openstack
/
tripleo-ansible
Code Issues Proposed changes

New roles for apache/httpd management 

Those roles will help removing puppetlabs-apache
module.

Change-Id: I6f5c5efc9861952a072f1234a00bc2dae49a9d31
This commit is contained in:
Cédric Jeanneret 2022-08-17 15:12:40 +02:00
parent 4c6889ece5
commit 1cf5222756
49 changed files with 1633 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/source/roles/role-tripleo_httpd_config.rst Normal file
View File

@ -0,0 +1,6 @@
===========================
Role - tripleo_httpd_config
===========================
.. ansibleautoplugin::
:role: tripleo_ansible/roles/tripleo_httpd_config

6
doc/source/roles/role-tripleo_httpd_vhost.rst Normal file
View File

@ -0,0 +1,6 @@
==========================
Role - tripleo_httpd_vhost
==========================
.. ansibleautoplugin::
:role: tripleo_ansible/roles/tripleo_httpd_vhost

32
tripleo_ansible/roles/tripleo_httpd_config/defaults/main.yml Normal file
View File

@ -0,0 +1,32 @@
---
# Copyright 2022 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# All variables intended for modification should be placed in this file.
# All variables within this role should have a prefix of "tripleo_httpd_config"
tripleo_httpd_config_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
tripleo_httpd_config_hide_sensitive_logs: true
tripleo_httpd_config_service: null
tripleo_httpd_config_mods: {}
tripleo_httpd_config_server_name: "{{ ansible_facts['fqdn'] }}"
tripleo_httpd_config_server_root: '/etc/httpd'
tripleo_httpd_config_root_directory_options:
- '+FollowSymLinks'
- '-Indexes'
tripleo_httpd_config_directory: "{{ tripleo_httpd_config_base_dir }}/{{ tripleo_httpd_config_service }}"
tripleo_httpd_config_httpd_conf: {}

10
tripleo_ansible/roles/tripleo_httpd_config/files/apache-status.conf Normal file
View File

@ -0,0 +1,10 @@
<Location /server-status>
SetHandler server-status
Require ip 127.0.0.1 ::1
</Location>
ExtendedStatus On
<IfModule mod_proxy.c>
# Show Proxy LoadBalancer status in mod_status
ProxyStatus On
</IfModule>

43
tripleo_ansible/roles/tripleo_httpd_config/meta/main.yml Normal file
View File

@ -0,0 +1,43 @@
---
# Copyright 2022 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: OpenStack
description: TripleO OpenStack Role -- tripleo_httpd_config
company: Red Hat
license: Apache-2.0
min_ansible_version: 2.7
namespace: openstack
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
platforms:
- name: CentOS
versions:
- 8
- 9
galaxy_tags:
- tripleo
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.
dependencies: []

33
tripleo_ansible/roles/tripleo_httpd_config/molecule/custom-module/converge.yml Normal file
View File

@ -0,0 +1,33 @@
---
# Copyright 2022 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
vars:
tripleo_httpd_config_directory: /etc/httpd
tripleo_httpd_config_service: custom-modules
tripleo_httpd_config_default_mods:
alias: []
tripleo_httpd_config_mods:
wsgi:
- so_name: wsgi_python3
- WSGISocketPrefix: '/var/run/wsgi'
roles:
- role: "tripleo_httpd_config"
tasks:
- name: Check httpd configuration
command: apachectl -t

27
tripleo_ansible/roles/tripleo_httpd_config/molecule/custom-module/molecule.yml Normal file
View File

@ -0,0 +1,27 @@
---
driver:
name: podman
provisioner:
inventory:
hosts:
all:
hosts:
centos:
ansible_python_interpreter: /usr/bin/python3
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
scenario:
name: custom-module
test_sequence:
- destroy
- create
- prepare
- converge
- destroy
verifier:
name: testinfra

31
tripleo_ansible/roles/tripleo_httpd_config/molecule/custom-module/prepare.yml Normal file
View File

@ -0,0 +1,31 @@
---
# Copyright 2022 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Prepare
hosts: all
roles:
- role: test_deps
test_deps_extra_packages:
- httpd
- mod_ssl
- python3-mod_wsgi
- role: env_data
tasks:
- name: Empty default config files
file:
path: /etc/httpd/conf.d
state: absent

27
tripleo_ansible/roles/tripleo_httpd_config/molecule/default/converge.yml Normal file
View File

@ -0,0 +1,27 @@
---
# Copyright 2022 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
vars:
tripleo_httpd_config_directory: /etc/httpd
tripleo_httpd_config_service: default
roles:
- role: "tripleo_httpd_config"
tasks:
- name: Check httpd configuration
command: apachectl -t

27
tripleo_ansible/roles/tripleo_httpd_config/molecule/default/molecule.yml Normal file
View File

@ -0,0 +1,27 @@
---
driver:
name: podman
provisioner:
inventory:
hosts:
all:
hosts:
centos:
ansible_python_interpreter: /usr/bin/python3
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
scenario:
name: default
test_sequence:
- destroy
- create
- prepare
- converge
- destroy
verifier:
name: testinfra

30
tripleo_ansible/roles/tripleo_httpd_config/molecule/default/prepare.yml Normal file
View File

@ -0,0 +1,30 @@
---
# Copyright 2022 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Prepare
hosts: all
roles:
- role: test_deps
test_deps_extra_packages:
- httpd
- mod_ssl
- role: env_data
tasks:
- name: Empty default config files
file:
path: /etc/httpd/conf.d
state: absent

51
tripleo_ansible/roles/tripleo_httpd_config/molecule/mod_wsgi/converge.yml Normal file
View File

@ -0,0 +1,51 @@
---
# Copyright 2022 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
vars:
tripleo_httpd_config_directory: /etc/httpd
tripleo_httpd_config_service: wsgi
tripleo_httpd_config_default_mods:
alias: []
tripleo_httpd_config_mods:
wsgi:
- so_name: wsgi_python3
- WSGISocketPrefix: '/var/run/wsgi'
roles:
- role: "tripleo_httpd_config"
tasks:
- name: Check httpd configuration
command: apachectl -t
- name: Ensure we load wsgi module
register: wsgi_loading
lineinfile:
path: /etc/httpd/conf/modules.conf
line: 'LoadModule wsgi_module modules/mod_wsgi_python3.so'
- name: Fail if file changed
when: wsgi_loading is changed
fail:
msg: 'WSGI module is not loaded'
- name: Ensure wsgi option is set
register: wsgi_option
lineinfile:
path: /etc/httpd/conf/modules.conf
line: 'WSGISocketPrefix /var/run/wsgi'
- name: Fail if file changed
when: wsgi_option is changed
fail:
msg: 'WSGI option is not set'

27
tripleo_ansible/roles/tripleo_httpd_config/molecule/mod_wsgi/molecule.yml Normal file
View File

@ -0,0 +1,27 @@
---
driver:
name: podman
provisioner:
inventory:
hosts:
all:
hosts:
centos:
ansible_python_interpreter: /usr/bin/python3
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
scenario:
name: mod_wsgi
test_sequence:
- destroy
- create
- prepare
- converge
- destroy
verifier:
name: testinfra

31
tripleo_ansible/roles/tripleo_httpd_config/molecule/mod_wsgi/prepare.yml Normal file
View File

@ -0,0 +1,31 @@
---
# Copyright 2022 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Prepare
hosts: all
roles:
- role: test_deps
test_deps_extra_packages:
- httpd
- mod_ssl
- python3-mod_wsgi
- role: env_data
tasks:
- name: Empty default config files
file:
path: /etc/httpd/conf.d
state: absent

36
tripleo_ansible/roles/tripleo_httpd_config/molecule/no-service-name/converge.yml Normal file
View File

@ -0,0 +1,36 @@
---
# Copyright 2022 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
tasks:
- name: Catch error block
block:
- name: Include role
include_role:
role: "tripleo_httpd_config"
rescue:
- name: Clear host errors
meta: clear_host_errors
- name: Successful output
debug:
msg: "Play failed as expected"
- name: Exit run
meta: end_play
- name: Error not detected
fail:
msg: "Play didn't detect the error properly"

27
tripleo_ansible/roles/tripleo_httpd_config/molecule/no-service-name/molecule.yml Normal file
View File

@ -0,0 +1,27 @@
---
driver:
name: podman
provisioner:
inventory:
hosts:
all:
hosts:
centos:
ansible_python_interpreter: /usr/bin/python3
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
scenario:
name: no-service-name
test_sequence:
- destroy
- create
- prepare
- converge
- destroy
verifier:
name: testinfra

22
tripleo_ansible/roles/tripleo_httpd_config/molecule/no-service-name/prepare.yml Normal file
View File

@ -0,0 +1,22 @@
---
# Copyright 2022 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Prepare
hosts: all
roles:
- role: test_deps
- role: env_data

31
tripleo_ansible/roles/tripleo_httpd_config/tasks/configure.yml Normal file
View File

@ -0,0 +1,31 @@
---
# Copyright Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Generate httpd.conf
ansible.builtin.template:
dest: "{{ tripleo_httpd_config_directory }}/conf/httpd.conf"
src: httpd.conf.j2
- name: Generate modules.conf
ansible.builtin.template:
dest: "{{ tripleo_httpd_config_directory }}/conf/modules.conf"
src: modules.conf.j2
- name: Push status module configuration
when: "'status' in (tripleo_httpd_config_default_mods|combine(tripleo_httpd_config_mods))"
ansible.builtin.copy:
dest: "{{ tripleo_httpd_config_directory }}/conf.d/apache-status.conf"
src: apache-status.conf

40
tripleo_ansible/roles/tripleo_httpd_config/tasks/install.yml Normal file
View File

@ -0,0 +1,40 @@
---
# Copyright Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# Note: it does NOT install any package. They are already in the containers.
# Here we mostly create the needed directory tree.
- name: Create directory tree
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: root
group: root
mode: 0755
setype: container_file_t
loop:
- "{{ tripleo_httpd_config_directory }}/conf"
- "{{ tripleo_httpd_config_directory }}/conf.d"
- name: Create empty mandatory files
ansible.builtin.file:
path: "{{ tripleo_httpd_config_directory }}/conf/{{ item }}.conf"
state: touch
owner: root
group: root
mode: 0644
loop:
- modules
- ports

30
tripleo_ansible/roles/tripleo_httpd_config/tasks/main.yml Normal file
View File

@ -0,0 +1,30 @@
---
# Copyright Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Ensure we get the minimal subset of parameters
ansible.builtin.fail:
msg: "{{ item.k }} must be set to an actual value!"
when: item.v == '' or item.v == None
loop:
- k: 'tripleo_httpd_config_service'
v: "{{ tripleo_httpd_config_service }}"
- name: Gather fact subset
ansible.builtin.setup:
gather_subset:
- '!all'
- ansible.builtin.include_tasks: install.yml
- ansible.builtin.include_tasks: configure.yml

28
tripleo_ansible/roles/tripleo_httpd_config/templates/httpd.conf.j2 Normal file
View File

@ -0,0 +1,28 @@
# File managed by tripleo-ansible/tripleo_httpd_config
{% set config_params = tripleo_httpd_config_default_httpd_conf|combine(tripleo_httpd_config_httpd_conf) %}
{% for conf_key, conf_val in config_params.items() %}
{{ conf_key }} {{ conf_val }}
{% endfor %}
ServerName "{{ tripleo_httpd_config_server_name }}"
ServerRoot "{{ tripleo_httpd_config_server_root }}"
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>
<Directory />
Options {{ tripleo_httpd_config_root_directory_options |join(' ') }}
AllowOverride None
</Directory>
Include "/etc/httpd/conf/modules.conf"
Include "/etc/httpd/conf/ports.conf"
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%a %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded
IncludeOptional "/etc/httpd/conf.d/*.conf"

18
tripleo_ansible/roles/tripleo_httpd_config/templates/modules.conf.j2 Normal file
View File

@ -0,0 +1,18 @@
# File managed by tripleo_ansible/tripleo_httpd_config
{% set modules_list = tripleo_httpd_config_default_mods|combine(tripleo_httpd_config_mods) %}
{% for module_name in modules_list %}
{% set so_name = modules_list[module_name]|json_query('[].so_name')|join('') %}
{% if so_name == '' %}
{% set so_name = module_name %}
{% endif %}
# BEGIN load module {{ module_name }}
LoadModule {{ module_name }}_module modules/mod_{{ so_name }}.so
{% for module_config in modules_list[module_name] %}
{% for config_key, config_value in module_config.items() %}
{% if config_key != 'so_name' %}
{{ config_key }} {{ config_value }}
{% endif %}
{% endfor %}
{% endfor %}
# END load module {{ module_name }}
{% endfor %}

117
tripleo_ansible/roles/tripleo_httpd_config/vars/main.yml Normal file
View File

@ -0,0 +1,117 @@
---
# Copyright 2022 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# While options found within the vars/ path can be overridden using extra
# vars, items within this path are considered part of the role and not
# intended to be modified.
# All variables within this role should have a prefix of "tripleo_httpd_config"
tripleo_httpd_config_base_dir: '/var/lib/config-data/ansible-generated'
# Those are the default modules loaded by apache when managed by puppetlabs
# with apache::default_mods set to false.
# We also enable ssl module by default, but not wsgi.
tripleo_httpd_config_default_mods:
authz_core: []
authz_host: []
filter: []
log_config: []
mime:
- TypesConfig: "/etc/mime.types"
- AddType: "application/x-compress .Z"
- AddType: "application/x-gzip .gz .tgz"
- AddType: "application/x-bzip2 .bz2"
- AddType: "text/html .shtml"
- AddLanguage: "ca .ca"
- AddLanguage: "cs .cz .cs"
- AddLanguage: "da .dk"
- AddLanguage: "de .de"
- AddLanguage: "el .el"
- AddLanguage: "en .en"
- AddLanguage: "eo .eo"
- AddLanguage: "es .es"
- AddLanguage: "et .et"
- AddLanguage: "fr .fr"
- AddLanguage: "he .he"
- AddLanguage: "hr .hr"
- AddLanguage: "it .it"
- AddLanguage: "ja .ja"
- AddLanguage: "ko .ko"
- AddLanguage: "ltz .ltz"
- AddLanguage: "nl .nl"
- AddLanguage: "nn .nn"
- AddLanguage: "no .no"
- AddLanguage: "pl .po"
- AddLanguage: "pt .pt"
- AddLanguage: "pt-BR .pt-br"
- AddLanguage: "ru .ru"
- AddLanguage: "sv .sv"
- AddLanguage: "zh-CN .zh-cn"
- AddLanguage: "zh-TW .zh-tw"
- AddHandler: "type-map var"
- AddOutputFilter: "INCLUDES .shtml"
mpm_prefork:
- StartServers: 8
- MinSpareServers: 5
- MaxSpareServers: 20
- ServerLimit: " {{ tripleo_httpd_config_prefork_serverlimit | default(100) }}"
- MaxRequestWorkers: "{{ tripleo_httpd_config_prefork_maxrequestworkers | default(100) }}"
- MaxRequestsPerChild: 4000
- ListenBacklog: 511
setenvif:
- BrowserMatch: '"Mozilla/2" nokeepalive'
- BrowserMatch: '"MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0'
- BrowserMatch: '"RealPlayer 4\.0" force-response-1.0'
- BrowserMatch: '"Java/1\.0" force-response-1.0'
- BrowserMatch: '"JDK/1\.0" force-response-1.0'
- BrowserMatch: '"Microsoft Data Access Internet Publishing Provider" redirect-carefully'
- BrowserMatch: '"MS FrontPage" redirect-carefully'
- BrowserMatch: '"^WebDrive" redirect-carefully'
- BrowserMatch: '"^WebDAVFS/1.[0123]" redirect-carefully'
- BrowserMatch: '"^gnome-vfs/1.0" redirect-carefully'
- BrowserMatch: '"^gvfs/1" redirect-carefully'
- BrowserMatch: '"^XML Spy" redirect-carefully'
- BrowserMatch: '"^Dreamweaver-WebDAV-SCM1" redirect-carefully'
- BrowserMatch: '" Konqueror/4" redirect-carefully'
- BrowserMatch: '"MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0'
- BrowserMatch: '"MSIE [17-9]" ssl-unclean-shutdown'
socache_shmcb: []
status: []
systemd: []
unixd: []
# These configurations are the same as provided by default by puppetlabs-apache
tripleo_httpd_config_default_httpd_conf:
ServerTokens: 'Prod'
ServerSignature: 'Off'
TraceEnable: 'Off'
ServerRoot: '/etc/httpd'
PidFile: 'run/httpd.pid'
TimeOut: 90
KeepAlive: 'On'
MaxKeepAliveRequests: 100
KeepAliveTimeout: 15
LimitRequestFieldSize: 8190
LimitRequestFields: 100
User: 'apache'
Group: 'apache'
AccessFileName: '.htaccess'
HostnameLookups: 'Off'
ErrorLog: '/var/log/httpd/error_log'
LogLevel: 'warn'
EnableSendfile: 'On'

79
tripleo_ansible/roles/tripleo_httpd_vhost/defaults/main.yml Normal file
View File

@ -0,0 +1,79 @@
---
# Copyright 2022 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# All variables intended for modification should be placed in this file.
# All variables within this role should have a prefix of "tripleo_httpd_vhost"
tripleo_httpd_vhost_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
tripleo_httpd_vhost_hide_sensitive_logs: true
tripleo_httpd_vhost_service_name: null
tripleo_httpd_vhost_config: "{{ tripleo_httpd_vhost_base_dir }}/{{ tripleo_httpd_vhost_service_name }}/etc/httpd"
tripleo_httpd_vhost_access_log_name: "{{ tripleo_httpd_vhost_service_name }}"
tripleo_httpd_vhost_access_log_file: "/var/log/httpd/{{ tripleo_httpd_vhost_access_log_name }}_access.log"
tripleo_httpd_vhost_access_log_format: 'combined'
tripleo_httpd_vhost_aliases: null
tripleo_httpd_vhost_allow_encoded_slashes: null
tripleo_httpd_vhost_bind_host: '*'
tripleo_httpd_vhost_custom_options: {}
tripleo_httpd_vhost_bind_port: 80
tripleo_httpd_vhost_custom_wsgi_process_options: {}
tripleo_httpd_vhost_document_root: '/var/www/cgi-bin'
tripleo_httpd_vhost_error_log_file: "/var/log/httpd/{{ tripleo_httpd_vhost_access_log_name }}_error.log"
tripleo_httpd_vhost_group: 'apache'
tripleo_httpd_vhost_headers: []
tripleo_httpd_vhost_path: '/'
tripleo_httpd_vhost_priority: 10
tripleo_httpd_vhost_proxy: false
tripleo_httpd_vhost_proxy_requests: 'Off'
tripleo_httpd_vhost_proxy_preserve_host: 'Off'
tripleo_httpd_vhost_proxy_path: '/'
tripleo_httpd_vhost_proxy_host: null
tripleo_httpd_vhost_proxy_port: null
tripleo_httpd_vhost_proxy_params:
retry: 10
tripleo_httpd_vhost_request_headers: []
tripleo_httpd_vhost_servername: "{{ ansible_facts['fqdn'] }}"
tripleo_httpd_vhost_setenv: []
tripleo_httpd_vhost_set_wsgi_import_script: false
tripleo_httpd_vhost_ssl_ca: null
tripleo_httpd_vhost_ssl_certs_dir: null
tripleo_httpd_vhost_ssl_cert: null
tripleo_httpd_vhost_ssl_chain: null
tripleo_httpd_vhost_ssl_crl_path: null
tripleo_httpd_vhost_ssl_crl: null
tripleo_httpd_vhost_ssl: false
tripleo_httpd_vhost_ssl_key: null
tripleo_httpd_vhost_ssl_verify_client: null
tripleo_httpd_vhost_threads: 1
tripleo_httpd_vhost_user: 'apache'
tripleo_httpd_vhost_vhost_custom_fragment: null
# Originaly, in openstacklib, it's using a custom $::os_workers fact
# https://github.com/openstack/puppet-openstacklib/blob/master/manifests/wsgi/apache.pp#L103-L105
# https://github.com/openstack/puppet-openstacklib/blob/master/lib/facter/os_workers.rb#L42-L47
tripleo_httpd_vhost_workers: "{{ ([12, [ansible_facts['processor_count'] / 2, 2]|max ]|min)|int }}"
tripleo_httpd_vhost_wsgi: false
tripleo_httpd_vhost_wsgi_application_group: '%{GLOBAL}'
tripleo_httpd_vhost_wsgi_chunked_request: null
tripleo_httpd_vhost_wsgi_daemon_process: "{{ tripleo_httpd_vhost_service_name }}"
tripleo_httpd_vhost_wsgi_import_script_options: {}
tripleo_httpd_vhost_wsgi_import_script: false
tripleo_httpd_vhost_wsgi_pass_authorization: null
tripleo_httpd_vhost_wsgi_process_display_name: "{{ tripleo_httpd_vhost_service_name }}"
tripleo_httpd_vhost_wsgi_process_group: "{{ tripleo_httpd_vhost_service_name }}"
tripleo_httpd_vhost_wsgi_script_alias: null

43
tripleo_ansible/roles/tripleo_httpd_vhost/meta/main.yml Normal file
View File

@ -0,0 +1,43 @@
---
# Copyright 2022 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: OpenStack
description: TripleO OpenStack Role -- tripleo_httpd_vhost
company: Red Hat
license: Apache-2.0
min_ansible_version: 2.7
namespace: openstack
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
platforms:
- name: CentOS
versions:
- 8
- 9
galaxy_tags:
- tripleo
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.
dependencies: []

42
tripleo_ansible/roles/tripleo_httpd_vhost/molecule/default/converge.yml Normal file
View File

@ -0,0 +1,42 @@
---
# Copyright 2022 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
vars:
tripleo_httpd_vhost_config: /etc/httpd
tripleo_httpd_vhost_service_name: default
tripleo_httpd_vhost_user: bar
tripleo_httpd_vhost_priority: 20
roles:
- "tripleo_httpd_vhost"
tasks:
- name: Validate httpd configuration
command: apachectl -t
- name: Validate some content in the generated file
register: validate_lines
lineinfile:
path: /etc/httpd/conf.d/20-default.conf
line: "{{ item }}"
loop:
- "<VirtualHost *:80>"
- " ServerName {{ ansible_facts['fqdn'] }}"
- name: Fail if file changed
when: item.changed|bool
fail:
msg: 'Configuration is missing some content'
loop: "{{ validate_lines.results }}"

27
tripleo_ansible/roles/tripleo_httpd_vhost/molecule/default/molecule.yml Normal file
View File

@ -0,0 +1,27 @@
---
driver:
name: podman
provisioner:
inventory:
hosts:
all:
hosts:
centos:
ansible_python_interpreter: /usr/bin/python3
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
scenario:
name: default
test_sequence:
- destroy
- create
- prepare
- converge
- destroy
verifier:
name: testinfra

33
tripleo_ansible/roles/tripleo_httpd_vhost/molecule/default/prepare.yml Normal file
View File

@ -0,0 +1,33 @@
---
# Copyright 2022 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Prepare
hosts: all
roles:
- role: test_deps
test_deps_extra_packages:
- httpd
- mod_ssl
- role: env_data
tasks:
- name: Create bar user
user:
name: bar
- name: Empty default config files
file:
path: /etc/httpd/conf.d
state: absent

51
tripleo_ansible/roles/tripleo_httpd_vhost/molecule/missing-vars/converge.yml Normal file
View File

@ -0,0 +1,51 @@
---
# Copyright 2022 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
tasks:
- name: Missing all vars
block:
- name: Set up wsgi
include_role:
role: "tripleo_httpd_vhost"
rescue:
- name: Clean host errors
meta: clear_host_errors
- name: Successful output
debug:
msg: "Properly failed as expected"
- name: Missing only one var
vars:
tripleo_httpd_vhost_user: foo
block:
- name: Set up wsgi
include_role:
role: "tripleo_httpd_vhost"
rescue:
- name: Clean host errors
meta: clear_host_errors
- name: Successful output
debug:
msg: "Properly failed as expected"
- name: Exit play
meta: end_play
- name: Fail at this point
fail:
msg: 'Did not catch missing vars'

27
tripleo_ansible/roles/tripleo_httpd_vhost/molecule/missing-vars/molecule.yml Normal file
View File

@ -0,0 +1,27 @@
---
driver:
name: podman
provisioner:
inventory:
hosts:
all:
hosts:
centos:
ansible_python_interpreter: /usr/bin/python3
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
scenario:
name: missing-vars
test_sequence:
- destroy
- create
- prepare
- converge
- destroy
verifier:
name: testinfra

22
tripleo_ansible/roles/tripleo_httpd_vhost/molecule/missing-vars/prepare.yml Normal file
View File

@ -0,0 +1,22 @@
---
# Copyright 2022 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Prepare
hosts: all
roles:
- role: test_deps
- role: env_data

32
tripleo_ansible/roles/tripleo_httpd_vhost/molecule/proxy/converge.yml Normal file
View File

@ -0,0 +1,32 @@
---
# Copyright 2022 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
vars:
tripleo_httpd_vhost_service_name: proxy
tripleo_httpd_vhost_user: bar
tripleo_httpd_vhost_proxy: true
tripleo_httpd_vhost_proxy_host: 127.0.0.1
tripleo_httpd_vhost_proxy_port: 8080
tripleo_httpd_config_mods:
proxy: []
roles:
- "tripleo_httpd_vhost"
tasks:
- name: Validate httpd configuration
command: apachectl -t

27
tripleo_ansible/roles/tripleo_httpd_vhost/molecule/proxy/molecule.yml Normal file
View File

@ -0,0 +1,27 @@
---
driver:
name: podman
provisioner:
inventory:
hosts:
all:
hosts:
centos:
ansible_python_interpreter: /usr/bin/python3
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
scenario:
name: proxy
test_sequence:
- destroy
- create
- prepare
- converge
- destroy
verifier:
name: testinfra

33
tripleo_ansible/roles/tripleo_httpd_vhost/molecule/proxy/prepare.yml Normal file
View File

@ -0,0 +1,33 @@
---
# Copyright 2022 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Prepare
hosts: all
roles:
- role: test_deps
test_deps_extra_packages:
- httpd
- mod_ssl
- role: env_data
tasks:
- name: Create bar user
user:
name: bar
- name: Empty default config files
file:
path: /etc/httpd/conf.d
state: absent

36
tripleo_ansible/roles/tripleo_httpd_vhost/molecule/ssl/converge.yml Normal file
View File

@ -0,0 +1,36 @@
---
# Copyright 2022 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
vars:
tripleo_httpd_vhost_config: /etc/httpd
tripleo_httpd_vhost_service_name: ssl
tripleo_httpd_vhost_user: bar
tripleo_httpd_vhost_ssl: true
tripleo_httpd_vhost_ssl_key: /etc/pki/foo.key
tripleo_httpd_vhost_ssl_cert: /etc/pki/foo.pem
tripleo_httpd_config_mods:
ssl:
- SSLCipherSuite: 'HIGH:MEDIUM:!aNULL:!MD5:!RC4:!3DES'
- SSLProtocol: 'all -SSLv2 -SSLv3 -TLSv1'
- SSLOptions: 'StdEnvVars'
roles:
- "tripleo_httpd_vhost"
tasks:
- name: Validate httpd configuration
command: apachectl -t

27
tripleo_ansible/roles/tripleo_httpd_vhost/molecule/ssl/molecule.yml Normal file
View File

@ -0,0 +1,27 @@
---
driver:
name: podman
provisioner:
inventory:
hosts:
all:
hosts:
centos:
ansible_python_interpreter: /usr/bin/python3
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
scenario:
name: ssl
test_sequence:
- destroy
- create
- prepare
- converge
- destroy
verifier:
name: testinfra

48
tripleo_ansible/roles/tripleo_httpd_vhost/molecule/ssl/prepare.yml Normal file
View File

@ -0,0 +1,48 @@
---
# Copyright 2022 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Prepare
hosts: all
roles:
- role: test_deps
test_deps_extra_packages:
- httpd
- mod_ssl
- python3-cryptography
- role: env_data
tasks:
- name: Create bar user
user:
name: bar
- name: Empty default config files
file:
path: /etc/httpd/conf.d
state: absent
- name: Create private key
community.crypto.openssl_privatekey:
path: /etc/pki/foo.key
- name: Generate CSR
community.crypto.openssl_csr:
path: /etc/pki/foo.csr
privatekey_path: /etc/pki/foo.key
common_name: foo.bar
- name: Generate fake certificate
community.crypto.x509_certificate:
path: /etc/pki/foo.pem
privatekey_path: /etc/pki/foo.key
csr_path: /etc/pki/foo.csr
provider: selfsigned

34
tripleo_ansible/roles/tripleo_httpd_vhost/molecule/wsgi/converge.yml Normal file
View File

@ -0,0 +1,34 @@
---
# Copyright 2022 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
vars:
tripleo_httpd_vhost_config: /etc/httpd
tripleo_httpd_vhost_service_name: wsgi
tripleo_httpd_vhost_user: bar
tripleo_httpd_vhost_wsgi: true
tripleo_httpd_vhost_wsgi_script_alias:
'/': '/var/www/cgi-bin/app'
tripleo_httpd_config_mods:
wsgi:
- so_name: 'wsgi_python3'
roles:
- "tripleo_httpd_vhost"
tasks:
- name: Validate httpd configuration
command: apachectl -t

27
tripleo_ansible/roles/tripleo_httpd_vhost/molecule/wsgi/molecule.yml Normal file
View File

@ -0,0 +1,27 @@
---
driver:
name: podman
provisioner:
inventory:
hosts:
all:
hosts:
centos:
ansible_python_interpreter: /usr/bin/python3
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
scenario:
name: wsgi
test_sequence:
- destroy
- create
- prepare
- converge
- destroy
verifier:
name: testinfra

34
tripleo_ansible/roles/tripleo_httpd_vhost/molecule/wsgi/prepare.yml Normal file
View File

@ -0,0 +1,34 @@
---
# Copyright 2022 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Prepare
hosts: all
roles:
- role: test_deps
test_deps_extra_packages:
- httpd
- mod_ssl
- python3-mod_wsgi
- role: env_data
tasks:
- name: Create bar user
user:
name: bar
- name: Empty default config files
file:
path: /etc/httpd/conf.d
state: absent

22
tripleo_ansible/roles/tripleo_httpd_vhost/tasks/install.yml Normal file
View File

@ -0,0 +1,22 @@
---
# Copyright Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Call httpd_config role with appropriate parameters
vars:
tripleo_httpd_config_service: "{{ tripleo_httpd_vhost_service_name }}"
tripleo_httpd_config_directory: "{{ tripleo_httpd_vhost_config }}"
ansible.builtin.include_role:
role: tripleo_httpd_config

79
tripleo_ansible/roles/tripleo_httpd_vhost/tasks/main.yml Normal file
View File

@ -0,0 +1,79 @@
---
# Copyright Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Ensure some of the parameters are properly set
ansible.builtin.fail:
msg: "{{ item.k }} must be set to an actual value!"
when: item.v == None
loop:
- k: 'tripleo_httpd_vhost_service_name'
v: "{{ tripleo_httpd_vhost_service_name }}"
- k: 'tripleo_httpd_vhost_user'
v: "{{ tripleo_httpd_vhost_user }}"
- name: Check TLS parameters if needed
when:
- tripleo_httpd_vhost_ssl|bool
block:
- name: Ensure TLS related parameters are set
ansible.builtin.fail:
msg: "{{ item.k }} must be set if you enable TLS"
when: item.v == None
loop:
- k: 'tripleo_httpd_vhost_ssl_key'
v: "{{ tripleo_httpd_vhost_ssl_key }}"
- k: 'tripleo_httpd_vhost_ssl_cert'
v: "{{ tripleo_httpd_vhost_ssl_cert }}"
- name: Check proxy parameters if needed
when:
- tripleo_httpd_vhost_proxy|bool
block:
- name: Ensure proxy parameters are set
ansible.builtin.fail:
msg: "{{ item.k }} must be set if you enable proxy"
when: item.v == None
loop:
- k: 'tripleo_httpd_vhost_proxy_host'
v: "{{ tripleo_httpd_vhost_proxy_host }}"
- k: 'tripleo_httpd_vhost_proxy_port'
v: "{{ tripleo_httpd_vhost_proxy_port }}"
- name: Check wsgi parameters if needed
when:
- tripleo_httpd_vhost_wsgi|bool
block:
- name: Ensure wsgi parameters are set
ansible.builtin.fail:
msg: "{{ item.k }} must be set if you enable WSGI"
when: item.v == None
loop:
- k: 'tripleo_httpd_vhost_wsgi_script_alias'
v: "{{ tripleo_httpd_vhost_wsgi_script_alias }}"
- name: Gather some facts
when: "'processor_count' not in ansible_facts or 'fqdn' not in ansible_facts"
ansible.builtin.setup:
gather_subset:
- '!all'
- 'min'
- 'processor_count'
- name: Create needed directories
ansible.builtin.import_tasks: install.yml
- name: Configure vhost
ansible.builtin.import_tasks: vhost.yml

29
tripleo_ansible/roles/tripleo_httpd_vhost/tasks/vhost.yml Normal file
View File

@ -0,0 +1,29 @@
---
# Copyright Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Push vhost port
ansible.builtin.lineinfile:
path: "{{ tripleo_httpd_vhost_config }}/conf/ports.conf"
line: 'Listen {{ tripleo_httpd_vhost_bind_host }}:{{ tripleo_httpd_vhost_bind_port }}'
create: true
group: root
owner: root
mode: 0644
- name: Push vhost configuration file
ansible.builtin.template:
dest: "{{ tripleo_httpd_vhost_config }}/conf.d/{{ tripleo_httpd_vhost_priority }}-{{ tripleo_httpd_vhost_service_name }}.conf"
src: vhost.conf.j2

5
tripleo_ansible/roles/tripleo_httpd_vhost/templates/proxy.inc.j2 Normal file
View File

@ -0,0 +1,5 @@
# Proxy configuration
ProxyRequests {{ tripleo_httpd_vhost_proxy_requests }}
ProxyPreserveHost {{ tripleo_httpd_vhost_proxy_preserve_host }}
ProxyPass {{ tripleo_httpd_vhost_proxy_path }} http://{{ tripleo_httpd_vhost_proxy_host }}:{{ tripleo_httpd_vhost_proxy_port }}/ {{ tripleo_httpd_vhost_proxy_params.items() | map('join', '=') | join(' ') }}
ProxyPassReverse / http://{{ tripleo_httpd_vhost_proxy_host }}:{{ tripleo_httpd_vhost_proxy_port }}/

22
tripleo_ansible/roles/tripleo_httpd_vhost/templates/ssl.inc.j2 Normal file
View File

@ -0,0 +1,22 @@
# TLS configuration
SSLEngine on
SSLCertificateFile "{{ tripleo_httpd_vhost_ssl_cert }}"
SSLCertificateKeyFile "{{ tripleo_httpd_vhost_ssl_key }}"
{% if tripleo_httpd_vhost_ssl_ca %}
SSLCACertificateFile "{{ tripleo_httpd_vhost_ssl_ca }}"
{% endif %}
{% if tripleo_httpd_vhost_ssl_verify_client %}
SSLVerifyClient {{ tripleo_httpd_vhost_ssl_verify_client }}
{% endif %}
{% if tripleo_httpd_vhost_ssl_chain %}
SSLCertificateChainFile "{{ tripleo_httpd_vhost_ssl_chain }}"
{% endif %}
{% if tripleo_httpd_vhost_ssl_crl_path %}
SSLCARevocationPath "{{ tripleo_httpd_vhost_ssl_crl_path }}"
{% endif %}
{% if tripleo_httpd_vhost_ssl_crl %}
SSLCARevocationFile "{{ tripleo_httpd_vhost_ssl_crl }}"
{% endif %}
{% if tripleo_httpd_vhost_ssl_certs_dir %}
SSLCACertificatePath "{{ tripleo_httpd_vhost_ssl_certs_dir }}"
{% endif %}

42
tripleo_ansible/roles/tripleo_httpd_vhost/templates/vhost.conf.j2 Normal file
View File

@ -0,0 +1,42 @@
# File managed by tripleo-ansible/tripleo_httpd_vhost
<VirtualHost {{ tripleo_httpd_vhost_bind_host }}:{{ tripleo_httpd_vhost_bind_port }}>
ServerName {{ tripleo_httpd_vhost_servername }}
## Vhost docroot
DocumentRoot "{{ tripleo_httpd_vhost_document_root }}"
<Directory "{{ tripleo_httpd_vhost_document_root }}">
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride None
Require all granted
</Directory>
## Logging
ErrorLog "{{ tripleo_httpd_vhost_error_log_file }}"
ServerSignature Off
CustomLog "{{ tripleo_httpd_vhost_access_log_file }}" {{ tripleo_httpd_vhost_access_log_format }}
SetEnvIf X-Forwarded-Proto https HTTPS=1
{% for request_header in tripleo_httpd_vhost_request_headers %}
RequestHeader {{ request_header }}
{% endfor -%}
{% for header in tripleo_httpd_vhost_headers %}
Header {{ header }}
{% endfor %}
{% if tripleo_httpd_vhost_allow_encoded_slashes != None %}
AllowEncodedSlashes {{ tripleo_httpd_vhost_allow_encoded_slashes }}
{% endif %}
{% if tripleo_httpd_vhost_wsgi|bool %}
{% include 'templates/wsgi.inc.j2' %}
{% endif %}
{% if tripleo_httpd_vhost_ssl|bool %}
{% include 'templates/ssl.inc.j2' %}
{% endif %}
{% if tripleo_httpd_vhost_proxy|bool %}
{% include 'templates/proxy.inc.j2' %}
{% endif %}
{%- for option, value in tripleo_httpd_vhost_custom_options.items() %}
{{ option }} {{ value }}
{% endfor %}
</VirtualHost>

38
tripleo_ansible/roles/tripleo_httpd_vhost/templates/wsgi.inc.j2 Normal file
View File

@ -0,0 +1,38 @@
## WSGI configuration
{% set default_wsgi_opts = {'user': tripleo_httpd_vhost_user, 'group': tripleo_httpd_vhost_group, 'processes': tripleo_httpd_vhost_workers, 'threads': tripleo_httpd_vhost_threads, 'display-name': tripleo_httpd_vhost_wsgi_process_display_name} -%}
{% set default_script_opts = {'process-group': tripleo_httpd_vhost_wsgi_daemon_process, 'application-group': tripleo_httpd_vhost_wsgi_application_group} -%}
{% set wsgi_opt = default_wsgi_opts|combine(tripleo_httpd_vhost_custom_wsgi_process_options) -%}
{% set script_opt = default_script_opts|combine(tripleo_httpd_vhost_wsgi_import_script_options) -%}
{% set path_real = tripleo_httpd_vhost_path | regex_replace('(^/.*)/$', '\1') -%}
{% if tripleo_httpd_vhost_wsgi_daemon_process is string %}
WSGIDaemonProcess {{ tripleo_httpd_vhost_wsgi_daemon_process }} {{ wsgi_opt.items()|map('join', '=')|join(' ') }}
{% elif tripleo_httpd_vhost_wsgi_daemon_process is mapping %}
{% for key, value in tripleo_httpd_vhost_wsgi_daemon_process.items() %}
{% if value %}
WSGIDaemonProcess {{ key }} {{ value.items()|map('join', '=')|join(' ') }}
{% else %}
WSGIDaemonProcess {{ key }}
{% endif %}
{% endfor -%}
{% endif %}
{%- if tripleo_httpd_vhost_wsgi_process_group %}
WSGIProcessGroup "{{ tripleo_httpd_vhost_wsgi_process_group }}"
{% endif %}
{%- for key, value in tripleo_httpd_vhost_wsgi_script_alias.items() %}
WSGIScriptAlias {{ key }} "{{ value }}"
{% endfor %}
{%- if tripleo_httpd_vhost_wsgi_application_group %}
WSGIApplicationGroup "{{ tripleo_httpd_vhost_wsgi_application_group }}"
{% endif -%}
{%- if tripleo_httpd_vhost_wsgi_pass_authorization %}
WSGIPassAuthorization {{ tripleo_httpd_vhost_wsgi_pass_authorization }}
{% endif -%}
{%- if tripleo_httpd_vhost_wsgi_chunked_request %}
WSGIChunkedRequest {{ tripleo_httpd_vhost_wsgi_chunked_request }}
{% endif -%}

24
tripleo_ansible/roles/tripleo_httpd_vhost/vars/main.yml Normal file
View File

@ -0,0 +1,24 @@
---
# Copyright 2022 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# While options found within the vars/ path can be overridden using extra
# vars, items within this path are considered part of the role and not
# intended to be modified.
# All variables within this role should have a prefix of "tripleo_httpd_vhost"
tripleo_httpd_vhost_base_dir: '/var/lib/config-data/ansible-generated'

20
zuul.d/molecule.yaml
View File

@ -35,6 +35,8 @@
- tripleo-ansible-centos-stream-molecule-tripleo_ha_wrapper
- tripleo-ansible-centos-stream-molecule-tripleo_hieradata
- tripleo-ansible-centos-stream-molecule-tripleo_hosts_entries
- tripleo-ansible-centos-stream-molecule-tripleo_httpd_config
- tripleo-ansible-centos-stream-molecule-tripleo_httpd_vhost
- tripleo-ansible-centos-stream-molecule-tripleo_image_serve
- tripleo-ansible-centos-stream-molecule-tripleo_iscsid
- tripleo-ansible-centos-stream-molecule-tripleo_kernel
@ -105,6 +107,8 @@
- tripleo-ansible-centos-stream-molecule-tripleo_ha_wrapper
- tripleo-ansible-centos-stream-molecule-tripleo_hieradata
- tripleo-ansible-centos-stream-molecule-tripleo_hosts_entries
- tripleo-ansible-centos-stream-molecule-tripleo_httpd_config
- tripleo-ansible-centos-stream-molecule-tripleo_httpd_vhost
- tripleo-ansible-centos-stream-molecule-tripleo_image_serve
- tripleo-ansible-centos-stream-molecule-tripleo_iscsid
- tripleo-ansible-centos-stream-molecule-tripleo_kernel
@ -174,6 +178,8 @@
- tripleo-ansible-centos-stream-molecule-tripleo_ha_wrapper
- tripleo-ansible-centos-stream-molecule-tripleo_hieradata
- tripleo-ansible-centos-stream-molecule-tripleo_hosts_entries
- tripleo-ansible-centos-stream-molecule-tripleo_httpd_config
- tripleo-ansible-centos-stream-molecule-tripleo_httpd_vhost
- tripleo-ansible-centos-stream-molecule-tripleo_image_serve
- tripleo-ansible-centos-stream-molecule-tripleo_iscsid
- tripleo-ansible-centos-stream-molecule-tripleo_kernel
@ -453,6 +459,20 @@
parent: tripleo-ansible-centos-stream-base
vars:
tripleo_role_name: tripleo_hosts_entries
- job:
files:
- ^tripleo_ansible/roles/tripleo_httpd_config/(?!meta).*
name: tripleo-ansible-centos-stream-molecule-tripleo_httpd_config
parent: tripleo-ansible-centos-stream-base
vars:
tripleo_role_name: tripleo_httpd_config
- job:
files:
- ^tripleo_ansible/roles/tripleo_httpd_vhost/(?!meta).*
name: tripleo-ansible-centos-stream-molecule-tripleo_httpd_vhost
parent: tripleo-ansible-centos-stream-base
vars:
tripleo_role_name: tripleo_httpd_vhost
- job:
files:
- ^tripleo_ansible/roles/tripleo_image_serve/(?!meta).*