openstack-ansible-os_keystone/tasks/keystone_apache.yml

135 lines
3.6 KiB
YAML

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create apache nogroup group
group:
name: "nogroup"
system: "yes"
- name: Create apache nogroup user
user:
name: "nogroup"
group: "nogroup"
system: "yes"
shell: "/bin/false"
- name: Ensure apache log folder exists
file:
dest: "{{ keystone_apache_default_log_folder }}"
state: directory
owner: "{{ keystone_apache_default_log_owner }}"
group: "{{ keystone_apache_default_log_grp }}"
mode: "0755"
## NOTE(cloudnull):
## Module enable/disable process is only functional on Debian
- name: Enable apache2 modules
apache2_module:
name: "{{ item.name }}"
state: "{{ item.state }}"
with_items: "{{ keystone_apache_modules }}"
when:
- ansible_facts['pkg_mgr'] == 'apt'
- item.state == 'present'
notify:
- Restart web server
- name: Place apache2 config files
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "root"
group: "root"
mode: "0644"
with_items: "{{ keystone_apache_configs }}"
notify:
- Restart web server
## NOTE(cloudnull):
## Module enable/disable process is only functional on Debian
- name: Disable apache2 modules
apache2_module:
name: "{{ item.name }}"
state: "{{ item.state }}"
with_items: "{{ keystone_apache_modules }}"
when:
- ansible_facts['pkg_mgr'] == 'apt'
- item.state == 'absent'
notify:
- Restart web server
## NOTE(andymccr):
## We need to enable a module for httpd on RedHat/CentOS using LoadModule inside conf files
- name: Enable/disable proxy_uwsgi_module
lineinfile:
dest: '/etc/httpd/conf.modules.d/00-proxy.conf'
line: 'LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so'
state: "present"
when:
- ansible_facts['pkg_mgr'] == 'dnf'
notify:
- Restart web server
- name: Disable default apache site
file:
path: "{{ item }}"
state: "absent"
with_items: "{{ keystone_apache_default_sites }}"
notify:
- Restart web server
- name: Enabled keystone vhost
file:
src: "{{ keystone_apache_site_available }}"
dest: "{{ keystone_apache_site_enabled }}"
state: "link"
when:
- keystone_apache_site_available is defined
- keystone_apache_site_enabled is defined
notify:
- Restart web server
- name: Ensure Apache ServerName
lineinfile:
dest: "{{ keystone_apache_conf }}"
line: "ServerName {{ ansible_facts['hostname'] }}"
notify:
- Restart web server
- name: Ensure Apache ServerTokens
lineinfile:
dest: "{{ keystone_apache_security_conf }}"
regexp: '^ServerTokens'
line: "ServerTokens {{ keystone_apache_servertokens }}"
notify:
- Restart web server
- name: Ensure Apache ServerSignature
lineinfile:
dest: "{{ keystone_apache_security_conf }}"
regexp: '^ServerSignature'
line: "ServerSignature {{ keystone_apache_serversignature }}"
notify:
- Restart web server
- name: Remove Listen from Apache config
lineinfile:
dest: "{{ keystone_apache_conf }}"
regexp: '^(Listen.*)'
backrefs: yes
line: '#\1'
notify:
- Restart web server