airshipctl/roles/apache-file-exchanger/tasks/main.yaml

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.


- name: ensure OS
  when: ansible_distribution != 'Debian' and ansible_distribution != 'Ubuntu'
  fail:
    msg: "Only Debian|Ubuntu are currently supported"

- name: Confguring file-exchanger
  become: yes
  block:

  - name: Ensure backend
    file:
      path: /var/www/file_exchanger_cgi-bin/
      state: directory

  - name: Created put cgi-bin file
    template:
      src: put
      dest: /var/www/file_exchanger_cgi-bin/put
      mode: +x

  - name: Ensure path exists
    file:
      path: "{{ file_exchanger_path }}"
      state: directory
      owner: www-data
      group: root
      mode: u+rwx,g-w,o-w

  - name: Enable related modules
    apache2_module:
      name: "{{ item }}"
      state: present
    with_items:
    - authz_groupfile
    - actions
    - alias
    - cgid

  - name: Create httpasswd file
    when: file_exchanger_user is defined and file_exchanger_user != None
    include_role:
      name: apache-server
    vars:
      apache_server_action: htpasswd
      apache_server_htpasswd_path: "/etc/apache2/sites-available/{{ file_exchanger_name }}.htpasswd"
      apache_server_htpasswd_user: "{{ file_exchanger_user }}"

  - name: Create htaccess file
    when: file_exchanger_group is defined and file_exchanger_group != None
    include_role:
      name: apache-server
    vars:
      apache_server_action: htaccess
      apache_server_htaccess_path: "/etc/apache2/sites-available/{{ file_exchanger_name }}.htaccess"
      apache_server_htaccess_group: "{{ file_exchanger_group }}"

  - name: Create file-exchanger HTTP virtual host config
    when: file_exchanger_http_port is defined and file_exchanger_http_port != "0"
    block:
    - name: Create file-exchanger virtual host config for HTTP
      template:
        src: conf.j2
        dest: "/etc/apache2/sites-available/{{ file_exchanger_name }}.conf"

    - name: Enable file-exchanger virtual host
      command: "a2ensite {{ file_exchanger_name }}"

    - name: Insert a accept rule for non-SSL port
      iptables:
        chain: INPUT
        protocol: tcp
        destination_port: "{{ file_exchanger_http_port }}"
        destination: "{{ item }}"
        jump: ACCEPT
        action: insert
      with_items: "{{ file_exchanger_ip }}"
      when: "item | ipv4"

  - name: Create file-exchanger HTTPS virtual host config
    when: file_exchanger_https_port is defined and file_exchanger_https_port != "0"
    block:
    - name: Generate certs for casewith alt_names
      when: file_exchanger_ip is defined and file_exchanger_ip != None
      include_role:
        name: apache-server
      vars:
        apache_server_action: ssl
        apache_server_ssl_key_path: "/etc/ssl/private/{{ file_exchanger_name }}.key"
        apache_server_ssl_cert_path: "/etc/ssl/certs/{{ file_exchanger_name }}.pem"
        apache_server_ssl_cn: "{{ file_exchanger_servername }}"
        apache_server_ssl_alt_name: "{{ file_exchanger_ip | map('regex_replace', '(.*)', 'IP:\\1') | list }}"

    - name: Generate certs for case without alt_names
      when: file_exchanger_ip is undefined or file_exchanger_ip == None
      include_role:
        name: apache-server
      vars:
        apache_server_action: ssl
        apache_server_ssl_key_path: "/etc/ssl/private/{{ file_exchanger_name }}.key"
        apache_server_ssl_cert_path: "/etc/ssl/certs/{{ file_exchanger_name }}.pem"
        apache_server_ssl_cn: "{{ file_exchanger_servername }}"

    - name: Create file-exchanger virtual host config for HTTPS
      template:
        src: ssl.conf.j2
        dest: "/etc/apache2/sites-available/{{ file_exchanger_name }}-ssl.conf"

    - name: Enable file-exchanger virtual host
      command: "a2ensite {{ file_exchanger_name }}-ssl"

    - name: Insert a accept rule for SSL port
      iptables:
        chain: INPUT
        protocol: tcp
        destination_port: "{{ file_exchanger_https_port }}"
        destination: "{{ item }}"
        jump: ACCEPT
        action: insert
      with_items: "{{ file_exchanger_ip }}"
      when: "item | ipv4"

  - name: Restart Apache to apply all changes
    include_role:
      name: apache-server
    vars:
      apache_server_action: restart