journalwatch: allow more TLS errors

[ansible.git] / roles / apache / tasks / main.yml

diff --git a/roles/apache/tasks/main.yml b/roles/apache/tasks/main.yml
index 1280595d07711aa74819f66ad5deb0c8bf60e680..8d1382c179fc857faaa5d0d36fd6acb615f6acac 100644 (file)
--- a/roles/apache/tasks/main.yml
+++ b/roles/apache/tasks/main.yml
@@ -1,5 +1,5 @@
 - name: install apache
-  apt: name=apache2,python-netaddr state=latest
+  apt: name=apache2,python3-netaddr state=latest
 - name: enable apache
   service: name=apache2 enabled=yes
 # apache config
@@ -35,6 +35,7 @@
   - php5.conf
   - security.conf
   - defaults.conf
+  - caching.conf
   notify: apache
 - name: enable config files
   command: a2enconf {{ item }}
@@ -44,6 +45,7 @@
   - ssl
   - security
   - defaults
+  - caching
   notify: apache
 - name: disable config files
   command: a2disconf {{ item }}
@@ -58,9 +60,23 @@
     dest: /etc/apache2/sites-available/000-default.conf
     src: templates/000-default.conf
   notify: apache
-# work-arounds and hacks
-- name: cronjob to fix apache startup
-  cron:
-    name: "apache2-start-fix"
-    minute: "*/5"
-    job: "if systemctl is-failed apache2 >/dev/null; then echo 'restarting apache'; systemctl restart apache2; fi"
+# IPv6 autconf issues: DAD makes addresses appear but unusable, which breaks services startup
+- name: tweak apache systemd unit (create dir)
+  file: path=/etc/systemd/system/apache2.service.d state=directory
+- name: tweak apache systemd unit
+  copy:
+    dest: /etc/systemd/system/apache2.service.d/override.conf
+    content: |
+      [Unit]
+      After=network-online.target
+      Wants=network-online.target
+      [Service]
+      Restart=on-failure
+- name: cleanup old sysconfig
+  file: path=/etc/sysctl.d/50-no-dad.conf state=absent
+- name: sysconfig to fix IPv6 listening
+  copy:
+    dest: /etc/sysctl.d/50-ipv6-listen.conf
+    content: |
+      # Allow binding to IPv6 address before we got that address
+      net.ipv6.ip_nonlocal_bind=1