From 2b4d55d3ecb9beb9bb76d2d7b20d7fa3be3c978c Mon Sep 17 00:00:00 2001 From: franklin Date: Thu, 21 Aug 2014 09:23:20 +0200 Subject: [PATCH] added creation of sites --- README.md | 83 ++++++++++++++++--- defaults/main.yml | 21 ++++- meta/main.yml | 4 +- tasks/manage_sites.yml | 31 ++++++- .../2.2/etc-apache2-sites-available-site.j2 | 19 +++++ .../etc-apache2-sites-available-site/body.j2 | 40 +++++++++ .../htpasswd.j2 | 7 ++ .../redirect.j2 | 28 +++++++ .../etc-apache2-sites-available-site/ssl.j2 | 8 ++ templates/2.4/etc-apache2-apache2.conf.j2 | 2 +- .../2.4/etc-apache2-sites-available-site.j2 | 19 +++++ .../etc-apache2-sites-available-site/body.j2 | 40 +++++++++ .../htpasswd.j2 | 7 ++ .../redirect.j2 | 28 +++++++ .../etc-apache2-sites-available-site/ssl.j2 | 8 ++ test.yml | 19 +++++ vars/precise.yml | 1 + vars/trusty.yml | 2 +- 18 files changed, 347 insertions(+), 20 deletions(-) create mode 100644 templates/2.2/etc-apache2-sites-available-site.j2 create mode 100644 templates/2.2/etc-apache2-sites-available-site/body.j2 create mode 100644 templates/2.2/etc-apache2-sites-available-site/htpasswd.j2 create mode 100644 templates/2.2/etc-apache2-sites-available-site/redirect.j2 create mode 100644 templates/2.2/etc-apache2-sites-available-site/ssl.j2 create mode 100644 templates/2.4/etc-apache2-sites-available-site.j2 create mode 100644 templates/2.4/etc-apache2-sites-available-site/body.j2 create mode 100644 templates/2.4/etc-apache2-sites-available-site/htpasswd.j2 create mode 100644 templates/2.4/etc-apache2-sites-available-site/redirect.j2 create mode 100644 templates/2.4/etc-apache2-sites-available-site/ssl.j2 diff --git a/README.md b/README.md index 7cb4680..18d2c8b 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ > * installs apache2 > * configures apache2 > * enables/disables confs +> * creates sites > * enables/disables sites > * enables/disables modules > * optionally removes default host @@ -36,24 +37,15 @@ $ git clone https://github.com/weareinteractive/ansible-apache2.git ## Dependencies -* Apache 2.2 | 2.4 +* Tested with Apache 2.2 | 2.4 +* [franklinkim.openssl](https://github.com/weareinteractive/ansible-openssl) +* [franklinkim.htpasswd](https://github.com/weareinteractive/ansible-htpasswd) ## Variables Here is a list of all the default variables for this role, which are also available in `defaults/main.yml`. ``` -# apache2_module: -# - { id: auth, state: absent } -# - { id: rewrite, state: present } -# apache2_confs: -# - { id: security, state: absent } -# - { id: mime, state: present } -# apache2_sites: -# - { id: default, state: absent } -# - { id: foobar, state: present } -# - # ports to listen to apache2_ports: [80] # ssl ports to listen to @@ -80,6 +72,54 @@ apache2_server_signiture: 'Off' apache2_trace_enable: 'Off' ``` +Module and confs might be defined through: + +``` +# id of the conf or module +id: auth +# state: absent | present +state: absent +``` + +A site might be defined through: + +``` +# site id (required) +id: foo +# server name (required) +name: foo.com +# ip to listen to +ip: '*' +# port to listen to +port: 80 +# state: present | absent +state: present +# create the /var/www/[id]/htdocs folder +add_webroot: no +# /etc/nginx/rules/[rule].conf to include +rules: [] +# list of server aliases +aliases: [] +# list of server redirects +redirects: [] +# enable ssl +ssl: + # redirect http to https + only: no + # port to listen to + port: 443 + # @see franklinkim.openssl + key_name: mykey + cert_name: mycert +# enable auth +auth: + # @see franklinkim.htpasswd + name: foo + file: foo +# custom string to append to the site +append: false +``` + ## Handlers These are the handlers that are defined in `handlers/main.yml`. @@ -117,6 +157,25 @@ These can be included into your site definitions. - { id: mime, state: present } - { id: headers, state: present } - { id: rewrite, state: present } + apache2_remove_default: yes + htpasswd: + - name: foobar + users: + - { name: foobar, password: foobar } + openssl_self_signed: + - { name: 'foobar.local', country: 'DE', state: 'Bavaria', city: 