Category Archives: ansible

Apache restart handler in Ansible doesn’t work after PHP installation

So I just installed PHP via Ansible and the install process worked without errors. However, a handler to restart httpd doesn't seem to be working as expected (looks like it gets skipped when the playbook is executed).
Here is the directory structure:

[[email protected] lamp]# tree roles/php/
roles/php/
|-- files
|   `-- index.php
|-- handlers
|   `-- main.yml
`-- tasks
    `-- main.yml

3 directories, 3 files

This is the main installation play:

[[email protected] lamp]# cat roles/php/tasks/main.yml
---
    # Install PHP and all the necessary PHP modules
    - name: Install PHP and other required modules
      yum: name={{ item }}
           update_cache=yes
           state=latest
      with_items:
        - php
        - php-cli
        - php-common
        - php-devel
        - php-mbstring
        - php-pdo
        - php-pear
        - php-mysql
        - php-gd
        - php-fpm
        - php-xml
      notify:
        - restart_apache

    # Copy a test index.php file to the DocumentRoot
    - name: Copying the test index file
      copy: src=files/index.php
            dest=/var/www/html
            owner=root
            group=root
            mode=0644

And this is the handler:

[[email protected] lamp]# cat roles/php/handlers/main.yml
    # Restart the httpd service
    - name: restart_apache
      service: name=httpd
               state=restarted

This is the output, when the play is run:

PLAY [wpserver] ****************************************************************

TASK [setup] *******************************************************************
ok: [192.168.1.93]

TASK [php : Install PHP and other required modules] ****************************
changed: [192.168.1.93] => (item=[u'php', u'php-cli', u'php-common', u'php-devel', u'php-mbstring', u'php-pdo', u'php-pear', u'php-mysql', u'php-gd', u'php-fpm', u'php-xml'])                                                                                                

TASK [php : Copying the test index file] ***************************************
changed: [192.168.1.93]

PLAY RECAP *********************************************************************
192.168.1.93               : ok=3    changed=2    unreachable=0    failed=0

There are no syntax errors shown, or running it using -vvvv doesn't mention anything related to a handler either. Edit: Increasing the verbosity doesn't show the expected NOTIFIED HANDLER output. The full verbose output can be found here

However, if I add it as a separate task, directly after the installation of PHP(and it's modules), the restart process works as expected:

- name: Restart Apache
    service:
      name: httpd
      state: restarted

Output

TASK [php : Restart Apache] ****************************************************
changed: [192.168.1.93]

How do I go about adding this (restart apache task) as a separate handler?

No response from running Tomcat: does not start, does nothing

I'm using Ansible to spin up a new Amazon EC2 install, and then I install Java and Tomcat (via the yum module). After placing the war for sample project from the Apache website in the webapps directory, I go and run the the command (below), nothing happens. It returns with response, no error. I've checked both the IP and port 8080 and Tomcat is not running.

[[email protected] webapps]$ sudo systemctl start tomcat
[[email protected] webapps]$ sudo systemctl start tomcat
[[email protected] webapps]$ 

For reference, I was following this tutorial as well: https://www.digitalocean.com/community/tutorials/how-to-install-apache-tomcat-7-on-centos-7-via-yum

Ansible Module "lineinfile" replace multiple lines in several files

our SSL certificate runs out in a couple of days. So I thought Ansible can put the new certs on the server und change the apache2 sites.

Serveral sites are running on this server.

I want to replace the following lines:

  • SSLCertificateChainFile
  • SSLCertificateKeyFile
  • SSLCertificateFile

I use this command to get a list of all sites in /etc/apache2 where the pattern "SSLCertificate" exists.

- name: Apache 2.2 list sites files and store it in register
  command: grep -lR --exclude default-ssl "SSLCertificate" /etc/apache2/
  register: apache22_sites

This is what I use, when only one file has to be changed:

- name: apache2.2.* | configure certs
  lineinfile: dest=/path/to/...  regexp={{ item.regexp }} line={{ item.line}} backrefs=yes
  with_items:
        - { regexp: "SSLCertificateChainFile", line: "    SSLCertificateChainFile = ..." }
        - { regexp: "SSLCertificateKeyFile ", line: "    SSLCertificateKeyFile = ..." }
        - { regexp: "SSLCertificateFile", line: "    SSLCertificateFile = ..."
  notify: reload apache2

How can i tell ansible to use this code with multiple files listed in variable "apache22_sites" and multiples lines?

