apache2
// This file is being generated by .github/workflows/gh-pages.yml - all local changes will be lost eventually! = ansible-role-apache2 Jonas Pammer opensource@jonaspammer.at; :toc: left :toclevels: 2 :toc-placement!: :source-highlighter: rouge
https://galaxy.ansible.com/jonaspammer/apache2[image:https://img.shields.io/badge/available%20on%20ansible%20galaxy-jonaspammer.apache2-brightgreen[Version on Galaxy]] // Very Relevant Status Badges https://github.com/JonasPammer/ansible-role-apache2/actions/workflows/ci.yml[image:https://github.com/JonasPammer/ansible-role-apache2/actions/workflows/ci.yml/badge.svg[Testing CI]]
An Ansible role for installing Apache2, enabling/disabling modules, configuring its defaults and creating virtual hosts.
toc::[]
[[meta]] == π Metadata Below you can find information onβ¦
- the role's required Ansible version
- the role's supported platforms
- the role's https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html#role-dependencies[role dependencies]
.link:meta/main.yml[] [source,yaml]
galaxy_info: role_name: "apache2" description: "An ansible role for installing Apache2, enabling/disabling modules, configuring its defaults and creating virtual hosts. Based on geerlingguy's apache2 role. "
author: "jonaspammer" license: "MIT"
min_ansible_version: "2.11" platforms: # note: text after "actively tested: " represent the docker image name - name: EL # (Enterprise Linux) versions: - "9" # actively tested: rockylinux9 - name: Fedora versions: - "38" # actively tested: fedora38 - "39" # actively tested: fedora39 - name: Debian versions: - bullseye # actively tested: debian11 - bookworm # actively tested: debian12 - name: Ubuntu versions: - focal # actively tested: ubuntu2004 - jammy # actively tested: ubuntu2204
galaxy_tags: - web - apache - webserver - html - httpd
dependencies: []
allow_duplicates: true
[[requirements]]
== π Requirements
// Any prerequisites that may not be covered by this role or Ansible itself should be mentioned here.
The Ansible User needs to be able to become
.
If you are using SSL/TLS (<
If you are using Apache with PHP, I recommend using the
https://github.com/geerlingguy/ansible-role-php/[geerlingguy.php] role
to install PHP, and you can either use mod_php
(by adding the proper package, e.g. libapache2-mod-php5
for Ubuntu, to php_packages
),
or by also using
https://github.com/geerlingguy/ansible-role-apache-php-fpm[`geerlingguy.apache-php-fpm` ]
to connect Apache to PHP via FPM.
Please consult the README's of the linked roles for more specific information.
When targeting Solaris-based systems,
the https://galaxy.ansible.com/community/general[`community.general` collection]
(containing the pkg5
module) must be installed on the Ansible controller.
When targeting Suse-based systems,
https://galaxy.ansible.com/community/general[`community.general` collection]
(containing the zypper
module) must be installed on the Ansible controller.
[[variables]] == π Role Variables // A description of the settable variables for this role should go here // and any variables that can/should be set via parameters to the role. // Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) // should be mentioned here as well.
[source,yaml]
apache_mods_enabled:
- rewrite
- ssl apache_mods_disabled: []
(Debian/RHEL only)
Apache mods to enable or disable (these will be symlinked into the appropriate location).
Consult the mods-available
(Debian) / conf.modules.d
(RHEL) directory inside <<apache__server_root_dir,apache's root directory>> for all the available mods.
[source,yaml]
apache_listen_ip: "*" apache_listen_port: 80 apache_listen_port_ssl: 443
The IP address and ports on which apache should be listening. Useful if you have another service (like a reverse proxy) listening on port 80 or 443 and need to change the defaults.
[source,yaml]
apache_remove_default_vhost: false
On Debian/Ubuntu, a default virtualhost is included in Apache's configuration.
Set this to true
to remove that default.
[source,yaml]
apache_state: started
Set initial apache state.
Recommended values: started
or stopped
[source,yaml]
apache_enabled: true
Set initial apache service status.
Recommended values: true
or false
[source,yaml]
apache_restart_state: restarted
Sets the state to put apache in when a configuration change was made
(i.e., when the restart apache
handler has been called).
Recommended values: restarted
or reloaded
[[apache_default_favicon]] [source,yaml]
apache_default_favicon: favicon.ico
Path to a file on the local Ansible Controller to be copied to the server and used by Apache as a default favicon.
=== Role Variables used for installation
[source,yaml]
apache_packages: [OS-specific by default, see /defaults directory]
A list of package names for installing Apache2 and most-necessary utilities.
[source,yaml]
apache_packages_state: present
If you have enabled any additional repositories such as
https://launchpad.net/~ondrej/+archive/ubuntu/apache2[`ondrej/apache2`],
https://fedoraproject.org/wiki/EPEL[`EPEL`], or
http://rpms.remirepo.net/[`remi`],
you may want an easy way to upgrade versions.
To ensure so, set this to latest
.
[source,yaml]
apache_enablerepo: ""
(RHEL/CentOS only)
The https://docs.ansible.com/ansible/latest/collections/ansible/builtin/yum_module.html#parameter-enablerepo[repository]
to use when installing Apache.
