-
Notifications
You must be signed in to change notification settings - Fork 25
Expand file tree
/
Copy pathdataverse-apache-ssl.yml
More file actions
98 lines (86 loc) · 2.6 KB
/
dataverse-apache-ssl.yml
File metadata and controls
98 lines (86 loc) · 2.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
---
- name: begin apache ssl task
debug:
msg: '##### APACHE/HTTPD SSL #####'
- name: are pems passed as group_vars?
set_fact:
use_pems: "{{ apache.ssl.pem.cert | default('', true) | trim != '' }}"
- ansible.builtin.import_tasks: dataverse-apache-ssl-pems.yml
when: use_pems
- name: if we're not using pems, set filenames
set_fact:
apache_ssl_cert: '{{ apache.ssl.cert }}'
apache_ssl_key: '{{ apache.ssl.key }}'
apache_ssl_interm: '{{ apache.ssl.interm }}'
when: use_pems == False
- name: copy ssl cert
copy:
src: '{{ apache.ssl.cert }}'
dest: '/etc/pki/tls/certs/{{ apache.ssl.cert }}'
owner: root
group: root
mode: 0644
when:
- ansible_os_family == "RedHat"
- use_pems == False
- not apache.ssl.remote_cert
- apache.ssl.enabled
notify: enable and restart apache
- name: copy ssl chain
copy:
src: '{{ apache.ssl.interm }}'
dest: '/etc/pki/tls/certs/{{ apache.ssl.interm }}'
owner: root
group: root
mode: 0644
remote_src: '{{ apache.ssl.remote_cert }}'
when:
- ansible_os_family == "RedHat"
- use_pems == False
- not apache.ssl.remote_cert
- apache.ssl.enabled
notify: enable and restart apache
- name: copy ssl key
copy:
src: '{{ apache.ssl.key }}'
dest: '/etc/pki/tls/private/{{ apache.ssl.key }}'
owner: root
group: root
mode: 0400
remote_src: '{{ apache.ssl.remote_cert }}'
when:
- ansible_os_family == "RedHat"
- use_pems == False
- not apache.ssl.remote_cert
- apache.ssl.enabled
notify: enable and restart apache
- name: install http redirect template
template:
src: http.redirect.conf.j2
dest: '{{ apache_virtualhost_dir }}/http.redirect.conf'
owner: root
group: root
mode: 0644
when: apache.ssl.enabled
notify: enable and restart apache
- name: remove redirect conf if ssl is disabled
file: path="{{ apache_virtualhost_dir }}/http.redirect.conf" state=absent
when: not apache.ssl.enabled
notify: enable and restart apache
- name: remove outdated ssl.conf
file: path="{{ apache_virtualhost_dir }}/ssl.conf" state=absent
notify: enable and restart apache
- name: decide what to do about apache ssl-related modules
set_fact:
ssl_modules_state: "{{ apache.ssl.enabled | ternary ('present', 'absent') }}"
- name: enable/diable apache ssl and rewrite mods on Debian
apache2_module:
state: "{{ ssl_modules_state }}"
name: "{{ item }}"
ignore_configcheck: true
with_items:
- redirect
- rewrite
- ssl
when: ansible_os_family == "Debian" ## CHECKME -- does this need to be Debian-specific?
notify: enable and restart apache