From b9c8ad83760a523febfbf72398dcea785ce0a1e9 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Tue, 17 Sep 2024 19:55:51 +0200 Subject: [PATCH] Ensure that selected Apache MPM is enforced At the moment services might have different MPM selected while all operating the same Apache setup, ie on metal setup. This results in failures to set selected MPMs, so eventually second run of roles after initial deployment will end up in failure (ie upgrade). This patch ensures that all except selected MPMs are disabled and do role get's the desired state of deployment. We also need to align selected MPM across all roles to avoid future conflicts. Change-Id: I6c7503794ec9b66ec54d8dd2ae81ad914aa3d389 --- defaults/main.yml | 1 + tasks/repo_post_install.yml | 22 ++++++++++++++++++++++ vars/debian.yml | 10 ++++++++-- 3 files changed, 31 insertions(+), 2 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 8bda2d5..94c8d09 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -45,6 +45,7 @@ repo_apache_default_sites: "{{ _repo_apache_default_sites }}" repo_apache_log_level: info # List of modules to enable are respected only for Debian Family repo_apache_modules: "{{ _repo_apache_modules }}" +repo_apache_mpms: "{{ _repo_apache_mpms }}" # MPM tunables repo_apache_mpm_backend: "{{ openstack_apache_mpm_backend | default('event') }}" diff --git a/tasks/repo_post_install.yml b/tasks/repo_post_install.yml index 9a7352b..28d3451 100644 --- a/tasks/repo_post_install.yml +++ b/tasks/repo_post_install.yml @@ -19,6 +19,28 @@ name: pack.threads value: '0' +- name: Ensure apache2 MPM for Debian/Ubuntu + apache2_module: + name: "{{ item.name }}" + state: "{{ item.state }}" + ignore_configcheck: yes + warn_mpm_absent: false + with_items: "{{ repo_apache_mpms | sort(attribute='state') }}" + when: + - ansible_facts['pkg_mgr'] == 'apt' + notify: Restart web server + +- name: Ensure apache2 MPM for EL + copy: + content: | + LoadModule mpm_{{ repo_apache_mpm_backend }}_module modules/mod_mpm_{{ repo_apache_mpm_backend }}.so + + dest: /etc/httpd/conf.modules.d/00-mpm.conf + mode: "0644" + when: + - ansible_facts['pkg_mgr'] == 'dnf' + notify: Restart web server + - name: Enable apache2 modules apache2_module: name: "{{ item.name }}" diff --git a/vars/debian.yml b/vars/debian.yml index 66daf4c..df5d1f8 100644 --- a/vars/debian.yml +++ b/vars/debian.yml @@ -19,11 +19,17 @@ _repo_system_service_name: apache2 _repo_vhost_enable_path: "/etc/{{ repo_system_service_name }}/sites-enabled" +_repo_apache_mpms: + - name: "mpm_event" + state: "{{ (repo_apache_mpm_backend == 'event') | ternary('present', 'absent') }}" + - name: "mpm_worker" + state: "{{ (repo_apache_mpm_backend == 'worker') | ternary('present', 'absent') }}" + - name: "mpm_prefork" + state: "{{ (repo_apache_mpm_backend == 'prefork') | ternary('present', 'absent') }}" + _repo_apache_modules: - name: "ssl" state: "present" - - name: "mpm_{{ repo_apache_mpm_backend }}" - state: "present" - name: "rewrite" state: "present" - name: "headers"