Merge "Use standalone httpd role"

2025-01-22 11:06:06 +00:00
parent 1187033bf8 71f2556682
commit bb03b63ebe
10 changed files with 79 additions and 201 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -142,9 +142,6 @@ skyline_pip_packages:
      )
    }}"
 ## Apache configuration
 skyline_apache_mpm_backend: "{{ openstack_apache_mpm_backend | default('event') }}"
 ## Service Name-Group Mapping
 skyline_services:
  skyline-api:
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -43,12 +43,3 @@
  listen:
    - "Restart skyline services"
    - "venv changed"
 - name: Restart web server
  service:
    name: "{{ skyline_system_service_name }}"
    enabled: yes
    state: "restarted"
    daemon_reload: "{{ (ansible_facts['service_mgr'] == 'systemd') | ternary('yes', omit) }}"
  listen:
    - "venv changed"
--- a/releasenotes/notes/httpd_role_switch-afe7209ffa0a402d.yaml
+++ b/releasenotes/notes/httpd_role_switch-afe7209ffa0a402d.yaml
@@ -0,0 +1,6 @@
 ---
 upgrade:
  - |
    The ``os_skyline`` role was switched to using a standalone ``httpd`` role
    from the in-role httpd deployment.
--- a/tasks/skyline_apache.yml
+++ b/tasks/skyline_apache.yml
@@ -13,73 +13,36 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
- name: Ensure apache2 MPM for Debian/Ubuntu
+- name: Including HTTPD role
-  apache2_module:
+  ansible.builtin.import_role:
-    name: "{{ item.name }}"
+    name: httpd
-    state: "{{ item.state }}"
+  vars:
-    ignore_configcheck: yes
+    httpd_extra_modules:
-    warn_mpm_absent: false
+      - name: "proxy_http"
-  with_items: "{{ skyline_apache_mpms | sort(attribute='state') }}"
+        state: "present"
-  when:
+    httpd_vhosts:
-    - ansible_facts['pkg_mgr'] == 'apt'
+      - name: skyline
-  notify: Restart web server
+        address: "{{ skyline_bind_address }}"
-
+        port: "{{ skyline_service_port }}"
- name: Ensure apache2 MPM for EL
+        document_root: "{{ skyline_lib_static_files }}"
-  copy:
+        server_name: "{{ skyline_server_name }}"
-    content: |
+        directories:
-      LoadModule mpm_{{ skyline_apache_mpm_backend }}_module modules/mod_mpm_{{ skyline_apache_mpm_backend }}.so
+          - path: "{{ skyline_lib_static_files }}"
-
+            options:
-    dest: /etc/httpd/conf.modules.d/00-mpm.conf
+              - '<FilesMatch "\.(html|css|js|jpg|jpeg|png|gif|ico|svg|eot|otf|woff|woff2|ttf)$">'
-    mode: "0644"
+              - '  Header set Cache-Control "max-age=86400, public"'
-  when:
+              - '</FilesMatch>'
-    - ansible_facts['pkg_mgr'] == 'dnf'
+              - RewriteEngine On
-  notify: Restart web server
+              - RewriteCond %{REQUEST_URI} !^/index.html$
-
+              - RewriteCond %{REQUEST_FILENAME} !-f
- name: Enable apache2 modules
+              - RewriteCond %{REQUEST_FILENAME} !-d
-  apache2_module:
+              - RewriteCond %{REQUEST_URI} !\.(html|css|js|jpg|jpeg|png|gif|ico|svg|eot|otf|woff|woff2|ttf)$ [NC]
-    name: "{{ item.name }}"
+              - RewriteRule . /index.html [L]
-    state: "{{ item.state }}"
+              - Require all granted
-    ignore_configcheck: yes
+        locations: "{{ _skyline_default_locations + _skyline_service_locations }}"
-  with_items:
+        options: >-
-    - "{{ skyline_apache_modules }}"
+          {{
-  when:
+            ('https' in _endpoint_list.stdout | from_yaml | map(attribute='URL') | map('urlsplit') | map(attribute='scheme')) | ternary(
-    - ansible_facts['pkg_mgr'] == 'apt'
+              _skyline_proxy_ssl_options | select(), []
-  notify: Restart web server
+            )
-
+          }}
 - name: Disable default apache site
  file:
    path: "{{ item }}"
    state: "absent"
  with_items: "{{ skyline_apache_default_sites }}"
  notify: Restart web server
 - name: Ensure Apache ServerName
  lineinfile:
    dest: "{{ skyline_apache_conf }}"
    line: "ServerName {{ skyline_server_name }}"
  notify: Restart web server
 - name: Create Apache config
  template:
    src: "{{ item['src'] }}"
    dest: "{{ item['dest'] }}"
    owner: "{{ item['owner'] }}"
    group: "{{ item['group'] }}"
    mode: "0644"
  with_items: "{{ skyline_apache_configs }}"
  notify: Restart web server
 - name: Enable skyline site
  file:
    src: "/etc/{{ skyline_system_service_name }}/sites-available/skyline.conf"
    dest: "{{ skyline_vhost_enable_path }}/skyline.conf"
    state: "link"
  notify: Restart web server
 - name: Remove Listen from Apache config
  lineinfile:
    dest: "{{ skyline_apache_security_conf }}"
    regexp: '^(Listen.*)'
    backrefs: yes
    line: '#\1'
  notify: Restart web server
--- a/tasks/skyline_pre_install.yml
+++ b/tasks/skyline_pre_install.yml
@@ -47,6 +47,3 @@
      mode: "0700"
    - path: "{{ skyline_system_user_home }}"
    - path: "/var/log/skyline"
    - path: "/etc/{{ skyline_system_service_name }}/sites-available"
