Merge pull request #6 from zstyblik/dev

Add support for Amazon Linux 2023/RedHat

defaults/main.yml

@@ -77,26 +77,15 @@ apache_httpd_file_e_tag: null
 apache_httpd_use_canonical_name: null
 # NOTE(zstyblik): This seems to be for freebsd
 apache_httpd_apxs_workaround: false
-# NOTE(zstyblik): probably distro specific!
+# NOTE(zstyblik): distro specific
 apache_httpd_dir: "/etc/apache2"
-apache_httpd_conf_dir: "/etc/apache2"
-apache_httpd_mod_load_dir: "{{ apache_httpd_conf_dir }}/mods-available"
-apache_httpd_mod_enable_dir: "{{ apache_httpd_conf_dir }}/mods-enabled"
-apache_httpd_conf_load_dir: "{{ apache_httpd_conf_dir }}/conf-available"
-apache_httpd_conf_enable_dir: "{{ apache_httpd_conf_dir }}/conf-enabled"
-# NOTE(zstyblik): distro specific and useless on Debian
-apache_httpd_confd_dir: null
-apache_httpd_vhost_load_dir: "{{ apache_httpd_dir }}/sites-available"
-apache_httpd_vhost_enable_dir: "{{ apache_httpd_dir }}/sites-enabled"
-apache_httpd_ports_file: "{{ apache_httpd_dir }}/ports.conf"
 # Example:
 # apache_httpd_log_formats:
 #   myformat: "%{User-agent}i"
 apache_httpd_log_formats: {}
-apache_httpd_vhost_include_pattern: "*"
 apache_httpd_ldap_trusted_mode: null
 apache_httpd_ldap_verify_server_cert: null
-apache_httpd_error_documents_path: "/usr/share/apache2/error"
+apache_httpd_error_documents: true
 
 # NOTE(zstyblik): these might be removed in (near) future, because I see no
 # point in having these "defaults" around.

meta/main.yml

@@ -6,8 +6,11 @@ galaxy_info:
   description: Ansible role for management of Apache's httpd
   company: Zdenek Styblik
   license: MIT
-  min_ansible_version: '2.9'
+  min_ansible_version: '2.10'
   platforms:
+    - name: Amazon Linux
+      versions:
+        - "2023"
     - name: Debian
       versions:
         - bookworm

specs/apache_conf_argument_specs.yml

@@ -15,6 +15,13 @@ argument_specs:
         type: str
         choices: ['present', 'absent', 'purged']
       conf_content:
-        description: Content of configuration file itself.
+        description: |
+          Content of configuration file itself. Use it for conf/mod
+          configuration directives.
+        required: false
+        type: str
+      mod_content:
+        description: |
+          Content of module file itself. Use it for "LoadModule" directive.
         required: false
         type: str

tasks/add-vhost.yml

@@ -1,16 +1,4 @@
 ---
-- name: Generate virtual host config file.
-  ansible.builtin.template:
-    src: "{{ apache_vhosts_template }}"
-    dest: "{{ apache_httpd_vhost_load_dir }}/{{ apache_vhost | to_vhost_filename }}.conf"
-    owner: root
-    group: root
-    mode: '0644'
-  when:
-    - apache_vhost.state | default('present') == 'present'
-  notify: restart apache
-  become: true
-
 - name: Check if SSL cert/key files are defined and exist.
   ansible.builtin.include_tasks:
     file: check-ssl-cert.yml
@@ -26,3 +14,25 @@
     - apache_skip_vhost_on_missing_ssl_cert
     - apache_vhost.state | default('present') == 'present'
     - apache_vhost.ssl is defined
+
+- name: Generate virtual host config file.
+  ansible.builtin.template:
+    src: "{{ apache_vhosts_template }}"
+    dest: "{{ apache_httpd_vhost_deploy_dir }}/{{ apache_vhost | to_vhost_filename }}.conf"
+    owner: root
+    group: root
+    mode: '0644'
+  # NOTE(zstyblik):
+  # 1. it's ok to deploy file on Debian no matter what.
+  # 2. OR VHost either will be or won't be in apache_ignored_ssl_sites.
+  when: |
+    (
+      apache_vhost.state | default('present') == 'present'
+      and ansible_os_family != 'RedHat'
+    )
+    or (
+      apache_vhost.state | default('present') == 'present'
+      and item | to_vhost_filename not in apache_ignored_ssl_sites
+    )
+  notify: restart apache
+  become: true

