + tags: + - config