      owner: root
      group: root
--- a/templates/apache_ports.conf.j2
+++ b/templates/apache_ports.conf.j2
@@ -1,6 +0,0 @@
 # {{ ansible_managed }}
 # We place a blank file here
 # Listen commands happen inside the individual VHost files
 # This allows for multiple services VHosts to exist without
 # overwriting Listen lines.
--- a/templates/skyline.vhost.j2
+++ b/templates/skyline.vhost.j2
@@ -1,57 +0,0 @@
 Listen {{ skyline_bind_address }}:{{ skyline_service_port }}
 # Server configuration for Skyline console
 <VirtualHost {{ skyline_bind_address }}:{{ skyline_service_port }}>
  DocumentRoot {{ skyline_lib_static_files }}
  {% if ('https' in _endpoint_list.stdout | from_yaml | map(attribute='URL') | map('urlsplit') | map(attribute='scheme')) -%}
  SSLProxyEngine On
  SSLProxyProtocol {{ skyline_ssl_protocol }}
  {%   if skyline_ssl_cipher_suite_tls12 != "" -%}
  SSLProxyCipherSuite {{ skyline_ssl_cipher_suite_tls12 }}
  {%   endif -%}
  {%   if skyline_ssl_cipher_suite_tls13 != "" -%}
  SSLProxyCipherSuite TLSv1.3 {{ skyline_ssl_cipher_suite_tls13 }}
  {%   endif -%}
  {% endif %}
  <Directory {{ skyline_lib_static_files }}>
    <FilesMatch "\.(html|css|js|jpg|jpeg|png|gif|ico|svg|eot|otf|woff|woff2|ttf)$">
      Header set Cache-Control "max-age=86400, public"
    </FilesMatch>
    RewriteEngine On
    RewriteCond %{REQUEST_URI} !^/index.html$
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} !\.(html|css|js|jpg|jpeg|png|gif|ico|svg|eot|otf|woff|woff2|ttf)$ [NC]
    RewriteRule . /index.html [L]
    Require all granted
  </Directory>
  <Location /api/openstack/skyline/>
    ProxyPass http://127.0.0.1:8443/
    ProxyPassReverse Off
    ProxyPreserveHost On
  </Location>
  <Location /api/v1/>
    ProxyPass http://127.0.0.1:8443/
    ProxyPassReverse Off
    ProxyPreserveHost On
  </Location>
 {% for endpoint in openstack_service_endpoints %}
 {%   set _region = endpoint["Region"] | lower %}
 {%   set _type = (endpoint["Service Type"] | lower) %}
 {%   set _url = endpoint["URL"] | urlsplit %}
 {%   if _type in skyline_service_mapping %}
 {%     set _service = skyline_service_mapping[_type] %}
  <Location /api/openstack/{{ _region }}/{{ _service }}/>
    ProxyPass {{ _url.scheme }}://{{ _url.hostname }}:{{ _url.port }}/ flushpackets=on
    ProxyPassReverse {{ _url.scheme }}://{{ _url.hostname }}:{{ _url.port }}/
    ProxyPreserveHost On
  </Location>
 {%  endif %}
 {% endfor %}
 </VirtualHost>
--- a/vars/debian.yml
+++ b/vars/debian.yml
@@ -20,39 +20,6 @@ cache_timeout: 600
 # Common apt packages
 skyline_distro_packages:
  - git
  - apache2
 skyline_system_service_name: apache2
 skyline_vhost_enable_path: /etc/apache2/sites-enabled
 skyline_apache_mpms:
  - name: "mpm_event"
    state: "{{ (skyline_apache_mpm_backend == 'event') | ternary('present', 'absent') }}"
  - name: "mpm_worker"
    state: "{{ (skyline_apache_mpm_backend == 'worker') | ternary('present', 'absent') }}"
  - name: "mpm_prefork"
    state: "{{ (skyline_apache_mpm_backend == 'prefork') | ternary('present', 'absent') }}"
 skyline_apache_modules:
  - name: "ssl"
    state: "present"
  - name: "rewrite"
    state: "present"
  - name: "headers"
    state: "present"
  - name: "proxy_http"
    state: "present"
 skyline_apache_default_sites:
  - "{{ skyline_vhost_enable_path }}/000-default.conf"