tasks/configure-Debian.yml

@@ -106,7 +106,7 @@
 
 - name: Configure Apache configuration files(fragment).
   ansible.builtin.include_tasks:
-    file: configure-conf-file.yml
+    file: configure-conf-file-Debian.yml
   loop: "{{ apache_confs }}"
   loop_control:
     label: "{{ _apache_conf_item.name | default('unknown') }}"
@@ -115,7 +115,7 @@
 # Apache mods
 - name: Configure Apache modules.
   ansible.builtin.include_tasks:
-    file: configure-mod-file.yml
+    file: configure-mod-file-Debian.yml
   loop: "{{ apache_mods }}"
   loop_control:
     label: "{{ _apache_mod_item.name | default('unknown') }}"
@@ -198,7 +198,7 @@
 
 - name: Delete Apache sites with state purged.
   ansible.builtin.file:
-    path: "{{ apache_httpd_vhost_load_dir }}/{{ item | to_vhost_filename }}.conf"
+    path: "{{ apache_httpd_vhost_deploy_dir }}/{{ item | to_vhost_filename }}.conf"
     state: absent
   loop: "{{ apache_vhosts }}"
   loop_control:

tasks/configure-RedHat.yml

@@ -0,0 +1,121 @@
+---
+- name: Initialize helper variables.
+  ansible.builtin.set_fact:
+    apache_ignored_ssl_sites: []
+    apache_managed_sites: []
+
+- name: Generate Apache httpd configuration file.
+  ansible.builtin.template:
+    src: "{{ apache_httpd_template }}"
+    dest: "{{ apache_httpd_dir }}/conf/httpd.conf"
+    owner: root
+    group: root
+    mode: '0644'
+  notify: restart apache
+  become: true
+
+- name: Deploy httpd.conf workaround for RedHat.
+  ansible.builtin.template:
+    src: "httpd.conf.RedHat.j2"
+    dest: "{{ apache_httpd_conf_deploy_dir }}/00-ansible.conf"
+    owner: root
+    group: root
+    mode: '0644'
+  notify: restart apache
+  become: true
+
+- name: Validate virtual host configuration.
+  ansible.builtin.include_tasks:
+    file: validate-vhost.yml
+    apply:
+      vars:
+        apache_vhost: "{{ item }}"
+  loop: "{{ apache_vhosts }}"
+  # NOTE(zstyblik): cannot use to_vhost_filename until validated.
+  loop_control:
+    label: "{{ item.servername | default('unknown') }}:{{ item.port | default(0) }}"
+
+- name: Gather Binding to Addresses and Ports information.
+  apache_ports_generator:
+    vhosts: "{{ apache_vhosts }}"
+  register: apache_bindings
+
+- name: Configure Apache ports.
+  ansible.builtin.template:
+    src: "{{ apache_ports_template }}"
+    dest: "{{ apache_httpd_ports_file }}"
+    owner: root
+    group: root
+    mode: '0644'
+  notify: restart apache
+  become: true
+
+# Apache confs
+- name: Configure Apache configuration files(fragment).
+  ansible.builtin.include_tasks:
+    file: configure-conf-file-RedHat.yml
+  loop: "{{ apache_confs }}"
+  loop_control:
+    label: "{{ _apache_conf_item.name | default('unknown') }}"
+    loop_var: _apache_conf_item
+
+# Apache mods
+- name: Configure Apache modules.
+  ansible.builtin.include_tasks:
+    file: configure-mod-file-RedHat.yml
+  loop: "{{ apache_mods }}"
+  loop_control:
+    label: "{{ _apache_mod_item.name | default('unknown') }}"
+    loop_var: _apache_mod_item
+
+# NOTE(zstyblik): I just couldn't get over the fact that everything should be
+# in one directory.
