commit e214cb9be3a4e8a23608090586a05568d50bd03c Author: Ana Custura <ana@netstat.org.uk> Date: Wed Sep 4 16:46:32 2019 +0100 Splits letsencrypt and apache into two roles --- ansible/onionperfs.yml | 1 + ansible/roles/letsencrypt/tasks/main.yml | 42 ---------------------- ansible/roles/letsencrypt/vars/main.yml | 2 -- .../files/000-default.conf.j2 | 2 +- .../files/default-ssl.conf.j2 | 2 +- .../handlers/main.yml | 0 ansible/roles/onionperf-webserver/tasks/main.yml | 40 +++++++++++++++++++++ ansible/roles/onionperf-webserver/vars/main.yml | 6 ++++ 8 files changed, 49 insertions(+), 46 deletions(-) diff --git a/ansible/onionperfs.yml b/ansible/onionperfs.yml index 94329bc..2b614ee 100644 --- a/ansible/onionperfs.yml +++ b/ansible/onionperfs.yml @@ -6,3 +6,4 @@ - tor-client - onionperf - letsencrypt + - onionperf-webserver diff --git a/ansible/roles/letsencrypt/tasks/main.yml b/ansible/roles/letsencrypt/tasks/main.yml index 41e8de3..928d87f 100644 --- a/ansible/roles/letsencrypt/tasks/main.yml +++ b/ansible/roles/letsencrypt/tasks/main.yml @@ -6,25 +6,6 @@ state: directory become: true -- name: Copy Apache default configuration - template: - src: files/000-default.conf.j2 - dest: /etc/apache2/sites-available/000-default.conf - owner: www-data - group: www-data - mode: '0644' - become: true - -- name: Copy Apache SSL configuration - template: - src: files/default-ssl.conf.j2 - dest: /etc/apache2/sites-available/default-ssl.conf - owner: www-data - group: www-data - mode: '0644' - become: true - - # generate account key, if necessary - name: Find account.key stat: @@ -118,26 +99,3 @@ when: op_challenge is changed register: verify_challenge become: true - -- name: Enable SSL module - apache2_module: - state: present - name: ssl - become: true - notify: - - reload apache2 - -- name: Look for existing SSL website - stat: - path: "/etc/apache2/sites-enabled/default-ssl.conf" - register: ssl_website - become: true - run_once: true - -- name: Enable SSL website - command: a2ensite default-ssl.conf - become: true - run_once: true - when: not ssl_website.stat.exists - notify: - - reload apache2 diff --git a/ansible/roles/letsencrypt/vars/main.yml b/ansible/roles/letsencrypt/vars/main.yml index 815e96d..41ce279 100644 --- a/ansible/roles/letsencrypt/vars/main.yml +++ b/ansible/roles/letsencrypt/vars/main.yml @@ -14,5 +14,3 @@ letsencrypt_acme_version: 2 letsencrypt_challenge: "http-01" letsencrypt_dest: "/etc/letsencrypt" letsencrypt_remaining_days: 90 - -onionperf_directory : "/srv/onionperf.torproject.net/onionperf-data" diff --git a/ansible/roles/letsencrypt/files/000-default.conf.j2 b/ansible/roles/onionperf-webserver/files/000-default.conf.j2 similarity index 87% rename from ansible/roles/letsencrypt/files/000-default.conf.j2 rename to ansible/roles/onionperf-webserver/files/000-default.conf.j2 index e8a52bd..9050419 100644 --- a/ansible/roles/letsencrypt/files/000-default.conf.j2 +++ b/ansible/roles/onionperf-webserver/files/000-default.conf.j2 @@ -1,6 +1,6 @@ <VirtualHost *:80> ServerName {{ domain }} - ServerAdmin {{ letsencrypt_account_email }} + ServerAdmin {{ webmaster_email }} DocumentRoot {{ onionperf_directory}} Alias "/.well-known" "/var/www/html/.well-known" diff --git a/ansible/roles/letsencrypt/files/default-ssl.conf.j2 b/ansible/roles/onionperf-webserver/files/default-ssl.conf.j2 similarity index 91% rename from ansible/roles/letsencrypt/files/default-ssl.conf.j2 rename to ansible/roles/onionperf-webserver/files/default-ssl.conf.j2 index b2ec0cf..9192f81 100644 --- a/ansible/roles/letsencrypt/files/default-ssl.conf.j2 +++ b/ansible/roles/onionperf-webserver/files/default-ssl.conf.j2 @@ -1,7 +1,7 @@ <VirtualHost *:443> ServerName {{ domain }} - ServerAdmin {{ letsencrypt_account_email }} + ServerAdmin {{ webmaster_email }} DocumentRoot {{ onionperf_directory}} <Directory {{ onionperf_directory }}> diff --git a/ansible/roles/letsencrypt/handlers/main.yml b/ansible/roles/onionperf-webserver/handlers/main.yml similarity index 100% rename from ansible/roles/letsencrypt/handlers/main.yml rename to ansible/roles/onionperf-webserver/handlers/main.yml diff --git a/ansible/roles/onionperf-webserver/tasks/main.yml b/ansible/roles/onionperf-webserver/tasks/main.yml new file mode 100644 index 0000000..337e150 --- /dev/null +++ b/ansible/roles/onionperf-webserver/tasks/main.yml @@ -0,0 +1,40 @@ +--- +- name: Copy Apache default configuration + template: + src: files/000-default.conf.j2 + dest: /etc/apache2/sites-available/000-default.conf + owner: www-data + group: www-data + mode: '0644' + become: true + +- name: Copy Apache SSL configuration + template: + src: files/default-ssl.conf.j2 + dest: /etc/apache2/sites-available/default-ssl.conf + owner: www-data + group: www-data + mode: '0644' + become: true +- name: Enable SSL module + apache2_module: + state: present + name: ssl + become: true + notify: + - reload apache2 + +- name: Look for existing SSL website + stat: + path: "/etc/apache2/sites-enabled/default-ssl.conf" + register: ssl_website + become: true + run_once: true + +- name: Enable SSL website + command: a2ensite default-ssl.conf + become: true + run_once: true + when: not ssl_website.stat.exists + notify: + - reload apache2 diff --git a/ansible/roles/onionperf-webserver/vars/main.yml b/ansible/roles/onionperf-webserver/vars/main.yml new file mode 100644 index 0000000..3a2dc06 --- /dev/null +++ b/ansible/roles/onionperf-webserver/vars/main.yml @@ -0,0 +1,6 @@ +--- + +domain: "test.t1.erg.abdn.ac.uk" +webmaster_email: "metrics-web@torproject.org" +letsencrypt_dest: "/etc/letsencrypt" +onionperf_directory : "/srv/onionperf.torproject.net/onionperf-data"