If you'd like later versions of Apache than are available in the OS's core repositories,
use a repository like
https://fedoraproject.org/wiki/EPEL[EPEL]
(which can be installed with the repo-epel
role).
=== Role Variables used to create Virtual Hosts
[TIP]
Head over to the <
[NOTE]
This role tries to ensure a working apache configuration by running
https://httpd.apache.org/docs/2.4/programs/httpd.html[syntax tests for all configuration files (-t
)]
and reverting the generated virtualhost if an error occurred.
====
[source,yaml]
apache_create_vhosts: true apache_vhosts_filename: "vhosts.conf" apache_vhosts_template: "vhosts.conf.j2"
If set to true
, a vhosts file managed by the variables of this role (see below),
is created and placed in the Apache configuration folder.
If set to false
, you can place your own vhosts file into Apache's configuration folder and skip the convenient (but more basic) one added by this role.
You can also override the template used and set a path to your own template, if you need to further customize the layout of your VirtualHost.
[source,yaml]
apache_global_vhost_settings: | DirectoryIndex index.php index.html
This variable gets used outside any
[WARNING]
You hereby change the configurations applied to Apache's general context
(instead of changing the configurations applied to, for example, a <VirtualHost>
/ <Directory>
/β¦).
A thing to understand with this default value is that
the DirectoryIndex
does not set but rather append
(Meaning we do not reverse any other configuration made),
as noted on its Documentation page:
[quote,https://httpd.apache.org/docs/2.4/mod/mod_dir.html]
Multiple DirectoryIndex
directives within the same context will add to
the list of resources to look for rather than replace.
=====
[source,yaml]
apache_vhosts:
- servername: "local.dev" documentroot: "/var/www/html"
For each entry in this list,
a <VirtualHost>
-Directive listening to
{{ apache_listen_ip }}:{{ apache_listen_port }}
will be generated.
Each entry of a list may have the following properties
(Consult the <
https://httpd.apache.org/docs/2.4/mod/core.html#servername[servername]
(required)::
https://httpd.apache.org/docs/2.4/mod/core.html#serveralias[serveralias]
::
https://httpd.apache.org/docs/2.4/mod/core.html#serveradmin[serveradmin]
::
https://httpd.apache.org/docs/2.4/mod/core.html#documentroot[documentroot]
::
documentroot__link:https://httpd.apache.org/docs/2.4/mod/core.html#servername[allowoverride]
::
AllowOverride
-Directive used inside the <Directory>
of the DocumentRoot
. +
Defaults to the value of apache_vhosts_default_documentroot__allowoverride
.
documentroot__link:https://httpd.apache.org/docs/2.4/mod/core.html#options[options]
::
Options
-Directive used inside the <Directory>
of the DocumentRoot
. +
Defaults to the value of apache_vhosts_default_documentroot__options
.
https://httpd.apache.org/docs/2.4/mod/mod_log_config.html#logformat[`logformat`]::
https://httpd.apache.org/docs/2.4/mod/core.html#loglevel[loglevel]
::
[[apache_vhosts__errorlog]]
https://httpd.apache.org/docs/2.4/mod/core.html#errorlog[errorlog]
::
Either a string (representing the path. does not get automatically quoted)
or a complex data type:
+
====
path
::
Path.
Gets enquoted in "
.
extra
::
Additional String to append after path
.
extra_parameters
::
This variable gets inserted as-is before the actual ErrorLog
statement
(with an indent of 2).
+
The use case for this parameter may be to enable Conditional Logs using
SetEnvIf
/ SetEnv
or setting a custom LogFormat
for this ErrorLog
https://httpd.apache.org/docs/2.4/logs.html[Apache's core Documentation].
====
[[apache_vhosts__customlogs]]
https://httpd.apache.org/docs/2.4/mod/mod_log_config.html#customlog[customlogs]
::
Array of CustomLogs.
Each Entry may either be a string (does not get automatically quoted)
or a complex data type:
+
====
path
::
Path.
Gets enquoted in "
.
extra
::
Additional String to append after path
.
Does not get quoted
(to allow for the complex additional optional parameters of CustomLog one may want to supply).
extra_parameters
::
This variable gets inserted as-is before the actual CustomLog
statement
(with an indent of 2).
+
The use case for this parameter may be to enable Conditional Logs using
SetEnvIf
/ SetEnv
or setting a custom LogFormat
for this specifc CustomLog
as per https://httpd.apache.org/docs/2.4/logs.html[Apache's mod_log_config Documentation].
====
extra_parameters
::
This variable gets inserted as-is into the very end of the looped <VirtualHost>
(with an indent of 2).
[[apache_vhosts_ssl]] [source,yaml]
apache_vhosts_ssl: []
For each entry in this list,
a <VirtualHost>
-Directive listening to
{{ apache_listen_ip }}:{{ apache_listen_port_ssl }}
will be generated.