'Munich', organization: 'Foo Bar', email: 'foo@bar.com' } + apache2_sites_html: + - id: foobar + state: present + name: foobar.local + rules: ['mimes', 'expires', 'security', 'compression'] + add_webroot: yes + auth: + name: Foo Bar + file: foobar + ssl: + key_name: foobar.local + cert_name: foobar.local ``` ## Testing diff --git a/defaults/main.yml b/defaults/main.yml index b0bdc17..4bf2fcf 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -9,8 +9,25 @@ # - { id: security, state: absent } # - { name: mime, state: present } # apache2_sites: -# - { id: default, state: absent } -# - { id: foobar, state: present } +# - id: mysite (required) +# name: mysite.local (required) +# ip: '*' +# port: 80 +# state: present +# add_webroot: no +# template: path/to/template.j2 +# rules: [] +# aliases: [] +# redirects: [] +# ssl: +# port: 443 +# key_name: mykey +# cert_name: mycert +# chain_name: mychain +# auth: +# name: mysite +# file: mysite +# append: '' # # ports to listen to diff --git a/meta/main.yml b/meta/main.yml index 71728bc..41d6e6f 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -16,4 +16,6 @@ galaxy_info: # dependencies available via galaxy should be listed here. # Be sure to remove the '[]' above if you add dependencies # to this list. -dependencies: [] +dependencies: + - franklinkim.openssl + - franklinkim.htpasswd diff --git a/tasks/manage_sites.yml b/tasks/manage_sites.yml index 802bbcc..3bf1c40 100644 --- a/tasks/manage_sites.yml +++ b/tasks/manage_sites.yml @@ -1,9 +1,34 @@ --- +- name: Creating webroots + file: > + dest=/var/www/{{ item.id }}/htdocs + state=directory + when: item.add_webroot is defined and item.add_webroot == true + with_items: apache2_sites + tags: + - web + - apache2-php + - manage + +# site +- name: Creating sites + template: > + src={{ item.template|default(apache2_version ~ '/etc-apache2-sites-available-site.j2') }} + dest=/etc/apache2/sites-available/{{ item.id }}{{ apache2_site_conf_extension }} + owner=root + group=root + mode=0644 + with_items: apache2_sites + tags: + - web + - apache2-php + - manage + - name: Enabling sites file: > - src=/etc/apache2/sites-available/{{ item.id }} - dest=/etc/apache2/sites-enabled/{{ item.id }} + src=/etc/apache2/sites-available/{{ item.id }}{{ apache2_site_conf_extension }} + dest=/etc/apache2/sites-enabled/{{ item.id }}{{ apache2_site_conf_extension }} state=link when: item.state is not defined or item.state == 'present' with_items: apache2_sites @@ -15,7 +40,7 @@ - name: Disabling sites file: > - src=/etc/apache2/sites-enabled/{{ item.id }} + src=/etc/apache2/sites-enabled/{{ item.id }}{{ apache2_site_conf_extension }} state=absent when: item.state is defined and item.state == 'absent' with_items: apache2_sites diff --git a/templates/2.2/etc-apache2-sites-available-site.j2 b/templates/2.2/etc-apache2-sites-available-site.j2 new file mode 100644 index 0000000..4846eb5 --- /dev/null +++ b/templates/2.2/etc-apache2-sites-available-site.j2 @@ -0,0 +1,19 @@ +# {{ ansible_managed }} + +{% include "etc-apache2-sites-available-site/redirect.j2" %} + +{% if item.ssl is defined %} + + +{% include "etc-apache2-sites-available-site/body.j2" %} + +{% include "etc-apache2-sites-available-site/ssl.j2" %} + + +{% endif %} + + + +{% include "etc-apache2-sites-available-site/body.j2" %} + + \ No newline at end of file diff --git a/templates/2.2/etc-apache2-sites-available-site/body.j2 b/templates/2.2/etc-apache2-sites-available-site/body.j2 new file mode 100644 index 0000000..e5a5b68 --- /dev/null +++ b/templates/2.2/etc-apache2-sites-available-site/body.j2 @@ -0,0 +1,40 @@ + ServerName {{ item.name }} + DocumentRoot /var/www/{{ item.id }}/htdocs + {% for value in item.aliases|default([]) %} + ServerAlias {{ value }} + {% endfor %} + + # --- rules ---------------------------------------------------------------- + + {% for val in item.rules|default([]) %} + include rules/{{ val }}.conf + {% endfor %} + + # --- directories ----------------------------------------------------------- + + + AllowOverride All + Options FollowSymLinks + Order allow,deny + Allow from all + + + {% if