--- - import_playbook: "include/deploy-kvm-guest.yml myhosts=collab01.home.foo.sh" - name: configure instance hosts: collab user: root gather_facts: true vars_files: - "{{ ansible_private }}/vars.yml" pre_tasks: - name: mount /export mount: name: /export src: LABEL=/export fstype: xfs opts: noatime,noexec,nosuid,nodev passno: "0" dump: "0" state: mounted roles: - base - collab - mod_auth_gssapi - role: kerberos/keytab keytab: /etc/httpd/httpd.keytab principals: HTTP/collab.foo.sh@FOO.SH group: apache - ldap/client tasks: - name: redirect root web directory to collab copy: content: "RedirectMatch permanent \"^/$\" /collab/\n" dest: "/etc/httpd/conf.local.d/redirects.conf" mode: 0644 owner: root group: "{{ ansible_wheel }}" notify: restart apache - name: create htaccess for collab copy: content: | RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ wsgi/$1 [QSA,PT,L] SetHandler wsgi-script AuthType GSSAPI GssapiBasicAuth On AuthName "Password Required (cancel for help)" Require valid-user dest: /srv/wikis/collab/htdocs/.htaccess owner: collab group: collab mode: 0660 seuser: _default setype: _default - name: auto create collab users lineinfile: path: /srv/wikis/collab/config/collabfarm.py regexp: '^\s+auth = .*' line: ' auth = [GivenAuth(autocreate=True)]' notify: restart apache - name: set collab base url lineinfile: path: /srv/wikis/collab/config/collabfarm.py regexp: '^\s+collab_baseurl = .*' line: " collab_baseurl = 'https://collab.foo.sh/collab/'" notify: restart apache - name: set collab default theme lineinfile: path: /srv/wikis/collab/config/collabfarm.py regexp: '^\s+theme_default = .*' line: " theme_default = 'foosh'" notify: restart apache