X-Git-Url: https://git.ralfj.de/ansible.git/blobdiff_plain/5b0ee7c4c8d8df834da1e4a4d2f1d6b34c002dda..1a81a89d4ee46867ea405ac09fc55309a0337c82:/roles/apache/tasks/main.yml diff --git a/roles/apache/tasks/main.yml b/roles/apache/tasks/main.yml index 5943499..8d1382c 100644 --- a/roles/apache/tasks/main.yml +++ b/roles/apache/tasks/main.yml @@ -1,5 +1,5 @@ - name: install apache - apt: name=apache2,python-netaddr state=latest + apt: name=apache2,python3-netaddr state=latest - name: enable apache service: name=apache2 enabled=yes # apache config @@ -35,6 +35,7 @@ - php5.conf - security.conf - defaults.conf + - caching.conf notify: apache - name: enable config files command: a2enconf {{ item }} @@ -44,6 +45,7 @@ - ssl - security - defaults + - caching notify: apache - name: disable config files command: a2disconf {{ item }} @@ -67,15 +69,14 @@ content: | [Unit] After=network-online.target -- name: sysconfig to disable DAD + Wants=network-online.target + [Service] + Restart=on-failure +- name: cleanup old sysconfig + file: path=/etc/sysctl.d/50-no-dad.conf state=absent +- name: sysconfig to fix IPv6 listening copy: - dest: /etc/sysctl.d/50-no-dad.conf + dest: /etc/sysctl.d/50-ipv6-listen.conf content: | - # Disable DAD so network-online.target works for IPv6 - net.ipv6.conf.all.accept_dad=0 -- name: cleanup cronjob to fix apache startup - cron: - name: "apache2-start-fix" - minute: "*/5" - job: "if systemctl is-failed apache2 >/dev/null; then echo 'restarting apache'; systemctl restart apache2; fi" - state: absent + # Allow binding to IPv6 address before we got that address + net.ipv6.ip_nonlocal_bind=1