Each entry of a list may have the following properties
(Consult the <
https://httpd.apache.org/docs/2.4/mod/core.html#servername[servername]
(required)::
https://httpd.apache.org/docs/2.4/mod/core.html#serveralias[serveralias]
::
https://httpd.apache.org/docs/2.4/mod/core.html#serveradmin[serveradmin]
::
https://httpd.apache.org/docs/2.4/mod/core.html#documentroot[documentroot]
::
documentroot__link:https://httpd.apache.org/docs/2.4/mod/core.html#servername[allowoverride]
::
AllowOverride
-Directive used inside the <Directory>
of the DocumentRoot
. +
Defaults to apache_vhosts_default_documentroot__allowoverride
.
documentroot__link:https://httpd.apache.org/docs/2.4/mod/core.html#options[options]
::
Options
-Directive used inside the <Directory>
of the DocumentRoot
.
Defaults to apache_vhosts_default_documentroot__options
.
no_actual_ssl
::
If set to True, the <VirtualHost>
will have no SSL* Options.
Used only when you want a http-to-https redirect you defined in extra_parameters
.
https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatefile[ssl_certificate_file] (required):: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatekeyfile[ssl_certificate_key_file] (required):: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatechainfile[ssl_certificate_chain_file]:: Please note that this Deprecated.
https://httpd.apache.org/docs/2.4/mod/mod_log_config.html#logformat[`logformat`]::
https://httpd.apache.org/docs/2.4/mod/core.html#loglevel[loglevel]
::
https://httpd.apache.org/docs/2.4/mod/core.html#errorlog[errorlog]
::
Equivalent of <<apache_vhosts__errorlog,apache_vhosts.errorlog>>.
https://httpd.apache.org/docs/2.4/mod/mod_log_config.html#customlog[customlogs]
::
Array of CustomLogs.
Equivalent of <<apache_vhosts__customlogs,apache_vhosts.customlogs>>.
extra_parameters
::
This variable gets inserted as-is into the very end of the looped <VirtualHost>
(with an indent of 2).
[source,yaml]
apache_ignore_missing_ssl_certificate: true
If set to false
, a given entry of apache_vhosts_ssl
will only be generated if its sslcertificatefile
exists.
[source,yaml]
apache_ssl_protocol: "All -SSLv2 -SSLv3" apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH"
These variable are used as default for every apache_vhosts_ssl
.
They are named the same way as used in said Role variables
(except for their prefix of course).
Consult https://httpd.apache.org/docs/current/mod/mod_ssl.html[
Apache's Documentation]
for the documentation of the actual Apache Directives they represent.
[source,yaml]
apache_vhosts_default_documentroot__allowoverride: "All" apache_vhosts_default_documentroot__options: "-Indexes +FollowSymLinks"
[[public_vars]] == π Facts/Variables defined by this role
Each variable listed in this section
is dynamically defined when executing this role (and can only be overwritten using ansible.builtin.set_facts
) and
is meant to be used not just internally.
[[apache__service]]
.pass:[apache__service]
.Example Usage outside this role: [source,yaml]
handlers file for roles.xyz
- name: restart apache2 ansible.builtin.service: name: "{{ apache__service | default('apache2') }}" state: restarted
[[apache__daemon]]
.pass:[apache__daemon_dir]
, pass:[apache__daemon]
Executable Name and Directory of the apache2
command.
[[apache__server_root_dir]]
.pass:[apache__server_root_dir]
Directory containing all Apache2 configuration (in /etc
).
[[debian_is_different_note]] [NOTE] ==== When working with any of the below configuration values you need to remember:
[quote,Comment found in a Debian 10's /etc/apache2/apache2.conf]
The Apache 2 web server configuration in Debian is quite different to upstream's suggested way to configure the web server. This is because Debian's default Apache2 installation attempts to make adding and removing modules, virtual hosts, and extra configuration directives as flexible as possible, in order to make automating the changes and administering the server as easy as possible.
This means that the pass:[apache__server_root_dir]
on Debian looks like this:
.tree /etc/apache2
of a fresh Debian 10 machine after apache2 install
. βββ apache2.conf βββ conf-available βΒ Β βββ charset.conf βΒ Β βββ localized-error-pages.conf βΒ Β βββ other-vhosts-access-log.conf βΒ Β βββ php7.4-fpm.conf βΒ Β βββ security.conf βΒ Β βββ serve-cgi-bin.conf βββ conf-enabled βΒ Β βββ charset.conf -> ../conf-available/charset.conf βΒ Β βββ β¦ βββ envvars βββ magic βββ mods-available βΒ Β βββ access_compat.load βΒ Β βββ alias.load βΒ Β βββ alias.conf βΒ Β βββ β¦ βββ mods-enabled βΒ Β βββ access_compat.load -> ../mods-available/access_compat.load βΒ Β βββ alias.conf -> ../mods-available/alias.conf βΒ Β βββ alias.load -> ../mods-available/alias.load βΒ Β βββ β¦ βββ ports.conf βββ sites-available βΒ Β βββ 000-default.conf βΒ Β βββ default-ssl.conf βββ sites-enabled βββ 000-default.conf -> ../sites-available/000-default.conf
While #on other systems it looks like this#:
.tree /etc/apache2
of a fresh CentOS 8 machine after apache2 install
. βββ conf βΒ Β βββ httpd.conf βΒ Β βββ magic βββ conf.d βΒ Β βββ autoindex.conf βΒ Β βββ ssl.conf βΒ Β βββ userdir.conf βΒ Β βββ welcome.conf βββ conf.modules.d βΒ Β βββ 00-base.conf βΒ Β βββ 00-dav.conf βΒ Β βββ 00-lua.conf βΒ Β βββ 00-mpm.conf βΒ Β βββ 00-optional.conf βΒ Β βββ 00-proxy.conf βΒ Β βββ 00-ssl.conf βΒ Β βββ 00-systemd.conf βΒ Β βββ 01-cgi.conf βΒ Β βββ 10-h2.conf βΒ Β βββ 10-proxy_h2.conf βΒ Β βββ README βββ logs -> ../../var/log/httpd βΒ Β βββ β¦ βββ modules -> ../../usr/lib64/httpd/modules Β Β Β βββ mod_access_compat.so Β Β Β βββ mod_actions.so Β Β Β βββ mod_alias.so Β Β Β βββ β¦
====
[[apache__primary_configuration_file_path]]
.pass:[apache__primary_configuration_file_path]
Apache2's primary configuration file,
which http://httpd.apache.org/docs/2.4/mod/core.html#include[
Include
]'s all the other files and contains some other Directives itself.
