Ensure that selected Apache MPM is enforced

At the moment services might have different MPM selected while all
operating the same Apache setup, ie on metal setup.
This results in failures to set selected MPMs, so eventually second run
of roles after initial deployment will end up in failure (ie upgrade).

This patch ensures that all except selected MPMs are disabled and do
role get's the desired state of deployment.

We also need to align selected MPM across all roles to avoid
future conflicts.

Change-Id: I6c7503794ec9b66ec54d8dd2ae81ad914aa3d389
This commit is contained in:
Dmitriy Rabotyagov 2024-09-17 19:55:51 +02:00
parent 2a6f7579f8
commit b9c8ad8376
3 changed files with 31 additions and 2 deletions

View File

@ -45,6 +45,7 @@ repo_apache_default_sites: "{{ _repo_apache_default_sites }}"
repo_apache_log_level: info repo_apache_log_level: info
# List of modules to enable are respected only for Debian Family # List of modules to enable are respected only for Debian Family
repo_apache_modules: "{{ _repo_apache_modules }}" repo_apache_modules: "{{ _repo_apache_modules }}"
repo_apache_mpms: "{{ _repo_apache_mpms }}"
# MPM tunables # MPM tunables
repo_apache_mpm_backend: "{{ openstack_apache_mpm_backend | default('event') }}" repo_apache_mpm_backend: "{{ openstack_apache_mpm_backend | default('event') }}"

View File

@ -19,6 +19,28 @@
name: pack.threads name: pack.threads
value: '0' value: '0'
- name: Ensure apache2 MPM for Debian/Ubuntu
apache2_module:
name: "{{ item.name }}"
state: "{{ item.state }}"
ignore_configcheck: yes
warn_mpm_absent: false
with_items: "{{ repo_apache_mpms | sort(attribute='state') }}"
when:
- ansible_facts['pkg_mgr'] == 'apt'
notify: Restart web server
- name: Ensure apache2 MPM for EL
copy:
content: |
LoadModule mpm_{{ repo_apache_mpm_backend }}_module modules/mod_mpm_{{ repo_apache_mpm_backend }}.so
dest: /etc/httpd/conf.modules.d/00-mpm.conf
mode: "0644"
when:
- ansible_facts['pkg_mgr'] == 'dnf'
notify: Restart web server
- name: Enable apache2 modules - name: Enable apache2 modules
apache2_module: apache2_module:
name: "{{ item.name }}" name: "{{ item.name }}"

View File

@ -19,11 +19,17 @@ _repo_system_service_name: apache2
_repo_vhost_enable_path: "/etc/{{ repo_system_service_name }}/sites-enabled" _repo_vhost_enable_path: "/etc/{{ repo_system_service_name }}/sites-enabled"
_repo_apache_mpms:
- name: "mpm_event"
state: "{{ (repo_apache_mpm_backend == 'event') | ternary('present', 'absent') }}"
- name: "mpm_worker"
state: "{{ (repo_apache_mpm_backend == 'worker') | ternary('present', 'absent') }}"
- name: "mpm_prefork"
state: "{{ (repo_apache_mpm_backend == 'prefork') | ternary('present', 'absent') }}"
_repo_apache_modules: _repo_apache_modules:
- name: "ssl" - name: "ssl"
state: "present" state: "present"
- name: "mpm_{{ repo_apache_mpm_backend }}"
state: "present"
- name: "rewrite" - name: "rewrite"
state: "present" state: "present"
- name: "headers" - name: "headers"