Merge "Ensure that selected Apache MPM is enforced"
This commit is contained in:
Zuul
Gerrit Code Review
commit
1247611233
@ -232,7 +232,7 @@ keystone_apache_servertokens: "Prod"
|
|||||||
keystone_apache_serversignature: "Off"
|
keystone_apache_serversignature: "Off"
|
||||||
|
|
||||||
## Apache MPM tunables
|
## Apache MPM tunables
|
||||||
keystone_httpd_mpm_backend: event
|
keystone_httpd_mpm_backend: "{{ openstack_apache_mpm_backend | default('event') }}"
|
||||||
keystone_httpd_mpm_server_limit: "{{ keystone_wsgi_processes }}"
|
keystone_httpd_mpm_server_limit: "{{ keystone_wsgi_processes }}"
|
||||||
keystone_httpd_mpm_start_servers: 2
|
keystone_httpd_mpm_start_servers: 2
|
||||||
keystone_httpd_mpm_min_spare_threads: 25
|
keystone_httpd_mpm_min_spare_threads: 25
|
||||||
|
|||||||
@ -33,6 +33,27 @@
|
|||||||
group: "{{ keystone_apache_default_log_grp }}"
|
group: "{{ keystone_apache_default_log_grp }}"
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
|
||||||
|
- name: Ensure apache2 MPM for Debian/Ubuntu
|
||||||
|
apache2_module:
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
state: "{{ item.state }}"
|
||||||
|
warn_mpm_absent: false
|
||||||
|
with_items: "{{ keystone_apache_mpms | sort(attribute='state') }}"
|
||||||
|
when:
|
||||||
|
- ansible_facts['pkg_mgr'] == 'apt'
|
||||||
|
notify: Restart web server
|
||||||
|
|
||||||
|
- name: Ensure apache2 MPM for EL
|
||||||
|
copy:
|
||||||
|
content: |
|
||||||
|
LoadModule mpm_{{ keystone_httpd_mpm_backend }}_module modules/mod_mpm_{{ keystone_httpd_mpm_backend }}.so
|
||||||
|
|
||||||
|
dest: /etc/httpd/conf.modules.d/00-mpm.conf
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- ansible_facts['pkg_mgr'] == 'dnf'
|
||||||
|
notify: Restart web server
|
||||||
|
|
||||||
## NOTE(cloudnull):
|
## NOTE(cloudnull):
|
||||||
## Module enable/disable process is only functional on Debian
|
## Module enable/disable process is only functional on Debian
|
||||||
- name: Enable apache2 modules
|
- name: Enable apache2 modules
|
||||||
|
|||||||
@ -82,6 +82,14 @@ keystone_apache_configs:
|
|||||||
- { src: "keystone-httpd.conf.j2", dest: "/etc/apache2/sites-available/keystone-httpd.conf" }
|
- { src: "keystone-httpd.conf.j2", dest: "/etc/apache2/sites-available/keystone-httpd.conf" }
|
||||||
- { src: "keystone-httpd-mpm.conf.j2", dest: "/etc/apache2/mods-available/mpm_{{ keystone_httpd_mpm_backend }}.conf" }
|
- { src: "keystone-httpd-mpm.conf.j2", dest: "/etc/apache2/mods-available/mpm_{{ keystone_httpd_mpm_backend }}.conf" }
|
||||||
|
|
||||||
|
keystone_apache_mpms:
|
||||||
|
- name: "mpm_event"
|
||||||
|
state: "{{ (keystone_httpd_mpm_backend == 'event') | ternary('present', 'absent') }}"
|
||||||
|
- name: "mpm_worker"
|
||||||
|
state: "{{ (keystone_httpd_mpm_backend == 'worker') | ternary('present', 'absent') }}"
|
||||||
|
- name: "mpm_prefork"
|
||||||
|
state: "{{ (keystone_httpd_mpm_backend == 'prefork') | ternary('present', 'absent') }}"
|
||||||
|
|
||||||
keystone_apache_modules:
|
keystone_apache_modules:
|
||||||
- name: "ssl"
|
- name: "ssl"
|
||||||
state: "{{ (keystone_backend_ssl | bool) | ternary('present', 'absent') }}"
|
state: "{{ (keystone_backend_ssl | bool) | ternary('present', 'absent') }}"
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user