+- name: Create directory for virtual hosts.
+  ansible.builtin.file:
+    path: "{{ apache_httpd_vhost_deploy_dir }}"
+    state: directory
+    owner: root
+    group: root
+    mode: '0755'
+  become: true
+
+- name: Deploy Apache virtual hosts configuration.
+  ansible.builtin.include_tasks:
+    file: add-vhost.yml
+    apply:
+      vars:
+        apache_vhost: "{{ item }}"
+  loop: "{{ apache_vhosts }}"
+  loop_control:
+    label: "{{ item | to_vhost_filename }}"
+
+- name: Disable Apache sites with state absent or purged.
+  ansible.builtin.file:
+    path: "{{ apache_httpd_vhost_deploy_dir }}/{{ item | to_vhost_filename }}.conf"
+    state: absent
+  loop: "{{ apache_vhosts }}"
+  loop_control:
+    label: "{{ item | to_vhost_filename }}"
+  when: >
+    item.state | default('present') != 'present'
+    or (
+      apache_skip_vhost_on_missing_ssl_cert
+      and item | to_vhost_filename in apache_ignored_ssl_sites
+    )
+  notify: restart apache
+  become: true
+
+# NOTE(zstyblik): file MUST remain in place, otherwise it will be
+# resurrected by httpd update. Therefore, comment out lines which aren't
+# already commented out.
+- name: Disable default virtual host
+  ansible.builtin.replace:
+    path: "{{ apache_httpd_vhost_deploy_dir }}/{{ apache_default_vhost_filename }}.conf"
+    regexp: "^(?!#)(.*)"
+    replace: '# \1'
+  when:
+    - apache_remove_default_vhost is true
+    - apache_default_vhost_filename is defined
+    - apache_default_vhost_filename
+  notify: restart apache
+  become: true

tasks/configure-conf-file.yml → tasks/configure-conf-file-Debian.yml

@@ -15,7 +15,7 @@
 - name: Create Apache config file.
   ansible.builtin.copy:
     content: "{{ _apache_conf_item.conf_content }}"
-    dest: "{{ apache_httpd_conf_load_dir }}/{{ _apache_conf_item.name }}.conf"
+    dest: "{{ apache_httpd_mod_conf_deploy_dir }}/{{ _apache_conf_item.name }}.conf"
     owner: root
     group: root
     mode: '0644'

tasks/configure-conf-file-RedHat.yml

@@ -0,0 +1,35 @@
+---
+- name: Check conf configuration against spec file
+  ansible.builtin.validate_argument_spec:
+    argument_spec: |
+      {{
+        (
+          lookup(
+            'ansible.builtin.file',
+            'specs/apache_conf_argument_specs.yml'
+          ) | from_yaml
+        )['argument_specs']['apache_conf_item']['options']
+      }}
+    provided_arguments: "{{ _apache_conf_item }}"
+
+- name: Create Apache config file.
+  ansible.builtin.copy:
+    content: "{{ _apache_conf_item.conf_content }}"
+    dest: "{{ apache_httpd_conf_deploy_dir }}/{{ _apache_conf_item.name }}.conf"
+    owner: root
+    group: root
+    mode: '0644'
+  when:
+    - _apache_conf_item.state | default('present') == 'present'
+    - _apache_conf_item.conf_content is defined
+  notify: restart apache
+  become: true
+
+- name: Disable Apache config file.
+  ansible.builtin.file:
+    path: "{{ apache_httpd_conf_deploy_dir }}/{{ _apache_conf_item.name }}.conf"
+    state: absent
+  when:
+    - _apache_conf_item.state | default('present') != 'present'
+  notify: restart apache
+  become: true