item.auth is defined %} + # --- auth ------------------------------------------------------------------ + + {% include "etc-apache2-sites-available-site/htpasswd.j2" %} + {% endif %} + + # --- logging --------------------------------------------------------------- + + LogLevel warn + ErrorLog /var/log/apache2/error-{{ item.id }}.log + CustomLog /var/log/apache2/access-{{ item.id }}.log combined + + {% if item.append is defined %} + + # --- appended -------------------------------------------------------------- + + {{ item.append }} + {% endif %} + diff --git a/templates/2.2/etc-apache2-sites-available-site/htpasswd.j2 b/templates/2.2/etc-apache2-sites-available-site/htpasswd.j2 new file mode 100644 index 0000000..b15717d --- /dev/null +++ b/templates/2.2/etc-apache2-sites-available-site/htpasswd.j2 @@ -0,0 +1,7 @@ + + AuthType Basic + AuthBasicProvider file + AuthUserFile /etc/htpasswd/{{ item.auth.file }} + AuthName "{{ item.auth.name|default(item.id) }}" + Require valid-user + diff --git a/templates/2.2/etc-apache2-sites-available-site/redirect.j2 b/templates/2.2/etc-apache2-sites-available-site/redirect.j2 new file mode 100644 index 0000000..04fec0a --- /dev/null +++ b/templates/2.2/etc-apache2-sites-available-site/redirect.j2 @@ -0,0 +1,28 @@ +{% for value in item.redirects|default([]) %} +{% if item.ssl is defined %} + + ServerName {{ value }} + + {% include "etc-apache2-sites-available-site/ssl.j2" %} + + # logging + LogLevel warn + ErrorLog /var/log/apache2/error-{{ item.id }}.log + CustomLog /var/log/apache2/access-{{ item.id }}.log combined + + # redirect + Redirect permanent / https://{{ item.name }}/ + +{% endif %} + + ServerName {{ value }} + + # logging + LogLevel warn + ErrorLog /var/log/apache2/error-{{ item.id }}.log + CustomLog /var/log/apache2/access-{{ item.id }}.log combined + + # redirect + Redirect permanent / http://{{ item.name }}/ + +{% endfor %} \ No newline at end of file diff --git a/templates/2.2/etc-apache2-sites-available-site/ssl.j2 b/templates/2.2/etc-apache2-sites-available-site/ssl.j2 new file mode 100644 index 0000000..29ba4e3 --- /dev/null +++ b/templates/2.2/etc-apache2-sites-available-site/ssl.j2 @@ -0,0 +1,8 @@ +# --- ssl ------------------------------------------------------------------- + +include rules/ssl.conf +SSLCertificateFile {{ openssl_certs_path }}/{{ item.ssl.cert_name|default('server') }}.crt +SSLCertificateKeyFile {{ openssl_keys_path }}/{{ item.ssl.key_name|default('server') }}.key +{% if item.ssl.chain_name is defined %} +SSLCACertificateFile {{ openssl_certs_path }}/{{ item.ssl.chain_name }}.crt +{% endif %} diff --git a/templates/2.4/etc-apache2-apache2.conf.j2 b/templates/2.4/etc-apache2-apache2.conf.j2 index c50d786..43a47ca 100644 --- a/templates/2.4/etc-apache2-apache2.conf.j2 +++ b/templates/2.4/etc-apache2-apache2.conf.j2 @@ -220,6 +220,6 @@ LogFormat "%{User-agent}i" agent IncludeOptional conf-enabled/*.conf # Include the virtual host configurations: -IncludeOptional sites-enabled/* +IncludeOptional sites-enabled/*.conf # vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/templates/2.4/etc-apache2-sites-available-site.j2 b/templates/2.4/etc-apache2-sites-available-site.j2 new file mode 100644 index 0000000..4846eb5 --- /dev/null +++ b/templates/2.4/etc-apache2-sites-available-site.j2 @@ -0,0 +1,19 @@ +# {{ ansible_managed }} + +{% include "etc-apache2-sites-available-site/redirect.j2" %} + +{% if item.ssl is defined %} + + +{% include "etc-apache2-sites-available-site/body.j2" %} + +{% include "etc-apache2-sites-available-site/ssl.j2" %} + + +{% endif %} + + + +{% include "etc-apache2-sites-available-site/body.j2" %} + + \ No newline at end of file diff --git a/templates/2.4/etc-apache2-sites-available-site/body.j2 b/templates/2.4/etc-apache2-sites-available-site/body.j2 new file mode 100644 index 0000000..11ed48e --- /dev/null +++ b/templates/2.4/etc-apache2-sites-available-site/body.j2 @@ -0,0 +1,40 @@ + ServerName {{ item.name }} + DocumentRoot /var/www/{{ item.id }}/htdocs + {% for value in item.aliases|default([]) %} + ServerAlias {{ value }} + {% endfor %} + + # --- rules ---------------------------------------------------------------- + + {% for val in item.rules|default([]) %} + include rules/{{ val }}.conf + {% endfor %} + + # --- directories ----------------------------------------------------------- + + + AllowOverride All + Options FollowSymLinks + Require all granted + Satisfy Any + + + {% if item.auth is defined %} + # --- auth ------------------------------------------------------------------ + + {% include "etc-apache2-sites-available-site/htpasswd.j2" %} + {% endif %} + + # --- logging --------------------------------------------------------------- + + LogLevel warn + ErrorLog /var/log/apache2/error-{{ item.id }}.log + CustomLog /var/log/apache2/access-{{ item.id }}.log combined + + {% if item.append is defined %} + + # --- appended -------------------------------------------------------------- + + {{ item.append }} + {% endif %} + diff --git a/templates/2.4/etc-apache2-sites-available-site/htpasswd.j2 b/templates/2.4/etc-apache2-sites-available-site/htpasswd.j2 new file mode 100644 index 0000000..b15717d --- /dev/null +++ b/templates/2.4/etc-apache2-sites-available-site/htpasswd.j2 @@ -0,0 +1,7 @@ + + AuthType Basic + AuthBasicProvider file + AuthUserFile /etc/htpasswd/{{ item.auth.file }} + AuthName "{{ item.auth.name|default(item.id) }}" + Require valid-user + diff --git a/templates/2.4/etc-apache2-sites-available-site/redirect.j2 b/templates/2.4/etc-apache2-sites-available-site/redirect.j2 new file mode 100644 index 0000000..04fec0a --- /dev/null +++ b/templates/2.4/etc-apache2-sites-available-site/redirect.j2 @@ -0,0 +1,28 @@ +{% for value in item.redirects|default([]) %} +{% if item.ssl is defined %} + + ServerName {{ value }} + + {% include "etc-apache2-sites-available-site/ssl.j2" %} + + # logging + LogLevel warn + ErrorLog /var/log/apache2/error-{{ item.id }}.log + CustomLog /var/log/apache2/access-{{ item.id }}.log combined + + # redirect + Redirect permanent / https://{{ item.name }}/ + +{% endif %} + + ServerName {{ value }} + + # logging + LogLevel warn + ErrorLog /var/log/apache2/error-{{ item.id }}.log + CustomLog /var/log/apache2/access-{{ item.id }}.log combined + + # redirect + Redirect permanent / http://{{ item.name }}/ + +{% endfor %} \ No newline at end of file diff --git a/templates/2.4/etc-apache2-sites-available-site/ssl.j2 b/templates/2.4/etc-apache2-sites-available-site/ssl.j2 new file mode 100644 index 0000000..29ba4e3 --- /dev/null +++ b/templates/2.4/etc-apache2-sites-available-site/ssl.j2 @@ -0,0 +1,8 @@ +# --- ssl ------------------------------------------------------------------- + +include rules/ssl.conf +SSLCertificateFile {{ openssl_certs_path }}/{{ item.ssl.cert_name|default('server') }}.crt +SSLCertificateKeyFile {{ openssl_keys_path }}/{{ item.ssl.key_name|default('server') }}.key +{% if item.ssl.chain_name is defined %} +SSLCACertificateFile {{ openssl_certs_path }}/{{ item.ssl.chain_name }}.crt +{% endif %} diff --git a/test.yml b/test.yml index 4217a8b..9101820 100644 --- a/test.yml +++ b/test.yml @@ -8,3 +8,22 @@ - { id: mime, state: present } - { id: headers, state: present } - { id: rewrite, state: present } + apache2_remove_default: yes + htpasswd: + - name: foobar + users: + - { name: foobar, password: foobar } + openssl_self_signed: + - { name: 'foobar.local', country: 'DE', state: 'Bavaria', city: 'Munich', organization: 'Foo Bar', email: 'foo@bar.com' } + apache2_sites_html: + - id: foobar + state: present + name: foobar.local + rules: ['mimes', 'expires', 'security', 'compression'] + add_webroot: yes + auth: + name: Foo Bar + file: foobar + ssl: + key_name: foobar.local + cert_name: foobar.local diff --git a/vars/precise.yml b/vars/precise.yml index 95bb220..914e7d2 100644 --- a/vars/precise.yml +++ b/vars/precise.yml @@ -1,3 +1,4 @@ --- apache2_version: 2.2 +apache2_site_conf_extension: '' diff --git a/vars/trusty.yml b/vars/trusty.yml index d94fb2a..7ca4fd8 100644 --- a/vars/trusty.yml +++ b/vars/trusty.yml @@ -1,4 +1,4 @@ --- apache2_version: 2.4 - +apache2_site_conf_extension: '.conf'