diff --git a/defaults/main.yml b/defaults/main.yml
index 7574d4e..c2637c4 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -142,9 +142,6 @@ skyline_pip_packages:
)
}}"
-## Apache configuration
-skyline_apache_mpm_backend: "{{ openstack_apache_mpm_backend | default('event') }}"
-
## Service Name-Group Mapping
skyline_services:
skyline-api:
diff --git a/handlers/main.yml b/handlers/main.yml
index 27d650e..5e81f87 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -43,12 +43,3 @@
listen:
- "Restart skyline services"
- "venv changed"
-
-- name: Restart web server
- service:
- name: "{{ skyline_system_service_name }}"
- enabled: yes
- state: "restarted"
- daemon_reload: "{{ (ansible_facts['service_mgr'] == 'systemd') | ternary('yes', omit) }}"
- listen:
- - "venv changed"
diff --git a/releasenotes/notes/httpd_role_switch-afe7209ffa0a402d.yaml b/releasenotes/notes/httpd_role_switch-afe7209ffa0a402d.yaml
new file mode 100644
index 0000000..03a8e05
--- /dev/null
+++ b/releasenotes/notes/httpd_role_switch-afe7209ffa0a402d.yaml
@@ -0,0 +1,6 @@
+---
+
+upgrade:
+ - |
+ The ``os_skyline`` role was switched to using a standalone ``httpd`` role
+ from the in-role httpd deployment.
diff --git a/tasks/skyline_apache.yml b/tasks/skyline_apache.yml
index ad458dd..0f36edb 100644
--- a/tasks/skyline_apache.yml
+++ b/tasks/skyline_apache.yml
@@ -13,73 +13,36 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-- name: Ensure apache2 MPM for Debian/Ubuntu
- apache2_module:
- name: "{{ item.name }}"
- state: "{{ item.state }}"
- ignore_configcheck: yes
- warn_mpm_absent: false
- with_items: "{{ skyline_apache_mpms | sort(attribute='state') }}"
- when:
- - ansible_facts['pkg_mgr'] == 'apt'
- notify: Restart web server
-
-- name: Ensure apache2 MPM for EL
- copy:
- content: |
- LoadModule mpm_{{ skyline_apache_mpm_backend }}_module modules/mod_mpm_{{ skyline_apache_mpm_backend }}.so
-
- dest: /etc/httpd/conf.modules.d/00-mpm.conf
- mode: "0644"
- when:
- - ansible_facts['pkg_mgr'] == 'dnf'
- notify: Restart web server
-
-- name: Enable apache2 modules
- apache2_module:
- name: "{{ item.name }}"
- state: "{{ item.state }}"
- ignore_configcheck: yes
- with_items:
- - "{{ skyline_apache_modules }}"
- when:
- - ansible_facts['pkg_mgr'] == 'apt'
- notify: Restart web server
-
-- name: Disable default apache site
- file:
- path: "{{ item }}"
- state: "absent"
- with_items: "{{ skyline_apache_default_sites }}"
- notify: Restart web server
-
-- name: Ensure Apache ServerName
- lineinfile:
- dest: "{{ skyline_apache_conf }}"
- line: "ServerName {{ skyline_server_name }}"
- notify: Restart web server
-
-- name: Create Apache config
- template:
- src: "{{ item['src'] }}"
- dest: "{{ item['dest'] }}"
- owner: "{{ item['owner'] }}"
- group: "{{ item['group'] }}"
- mode: "0644"
- with_items: "{{ skyline_apache_configs }}"
- notify: Restart web server
-
-- name: Enable skyline site
- file:
- src: "/etc/{{ skyline_system_service_name }}/sites-available/skyline.conf"
- dest: "{{ skyline_vhost_enable_path }}/skyline.conf"
- state: "link"
- notify: Restart web server
-
-- name: Remove Listen from Apache config
- lineinfile:
- dest: "{{ skyline_apache_security_conf }}"
- regexp: '^(Listen.*)'
- backrefs: yes
- line: '#\1'
- notify: Restart web server
+- name: Including HTTPD role
+ ansible.builtin.import_role:
+ name: httpd
+ vars:
+ httpd_extra_modules:
+ - name: "proxy_http"
+ state: "present"
+ httpd_vhosts:
+ - name: skyline
+ address: "{{ skyline_bind_address }}"
+ port: "{{ skyline_service_port }}"
+ document_root: "{{ skyline_lib_static_files }}"
+ server_name: "{{ skyline_server_name }}"
+ directories:
+ - path: "{{ skyline_lib_static_files }}"
+ options:
+ - ''
+ - ' Header set Cache-Control "max-age=86400, public"'
+ - ''
