Merge "Use standalone httpd role"

2025-01-22 11:06:06 +00:00
parent 1187033bf8 71f2556682
commit bb03b63ebe
10 changed files with 79 additions and 201 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -142,9 +142,6 @@ skyline_pip_packages:
      )
    }}"

-## Apache configuration
-skyline_apache_mpm_backend: "{{ openstack_apache_mpm_backend | default('event') }}"
-
 ## Service Name-Group Mapping
 skyline_services:
  skyline-api:
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -43,12 +43,3 @@
  listen:
    - "Restart skyline services"
    - "venv changed"
-
- name: Restart web server
-  service:
-    name: "{{ skyline_system_service_name }}"
-    enabled: yes
-    state: "restarted"
-    daemon_reload: "{{ (ansible_facts['service_mgr'] == 'systemd') | ternary('yes', omit) }}"
-  listen:
-    - "venv changed"
--- a/releasenotes/notes/httpd_role_switch-afe7209ffa0a402d.yaml
+++ b/releasenotes/notes/httpd_role_switch-afe7209ffa0a402d.yaml
@@ -0,0 +1,6 @@
+---
+
+upgrade:
+  - |
+    The ``os_skyline`` role was switched to using a standalone ``httpd`` role
+    from the in-role httpd deployment.
--- a/tasks/skyline_apache.yml
+++ b/tasks/skyline_apache.yml
@@ -13,73 +13,36 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

