roles/apache: Add tags to tasks

Adding tags to tasks makes them easier to run in isolation.
2020-12-26 11:35:45 -06:00 · 2020-12-26 11:35:45 -06:00 · 59e8244a08
parent aa1ab75edd
commit 59e8244a08
1 changed files with 27 additions and 0 deletions
--- a/roles/apache/tasks/main.yml
+++ b/roles/apache/tasks/main.yml
@ -14,6 +14,9 @@
    group=apache
  with_fileglob:
  - '{{ inventory_hostname }}.keytab'
+  tags:
+  - apache-config
+  - keytab

 - name: ensure tls private key exists
  copy:
@ -24,6 +27,8 @@
  with_fileglob:
  - '{{ inventory_hostname }}.key'
  notify: reload httpd
+  tags:
+  - cert
 - name: ensure tls certificate exists
  copy:
   src={{ item }}
@ -32,6 +37,8 @@
   setype=cert_t
  with_fileglob:
  - '{{ inventory_hostname }}.cer'
+  tags:
+  - cert
  notify: reload httpd
 - name: ensure tls ca certificate exists
  copy:
@ -43,12 +50,16 @@
  with_fileglob:
  - '{{ inventory_hostname }}-ca.crt'
  notify: reload httpd
+  tags:
+  - cert
 - name: ensure ssl.include is populated
  template:
    src=ssl.include.j2
    dest=/etc/httpd/conf.d/ssl.include
    mode=0644
  notify: reload httpd
+  tags:
+  - apache-config
 - name: ensure mod_ssl is configured
  template:
    src=ssl.conf.j2
@ -56,6 +67,8 @@
    mode=0644
    setype=httpd_config_t
  notify: reload httpd
+  tags:
+  - apache-config

 - name: ensure apache userdir module is configured
  template:
@ -63,11 +76,15 @@
    dest=/etc/httpd/conf.d/userdir.conf
    mode=0644
  notify: reload httpd
+  tags:
+  - apache-config
 - name: ensure selinux is configured for apache user directories
  seboolean:
    name=httpd_enable_homedirs
    persistent=yes
    state={{ 'yes' if apache_userdir is defined else 'no' }}
+  tags:
+  - selinux

 - name: ensure apache mpm module is configured
  template:
@ -75,6 +92,8 @@
    dest=/etc/httpd/conf.modules.d/00-mpm.conf
    mode=0644
    setype=httpd_config_t
+  tags:
+  - apache-config
  notify: reload httpd
 - name: ensure apache server name is set
  template:
@ -83,11 +102,15 @@
    mode=0644
    setype=httpd_config_t
  notify: reload httpd
+  tags:
+  - apache-config

 - name: ensure httpd service starts at boot
  service:
    name=httpd
    enabled=yes
+  tags:
+  - service

 - name: ensure web ports are open in firewall
  firewalld: >-
@ -98,9 +121,13 @@
    state=enabled
  with_items: '{{ web_ports }}'
  notify: save firewalld configuration
+  tags:
+  - firewall

 - name: ensure old apache logs are rotated
  template:
    src=httpd.logrotate.j2
    dest=/etc/logrotate.d/httpd
    mode=0644
+  tags:
+  - logrotate