+ - RewriteEngine On
+ - RewriteCond %{REQUEST_URI} !^/index.html$
+ - RewriteCond %{REQUEST_FILENAME} !-f
+ - RewriteCond %{REQUEST_FILENAME} !-d
+ - RewriteCond %{REQUEST_URI} !\.(html|css|js|jpg|jpeg|png|gif|ico|svg|eot|otf|woff|woff2|ttf)$ [NC]
+ - RewriteRule . /index.html [L]
+ - Require all granted
+ locations: "{{ _skyline_default_locations + _skyline_service_locations }}"
+ options: >-
+ {{
+ ('https' in _endpoint_list.stdout | from_yaml | map(attribute='URL') | map('urlsplit') | map(attribute='scheme')) | ternary(
+ _skyline_proxy_ssl_options | select(), []
+ )
+ }}
diff --git a/tasks/skyline_pre_install.yml b/tasks/skyline_pre_install.yml
index af2bbf2..4397462 100644
--- a/tasks/skyline_pre_install.yml
+++ b/tasks/skyline_pre_install.yml
@@ -47,6 +47,3 @@
mode: "0700"
- path: "{{ skyline_system_user_home }}"
- path: "/var/log/skyline"
- - path: "/etc/{{ skyline_system_service_name }}/sites-available"
- owner: root
- group: root
diff --git a/templates/apache_ports.conf.j2 b/templates/apache_ports.conf.j2
deleted file mode 100644
index d43bb9b..0000000
--- a/templates/apache_ports.conf.j2
+++ /dev/null
@@ -1,6 +0,0 @@
-# {{ ansible_managed }}
-
-# We place a blank file here
-# Listen commands happen inside the individual VHost files
-# This allows for multiple services VHosts to exist without
-# overwriting Listen lines.
\ No newline at end of file
diff --git a/templates/skyline.vhost.j2 b/templates/skyline.vhost.j2
deleted file mode 100644
index 3824877..0000000
--- a/templates/skyline.vhost.j2
+++ /dev/null
@@ -1,57 +0,0 @@
-Listen {{ skyline_bind_address }}:{{ skyline_service_port }}
-
-# Server configuration for Skyline console
-
- DocumentRoot {{ skyline_lib_static_files }}
-
- {% if ('https' in _endpoint_list.stdout | from_yaml | map(attribute='URL') | map('urlsplit') | map(attribute='scheme')) -%}
- SSLProxyEngine On
- SSLProxyProtocol {{ skyline_ssl_protocol }}
- {% if skyline_ssl_cipher_suite_tls12 != "" -%}
- SSLProxyCipherSuite {{ skyline_ssl_cipher_suite_tls12 }}
- {% endif -%}
- {% if skyline_ssl_cipher_suite_tls13 != "" -%}
- SSLProxyCipherSuite TLSv1.3 {{ skyline_ssl_cipher_suite_tls13 }}
- {% endif -%}
- {% endif %}
-
-
-
- Header set Cache-Control "max-age=86400, public"
-
-
- RewriteEngine On
- RewriteCond %{REQUEST_URI} !^/index.html$
- RewriteCond %{REQUEST_FILENAME} !-f
- RewriteCond %{REQUEST_FILENAME} !-d
- RewriteCond %{REQUEST_URI} !\.(html|css|js|jpg|jpeg|png|gif|ico|svg|eot|otf|woff|woff2|ttf)$ [NC]
- RewriteRule . /index.html [L]
-
- Require all granted
-
-
-
- ProxyPass http://127.0.0.1:8443/
- ProxyPassReverse Off
- ProxyPreserveHost On
-
-
- ProxyPass http://127.0.0.1:8443/
- ProxyPassReverse Off
- ProxyPreserveHost On
-
-
-{% for endpoint in openstack_service_endpoints %}
-{% set _region = endpoint["Region"] | lower %}
-{% set _type = (endpoint["Service Type"] | lower) %}
-{% set _url = endpoint["URL"] | urlsplit %}
-{% if _type in skyline_service_mapping %}
-{% set _service = skyline_service_mapping[_type] %}
-
- ProxyPass {{ _url.scheme }}://{{ _url.hostname }}:{{ _url.port }}/ flushpackets=on
- ProxyPassReverse {{ _url.scheme }}://{{ _url.hostname }}:{{ _url.port }}/
- ProxyPreserveHost On
-
-{% endif %}
-{% endfor %}
-
diff --git a/vars/debian.yml b/vars/debian.yml
index ce9f0c3..eae5610 100644
--- a/vars/debian.yml
+++ b/vars/debian.yml
@@ -20,39 +20,6 @@ cache_timeout: 600
# Common apt packages
skyline_distro_packages:
- git
- - apache2
-
-skyline_system_service_name: apache2
-skyline_vhost_enable_path: /etc/apache2/sites-enabled
-
-skyline_apache_mpms:
- - name: "mpm_event"
- state: "{{ (skyline_apache_mpm_backend == 'event') | ternary('present', 'absent') }}"
- - name: "mpm_worker"
- state: "{{ (skyline_apache_mpm_backend == 'worker') | ternary('present', 'absent') }}"
