setup-apache.yml

- name: Configure firewall and install Apache2
  hosts: "{{ var_hosts | default('webheads') }}"
  vars_files:
  - vars/conf.yml
  - vars/apache.yml

  pre_tasks:
    - name: install epel
      become: yes
      yum:
        name: epel-release
        state: latest

    - name: install mod_security and firewalld
      yum:
        name: 
          - mod_security
          - firewalld
        state: latest

    - name: Enable firewalld
      service: name=firewalld state=started enabled=yes
      
    - name: Make Document Root
      file: path="{{ live_doc_root }}" state=directory

    - name: Make httpd dir
      file: path="/etc/httpd/conf/" state=directory

    - name: Make autoconfig log dir
      file: path="/var/log/httpd/autoconfig" state=directory

    - name: Copy SSL certs.
      copy:
        src: "{{ item }}"
        dest: /etc/httpd/conf
        mode: 0600
      with_items:
        - "files/privkey.pem"
        - "files/chain.pem"
        - "files/cert.pem"

    - name: install mod_wsgi
      yum:
        name: mod_wsgi
        state: latest

    - name: Set MPM to event by copying config file,
      copy:
        src: "{{ item }}"
        dest: /etc/httpd/conf.modules.d
        mode: 0644
      with_items:
        - "files/00-mpm.conf"

  roles:
    - { role: geerlingguy.apache }

  post_tasks:
    - name: Make sure http and https ports are open.
      firewalld:
        service: "{{ item }}"
        zone:      public
        permanent: yes
        immediate: yes
        state:     enabled
      with_items:
        - http
        - https

    - name: Comment out CustomLog.
      replace:
        path: /etc/httpd/conf/httpd.conf
        regexp: '^[ ]+CustomLog \"logs\/access_log\" combined'
        replace: ''
        backup: no

    - name: Comment out LogFormat.
      replace:
        path: /etc/httpd/conf/httpd.conf
        regexp: '^[ ]+LogFormat.*$'
        replace: ''
        backup: no

    - name: Reload service httpd, in all cases.
      systemd:
        name: httpd
        state: reloaded