Zuul: Set up SSL Apache
Change-Id: I29e35eaac6dd12e49f4ca7a77cbf1b30cde0225c
diff --git a/roles/zuul_server/handlers/main.yaml b/roles/zuul_server/handlers/main.yaml
new file mode 100644
index 0000000..7ef562a
--- /dev/null
+++ b/roles/zuul_server/handlers/main.yaml
@@ -0,0 +1,4 @@
+- name: restart apache
+ service:
+ name: httpd24-httpd
+ state: restarted
diff --git a/roles/zuul_server/tasks/main.yaml b/roles/zuul_server/tasks/main.yaml
index 4c5950a..4bc37b7 100644
--- a/roles/zuul_server/tasks/main.yaml
+++ b/roles/zuul_server/tasks/main.yaml
@@ -55,3 +55,79 @@
state: enabled
port: 79/tcp
immediate: yes
+
+- name: Apache modules from SCL
+ package:
+ name: 'httpd24-{{ item }}'
+ state: present
+ with_items:
+ - mod_md
+ - mod_ssl
+ notify:
+ - restart apache
+
+- name: Apache firewall
+ firewalld:
+ zone: public
+ permanent: yes
+ immediate: yes
+ state: enabled
+ service: '{{ item }}'
+ with_items:
+ - http
+ - https
+
+- name: mpm_prefork disabled
+ lineinfile:
+ path: /opt/rh/httpd24/root/etc/httpd/conf.modules.d/00-mpm.conf
+ regexp: '^LoadModule mpm_prefork_module.*'
+ state: absent
+ notify:
+ - restart apache
+
+- name: mpm_event enabled
+ lineinfile:
+ path: /opt/rh/httpd24/root/etc/httpd/conf.modules.d/00-mpm.conf
+ line: 'LoadModule mpm_event_module modules/mod_mpm_event.so'
+ state: present
+ notify:
+ - restart apache
+
+- name: remove default Apache server admin
+ lineinfile:
+ path: /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf
+ regexp: '^ServerAdmin root.*'
+ state: absent
+ notify:
+ - restart apache
+
+- name: Apache server admin jan.kundrat@cesnet.cz
+ lineinfile:
+ path: /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf
+ line: 'ServerAdmin mailto:jan.kundrat@cesnet.cz'
+ state: present
+ notify:
+ - restart apache
+
+- name: Apache LetsEncrypt agreement
+ lineinfile:
+ path: /opt/rh/httpd24/root/etc/httpd/conf.d/00-letsencrypt.conf
+ create: yes
+ line: 'MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
+ state: present
+ notify:
+ - restart apache
+
+- name: Apache zuul vhost
+ copy:
+ dest: /opt/rh/httpd24/root/etc/httpd/conf.d/20-zuul.gerrit.cesnet.cz.conf
+ src: files/zuul/vhost.conf
+ mode: 0644
+ notify:
+ - restart apache
+
+- name: Apache service
+ systemd:
+ name: httpd24-httpd
+ state: started
+ enabled: yes