I found a good hint here, bad sadly only for one line.

I appreciate any tipps, tricks, hints :)

Greetings Dennis

How to arrange a website deployment with Ansible such that Apache is not restarted if there is no vhost change?

I am presently learning Ansible, and to apply what I am learning, I am converting some old Bash install scripts to build a web server. One of my use cases is to install or upgrade a website. The process generally is:

  • Copy Apache vhost definition into /etc/apache2/available-sites
  • Symlink vhost definition in /etc/apache2/enabled-sites
  • Checkout branch in /var/www/sitename or copy from source folder
  • Run custom set-up or migration scripts inside that project e.g. with Phing
  • Graceful restart of Apache

I would be interested in only doing the web-server restart if the vhost is required, mainly because I have a passphrase on my SSL certificate, and this will need to be re-entered if that happens. Since most runs of this playbook will be upgrades and not installations, it makes sense to suppress the restart where it is not required.

I've done some searching around this use-case, but I can't seem to find much related material online. I have therefore creating the following, using a file hash to detect changes, and I am wondering if there is a better way to do it. Here it is:

---

# Copy site contents unconditionally
- file: path=/var/www/html state=directory
- copy: src=../../build-files/default/index.html dest=/var/www/html/index.html

# Copy vhost to a temporary file so we can checksum it remotely
- copy: src=../../build-files/apache/000-default.conf dest=/tmp/000-default.conf

# Get the checksum of the existing vhost
- shell: md5sum /etc/apache2/sites-available/000-default.conf | cut -f 1 -d ' '
  register: old_checksum_default_site

# Get the checksum of the new vhost
- shell: md5sum /tmp/000-default.conf | cut -f 1 -d ' '
  register: new_checksum_default_site

- debug: msg="Old checksum is {{ old_checksum_default_site.stdout }}, new checksum is {{ new_checksum_default_site.stdout }}"

# Copy our default vhost into place if necessary
- copy: src=../../build-files/apache/000-default.conf dest=/etc/apache2/sites-available/000-default.conf
  notify: restart apache
  when: old_checksum_default_site.stdout != new_checksum_default_site.stdout

That's quite a bit of boilerplate to do for all sites, and it doesn't even symlink yet - is there a shorter way? I am not a Python programmer, but do let me know if writing a custom module might be the best solution.

VM keeps timing out due to SSL warning

When i try and access my VM from the web browser, I get the following error:

This webpage is not available
ERR_CONNECTION_TIMED_OUT

This is the the contents of the error.log file:

[Wed Feb 03 12:21:34.321525 2016] [core:notice] [pid 5101] AH00094: Command line: '/usr/sbin/apache2'
[Wed Feb 03 12:21:59.267496 2016] [mpm_prefork:notice] [pid 5101] AH00169: caught SIGTERM, shutting down
[Wed Feb 03 12:22:00.257480 2016] [ssl:warn] [pid 10050] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Feb 03 12:22:00.286850 2016] [ssl:warn] [pid 10051] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Feb 03 12:22:00.288822 2016] [mpm_prefork:notice] [pid 10051] AH00163: Apache/2.4.7 (Ubuntu) OpenSSL/1.0.1f configured -- resuming normal operations

What is causing this issue? am I missing something simple?

ansible lineinfile regex multiline

I'm trying to edit apache.conf using Ansible. Here's part of my conf:

# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
<Directory />
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>

<Directory /usr/share>
        AllowOverride None
        Require all granted
</Directory>

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

#<Directory /srv/>
#       Options Indexes FollowSymLinks
        AllowOverride All
#       Require all granted
#</Directory>

I want to change this block

<Directory /var/www/>
            Options Indexes FollowSymLinks
            AllowOverride None
            Require all granted
    </Directory>

into

<Directory /var/www/>
            Options Indexes FollowSymLinks
            AllowOverride All
            Require all granted
    </Directory>

set AllowOverride from None to All. I'm using this ansible task

- name: change htaccess support
  lineinfile:
    dest: /etc/apache2/apache2.conf
    regexp: '\s<Directory /var/www/>\n\sOptions Indexes FollowSymLinks\n\sAllowOverride'
    line: "AllowOverride All"
  tags:
    - test

However, AllowOverride All always added to the end of file. What's the correct regex pattern to do this jobs. I don't use ansible template cuz I only change one line.

