diff options
Diffstat (limited to 'roles/apache/tasks/main.yml')
-rw-r--r-- | roles/apache/tasks/main.yml | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/roles/apache/tasks/main.yml b/roles/apache/tasks/main.yml new file mode 100644 index 0000000..4892782 --- /dev/null +++ b/roles/apache/tasks/main.yml @@ -0,0 +1,63 @@ +- name: install packages + dnf: + name: '{{ apache_packages }}' + state: present + notify: restart apache + +- name: remove default configuration + copy: + content: | + # this file intentionally empty to avoid clobbering during package upgrades + dest: /etc/httpd/conf.d/welcome.conf + notify: reload apache + +- name: generate config files + template: + src: etc/httpd/{{ item }}.j2 + dest: /etc/httpd/{{ item }} + loop: + - conf/httpd.conf + - conf.d/ssl.conf + - conf.d/letsencrypt.conf + register: apache_global_config + +- name: reload apache + systemd: + name: httpd + state: reloaded + when: apache_global_config.changed + +- name: set selinux booleans + seboolean: + name: '{{ item.sebool }}' + state: '{{ item.value }}' + persistent: yes + loop: + - { sebool: httpd_use_nfs, value: '{{ apache_use_nfs }}' } + - { sebool: httpd_can_network_relay, value: '{{ apache_can_network_relay }}' } + - { sebool: httpd_can_network_connect, value: '{{ apache_can_network_connect }}' } + - { sebool: httpd_can_connect_ldap, value: '{{ apache_gssapi or apache_can_connect_ldap}}' } + - { sebool: httpd_can_network_connect_db, value: '{{ apache_can_network_connect_db }}' } + - { sebool: httpd_can_sendmail, value: '{{ apache_can_sendmail }}' } + tags: selinux + +- name: configure mod_gssapi + import_tasks: gssapi.yml + when: apache_gssapi or apache_use_nfs + +- name: enable apache + systemd: + name: httpd + enabled: yes + state: started + +- name: open firewall ports + firewalld: + service: '{{ item }}' + permanent: yes + immediate: yes + state: enabled + loop: + - http + - https + tags: firewalld |