tasks/configure-mod-file.yml → tasks/configure-mod-file-Debian.yml

@@ -15,13 +15,14 @@
 - name: Create config file for Apache module.
   ansible.builtin.copy:
     content: "{{ _apache_mod_item.conf_content }}"
-    dest: "{{ apache_httpd_mod_load_dir }}/{{ _apache_mod_item.name }}.conf"
+    dest: "{{ apache_httpd_mod_conf_deploy_dir }}/{{ _apache_mod_item.name }}.conf"
     owner: root
     group: root
     mode: '0644'
   when:
     - _apache_mod_item.state | default('present') == 'present'
     - _apache_mod_item.conf_content is defined
+  notify: restart apache
   become: true
 
 # NOTE(zstyblik): run a2en* regardless

tasks/configure-mod-file-RedHat.yml

@@ -0,0 +1,61 @@
+---
+# NOTE(zstyblik):
+# * mod files should have 2 dig prefix
+# * mod confs go elsewhere(?) and don't have 2 dig prefix
+- name: Check mod configuration against spec file
+  ansible.builtin.validate_argument_spec:
+    argument_spec: |
+      {{
+        (
+          lookup(
+            'ansible.builtin.file',
+            'specs/apache_conf_argument_specs.yml'
+          ) | from_yaml
+        )['argument_specs']['apache_conf_item']['options']
+      }}
+    provided_arguments: "{{ _apache_mod_item }}"
+
+- name: Create config file for Apache module.
+  ansible.builtin.copy:
+    content: "{{ _apache_mod_item.conf_content }}"
+    dest: "{{ apache_httpd_mod_conf_deploy_dir }}/{{ _apache_mod_item.name }}.conf"
+    owner: root
+    group: root
+    mode: '0644'
+  when:
+    - _apache_mod_item.state | default('present') == 'present'
+    - _apache_mod_item.conf_content is defined
+  notify: restart apache
+  become: true
+
+- name: Disable and delete Apache module conf file.
+  ansible.builtin.file:
+    path: "{{ apache_httpd_mod_conf_deploy_dir }}/{{ _apache_mod_item.name }}.conf"
+    state: absent
+  when: |
+    _apache_mod_item.state | default('present') != 'present'
+    or _apache_mod_item.conf_content is not defined
+  notify: restart apache
+  become: true
+
+- name: Enable Apache module.
+  ansible.builtin.copy:
+    content: "{{ _apache_mod_item.mod_content }}"
+    dest: "{{ apache_httpd_mod_deploy_dir }}/99-{{ _apache_mod_item.name }}.conf"
+    owner: root
+    group: root
+    mode: '0644'
+  when:
+    - _apache_mod_item.state | default('present') == 'present'
+    - _apache_mod_item.mod_content is defined
+  notify: restart apache
+  become: true
+
+- name: Disable and delete Apache module file.
+  ansible.builtin.file:
+    path: "{{ apache_httpd_mod_deploy_dir }}/99-{{ _apache_mod_item.name }}.conf"
+    state: absent
+  when:
+    - _apache_mod_item.state | default('present') != 'present'
+  notify: restart apache
+  become: true

tasks/setup-RedHat.yml

@@ -0,0 +1,6 @@
+---
+- name: Ensure Apache is installed on RedHat
+  ansible.builtin.dnf:
+    name: "{{ apache_packages }}"
+    state: "{{ apache_packages_state }}"
+  become: true

templates/httpd.conf.RedHat.j2

@@ -0,0 +1,6 @@
+# Managed by Ansible.
+# Minimal workaround for RedHat and the fact that some defaults are in
+# httpd.conf instead of config fragment.
+<IfModule mime_module>
+  TypesConfig /etc/mime.types
+</IfModule>