- - name: "mpm_prefork"
- state: "{{ (skyline_apache_mpm_backend == 'prefork') | ternary('present', 'absent') }}"
-
-skyline_apache_modules:
- - name: "ssl"
- state: "present"
- - name: "rewrite"
- state: "present"
- - name: "headers"
- state: "present"
- - name: "proxy_http"
- state: "present"
-
-skyline_apache_default_sites:
- - "{{ skyline_vhost_enable_path }}/000-default.conf"
- - /etc/apache2/conf-enabled/other-vhosts-access-log.conf
-
-skyline_apache_configs:
- - { src: "apache_ports.conf.j2", dest: "/etc/apache2/ports.conf", owner: "root", group: "root" }
- - { src: "skyline.vhost.j2", dest: "/etc/{{ skyline_system_service_name }}/sites-available/skyline.conf", owner: "root", group: "root" }
-
-skyline_apache_conf: "/etc/apache2/apache2.conf"
-skyline_apache_security_conf: "/etc/apache2/conf-available/security.conf"
skyline_devel_distro_packages: []
diff --git a/vars/main.yml b/vars/main.yml
index f9d7504..aea428f 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -19,9 +19,7 @@ _skyline_is_first_play_host: >-
groups[skyline_services['skyline-api']['group']] | select('in', ansible_play_hosts)) | first) | bool
}}
-skyline_package_list: |-
- {% set packages = skyline_distro_packages %}
- {{ packages }}
+skyline_package_list: "{{ skyline_distro_packages }}"
# Compile a list of the services on a host based on whether
# the host is in the host group and the service is enabled.
@@ -52,3 +50,42 @@ skyline_service_mapping:
placement: placement
sharev2: manilav2
volumev3: cinder
+
+_skyline_default_locations:
+ - path: /api/openstack/skyline/
+ options:
+ - ProxyPass http://127.0.0.1:8443/
+ - ProxyPassReverse Off
+ - ProxyPreserveHost On
+ - path: /api/v1/
+ options:
+ - ProxyPass http://127.0.0.1:8443/
+ - ProxyPassReverse Off
+ - ProxyPreserveHost On
+
+_skyline_service_locations: |-
+ {% set locations = [] %}
+ {% for endpoint in openstack_service_endpoints %}
+ {% set _region = endpoint["Region"] | lower %}
+ {% set _type = (endpoint["Service Type"] | lower) %}
+ {% set _url = endpoint["URL"] | urlsplit %}
+ {% if _type in skyline_service_mapping %}
+ {% set _service = skyline_service_mapping[_type] %}
+ {% set _ = locations.append({
+ 'path': '/api/openstack/' ~ _region ~ '/' ~ _service ~ '/',
+ 'options': [
+ 'ProxyPass ' ~ _url.scheme ~ '://' ~ _url.hostname ~ ':' ~ _url.port ~ '/ flushpackets=on',
+ 'ProxyPassReverse ' ~ _url.scheme ~ '://' ~ _url.hostname ~ ':' ~ _url.port ~ '/',
+ 'ProxyPreserveHost On'
+ ]
+ })
+ %}
+ {% endif %}
+ {% endfor %}
+ {{ locations }}
+
+_skyline_proxy_ssl_options:
+ - "SSLProxyEngine On"
+ - "SSLProxyProtocol {{ skyline_ssl_protocol }}"
+ - "{{ skyline_ssl_cipher_suite_tls12 | ternary('SSLProxyCipherSuite ' ~ skyline_ssl_cipher_suite_tls12, '') }}"
+ - "{{ skyline_ssl_cipher_suite_tls13 | ternary('SSLProxyCipherSuite TLSv1.3 ' ~ skyline_ssl_cipher_suite_tls13, '') }}"
diff --git a/vars/redhat.yml b/vars/redhat.yml
index 3a816f9..71c1aaf 100644
--- a/vars/redhat.yml
+++ b/vars/redhat.yml
@@ -20,23 +20,6 @@ cache_timeout: 600
# Common apt packages
skyline_distro_packages:
- git
- - httpd
- - mod_ssl
-
-skyline_system_service_name: httpd
-skyline_vhost_enable_path: /etc/httpd/conf.d
-
-skyline_apache_default_sites:
- - "/etc/httpd/conf.d/userdir.conf"
- - "/etc/httpd/conf.d/welcome.conf"
- - "/etc/httpd/conf.d/ssl.conf"
-
-skyline_apache_configs:
- - { src: "apache_ports.conf.j2", dest: "{{ skyline_vhost_enable_path }}/ports.conf", owner: "root", group: "root" }
- - { src: "skyline.vhost.j2", dest: "/etc/{{ skyline_system_service_name }}/sites-available/skyline.conf", owner: "root", group: "root" }
-
-skyline_apache_conf: "/etc/httpd/conf/httpd.conf"
-skyline_apache_security_conf: "{{ skyline_apache_conf }}"
skyline_devel_distro_packages: []