[tor-commits] [metrics-cloud/master] Splits letsencrypt and apache into two roles

irl at torproject.org irl at torproject.org
Thu Oct 3 11:10:30 UTC 2019


commit e214cb9be3a4e8a23608090586a05568d50bd03c
Author: Ana Custura <ana at netstat.org.uk>
Date:   Wed Sep 4 16:46:32 2019 +0100

    Splits letsencrypt and apache into two roles
---
 ansible/onionperfs.yml                             |  1 +
 ansible/roles/letsencrypt/tasks/main.yml           | 42 ----------------------
 ansible/roles/letsencrypt/vars/main.yml            |  2 --
 .../files/000-default.conf.j2                      |  2 +-
 .../files/default-ssl.conf.j2                      |  2 +-
 .../handlers/main.yml                              |  0
 ansible/roles/onionperf-webserver/tasks/main.yml   | 40 +++++++++++++++++++++
 ansible/roles/onionperf-webserver/vars/main.yml    |  6 ++++
 8 files changed, 49 insertions(+), 46 deletions(-)

diff --git a/ansible/onionperfs.yml b/ansible/onionperfs.yml
index 94329bc..2b614ee 100644
--- a/ansible/onionperfs.yml
+++ b/ansible/onionperfs.yml
@@ -6,3 +6,4 @@
     - tor-client
     - onionperf
     - letsencrypt
+    - onionperf-webserver
diff --git a/ansible/roles/letsencrypt/tasks/main.yml b/ansible/roles/letsencrypt/tasks/main.yml
index 41e8de3..928d87f 100644
--- a/ansible/roles/letsencrypt/tasks/main.yml
+++ b/ansible/roles/letsencrypt/tasks/main.yml
@@ -6,25 +6,6 @@
     state: directory
   become: true
 
-- name: Copy Apache default configuration
-  template:
-    src: files/000-default.conf.j2
-    dest: /etc/apache2/sites-available/000-default.conf
-    owner: www-data
-    group: www-data
-    mode: '0644'
-  become: true
-
-- name: Copy Apache SSL configuration
-  template:
-    src: files/default-ssl.conf.j2
-    dest: /etc/apache2/sites-available/default-ssl.conf
-    owner: www-data
-    group: www-data
-    mode: '0644'
-  become: true
-
-
 # generate account key, if necessary
 - name: Find account.key
   stat:
@@ -118,26 +99,3 @@
   when: op_challenge is changed
   register: verify_challenge
   become: true
-
-- name: Enable SSL module
-  apache2_module:
-    state: present
-    name: ssl
-  become: true
-  notify:
-    - reload apache2
-
-- name: Look for existing SSL website
-  stat:
-    path: "/etc/apache2/sites-enabled/default-ssl.conf"
-  register: ssl_website
-  become: true
-  run_once: true
-
-- name: Enable SSL website
-  command: a2ensite default-ssl.conf
-  become: true
-  run_once: true
-  when: not ssl_website.stat.exists
-  notify:
-    - reload apache2
diff --git a/ansible/roles/letsencrypt/vars/main.yml b/ansible/roles/letsencrypt/vars/main.yml
index 815e96d..41ce279 100644
--- a/ansible/roles/letsencrypt/vars/main.yml
+++ b/ansible/roles/letsencrypt/vars/main.yml
@@ -14,5 +14,3 @@ letsencrypt_acme_version: 2
 letsencrypt_challenge: "http-01"
 letsencrypt_dest: "/etc/letsencrypt"
 letsencrypt_remaining_days: 90
-
-onionperf_directory : "/srv/onionperf.torproject.net/onionperf-data"
diff --git a/ansible/roles/letsencrypt/files/000-default.conf.j2 b/ansible/roles/onionperf-webserver/files/000-default.conf.j2
similarity index 87%
rename from ansible/roles/letsencrypt/files/000-default.conf.j2
rename to ansible/roles/onionperf-webserver/files/000-default.conf.j2
index e8a52bd..9050419 100644
--- a/ansible/roles/letsencrypt/files/000-default.conf.j2
+++ b/ansible/roles/onionperf-webserver/files/000-default.conf.j2
@@ -1,6 +1,6 @@
 <VirtualHost *:80>
         ServerName {{ domain }}
-        ServerAdmin {{ letsencrypt_account_email }} 
+        ServerAdmin {{ webmaster_email }} 
         DocumentRoot {{ onionperf_directory}}
 
 	Alias "/.well-known" "/var/www/html/.well-known"
diff --git a/ansible/roles/letsencrypt/files/default-ssl.conf.j2 b/ansible/roles/onionperf-webserver/files/default-ssl.conf.j2
similarity index 91%
rename from ansible/roles/letsencrypt/files/default-ssl.conf.j2
rename to ansible/roles/onionperf-webserver/files/default-ssl.conf.j2
index b2ec0cf..9192f81 100644
--- a/ansible/roles/letsencrypt/files/default-ssl.conf.j2
+++ b/ansible/roles/onionperf-webserver/files/default-ssl.conf.j2
@@ -1,7 +1,7 @@
 <VirtualHost *:443>
         ServerName {{ domain }}
 
-        ServerAdmin {{ letsencrypt_account_email }} 
+        ServerAdmin {{ webmaster_email }} 
         DocumentRoot {{ onionperf_directory}}
 
        <Directory {{ onionperf_directory }}>
diff --git a/ansible/roles/letsencrypt/handlers/main.yml b/ansible/roles/onionperf-webserver/handlers/main.yml
similarity index 100%
rename from ansible/roles/letsencrypt/handlers/main.yml
rename to ansible/roles/onionperf-webserver/handlers/main.yml
diff --git a/ansible/roles/onionperf-webserver/tasks/main.yml b/ansible/roles/onionperf-webserver/tasks/main.yml
new file mode 100644
index 0000000..337e150
--- /dev/null
+++ b/ansible/roles/onionperf-webserver/tasks/main.yml
@@ -0,0 +1,40 @@
+---
+- name: Copy Apache default configuration
+  template:
+    src: files/000-default.conf.j2
+    dest: /etc/apache2/sites-available/000-default.conf
+    owner: www-data
+    group: www-data
+    mode: '0644'
+  become: true
+
+- name: Copy Apache SSL configuration
+  template:
+    src: files/default-ssl.conf.j2
+    dest: /etc/apache2/sites-available/default-ssl.conf
+    owner: www-data
+    group: www-data
+    mode: '0644'
+  become: true
+- name: Enable SSL module
+  apache2_module:
+    state: present
+    name: ssl
+  become: true
+  notify:
+    - reload apache2
+
+- name: Look for existing SSL website
+  stat:
+    path: "/etc/apache2/sites-enabled/default-ssl.conf"
+  register: ssl_website
+  become: true
+  run_once: true
+
+- name: Enable SSL website
+  command: a2ensite default-ssl.conf
+  become: true
+  run_once: true
+  when: not ssl_website.stat.exists
+  notify:
+    - reload apache2
diff --git a/ansible/roles/onionperf-webserver/vars/main.yml b/ansible/roles/onionperf-webserver/vars/main.yml
new file mode 100644
index 0000000..3a2dc06
--- /dev/null
+++ b/ansible/roles/onionperf-webserver/vars/main.yml
@@ -0,0 +1,6 @@
+---
+
+domain: "test.t1.erg.abdn.ac.uk"
+webmaster_email: "metrics-web at torproject.org"
+letsencrypt_dest: "/etc/letsencrypt"
+onionperf_directory : "/srv/onionperf.torproject.net/onionperf-data"



More information about the tor-commits mailing list