--- - name: Deploy KVM virtual machines ansible.builtin.import_playbook: include/deploy-kvm-guest.yml vars: myhosts: collab - name: Configure instance hosts: collab user: root gather_facts: true vars_files: - "{{ ansible_private }}/vars.yml" pre_tasks: - name: Mount /export ansible.posix.mount: name: /export src: LABEL=/export fstype: xfs opts: noatime,noexec,nosuid,nodev passno: "0" dump: "0" state: mounted roles: - base - collab - mod_auth_gssapi - role: keytab keytab_path: /etc/httpd/httpd.keytab keytab_principals: HTTP/collab.foo.sh@FOO.SH keytab_group: apache - ldap tasks: - name: Redirect root web directory to collab ansible.builtin.copy: content: "RedirectMatch permanent \"^/$\" /collab/\n" dest: "/etc/httpd/conf.local.d/redirects.conf" mode: "0644" owner: root group: "{{ ansible_wheel }}" notify: Restart apache - name: Create htaccess for collab ansible.builtin.copy: content: | RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ wsgi/$1 [QSA,PT,L] SetHandler wsgi-script AuthType GSSAPI GssapiBasicAuth On AuthName "Password Required (cancel for help)" Require valid-user dest: /srv/wikis/collab/htdocs/.htaccess owner: collab group: collab mode: "0660" seuser: _default setype: _default - name: Auto create collab users ansible.builtin.lineinfile: path: /srv/wikis/collab/config/collabfarm.py regexp: '^\s+auth = .*' line: ' auth = [GivenAuth(autocreate=True)]' notify: Restart apache - name: Set collab base url ansible.builtin.lineinfile: path: /srv/wikis/collab/config/collabfarm.py regexp: '^\s+collab_baseurl = .*' line: " collab_baseurl = 'https://collab.foo.sh/collab/'" notify: Restart apache - name: Set collab default theme ansible.builtin.lineinfile: path: /srv/wikis/collab/config/collabfarm.py regexp: '^\s+theme_default = .*' line: " theme_default = 'foosh'" notify: Restart apache