diff --git a/tasks/keystone_apache.yml b/tasks/keystone_apache.yml
index 2d76e0d3..031712f5 100644
--- a/tasks/keystone_apache.yml
+++ b/tasks/keystone_apache.yml
@@ -99,3 +99,26 @@
- ansible_pkg_mgr == 'apt'
notify:
- Restart service
+
+## NOTE(cloudnull):
+## Module enable/disable process is only functional on Debian based systems.
+- name: Enable/disable proxy_http
+ apache2_module:
+ name: proxy_http
+ state: "{{ (keystone_mod_wsgi_enabled | bool) | ternary('absent', 'present') }}"
+ when:
+ - ansible_pkg_mgr == 'apt'
+ notify:
+ - Restart service
+
+## NOTE(andymccr):
+## We need to enable a module for httpd on RedHat/CentOS using LoadModule inside conf files
+- name: Enable/disable proxy_uwsgi_module
+ lineinfile:
+ dest: '/etc/httpd/conf.modules.d/00-proxy.conf'
+ line: 'LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so'
+ state: "{{ (keystone_mod_wsgi_enabled | bool) | ternary('absent', 'present') }}"
+ when:
+ - ansible_pkg_mgr == 'yum'
+ notify:
+ - Restart service
diff --git a/tasks/main.yml b/tasks/main.yml
index d1f4e1af..c4580cfa 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -120,7 +120,7 @@
tags:
- keystone-install
- keystone-config
- when: not keystone_apache_enabled | bool
+ when: not keystone_mod_wsgi_enabled | bool
- name: Flush handlers
meta: flush_handlers
diff --git a/templates/keystone-httpd.conf.j2 b/templates/keystone-httpd.conf.j2
index 8a2fb8a3..750e8c55 100644
--- a/templates/keystone-httpd.conf.j2
+++ b/templates/keystone-httpd.conf.j2
@@ -1,6 +1,7 @@
# {{ ansible_managed }}
+{% if keystone_mod_wsgi_enabled | bool -%}
WSGIDaemonProcess keystone-service user={{ keystone_system_user_name }} group={{ keystone_system_group_name }} processes={{ keystone_wsgi_processes }} threads={{ keystone_wsgi_threads }} display-name=%{GROUP} python-path={{ keystone_bin | dirname }}/lib/python2.7/site-packages
WSGIProcessGroup keystone-service
@@ -57,20 +58,19 @@
WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ /var/www/cgi-bin/keystone/main/$1
{% endif %}
- {% if keystone_mod_wsgi_enabled | bool -%}
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
- {% else %}
- ProxyPass / uwsgi://127.0.0.1:{{ keystone_uwsgi_ports[keystone-wsgi-public]["socket"] }}/
- {% endif %}
-
+{% else %}
+ ProxyPass / uwsgi://127.0.0.1:{{ keystone_uwsgi_ports['keystone-wsgi-public']['socket'] }}/
+{% endif %}
+{% if keystone_mod_wsgi_enabled | bool -%}
WSGIDaemonProcess keystone-admin user={{ keystone_system_user_name }} group={{ keystone_system_group_name }} processes={{ keystone_wsgi_processes }} threads={{ keystone_wsgi_threads }} display-name=%{GROUP} python-path={{ keystone_bin | dirname }}/lib/python2.7/site-packages
WSGIProcessGroup keystone-admin
@@ -101,19 +101,17 @@
SSLOptions +StdEnvVars +ExportCertData
{% endif %}
- {% if keystone_mod_wsgi_enabled | bool -%}
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
- {% else -%}
- ProxyPass / uwsgi://127.0.0.1:{{ keystone_uwsgi_ports[keystone-wsgi-admin]["socket"] }}/
- {% endif %}
-
+{% else -%}
+ ProxyPass / uwsgi://127.0.0.1:{{ keystone_uwsgi_ports['keystone-wsgi-admin']["socket"] }}/
+{% endif %}
{% if not keystone_mod_wsgi_enabled | bool -%}
-ProxyPass /identity uwsgi://127.0.0.1:{{ keystone_uwsgi_ports[keystone-wsgi-public]['socket'] }}/
-ProxyPass /identity_admin uwsgi://127.0.0.1:{{ keystone_uwsgi_ports[keystone-wsgi-admin]['socket'] }}/
+ProxyPass /identity uwsgi://127.0.0.1:{{ keystone_uwsgi_ports['keystone-wsgi-public']['socket'] }}/
+ProxyPass /identity_admin uwsgi://127.0.0.1:{{ keystone_uwsgi_ports['keystone-wsgi-admin']['socket'] }}/
{% endif %}