  - /etc/apache2/conf-enabled/other-vhosts-access-log.conf
 skyline_apache_configs:
  - { src: "apache_ports.conf.j2", dest: "/etc/apache2/ports.conf", owner: "root", group: "root" }
  - { src: "skyline.vhost.j2", dest: "/etc/{{ skyline_system_service_name }}/sites-available/skyline.conf", owner: "root", group: "root" }
 skyline_apache_conf: "/etc/apache2/apache2.conf"
 skyline_apache_security_conf: "/etc/apache2/conf-available/security.conf"
 skyline_devel_distro_packages: []
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -19,9 +19,7 @@ _skyline_is_first_play_host: >-
      groups[skyline_services['skyline-api']['group']] | select('in', ansible_play_hosts)) | first) | bool
  }}
-skyline_package_list: |-
+skyline_package_list: "{{ skyline_distro_packages }}"
  {% set packages = skyline_distro_packages %}
  {{ packages }}
 # Compile a list of the services on a host based on whether
 # the host is in the host group and the service is enabled.
@@ -52,3 +50,42 @@ skyline_service_mapping:
  placement: placement
  sharev2: manilav2
  volumev3: cinder
 _skyline_default_locations:
  - path: /api/openstack/skyline/
    options:
      - ProxyPass http://127.0.0.1:8443/
      - ProxyPassReverse Off
      - ProxyPreserveHost On
  - path: /api/v1/
    options:
      - ProxyPass http://127.0.0.1:8443/
      - ProxyPassReverse Off
      - ProxyPreserveHost On
 _skyline_service_locations: |-
  {% set locations = [] %}
  {% for endpoint in openstack_service_endpoints %}
  {%   set _region = endpoint["Region"] | lower %}
  {%   set _type = (endpoint["Service Type"] | lower) %}
  {%   set _url = endpoint["URL"] | urlsplit %}
  {%   if _type in skyline_service_mapping %}
  {%     set _service = skyline_service_mapping[_type] %}
  {%     set _ = locations.append({
           'path': '/api/openstack/' ~ _region ~ '/' ~ _service ~ '/',
           'options': [
             'ProxyPass ' ~ _url.scheme ~ '://' ~ _url.hostname ~ ':' ~ _url.port ~ '/ flushpackets=on',
             'ProxyPassReverse ' ~ _url.scheme ~ '://' ~ _url.hostname ~ ':' ~ _url.port ~ '/',
             'ProxyPreserveHost On'
           ]
         })
  %}
  {%   endif %}
  {% endfor %}
  {{ locations }}
 _skyline_proxy_ssl_options:
  - "SSLProxyEngine On"
  - "SSLProxyProtocol {{ skyline_ssl_protocol }}"
  - "{{ skyline_ssl_cipher_suite_tls12 | ternary('SSLProxyCipherSuite '  ~ skyline_ssl_cipher_suite_tls12, '') }}"
  - "{{ skyline_ssl_cipher_suite_tls13 | ternary('SSLProxyCipherSuite TLSv1.3 ' ~ skyline_ssl_cipher_suite_tls13, '') }}"
--- a/vars/redhat.yml
+++ b/vars/redhat.yml
@@ -20,23 +20,6 @@ cache_timeout: 600
 # Common apt packages
 skyline_distro_packages:
  - git
  - httpd
  - mod_ssl
 skyline_system_service_name: httpd
 skyline_vhost_enable_path: /etc/httpd/conf.d
 skyline_apache_default_sites:
  - "/etc/httpd/conf.d/userdir.conf"
  - "/etc/httpd/conf.d/welcome.conf"
  - "/etc/httpd/conf.d/ssl.conf"
 skyline_apache_configs:
  - { src: "apache_ports.conf.j2", dest: "{{ skyline_vhost_enable_path }}/ports.conf", owner: "root", group: "root" }
  - { src: "skyline.vhost.j2", dest: "/etc/{{ skyline_system_service_name }}/sites-available/skyline.conf", owner: "root", group: "root" }
 skyline_apache_conf: "/etc/httpd/conf/httpd.conf"
 skyline_apache_security_conf: "{{ skyline_apache_conf }}"
 skyline_devel_distro_packages: []