fixing some ansible warnings and removing ssl from qa static sites - using proxies now

2016-03-21 17:14:07 +00:00 · 2016-03-21 17:14:07 +00:00 · cf503fe4d2
commit cf503fe4d2
parent 6e4e616d41
2 changed files with 3 additions and 73 deletions
--- a/files/httpd/newvirtualhost.conf.j2
+++ b/files/httpd/newvirtualhost.conf.j2
@ -1,75 +1,5 @@
 <VirtualHost *:443>
  # Change this to the domain which points to your host.
  ServerName {{ item.name }}
  # Use separate log files for the SSL virtual host; note that LogLevel
  # is not inherited from httpd.conf.
  ErrorLog logs/{{ item.name }}_error_log
  TransferLog logs/{{ item.name }}_access_log
  LogLevel warn
  #   SSL Engine Switch:
  #   Enable/Disable SSL for this virtual host.
  SSLEngine on
  #   SSL Protocol support:
  # List the enable protocol levels with which clients will be able to
  # connect.  Disable SSLv2 access by default:
  SSLProtocol all -SSLv2
  #   SSL Cipher Suite:
  # List the ciphers that the client is permitted to negotiate.
  # See the mod_ssl documentation for a complete list.
  #SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
  SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
  #   Server Certificate:
  # Point SSLCertificateFile at a PEM encoded certificate.  If
  # the certificate is encrypted, then you will be prompted for a
  # pass phrase.  Note that a kill -HUP will prompt again.  A new
  # certificate can be generated using the genkey(1) command.
  SSLCertificateFile /etc/pki/tls/certs/{{ sslcertfile }}
  #   Server Private Key:
  #   If the key is not combined with the certificate, use this
  #   directive to point at the key file.  Keep in mind that if
  #   you've both a RSA and a DSA private key you can configure
  #   both in parallel (to also allow the use of DSA ciphers, etc.)
  SSLCertificateKeyFile /etc/pki/tls/private/{{ sslkeyfile }}
  #   Server Certificate Chain:
  #   Point SSLCertificateChainFile at a file containing the
  #   concatenation of PEM encoded CA certificates which form the
  #   certificate chain for the server certificate. Alternatively
  #   the referenced file can be the same as SSLCertificateFile
  #   when the CA certificates are directly appended to the server
  #   certificate for convinience.
  #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
  {% if sslintermediatecertfile != '' %}
  SSLCertificateChainFile /etc/pki/tls/certs/{{ sslintermediatecertfile }}
  {% endif %}
  #   Certificate Authority (CA):
  #   Set the CA certificate verification path where to find CA
  #   certificates for client authentication or alternatively one
  #   huge file containing all of them (file must be PEM encoded)
  #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
  DocumentRoot {{ item.document_root }}
  Options Indexes FollowSymLinks
 </VirtualHost>
 <VirtualHost *:80>
  # Change this to the domain which points to your host.
  ServerName {{ item.name }}
-  {% if sslonly %}
+  Options Indexes FollowSymLinks
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE]
  {% else %}
    Options Indexes FollowSymLinks
  {% endif %}
 </VirtualHost>
--- a/playbooks/groups/qa-stg.yml
+++ b/playbooks/groups/qa-stg.yml
@ -99,13 +99,13 @@
    - name: create dirs for static sites
      file: path={{ item.document_root }} state=directory owner=apache group=apache mode=1755
-      with_items: static_sites
+      with_items: "{{ static_sites }"
      tags:
        - qastaticsites
    - name: generate virtualhosts for static sites
      template:  src={{ files }}/httpd/newvirtualhost.conf.j2 dest=/etc/httpd/conf.d/{{ item.name }}.conf owner=root group=root mode=0644
-      with_items: static_sites
+      with_items: "{{ static_sites }}"
      notify:
        - reload httpd
      tags: