diff --git a/doc/source/roles/role-tripleo_httpd_config.rst b/doc/source/roles/role-tripleo_httpd_config.rst
new file mode 100644
index 000000000..2d9d677a2
--- /dev/null
+++ b/doc/source/roles/role-tripleo_httpd_config.rst
@@ -0,0 +1,6 @@
+===========================
+Role - tripleo_httpd_config
+===========================
+
+.. ansibleautoplugin::
+ :role: tripleo_ansible/roles/tripleo_httpd_config
diff --git a/doc/source/roles/role-tripleo_httpd_vhost.rst b/doc/source/roles/role-tripleo_httpd_vhost.rst
new file mode 100644
index 000000000..a0b8900fe
--- /dev/null
+++ b/doc/source/roles/role-tripleo_httpd_vhost.rst
@@ -0,0 +1,6 @@
+==========================
+Role - tripleo_httpd_vhost
+==========================
+
+.. ansibleautoplugin::
+ :role: tripleo_ansible/roles/tripleo_httpd_vhost
diff --git a/tripleo_ansible/roles/tripleo_httpd_config/defaults/main.yml b/tripleo_ansible/roles/tripleo_httpd_config/defaults/main.yml
new file mode 100644
index 000000000..a76233273
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_config/defaults/main.yml
@@ -0,0 +1,32 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+# All variables intended for modification should be placed in this file.
+
+# All variables within this role should have a prefix of "tripleo_httpd_config"
+tripleo_httpd_config_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
+tripleo_httpd_config_hide_sensitive_logs: true
+
+tripleo_httpd_config_service: null
+tripleo_httpd_config_mods: {}
+tripleo_httpd_config_server_name: "{{ ansible_facts['fqdn'] }}"
+tripleo_httpd_config_server_root: '/etc/httpd'
+tripleo_httpd_config_root_directory_options:
+ - '+FollowSymLinks'
+ - '-Indexes'
+tripleo_httpd_config_directory: "{{ tripleo_httpd_config_base_dir }}/{{ tripleo_httpd_config_service }}"
+tripleo_httpd_config_httpd_conf: {}
diff --git a/tripleo_ansible/roles/tripleo_httpd_config/files/apache-status.conf b/tripleo_ansible/roles/tripleo_httpd_config/files/apache-status.conf
new file mode 100644
index 000000000..7cbf6ecc0
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_config/files/apache-status.conf
@@ -0,0 +1,10 @@
+
+ SetHandler server-status
+ Require ip 127.0.0.1 ::1
+
+ExtendedStatus On
+
+
+ # Show Proxy LoadBalancer status in mod_status
+ ProxyStatus On
+
diff --git a/tripleo_ansible/roles/tripleo_httpd_config/meta/main.yml b/tripleo_ansible/roles/tripleo_httpd_config/meta/main.yml
new file mode 100644
index 000000000..5856704f4
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_config/meta/main.yml
@@ -0,0 +1,43 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+galaxy_info:
+ author: OpenStack
+ description: TripleO OpenStack Role -- tripleo_httpd_config
+ company: Red Hat
+ license: Apache-2.0
+ min_ansible_version: 2.7
+ namespace: openstack
+ #
+ # Provide a list of supported platforms, and for each platform a list of versions.
+ # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+ # To view available platforms and versions (or releases), visit:
+ # https://galaxy.ansible.com/api/v1/platforms/
+ #
+ platforms:
+ - name: CentOS
+ versions:
+ - 8
+ - 9
+
+ galaxy_tags:
+ - tripleo
+
+
+# List your role dependencies here, one per line. Be sure to remove the '[]' above,
+# if you add dependencies to this list.