- name: Ensure apache2 MPM for Debian/Ubuntu
-  apache2_module:
-    name: "{{ item.name }}"
-    state: "{{ item.state }}"
-    ignore_configcheck: yes
-    warn_mpm_absent: false
-  with_items: "{{ skyline_apache_mpms | sort(attribute='state') }}"
-  when:
-    - ansible_facts['pkg_mgr'] == 'apt'
-  notify: Restart web server
-
- name: Ensure apache2 MPM for EL
-  copy:
-    content: |
-      LoadModule mpm_{{ skyline_apache_mpm_backend }}_module modules/mod_mpm_{{ skyline_apache_mpm_backend }}.so
-
-    dest: /etc/httpd/conf.modules.d/00-mpm.conf
-    mode: "0644"
-  when:
-    - ansible_facts['pkg_mgr'] == 'dnf'
-  notify: Restart web server
-
- name: Enable apache2 modules
-  apache2_module:
-    name: "{{ item.name }}"
-    state: "{{ item.state }}"
-    ignore_configcheck: yes
-  with_items:
-    - "{{ skyline_apache_modules }}"
-  when:
-    - ansible_facts['pkg_mgr'] == 'apt'
-  notify: Restart web server
-
- name: Disable default apache site
-  file:
-    path: "{{ item }}"
-    state: "absent"
-  with_items: "{{ skyline_apache_default_sites }}"
-  notify: Restart web server
-
- name: Ensure Apache ServerName
-  lineinfile:
-    dest: "{{ skyline_apache_conf }}"
-    line: "ServerName {{ skyline_server_name }}"
-  notify: Restart web server
-
- name: Create Apache config
-  template:
-    src: "{{ item['src'] }}"
-    dest: "{{ item['dest'] }}"
-    owner: "{{ item['owner'] }}"
-    group: "{{ item['group'] }}"
-    mode: "0644"
-  with_items: "{{ skyline_apache_configs }}"
-  notify: Restart web server
-
- name: Enable skyline site
-  file:
-    src: "/etc/{{ skyline_system_service_name }}/sites-available/skyline.conf"
-    dest: "{{ skyline_vhost_enable_path }}/skyline.conf"
-    state: "link"
-  notify: Restart web server
-
- name: Remove Listen from Apache config
-  lineinfile:
-    dest: "{{ skyline_apache_security_conf }}"
-    regexp: '^(Listen.*)'
-    backrefs: yes
-    line: '#\1'
-  notify: Restart web server
+- name: Including HTTPD role
+  ansible.builtin.import_role:
+    name: httpd
+  vars:
+    httpd_extra_modules:
+      - name: "proxy_http"
+        state: "present"
+    httpd_vhosts:
+      - name: skyline
+        address: "{{ skyline_bind_address }}"
+        port: "{{ skyline_service_port }}"
+        document_root: "{{ skyline_lib_static_files }}"
+        server_name: "{{ skyline_server_name }}"
+        directories:
+          - path: "{{ skyline_lib_static_files }}"
+            options:
+              - '<FilesMatch "\.(html|css|js|jpg|jpeg|png|gif|ico|svg|eot|otf|woff|woff2|ttf)$">'
+              - '  Header set Cache-Control "max-age=86400, public"'
+              - '</FilesMatch>'
+              - RewriteEngine On
+              - RewriteCond %{REQUEST_URI} !^/index.html$
+              - RewriteCond %{REQUEST_FILENAME} !-f
+              - RewriteCond %{REQUEST_FILENAME} !-d
+              - RewriteCond %{REQUEST_URI} !\.(html|css|js|jpg|jpeg|png|gif|ico|svg|eot|otf|woff|woff2|ttf)$ [NC]
+              - RewriteRule . /index.html [L]
+              - Require all granted
+        locations: "{{ _skyline_default_locations + _skyline_service_locations }}"
+        options: >-
+          {{
+            ('https' in _endpoint_list.stdout | from_yaml | map(attribute='URL') | map('urlsplit') | map(attribute='scheme')) | ternary(
+              _skyline_proxy_ssl_options | select(), []
+            )
+          }}
--- a/tasks/skyline_pre_install.yml
+++ b/tasks/skyline_pre_install.yml
@@ -47,6 +47,3 @@
      mode: "0700"
    - path: "{{ skyline_system_user_home }}"
    - path: "/var/log/skyline"
-    - path: "/etc/{{ skyline_system_service_name }}/sites-available"
-      owner: root
-      group: root
--- a/templates/apache_ports.conf.j2
+++ b/templates/apache_ports.conf.j2
@@ -1,6 +0,0 @@
-# {{ ansible_managed }}
-
-# We place a blank file here
-# Listen commands happen inside the individual VHost files
-# This allows for multiple services VHosts to exist without
-# overwriting Listen lines.
--- a/templates/skyline.vhost.j2
+++ b/templates/skyline.vhost.j2
@@ -1,57 +0,0 @@
-Listen {{ skyline_bind_address }}:{{ skyline_service_port }}
-
-# Server configuration for Skyline console
-<VirtualHost {{ skyline_bind_address }}:{{ skyline_service_port }}>
-  DocumentRoot {{ skyline_lib_static_files }}
-
-  {% if ('https' in _endpoint_list.stdout | from_yaml | map(attribute='URL') | map('urlsplit') | map(attribute='scheme')) -%}
-  SSLProxyEngine On
-  SSLProxyProtocol {{ skyline_ssl_protocol }}
-  {%   if skyline_ssl_cipher_suite_tls12 != "" -%}
-  SSLProxyCipherSuite {{ skyline_ssl_cipher_suite_tls12 }}
-  {%   endif -%}
-  {%   if skyline_ssl_cipher_suite_tls13 != "" -%}
-  SSLProxyCipherSuite TLSv1.3 {{ skyline_ssl_cipher_suite_tls13 }}
-  {%   endif -%}
-  {% endif %}
-
-  <Directory {{ skyline_lib_static_files }}>
-    <FilesMatch "\.(html|css|js|jpg|jpeg|png|gif|ico|svg|eot|otf|woff|woff2|ttf)$">
-      Header set Cache-Control "max-age=86400, public"
-    </FilesMatch>
-
-    RewriteEngine On
-    RewriteCond %{REQUEST_URI} !^/index.html$
-    RewriteCond %{REQUEST_FILENAME} !-f
-    RewriteCond %{REQUEST_FILENAME} !-d
-    RewriteCond %{REQUEST_URI} !\.(html|css|js|jpg|jpeg|png|gif|ico|svg|eot|otf|woff|woff2|ttf)$ [NC]
-    RewriteRule . /index.html [L]
-
-    Require all granted
-  </Directory>
-
-  <Location /api/openstack/skyline/>
-    ProxyPass http://127.0.0.1:8443/
-    ProxyPassReverse Off
-    ProxyPreserveHost On
-  </Location>
-  <Location /api/v1/>
-    ProxyPass http://127.0.0.1:8443/
-    ProxyPassReverse Off
-    ProxyPreserveHost On
-  </Location>
-
-{% for endpoint in openstack_service_endpoints %}
-{%   set _region = endpoint["Region"] | lower %}
-{%   set _type = (endpoint["Service Type"] | lower) %}
-{%   set _url = endpoint["URL"] | urlsplit %}
-{%   if _type in skyline_service_mapping %}
-{%     set _service = skyline_service_mapping[_type] %}
-  <Location /api/openstack/{{ _region }}/{{ _service }}/>
-    ProxyPass {{ _url.scheme }}://{{ _url.hostname }}:{{ _url.port }}/ flushpackets=on
-    ProxyPassReverse {{ _url.scheme }}://{{ _url.hostname }}:{{ _url.port }}/
-    ProxyPreserveHost On
-  </Location>
-{%  endif %}
-{% endfor %}
-</VirtualHost>
--- a/vars/debian.yml
+++ b/vars/debian.yml
@@ -20,39 +20,6 @@ cache_timeout: 600
 # Common apt packages
 skyline_distro_packages:
  - git
-  - apache2
-
-skyline_system_service_name: apache2
-skyline_vhost_enable_path: /etc/apache2/sites-enabled
-
-skyline_apache_mpms:
-  - name: "mpm_event"
-    state: "{{ (skyline_apache_mpm_backend == 'event') | ternary('present', 'absent') }}"
-  - name: "mpm_worker"
-    state: "{{ (skyline_apache_mpm_backend == 'worker') | ternary('present', 'absent') }}"
-  - name: "mpm_prefork"
-    state: "{{ (skyline_apache_mpm_backend == 'prefork') | ternary('present', 'absent') }}"
-
-skyline_apache_modules:
-  - name: "ssl"
-    state: "present"
-  - name: "rewrite"
-    state: "present"
-  - name: "headers"
-    state: "present"
-  - name: "proxy_http"
-    state: "present"
-
-skyline_apache_default_sites:
-  - "{{ skyline_vhost_enable_path }}/000-default.conf"
-  - /etc/apache2/conf-enabled/other-vhosts-access-log.conf
-
-skyline_apache_configs:
-  - { src: "apache_ports.conf.j2", dest: "/etc/apache2/ports.conf", owner: "root", group: "root" }
-  - { src: "skyline.vhost.j2", dest: "/etc/{{ skyline_system_service_name }}/sites-available/skyline.conf", owner: "root", group: "root" }
-
-skyline_apache_conf: "/etc/apache2/apache2.conf"
-skyline_apache_security_conf: "/etc/apache2/conf-available/security.conf"

 skyline_devel_distro_packages: []

--- a/vars/main.yml
+++ b/vars/main.yml
@@ -19,9 +19,7 @@ _skyline_is_first_play_host: >-
      groups[skyline_services['skyline-api']['group']] | select('in', ansible_play_hosts)) | first) | bool
  }}

-skyline_package_list: |-
-  {% set packages = skyline_distro_packages %}
-  {{ packages }}
+skyline_package_list: "{{ skyline_distro_packages }}"

 # Compile a list of the services on a host based on whether
 # the host is in the host group and the service is enabled.
@@ -52,3 +50,42 @@ skyline_service_mapping:
  placement: placement
  sharev2: manilav2
  volumev3: cinder
+
+_skyline_default_locations:
+  - path: /api/openstack/skyline/
+    options:
+      - ProxyPass http://127.0.0.1:8443/
+      - ProxyPassReverse Off
+      - ProxyPreserveHost On
+  - path: /api/v1/
+    options:
+      - ProxyPass http://127.0.0.1:8443/
+      - ProxyPassReverse Off
+      - ProxyPreserveHost On
+
+_skyline_service_locations: |-
+  {% set locations = [] %}
+  {% for endpoint in openstack_service_endpoints %}
+  {%   set _region = endpoint["Region"] | lower %}
+  {%   set _type = (endpoint["Service Type"] | lower) %}
+  {%   set _url = endpoint["URL"] | urlsplit %}
+  {%   if _type in skyline_service_mapping %}
+  {%     set _service = skyline_service_mapping[_type] %}
+  {%     set _ = locations.append({
+           'path': '/api/openstack/' ~ _region ~ '/' ~ _service ~ '/',
+           'options': [
+             'ProxyPass ' ~ _url.scheme ~ '://' ~ _url.hostname ~ ':' ~ _url.port ~ '/ flushpackets=on',
+             'ProxyPassReverse ' ~ _url.scheme ~ '://' ~ _url.hostname ~ ':' ~ _url.port ~ '/',
+             'ProxyPreserveHost On'
+           ]
+         })
+  %}
+  {%   endif %}
+  {% endfor %}
+  {{ locations }}
+
+_skyline_proxy_ssl_options:
+  - "SSLProxyEngine On"
+  - "SSLProxyProtocol {{ skyline_ssl_protocol }}"
+  - "{{ skyline_ssl_cipher_suite_tls12 | ternary('SSLProxyCipherSuite '  ~ skyline_ssl_cipher_suite_tls12, '') }}"
+  - "{{ skyline_ssl_cipher_suite_tls13 | ternary('SSLProxyCipherSuite TLSv1.3 ' ~ skyline_ssl_cipher_suite_tls13, '') }}"
--- a/vars/redhat.yml
+++ b/vars/redhat.yml
@@ -20,23 +20,6 @@ cache_timeout: 600
 # Common apt packages
 skyline_distro_packages:
  - git
-  - httpd
-  - mod_ssl
-
-skyline_system_service_name: httpd
-skyline_vhost_enable_path: /etc/httpd/conf.d
-
-skyline_apache_default_sites:
-  - "/etc/httpd/conf.d/userdir.conf"
-  - "/etc/httpd/conf.d/welcome.conf"
-  - "/etc/httpd/conf.d/ssl.conf"
-
-skyline_apache_configs:
-  - { src: "apache_ports.conf.j2", dest: "{{ skyline_vhost_enable_path }}/ports.conf", owner: "root", group: "root" }
-  - { src: "skyline.vhost.j2", dest: "/etc/{{ skyline_system_service_name }}/sites-available/skyline.conf", owner: "root", group: "root" }
-
-skyline_apache_conf: "/etc/httpd/conf/httpd.conf"
-skyline_apache_security_conf: "{{ skyline_apache_conf }}"

 skyline_devel_distro_packages: []