.Taking a look into how what is Include'ed
[TIP]
====
Debian's Apache2 Include Directives as found in pass:[apache__primary_configuration_file_path]
:
[source,ini]
Include module configuration:
IncludeOptional mods-enabled/.load IncludeOptional mods-enabled/.conf
Include list of ports to listen on
Include ports.conf
Include of directories ignores editors' and dpkg's backup files,
Include generic snippets of statements
IncludeOptional conf-enabled/*.conf
Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf
RHEL's Apache2 Include Directives as found in pass:[apache__primary_configuration_file_path]
on a CentOS 8 Machine:
[source,ini]
Dynamic Shared Object (DSO) Support
To be able to use the functionality of a module which was built as a DSO you
have to place corresponding `LoadModule' lines at this location so the
directives contained in it are actually available before they are used.
Statically compiled modules (those listed by `httpd -l') do not need
to be loaded here.
Example:
LoadModule foo_module modules/mod_foo.so
Include conf.modules.d/*.conf
Supplemental configuration:
IncludeOptional conf.d/*.conf
====
[[apache__ports_configuration_file]]
.pass:[apache__ports_configuration_file]
Apache2 Configuration File that houses the directives used to determine listening ports for incoming connections.
On some systems this is the same as pass:[apache__primary_configuration_file_path]
,
but on some it is an own file which is being
http://httpd.apache.org/docs/2.4/mod/core.html#include[
Include
]-ed by said pass:[apache__primary_configuration_file_path]
.
[[apache__server_conf_dir]]
.pass:[apache__server_conf_dir]
Directory which houses all http://httpd.apache.org/docs/2.4/mod/core.html#include[
Include
]-ed files.
This directory may not be Include
-ed itself but have sub-directories that are being Include
-ed.
Consult the NOTE/TIP found in <Include
-ed by default on different OS'es.
[[apache__default_log_dir]]
.pass:[apache__default_log_dir]
Directory in /var
used by default for all virtual hosts.
The below output shows the typical default file contents of this folder for the major distros:
.RedHat
[root@instance-py3-ansible-5 /]# ls -l /var/log/httpd/ total 8 -rw-r--r-- 1 root root 0 Jun 11 11:16 access_log -rw-r--r-- 1 root root 980 Jun 11 11:16 error_log -rw-r--r-- 1 root root 0 Jun 11 11:16 ssl_access_log -rw-r--r-- 1 root root 328 Jun 11 11:16 ssl_error_log -rw-r--r-- 1 root root 0 Jun 11 11:16 ssl_request_log
.Debian
root@instance-py3-ansible-5-debian10:/# ls -l /var/log/apache2 total 4 -rw-r----- 1 root adm 0 Aug 29 10:17 access.log -rw-r----- 1 root adm 2133 Aug 29 10:18 error.log -rw-r--r-- 1 root root 0 Aug 29 10:18 local2-error.log -rw-r----- 1 root adm 0 Aug 29 10:17 other_vhosts_access.log
[[tags]] == π·οΈ Tags
// Checkout https://github.com/tribe29/ansible-collection-tribe29.checkmk/blob/main/roles/server/README.md#tags // for an awesome example of grouping tasks using tags
Tasks are tagged with the following https://docs.ansible.com/ansible/latest/user_guide/playbooks_tags.html#adding-tags-to-roles[tags]:
[cols="1,1"] |=== |Tag | Purpose
2+| This role does not have officially documented tags yet.
// | download-xyz // | // | install-prerequisites // | // | install // | // | create-xyz // | |===
You can use Ansible to skip tasks, or only run certain tasks by using these tags. By default, all tasks are run when no tags are specified.
[[dependencies]] == π« Dependencies // A list of other roles should go here, // plus any details in regard to parameters that may need to be set for other roles, // or variables that are used from other roles.
[[example_playbooks]] == π Example Playbook Usages // Including examples of how to use this role in a playbook for common scenarios is always nice for users.
[NOTE]
This role is part of https://github.com/JonasPammer/ansible-roles[ many compatible purpose-specific roles of mine].
The machine needs to be prepared.
In CI, this is done in molecule/resources/prepare.yml
which sources its soft dependencies from requirements.yml
:
.link:molecule/resources/prepare.yml[] [source,yaml]
name: prepare hosts: all become: true gather_facts: false
roles:
- role: jonaspammer.bootstrap
- name: jonaspammer.core_dependencies
The following diagram is a compilation of the "soft dependencies" of this role as well as the recursive tree of their soft dependencies.
image:https://raw.githubusercontent.com/JonasPammer/ansible-roles/master/graphs/dependencies_apache2.svg[ requirements.yml dependency graph of jonaspammer.apache2] ====
.Standard Installation (no variables)
- The following yaml:
- [source,yaml]
roles:
- role: jonaspammer.apache2
- generates the following VirtualHost:
- [source]
Ansible managed
DirectoryIndex index.php index.html <VirtualHost *:80> ServerName local.dev DocumentRoot "/var/www/html"
<Directory "/var/www/html">
AllowOverride All
Options -Indexes +FollowSymLinks
Require all granted
</Directory>
-----
+
For Reference, this is the default vhost shipped with Debian/Ubuntu systems
(which can be removed by setting `apache_remove_default_vhost` to true)
+
[source]
-----
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Given no role configuration, the deviance's from just installing Apache2 yourself are
- certain modules get activated by default (
<<apache_mods_enabled>>
). - the system will have the above demonstrated VirtualHost
- On initial install, a file with the name of
favicon.ico
(sourced from <>) will be placed into /var/www/html
if there was no file with said name before. This favicon, by default, resembles the Ansible logo as found on Wikimedia.
Please note that this role does not delete the contents of /var/www/html
(not even if it got created by/after apache2 initial install).
====
.Logging
- The following yaml:
- [source,yaml]
roles:
- role: jonaspammer.apache2
vars: apache_vhost_filename: "local2.dev.conf" apache_vhosts: - servername: "wwww.local2.dev" loglevel: info errorlog: "{{ apache__default_log_dir }}/local2-error.log" customlog: path: "${{ apache__default_log_dir }}/local2-access.log" extra: "combined"
- generates the following VirtualHost:
- [source]
Ansible managed.
TODO
====
.Usage of extra_parameters
[TIP]
The pipe symbol at the end of a line in YAML signifies that any indented text that follows should be interpreted as a multi-line scalar value. See https://yaml-multiline.info/[yaml-multiline.info] for interactive explanation. ======
- The following yaml:
- [source,yaml]
roles:
- role: jonaspammer.apache2
vars: apache_vhost_filename: "myvhost.conf" apache_vhosts: - servername: "www.local.dev" serveralias: "local.dev" documentroot: "/var/www/html" extra_parameters: | # Redirect all requests to 'www' subdomain. Apache 2.4+ RewriteEngine On RewriteCond %{HTTP_HOST} !^www. [NC] RewriteRule ^(.*)$ %{REQUEST_SCHEME}://www.%{HTTP_HOST}%{REQUEST_URI} [R=302,L]
- generates the following VirtualHost:
- [source]
Ansible managed.
TODO
- The following yaml:
- [source,yaml]
roles:
- role: jonaspammer.apache2
vars: apache_vhost_filename: "myvhost.conf" apache_vhosts: - servername: "srvcmk.intra.jonaspammer.com" extra_parameters: | Redirect / {{ checkmk_site_url }}
- generates the following VirtualHost:
- [source]
Ansible managed.
DirectoryIndex index.php index.html <VirtualHost *:80> ServerName srvcmk.intra.jonaspammer.com
Redirect / http://srvcmk.intra.jonaspammer.at/master
-----
====
.Creating your own virtualhost file / Integrate into a role
The apache2 role may be executed multiple times in a play, with the primary purpose of https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html#using-allow-duplicates-true[this allowance] being to be able to create virtualhosts.
[source,yaml,subs="+quotes,macros"]
- tasks:
pass:[#]...
- name: Generate Apache2 VirtualHost. ansible.builtin.#include_role#: "apache2" vars: #apache_vhost_filename: "myapp.conf"# apache_vhosts: - servername: "www.myapp.dev" serveralias: "myapp.dev" DocumentRoot: "/opt/myapp" pass:[#]...
====
[[tested-distributions]] == π§ͺ Tested Distributions
A role may work on different distributions, like Red Hat Enterprise Linux (RHEL), even though there is no test for this exact distribution.
// good reference for what to follow -- most starred and pinned project of geerlingguy: // https://github.com/geerlingguy/ansible-role-docker/blob/master/.github/workflows/ci.yml |=== | OS Family | Distribution | Distribution Release Date | Distribution End of Life | Accompanying Docker Image
// https://endoflife.date/rocky-linux | Rocky | Rocky Linux 8 (https://www.howtogeek.com/devops/is-rocky-linux-the-new-centos/[RHEL/CentOS 8 in disguise]) | 2021-06 | 2029-05 | https://github.com/geerlingguy/docker-rockylinux8-ansible/actions?query=workflow%3ABuild[image:https://github.com/geerlingguy/docker-rockylinux8-ansible/workflows/Build/badge.svg?branch=master[CI]]
| Rocky | Rocky Linux 9 | 2022-07 | 2032-05 | https://github.com/geerlingguy/docker-rockylinux9-ansible/actions?query=workflow%3ABuild[image:https://github.com/geerlingguy/docker-rockylinux9-ansible/workflows/Build/badge.svg?branch=master[CI]]
// https://endoflife.date/fedora (13 Months) | RedHat | Fedora 39 | 2023-11 | 2024-12 | https://github.com/geerlingguy/docker-fedora39-ansible/actions?query=workflow%3ABuild[image:https://github.com/geerlingguy/docker-fedora39-ansible/workflows/Build/badge.svg?branch=master[CI]]
// https://ubuntu.com/about/release-cycle | Debian | Ubuntu 20.04 LTS | 2021-04 | 2025-04 | https://github.com/geerlingguy/docker-ubuntu2004-ansible/actions?query=workflow%3ABuild[image:https://github.com/geerlingguy/docker-ubuntu2004-ansible/workflows/Build/badge.svg?branch=master[CI]]
| Debian | Ubuntu 22.04 LTS | 2022-04 | 2027-04 | https://github.com/geerlingguy/docker-ubuntu2204-ansible/actions?query=workflow%3ABuild[image:https://github.com/geerlingguy/docker-ubuntu2204-ansible/workflows/Build/badge.svg?branch=master[CI]]
// https://wiki.debian.org/DebianReleases // https://wiki.debian.org/LTS | Debian | Debian 11 | 2021-08 | 2024-06 (2026-06 LTS) | https://github.com/geerlingguy/docker-debian11-ansible/actions?query=workflow%3ABuild[image:https://github.com/geerlingguy/docker-debian11-ansible/workflows/Build/badge.svg?branch=master[CI]]
| Debian | Debian 12 | 2023-06 | 2026-06 (2028-06 LTS) | https://github.com/geerlingguy/docker-debian12-ansible/actions?query=workflow%3ABuild[image:https://github.com/geerlingguy/docker-debian12-ansible/workflows/Build/badge.svg?branch=master[CI]] |===
[[tested-ansible-versions]] == π§ͺ Tested Ansible versions
The tested ansible versions try to stay equivalent with the
https://github.com/ansible-collections/community.general#tested-with-ansible[
support pattern of Ansible's community.general
collection].
As of writing this is:
- 2.13 (Ansible 6)
- 2.14 (Ansible 7)
- 2.15 (Ansible 8)
- 2.16 (Ansible 9)
[[development]] == π Development // Badges about Conventions in this Project https://conventionalcommits.org[image:https://img.shields.io/badge/Conventional%20Commits-1.0.0-yellow.svg[Conventional Commits]] https://results.pre-commit.ci/latest/github/JonasPammer/ansible-role-apache2/master[image:https://results.pre-commit.ci/badge/github/JonasPammer/ansible-role-apache2/master.svg[pre-commit.ci status]] // image:https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white[pre-commit, link=https://github.com/pre-commit/pre-commit]
[[development-system-dependencies]] === π Development Machine Dependencies
- Python 3.10 or greater
- Docker
[[development-dependencies]]
=== π Development Dependencies
Development Dependencies are defined in a
https://pip.pypa.io/en/stable/user_guide/#requirements-files[pip requirements file]
named requirements-dev.txt
.
Example Installation Instructions for Linux are shown below:
"optional": create a python virtualenv and activate it for the current shell session
$ python3 -m venv venv $ source venv/bin/activate
$ python3 -m pip install -r requirements-dev.txt
[[development-guidelines]] === βΉοΈ Ansible Role Development Guidelines
Please take a look at my https://github.com/JonasPammer/cookiecutter-ansible-role/blob/master/ROLE_DEVELOPMENT_GUIDELINES.adoc[ Ansible Role Development Guidelines].
If interested, I've also written down some https://github.com/JonasPammer/cookiecutter-ansible-role/blob/master/ROLE_DEVELOPMENT_TIPS.adoc[ General Ansible Role Development (Best) Practices].
[[versioning]] === π’ Versioning
Versions are defined using https://git-scm.com/book/en/v2/Git-Basics-Tagging[Tags], which in turn are https://galaxy.ansible.com/docs/contributing/version.html[recognized and used] by Ansible Galaxy.
Versions must not start with v
.
When a new tag is pushed, https://github.com/JonasPammer/ansible-role-apache2/actions/workflows/release-to-galaxy.yml[ a GitHub CI workflow] (image:https://github.com/JonasPammer/ansible-role-apache2/actions/workflows/release-to-galaxy.yml/badge.svg[Release CI]) takes care of importing the role to my Ansible Galaxy Account.
[[testing]] === π§ͺ Testing Automatic Tests are run on each Contribution using GitHub Workflows.
The Tests primarily resolve around running https://molecule.readthedocs.io/en/latest/[Molecule] on a <<tested-distributions,varying set of linux distributions>> and using <<tested-ansible-versions,various ansible versions>>.
The molecule test also includes a step which lints all ansible playbooks using https://github.com/ansible/ansible-lint#readme[`ansible-lint`] to check for best practices and behaviour that could potentially be improved.
To run the tests, simply run tox
on the command line.
You can pass an optional environment variable to define the distribution of the
Docker container that will be spun up by molecule:
$ MOLECULE_DISTRO=ubuntu2204 tox
For a list of possible values fed to MOLECULE_DISTRO
,
take a look at the matrix defined in link:.github/workflows/ci.yml[].
==== π Debugging a Molecule Container
- Run your molecule tests with the option
MOLECULE_DESTROY=never
, e.g.:
- [subs="quotes,macros"]
$ MOLECULE_DESTROY=never MOLECULE_DISTRO=#ubuntu1604# tox -e py3-ansible-#5# ... TASK [ansible-role-pip : (redacted).] pass:[************************] failed: [instance-py3-ansible-9] => changed=false ... pass:[___________________________________ summary ____________________________________] pre-commit: commands succeeded ERROR: py3-ansible-9: commands failed
- Find out the name of the molecule-provisioned docker container:
- [subs="quotes"]
$ docker ps #30e9b8d59cdf# geerlingguy/docker-debian12-ansible:latest "/lib/systemd/systemd" 8 minutes ago Up 8 minutes instance-py3-ansible-9
- Get into a bash Shell of the container, and do your debugging:
- [subs="quotes"]
$ docker exec -it #30e9b8d59cdf# /bin/bash
root@instance-py3-ansible-2:/#
[TIP]
If the failure you try to debug is part of yourverify.yml
step and not the actualconverge.yml
, you may want to know that the output of ansible's modules (vars
), hosts (hostvars
) and environment variables have been stored into files on both the provisioner and inside the docker machine under:
/var/tmp/vars.yml
(contains host variables under thehostvars
key)/var/tmp/environment.yml
grep
,cat
or transfer these as you wish!
[TIP]
You may also want to know that the files mentioned in the admonition above are attached to the GitHub CI Artifacts of a given Workflow run. + This allows one to check the difference between runs and thus help in debugging what caused the bit-rot or failure in general.
image::https://user-images.githubusercontent.com/32995541/178442403-e15264ca-433a-4bc7-95db-cfadb573db3c.png[]
- After you finished your debugging, exit it and destroy the container:
- [subs="quotes"]
root@instance-py3-ansible-2:/# exit
$ docker stop #30e9b8d59cdf#
$ docker container rm #30e9b8d59cdf# or $ docker container prune
==== π Debugging installed package versions locally
Although a standard feature in tox 3, this https://github.com/tox-dev/tox/pull/2794[now] only happens when tox recognizes the presence of a CI variable. For example:
$ CI=true tox
[[development-container-extra]] === π§ TIP: Containerized Ideal Development Environment
This Project offers a definition for a "1-Click Containerized Development Environment".
This Container even enables one to run docker containers inside of it (Docker-In-Docker, dind), allowing for molecule execution.
To use it:
- Ensure you fullfill the link:https://code.visualstudio.com/docs/remote/containers#_system-requirements[ the System requirements of Visual Studio Code Development Containers], optionally following the Installation-Section of the linked page section. + This includes: Installing Docker, Installing Visual Studio Code itself, and Installing the necessary Extension.
- Clone the project to your machine
- Open the folder of the repo in Visual Studio Code (File - Open Folderβ¦).
- If you get a prompt at the lower right corner informing you about the presence of the devcontainer definition,
you can press the accompanying button to enter it.
Otherwise, you can also execute the Visual Studio Command
Remote-Containers: Open Folder in Container
yourself (View - Command Palette -> type in the mentioned command).
[TIP]
I recommend using Remote-Containers: Rebuild Without Cache and Reopen in Container
once here and there as the devcontainer feature does have some problems recognizing
changes made to its definition properly some times.
====
[NOTE]
You may need to configure your host system to enable the container to use your SSH/GPG Keys.
The procedure is described https://code.visualstudio.com/remote/advancedcontainers/sharing-git-credentials[ in the official devcontainer docs under "Sharing Git credentials with your container"]. =====
[[cookiecutter]] === πͺ CookieCutter
This Project shall be kept in sync with https://github.com/JonasPammer/cookiecutter-ansible-role[the CookieCutter it was originally templated from] using https://github.com/cruft/cruft[cruft] (if possible) or manual alteration (if needed) to the best extend possible.
.Official Example Usage of cruft update
image::https://raw.githubusercontent.com/cruft/cruft/master/art/example_update.gif[Official Example Usage of cruft update
]
==== π Changelog When a new tag is pushed, an appropriate GitHub Release will be created by the Repository Maintainer to provide a proper human change log with a title and description.
[[pre-commit]] === βΉοΈ General Linting and Styling Conventions General Linting and Styling Conventions are https://stackoverflow.blog/2020/07/20/linters-arent-in-your-way-theyre-on-your-side/[*automatically* held up to Standards] by various https://pre-commit.com/[`pre-commit`] hooks, at least to some extend.
Automatic Execution of pre-commit is done on each Contribution using https://pre-commit.ci/[`pre-commit.ci`]<<note_pre-commit-ci,*>>. Pull Requests even automatically get fixed by the same tool, at least by hooks that automatically alter files.
[NOTE]
Not to confuse:
Although some pre-commit hooks may be able to warn you about script-analyzed flaws in syntax or even code to some extend (for which reason pre-commit's hooks are part of the test suite),
pre-commit itself does not run any real Test Suites.
For Information on Testing, see <
[TIP]
[[note_pre-commit-ci]] Nevertheless, I recommend you to integrate pre-commit into your local development workflow yourself.
This can be done by cd'ing into the directory of your cloned project and running pre-commit install
.
Doing so will make git run pre-commit checks on every commit you make,
aborting the commit themselves if a hook alarm'ed.
You can also, for example, execute pre-commit's hooks at any time by running pre-commit run --all-files
.
[[contributing]] == πͺ Contributing image:https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square[PRs Welcome] https://open.vscode.dev/JonasPammer/ansible-role-apache2[image:https://img.shields.io/static/v1?logo=visualstudiocode&label=&message=Open%20in%20Visual%20Studio%20Code&labelColor=2c2c32&color=007acc&logoColor=007acc[Open in Visual Studio Code]]
// Included in README.adoc :toc: :toclevels: 3
The following sections are generic in nature and are used to help new contributors.
The actual "Development Documentation" of this project is found under <
=== π€ Preamble First off, thank you for considering contributing to this Project.
Following these guidelines helps to communicate that you respect the time of the developers managing and developing this open source project. In return, they should reciprocate that respect in addressing your issue, assessing changes, and helping you finalize your pull requests.
[[cookiecutter--contributing]] === πͺ CookieCutter This Project owns many of its files to https://github.com/JonasPammer/cookiecutter-ansible-role[the CookieCutter it was originally templated from].
Please check if the edit you have in mind is actually applicable to the template and if so make an appropriate change there instead. Your change may also be applicable partly to the template as well as partly to something specific to this project, in which case you would be creating multiple PRs.
=== π¬ Conventional Commits
A casual contributor does not have to worry about following https://github.com/JonasPammer/JonasPammer/blob/master/demystifying/conventional_commits.adoc[__the spec__] https://www.conventionalcommits.org/en/v1.0.0/[__by definition__], as pull requests are being squash merged into one commit in the project. Only core contributors, i.e. those with rights to push to this project's branches, must follow it (e.g. to allow for automatic version determination and changelog generation to work).
=== π Getting Started
Contributions are made to this repo via Issues and Pull Requests (PRs). A few general guidelines that cover both:
- Search for existing Issues and PRs before creating your own.
- If you've never contributed before, see https://auth0.com/blog/a-first-timers-guide-to-an-open-source-project/[ the first timer's guide on Auth0's blog] for resources and tips on how to get started.
==== Issues
Issues should be used to report problems, request a new feature, or to discuss potential changes before a PR is created. When you https://github.com/JonasPammer/ansible-role-apache2/issues/new[ create a new Issue], a template will be loaded that will guide you through collecting and providing the information we need to investigate.
If you find an Issue that addresses the problem you're having, please add your own reproduction information to the existing issue rather than creating a new one. Adding a https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/[reaction] can also help be indicating to our maintainers that a particular problem is affecting more than just the reporter.
==== Pull Requests
PRs to this Project are always welcome and can be a quick way to get your fix or improvement slated for the next release. https://blog.ploeh.dk/2015/01/15/10-tips-for-better-pull-requests/[In general], PRs should:
- Only fix/add the functionality in question OR address wide-spread whitespace/style issues, not both.
- Add unit or integration tests for fixed or changed functionality (if a test suite already exists).
- Address a single concern
- Include documentation in the repo
- Be accompanied by a complete Pull Request template (loaded automatically when a PR is created).
For changes that address core functionality or would require breaking changes (e.g. a major release), it's best to open an Issue to discuss your proposal first.
In general, we follow the "fork-and-pull" Git workflow
- Fork the repository to your own Github account
- Clone the project to your machine
- Create a branch locally with a succinct but descriptive name
- Commit changes to the branch
- Following any formatting and testing guidelines specific to this repo
- Push changes to your fork
- Open a PR in our repository and follow the PR template so that we can efficiently review the changes.
[[changelog]] == π Changelog Please refer to the https://github.com/JonasPammer/ansible-role-apache2/releases[Release Page of this Repository] for a human changelog of the corresponding https://github.com/JonasPammer/ansible-role-apache2/tags[Tags (Versions) of this Project].
Note that this Project adheres to Semantic Versioning. Please report any accidental breaking changes of a minor version update.
[[license]] == βοΈ License
.link:LICENSE[]
MIT License
Copyright (c) 2022, Jonas Pammer
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
An ansible role for installing Apache2, enabling/disabling modules, configuring its defaults and creating virtual hosts.
ansible-galaxy install JonasPammer/ansible-role-apache2