ignore more postfix TLS warnings
[ansible.git] / roles / apache / tasks / main.yml
index c195ea935d346f2b8232048bb4732b54cf02ede8..6878845d87552c709d8c52abd25322272d01945c 100644 (file)
@@ -35,6 +35,7 @@
   - php5.conf
   - security.conf
   - defaults.conf
   - php5.conf
   - security.conf
   - defaults.conf
+  - caching.conf
   notify: apache
 - name: enable config files
   command: a2enconf {{ item }}
   notify: apache
 - name: enable config files
   command: a2enconf {{ item }}
@@ -44,6 +45,7 @@
   - ssl
   - security
   - defaults
   - ssl
   - security
   - defaults
+  - caching
   notify: apache
 - name: disable config files
   command: a2disconf {{ item }}
   notify: apache
 - name: disable config files
   command: a2disconf {{ item }}
     dest: /etc/apache2/sites-available/000-default.conf
     src: templates/000-default.conf
   notify: apache
     dest: /etc/apache2/sites-available/000-default.conf
     src: templates/000-default.conf
   notify: apache
+# IPv6 autconf issues: DAD makes addresses appear but unusable, which breaks services startup
+- name: tweak apache systemd unit (create dir)
+  file: path=/etc/systemd/system/apache2.service.d state=directory
+- name: tweak apache systemd unit
+  copy:
+    dest: /etc/systemd/system/apache2.service.d/override.conf
+    content: |
+      [Unit]
+      After=network-online.target
+      Wants=network-online.target
+      [Service]
+      Restart=on-failure
+- name: cleanup old sysconfig
+  file: path=/etc/sysctl.d/50-no-dad.conf state=absent
+- name: sysconfig to fix IPv6 listening
+  copy:
+    dest: /etc/sysctl.d/50-ipv6-listen.conf
+    content: |
+      # Allow binding to IPv6 address before we got that address
+      net.ipv6.ip_nonlocal_bind=1