870451e554
At the moment services might have different MPM selected while all operating the same Apache setup, ie on metal setup. This results in failures to set selected MPMs, so eventually second run of roles after initial deployment will end up in failure (ie upgrade). This patch ensures that all except selected MPMs are disabled and do role get's the desired state of deployment. We also need to align selected MPM across all roles to avoid future conflicts. Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/930446 Change-Id: Ia3e4af7986166f0729840d2a61fb8f52ea053676
156 lines
4.2 KiB
YAML
156 lines
4.2 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Create apache nogroup group
|
|
group:
|
|
name: "nogroup"
|
|
system: "yes"
|
|
|
|
- name: Create apache nogroup user
|
|
user:
|
|
name: "nogroup"
|
|
group: "nogroup"
|
|
system: "yes"
|
|
shell: "/bin/false"
|
|
|
|
- name: Ensure apache log folder exists
|
|
file:
|
|
dest: "{{ keystone_apache_default_log_folder }}"
|
|
state: directory
|
|
owner: "{{ keystone_apache_default_log_owner }}"
|
|
group: "{{ keystone_apache_default_log_grp }}"
|
|
mode: "0755"
|
|
|
|
- name: Ensure apache2 MPM for Debian/Ubuntu
|
|
apache2_module:
|
|
name: "{{ item.name }}"
|
|
state: "{{ item.state }}"
|
|
warn_mpm_absent: false
|
|
with_items: "{{ keystone_apache_mpms | sort(attribute='state') }}"
|
|
when:
|
|
- ansible_facts['pkg_mgr'] == 'apt'
|
|
notify: Restart web server
|
|
|
|
- name: Ensure apache2 MPM for EL
|
|
copy:
|
|
content: |
|
|
LoadModule mpm_{{ keystone_httpd_mpm_backend }}_module modules/mod_mpm_{{ keystone_httpd_mpm_backend }}.so
|
|
|
|
dest: /etc/httpd/conf.modules.d/00-mpm.conf
|
|
mode: "0644"
|
|
when:
|
|
- ansible_facts['pkg_mgr'] == 'dnf'
|
|
notify: Restart web server
|
|
|
|
## NOTE(cloudnull):
|
|
## Module enable/disable process is only functional on Debian
|
|
- name: Enable apache2 modules
|
|
apache2_module:
|
|
name: "{{ item.name }}"
|
|
state: "{{ item.state }}"
|
|
with_items: "{{ keystone_apache_modules }}"
|
|
when:
|
|
- ansible_facts['pkg_mgr'] == 'apt'
|
|
- item.state == 'present'
|
|
notify:
|
|
- Restart web server
|
|
|
|
- name: Place apache2 config files
|
|
template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0644"
|
|
with_items: "{{ keystone_apache_configs }}"
|
|
notify:
|
|
- Restart web server
|
|
|
|
## NOTE(cloudnull):
|
|
## Module enable/disable process is only functional on Debian
|
|
- name: Disable apache2 modules
|
|
apache2_module:
|
|
name: "{{ item.name }}"
|
|
state: "{{ item.state }}"
|
|
with_items: "{{ keystone_apache_modules }}"
|
|
when:
|
|
- ansible_facts['pkg_mgr'] == 'apt'
|
|
- item.state == 'absent'
|
|
notify:
|
|
- Restart web server
|
|
|
|
## NOTE(andymccr):
|
|
## We need to enable a module for httpd on RedHat/CentOS using LoadModule inside conf files
|
|
- name: Enable/disable proxy_uwsgi_module
|
|
lineinfile:
|
|
dest: '/etc/httpd/conf.modules.d/00-proxy.conf'
|
|
line: 'LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so'
|
|
state: "present"
|
|
when:
|
|
- ansible_facts['pkg_mgr'] == 'dnf'
|
|
notify:
|
|
- Restart web server
|
|
|
|
- name: Disable default apache site
|
|
file:
|
|
path: "{{ item }}"
|
|
state: "absent"
|
|
with_items: "{{ keystone_apache_default_sites }}"
|
|
notify:
|
|
- Restart web server
|
|
|
|
- name: Enabled keystone vhost
|
|
file:
|
|
src: "{{ keystone_apache_site_available }}"
|
|
dest: "{{ keystone_apache_site_enabled }}"
|
|
state: "link"
|
|
when:
|
|
- keystone_apache_site_available is defined
|
|
- keystone_apache_site_enabled is defined
|
|
notify:
|
|
- Restart web server
|
|
|
|
- name: Ensure Apache ServerName
|
|
lineinfile:
|
|
dest: "{{ keystone_apache_conf }}"
|
|
line: "ServerName {{ ansible_facts['hostname'] }}"
|
|
notify:
|
|
- Restart web server
|
|
|
|
- name: Ensure Apache ServerTokens
|
|
lineinfile:
|
|
dest: "{{ keystone_apache_security_conf }}"
|
|
regexp: '^ServerTokens'
|
|
line: "ServerTokens {{ keystone_apache_servertokens }}"
|
|
notify:
|
|
- Restart web server
|
|
|
|
- name: Ensure Apache ServerSignature
|
|
lineinfile:
|
|
dest: "{{ keystone_apache_security_conf }}"
|
|
regexp: '^ServerSignature'
|
|
line: "ServerSignature {{ keystone_apache_serversignature }}"
|
|
notify:
|
|
- Restart web server
|
|
|
|
- name: Remove Listen from Apache config
|
|
lineinfile:
|
|
dest: "{{ keystone_apache_conf }}"
|
|
regexp: '^(Listen.*)'
|
|
backrefs: yes
|
|
line: '#\1'
|
|
notify:
|
|
- Restart web server
|