A (patchy) server for HTTP, Apache 2.4 patched again by Red Hat, and me.

.github/workflows/molecule.yml

@@ -0,0 +1,38 @@
+---
+name: Ansible Molecule
+# yamllint disable-line rule:truthy
+on:
+  push:
+    tags_ignore:
+      - '*'
+  pull_request:
+
+jobs:
+  lint:
+    runs-on: ubuntu-20.04
+    steps:
+      - name: checkout
+        uses: actions/checkout@v2
+        with:
+          path: "${{ github.repository }}"
+      - name: molecule
+        uses: robertdebock/molecule-action@2.7.2
+        with:
+          command: lint
+  test:
+    needs:
+      - lint
+    runs-on: ubuntu-20.04
+    strategy:
+      fail-fast: false
+    steps:
+      - name: checkout
+        uses: actions/checkout@v2
+        with:
+          path: "${{ github.repository }}"
+      - name: molecule
+        uses: robertdebock/molecule-action@2.7.2
+        with:
+          image: ${{ matrix.config.image }}
+          tag: ${{ matrix.config.tag }}
+...

.later.yml

@@ -0,0 +1,88 @@
+---
+ansible:
+  # Add the name of used custom Ansible modules. Otherwise ansible-later
+  # can't detect unknown modules and will through an error.
+  # Modules which are bundled with the role and placed in a './library'
+  # directory will be auto-detected and don't need to be added to this list.
+  custom_modules: []
+
+  # Settings for variable formatting rule (ANSIBLE0004)
+  double-braces:
+    max-spaces-inside: 1
+    min-spaces-inside: 1
+
+  # List of allowed literal bools (ANSIBLE0014)
+  literal-bools:
+    - "true"
+    - "false"
+
+  # List of modules that don't need to be named (ANSIBLE0006).
+  # You must specify each individual module name, globs
+  # or wildcards do not work!
+  named-task:
+    exclude:
+      - 'meta'
+      - 'debug'
+      - 'block'
+
+  # List of modules that are allowed to use the key=value format
+  # instead of the native YAML format (LINT0008).
+  # You must specify each individual module name, globs or
+  # wildcards do not work!
+  native-yaml:
+    exclude:
+      - 'debug'
+
+# Global settings for all defined rules
+rules:
+  # Disable build-in rules if required
+  buildin: true
+
+  # List of files to exclude
+  exclude_files:
+    - templates/
+  # Examples:
+  #  - molecule/
+  #  - files/**/*.py
+
+  # Limit checks to given rule ID's
+  # If empty all rules will be used.
+  filter: []
+
+  # Exclude given rule ID's from checks
+  exclude_filter: []
+
+  # List of rule ID's that should be displayed as a warning
+  # instead of an error. By default, only rules whose version
+  # is higher than the current default version are marked as warnings.
+  # This list allows to degrade errors to warnings for each rule.
+  warning_filter:
+    - "ANSIBLE9999"
+
+  # All dotfiles (including hidden folders) are excluded by default.
+  # You can disable this setting and handle dotfiles by yourself
+  # with `exclude_files`.
+  ignore_dotfiles: false
+
+  # List of directories to load standard rules from (defaults to build-in)
+  standards: []
+  version: '0.2'
+# Block to control included yamllint rules.
+# See https://yamllint.readthedocs.io/en/stable/rules.html
+yamllint:
+  colons:
+    max-spaces-after: 1
+    max-spaces-before: 0
+  document-start:
+    present: true
+  empty-lines:
+    max: 1
+    max-end: 1
+    max-start: 0
+  hyphens:
+    max-spaces-after: 1
+  indentation:
+    check-multi-line-strings: false
+    indent-sequences: true
+    spaces: 2
+...

README.md

@@ -1,2 +1,2 @@
 # base_apache
-Ansible role to install apache 2.4 on RedHat/Centos 
+🪶 Ansible role to install apache 2.4 on RedHat/Centos

defaults/main.yml

@@ -0,0 +1,11 @@
+---
+
+# Set to any other value to manage /etc/httpd/conf.d/ssl.conf elsewhere
+ssl_config: 'default'
+goss_test_directory: /etc/goss.d
+apache_https_transport: true
+hsts_max_age: 10368001
+x_frame_options: DENY
+x_content_type_options: nosniff
+ProxyPreserveHost: 'Off'
+...

handlers/main.yml

@@ -0,0 +1,8 @@
+---
+
+- name: Restart httpd
+  systemd:
+    name: httpd24-httpd.service
+    enabled: true
+    state: restarted
+...

meta/main.yml

@@ -0,0 +1,22 @@
+---
+
+galaxy_info:
+  role_name: base_apache
+  author: Bas Meijer
+  description: Apache 2.4 for internal use on Red Hat Enterprise Linux 7
+  company: dockpack
+  namespace: dockpack
+
+  license: Apache
+
+  min_ansible_version: 2.9
+
+  platforms:
+    - name: EL
+      versions:
+        - 7
+
+  galaxy_tags: []
+
+dependencies: []
+...

molecule/default/converge.yml

@@ -0,0 +1,11 @@
+---
+
+- name: Converge
+  hosts: all
+  vars:
+    apache_https_transport: false
+  tasks:
+    - name: "Include base_apache"
+      include_role:
+        name: "base_apache"
+...

molecule/default/molecule.yml

@@ -0,0 +1,27 @@
+---
+
+dependency:
+  name: galaxy
+driver:
+  name: docker
+lint: |
+  set -e
+  yamllint .
+  ansible-lint
+  ansible-later -q
+platforms:
+  - name: base-apache-centos7
+    image: centos:7
+    capabilities:
+      - CAP_NET_BIND_SERVICE
+    command: /sbin/init
+    tmpfs:
+      - /run
+      - /tmp
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+provisioner:
+  name: ansible
+verifier:
+  name: ansible
+...

molecule/default/verify.yml

@@ -0,0 +1,44 @@
+---
+# This is an example playbook to execute goss tests.
+# Tests need distributed to the appropriate ansible host/groups
+# prior to execution by `goss validate`.
+
+# yamllint disable rule:line-length
+
+- name: Verify
+  hosts: all
+  become: true
+  gather_facts: false
+  vars:
+    goss_version: v0.3.7
+    goss_arch: amd64
+    goss_dst: /usr/local/bin/goss
+    goss_sha256sum: 357f5c7f2e7949b412bce44349cd32ab19eb3947255a8ac805f884cc2c326059
+    goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}"
+    goss_test_directory: /etc/goss.d
+    goss_format: tap
+  tasks:
+    - name: Download and install Goss
+      get_url:
+        url: "{{ goss_url }}"
+        dest: "{{ goss_dst }}"
+        sha256sum: "{{ goss_sha256sum }}"
+        mode: 0755
+      register: download_goss
+      until: download_goss is succeeded
+      retries: 3
+
+    - name: Execute Goss tests
+      command: "{{ goss_dst }} -g /etc/goss.d/test_apache.yml validate --format {{ goss_format }}"
+      register: test_results
+      changed_when: false
+
+    - name: Display details about the Goss results
+      debug:
+        msg: "{{ test_results.stdout_lines }}"
+
+    - name: Fail when tests fail
+      fail:
+        msg: "Goss failed to validate"
+      when: test_results.rc != 0
+...