Vagrant – Ansible error installing Apache

I'm working on a project with Vagrant and Ansible and Virtualbox. When I try to install Apache on an ubuntu precise (14.04) box, Vagrant fails. I improved the answer after.

It seems a known bug, but even if I'm installing a newer version, the error shows up. I tried also as stated here, but with no luck.

How can I resolve this issue?

Thank you.


UPDATED ANSWER

This is the Ansible task. Version 1:

- name: Install Apache
  sudo: yes
  apt: pkg=apache2 state=latest
  register: apache2_apt

Output:

failed: [default] => {"failed": true}
stderr: E: Sub-process /usr/bin/dpkg returned an error code (1)

stdout: Reading package lists...
Building dependency tree...
Reading state information...
Suggested packages:
  www-browser apache2-doc apache2-suexec-pristine apache2-suexec-custom
The following NEW packages will be installed:
  apache2
0 upgraded, 1 newly installed, 0 to remove and 183 not upgraded.
Need to get 0 B/146 kB of archives.
After this operation, 460 kB of additional disk space will be used.
(Reading database ... 52932 files and directories currently installed.)
Unpacking apache2 (from .../apache2_2.4.12-1+deb.sury.org~precise+5_amd64.deb) ...
dpkg: error processing /var/cache/apt/archives/apache2_2.4.12-1+deb.sury.org~precise+5_amd64.deb (--unpack):
 error setting ownership of `/var/www/html.dpkg-new': Operation not permitted
Processing triggers for man-db ...
Processing triggers for ureadahead ...
Errors were encountered while processing:
 /var/cache/apt/archives/apache2_2.4.12-1+deb.sury.org~precise+5_amd64.deb

msg: '/usr/bin/apt-get -y -o "Dpkg::Options::=--force-confdef" -o "Dpkg::Options::=--force-confold"   install 'apache2'' failed: E: Sub-process /usr/bin/dpkg returned an error code (1)


FATAL: all hosts have already failed -- aborting

Version 2:

- name: Install Apache
  command: "sudo apt-get install apache2"
  register: apache2_apt

Output:

failed: [default] => {"changed": true, "cmd": ["sudo", "apt-get", "install", "apache2"], "delta": "0:00:07.745095", "end": "2015-06-09 11:08:53.726031", "rc": 100, "start": "2015-06-09 11:08:45.980936", "warnings": []}
stderr: E: Sub-process /usr/bin/dpkg returned an error code (1)
stdout: Reading package lists...
Building dependency tree...
Reading state information...
Suggested packages:
  www-browser apache2-doc apache2-suexec-pristine apache2-suexec-custom
The following NEW packages will be installed:
  apache2
0 upgraded, 1 newly installed, 0 to remove and 183 not upgraded.
Need to get 0 B/146 kB of archives.
After this operation, 460 kB of additional disk space will be used.
(Reading database ... 52932 files and directories currently installed.)
Unpacking apache2 (from .../apache2_2.4.12-1+deb.sury.org~precise+5_amd64.deb) ...
dpkg: error processing /var/cache/apt/archives/apache2_2.4.12-1+deb.sury.org~precise+5_amd64.deb (--unpack):
 error setting ownership of `/var/www/html.dpkg-new': Operation not permitted
Processing triggers for man-db ...
Processing triggers for ureadahead ...
ureadahead will be reprofiled on next reboot
Errors were encountered while processing:
 /var/cache/apt/archives/apache2_2.4.12-1+deb.sury.org~precise+5_amd64.deb

FATAL: all hosts have already failed -- aborting