- name: install apache apt: name=apache2,python-netaddr state=latest - name: enable apache service: name=apache2 enabled=yes # apache config - name: enable modules apache2_module: state: present name: "{{ item }}" loop: - headers - ssl - macro notify: apache - name: disable modules apache2_module: state: absent name: "{{ item }}" loop: - access_compat notify: apache - name: install log anonymization script copy: dest: /etc/apache2/log-anon src: files/log-anon mode: +x notify: apache - name: install shared config files template: dest: /etc/apache2/conf-available/{{ item }} src: templates/{{ item }} loop: - ssl.conf - acme-challenge.conf - php5.conf - security.conf - defaults.conf notify: apache - name: enable config files command: a2enconf {{ item }} args: creates: /etc/apache2/conf-enabled/{{ item }}.conf loop: - ssl - security - defaults notify: apache - name: disable config files command: a2disconf {{ item }} args: removes: /etc/apache2/conf-enabled/{{ item }}.conf loop: - other-vhosts-access-log - serve-cgi-bin notify: apache - name: install default site template: dest: /etc/apache2/sites-available/000-default.conf src: templates/000-default.conf notify: apache # IPv6 autconf issues: DAD makes addresses appear but unusable, which breaks services startup - name: tweak apache systemd unit (create dir) file: path=/etc/systemd/system/apache2.service.d state=directory - name: tweak apache systemd unit copy: dest: /etc/systemd/system/apache2.service.d/override.conf content: | [Unit] After=network-online.target - name: sysconfig to disable DAD copy: dest: /etc/sysctl.d/50-no-dad.conf content: | # Disable DAD so network-online.target works for IPv6 net.ipv6.conf.all.accept_dad=0 - name: cleanup cronjob to fix apache startup cron: name: "apache2-start-fix" minute: "*/5" job: "if systemctl is-failed apache2 >/dev/null; then echo 'restarting apache'; systemctl restart apache2; fi" state: absent