fixing some ansible warnings and removing ssl from qa static sites - using proxies now

2016-03-21 17:14:07 +00:00 · 2016-03-21 17:14:07 +00:00 · cf503fe4d2
commit cf503fe4d2
parent 6e4e616d41
2 changed files with 3 additions and 73 deletions
--- a/files/httpd/newvirtualhost.conf.j2
+++ b/files/httpd/newvirtualhost.conf.j2
@ -1,75 +1,5 @@
-<VirtualHost *:443>
-  # Change this to the domain which points to your host.
-  ServerName {{ item.name }}
-
-  # Use separate log files for the SSL virtual host; note that LogLevel
-  # is not inherited from httpd.conf.
-  ErrorLog logs/{{ item.name }}_error_log
-  TransferLog logs/{{ item.name }}_access_log
-  LogLevel warn
-
-  #   SSL Engine Switch:
-  #   Enable/Disable SSL for this virtual host.
-  SSLEngine on
-
-  #   SSL Protocol support:
-  # List the enable protocol levels with which clients will be able to
-  # connect.  Disable SSLv2 access by default:
-  SSLProtocol all -SSLv2
-
-  #   SSL Cipher Suite:
-  # List the ciphers that the client is permitted to negotiate.
-  # See the mod_ssl documentation for a complete list.
-  #SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
-  SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
-
-  #   Server Certificate:
-  # Point SSLCertificateFile at a PEM encoded certificate.  If
-  # the certificate is encrypted, then you will be prompted for a
-  # pass phrase.  Note that a kill -HUP will prompt again.  A new
-  # certificate can be generated using the genkey(1) command.
-  SSLCertificateFile /etc/pki/tls/certs/{{ sslcertfile }}
-
-  #   Server Private Key:
-  #   If the key is not combined with the certificate, use this
-  #   directive to point at the key file.  Keep in mind that if
-  #   you've both a RSA and a DSA private key you can configure
-  #   both in parallel (to also allow the use of DSA ciphers, etc.)
-  SSLCertificateKeyFile /etc/pki/tls/private/{{ sslkeyfile }}
-
-  #   Server Certificate Chain:
-  #   Point SSLCertificateChainFile at a file containing the
-  #   concatenation of PEM encoded CA certificates which form the
-  #   certificate chain for the server certificate. Alternatively
-  #   the referenced file can be the same as SSLCertificateFile
-  #   when the CA certificates are directly appended to the server
-  #   certificate for convinience.
-  #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
-  {% if sslintermediatecertfile != '' %}
-  SSLCertificateChainFile /etc/pki/tls/certs/{{ sslintermediatecertfile }}
-  {% endif %}
-
-  #   Certificate Authority (CA):
-  #   Set the CA certificate verification path where to find CA
-  #   certificates for client authentication or alternatively one
-  #   huge file containing all of them (file must be PEM encoded)
-  #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
-
-  DocumentRoot {{ item.document_root }}
-
-  Options Indexes FollowSymLinks
-
-</VirtualHost>
-
-
 <VirtualHost *:80>
  # Change this to the domain which points to your host.
  ServerName {{ item.name }}
-  {% if sslonly %}
-    RewriteEngine On
-    RewriteCond %{HTTPS} off
-    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE]
-  {% else %}
-    Options Indexes FollowSymLinks
-  {% endif %}
+  Options Indexes FollowSymLinks
 </VirtualHost>
--- a/playbooks/groups/qa-stg.yml
+++ b/playbooks/groups/qa-stg.yml
@ -99,13 +99,13 @@

    - name: create dirs for static sites
      file: path={{ item.document_root }} state=directory owner=apache group=apache mode=1755
-      with_items: static_sites
+      with_items: "{{ static_sites }"
      tags:
        - qastaticsites

    - name: generate virtualhosts for static sites
      template:  src={{ files }}/httpd/newvirtualhost.conf.j2 dest=/etc/httpd/conf.d/{{ item.name }}.conf owner=root group=root mode=0644
-      with_items: static_sites
+      with_items: "{{ static_sites }}"
      notify:
        - reload httpd
      tags: