summaryrefslogtreecommitdiff
path: root/ansible/roles/trove-setup/tasks/lighttpd.yml
blob: 091ed11431f7439bd381a1e6aa7577c2c6462a78 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
---
- name: Create /etc/lighttpd/certs directory
  file:
    path: /etc/lighttpd/certs
    state: directory
- name: Create certificates for lighttpd in /etc/lighttpd/certs/lighttpd.pem
  shell: |
         yes '' | openssl req -new -x509 \
              -keyout /etc/lighttpd/certs/lighttpd.pem \
              -out /etc/lighttpd/certs/lighttpd.pem -days 36525 -nodes
  args:
    creates: /etc/lighttpd/certs/lighttpd.pem
  when: TROVE_SSL_PEMFILE is not defined
  notify: Restart lighttpd-git service

- name: Copy certifiacte for lighttpd if provided
  copy:
    src: "{{ TROVE_SSL_PEMFILE }}"
    dest: /etc/lighttpd/certs/lighttpd.pem
    mode: 0400
  when: TROVE_SSL_PEMFILE is defined
  notify: Restart lighttpd-git service

- name: Copy certifiacte for lighttpd if provided
  copy:
    src: "{{ TROVE_SSL_CA_FILE }}"
    dest: /etc/lighttpd/certs/ca-certs.pem
    mode: 0400
  when: TROVE_SSL_CA_FILE is defined
  notify: Restart lighttpd-git service

- name: Create /var/run/lighttpd for cache user
  file:
    path: /var/run/lighttpd
    state: directory
    owner: cache
    group: cache

- name: Create git-httpd.conf from template
  template:
    src: lighttpd/git-httpd.conf
    dest: /etc/lighttpd/git-httpd.conf
  notify: Restart lighttpd-git service

# Now that the lighttpd certificates, configuration files and /var/run/lighttpd
# exist, we can enable and start lighttpd services
- name: Enable lighttpd-git service
  service:
    name: lighttpd-git.service
    enabled: yes
  notify: Restart lighttpd-git service

- name: Enable lighttpd-morph-cache service
  service:
    name: lighttpd-morph-cache.service
    enabled: yes
  notify: Restart lighttpd-morph-cache service

# The service lighttpd-lorry-controller-webapp has to start here and
# can't be done in a handler, given that the lorry-controller-minion
# service will fail to start if this one is not running.
- name: Enable the lighttpd-lorry-controller-webapp service
  service:
    name: lighttpd-lorry-controller-webapp.service
    enabled: yes
  register: lighttpd_lorry_controller_webapp_service
- name: Restart the lighttpd-lorry-controller-webapp service
  service:
    name: lighttpd-lorry-controller-webapp
    state: restarted
  when: lighttpd_lorry_controller_webapp_service|changed