+dependencies: []
diff --git a/tripleo_ansible/roles/tripleo_httpd_config/molecule/custom-module/converge.yml b/tripleo_ansible/roles/tripleo_httpd_config/molecule/custom-module/converge.yml
new file mode 100644
index 000000000..a35699246
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_config/molecule/custom-module/converge.yml
@@ -0,0 +1,33 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Converge
+ hosts: all
+ vars:
+ tripleo_httpd_config_directory: /etc/httpd
+ tripleo_httpd_config_service: custom-modules
+ tripleo_httpd_config_default_mods:
+ alias: []
+ tripleo_httpd_config_mods:
+ wsgi:
+ - so_name: wsgi_python3
+ - WSGISocketPrefix: '/var/run/wsgi'
+ roles:
+ - role: "tripleo_httpd_config"
+ tasks:
+ - name: Check httpd configuration
+ command: apachectl -t
diff --git a/tripleo_ansible/roles/tripleo_httpd_config/molecule/custom-module/molecule.yml b/tripleo_ansible/roles/tripleo_httpd_config/molecule/custom-module/molecule.yml
new file mode 100644
index 000000000..6073d010b
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_config/molecule/custom-module/molecule.yml
@@ -0,0 +1,27 @@
+---
+driver:
+ name: podman
+
+provisioner:
+ inventory:
+ hosts:
+ all:
+ hosts:
+ centos:
+ ansible_python_interpreter: /usr/bin/python3
+ name: ansible
+ log: true
+ env:
+ ANSIBLE_STDOUT_CALLBACK: yaml
+
+scenario:
+ name: custom-module
+ test_sequence:
+ - destroy
+ - create
+ - prepare
+ - converge
+ - destroy
+
+verifier:
+ name: testinfra
diff --git a/tripleo_ansible/roles/tripleo_httpd_config/molecule/custom-module/prepare.yml b/tripleo_ansible/roles/tripleo_httpd_config/molecule/custom-module/prepare.yml
new file mode 100644
index 000000000..c629501a6
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_config/molecule/custom-module/prepare.yml
@@ -0,0 +1,31 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Prepare
+ hosts: all
+ roles:
+ - role: test_deps
+ test_deps_extra_packages:
+ - httpd
+ - mod_ssl
+ - python3-mod_wsgi
+ - role: env_data
+ tasks:
+ - name: Empty default config files
+ file:
+ path: /etc/httpd/conf.d
+ state: absent
diff --git a/tripleo_ansible/roles/tripleo_httpd_config/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_httpd_config/molecule/default/converge.yml
new file mode 100644
index 000000000..39fe88b66
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_config/molecule/default/converge.yml
@@ -0,0 +1,27 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Converge
+ hosts: all
+ vars:
+ tripleo_httpd_config_directory: /etc/httpd
+ tripleo_httpd_config_service: default
+ roles:
+ - role: "tripleo_httpd_config"
+ tasks:
+ - name: Check httpd configuration
+ command: apachectl -t
diff --git a/tripleo_ansible/roles/tripleo_httpd_config/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_httpd_config/molecule/default/molecule.yml
new file mode 100644
index 000000000..0d6a35358
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_config/molecule/default/molecule.yml
@@ -0,0 +1,27 @@
+---
+driver:
+ name: podman
+
+provisioner:
+ inventory:
+ hosts:
+ all:
+ hosts:
+ centos:
+ ansible_python_interpreter: /usr/bin/python3
+ name: ansible
+ log: true
+ env:
+ ANSIBLE_STDOUT_CALLBACK: yaml
+
+scenario:
+ name: default
+ test_sequence:
+ - destroy
+ - create
+ - prepare
+ - converge
+ - destroy
+
+verifier:
+ name: testinfra
diff --git a/tripleo_ansible/roles/tripleo_httpd_config/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_httpd_config/molecule/default/prepare.yml
new file mode 100644
index 000000000..db902b85f
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_config/molecule/default/prepare.yml
@@ -0,0 +1,30 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Prepare
+ hosts: all
+ roles:
+ - role: test_deps
+ test_deps_extra_packages:
+ - httpd
+ - mod_ssl
+ - role: env_data
+ tasks:
+ - name: Empty default config files
+ file:
+ path: /etc/httpd/conf.d
+ state: absent
diff --git a/tripleo_ansible/roles/tripleo_httpd_config/molecule/mod_wsgi/converge.yml b/tripleo_ansible/roles/tripleo_httpd_config/molecule/mod_wsgi/converge.yml
new file mode 100644
index 000000000..e278b7386
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_config/molecule/mod_wsgi/converge.yml
@@ -0,0 +1,51 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Converge
+ hosts: all
+ vars:
+ tripleo_httpd_config_directory: /etc/httpd
+ tripleo_httpd_config_service: wsgi
+ tripleo_httpd_config_default_mods:
+ alias: []
+ tripleo_httpd_config_mods:
+ wsgi:
+ - so_name: wsgi_python3
+ - WSGISocketPrefix: '/var/run/wsgi'
+ roles:
+ - role: "tripleo_httpd_config"
+ tasks:
+ - name: Check httpd configuration
+ command: apachectl -t
+ - name: Ensure we load wsgi module
+ register: wsgi_loading
+ lineinfile:
+ path: /etc/httpd/conf/modules.conf
+ line: 'LoadModule wsgi_module modules/mod_wsgi_python3.so'
+ - name: Fail if file changed
+ when: wsgi_loading is changed
+ fail:
+ msg: 'WSGI module is not loaded'
+ - name: Ensure wsgi option is set
+ register: wsgi_option
+ lineinfile:
+ path: /etc/httpd/conf/modules.conf
+ line: 'WSGISocketPrefix /var/run/wsgi'
+ - name: Fail if file changed
+ when: wsgi_option is changed
+ fail:
+ msg: 'WSGI option is not set'
diff --git a/tripleo_ansible/roles/tripleo_httpd_config/molecule/mod_wsgi/molecule.yml b/tripleo_ansible/roles/tripleo_httpd_config/molecule/mod_wsgi/molecule.yml
new file mode 100644
index 000000000..6de80452b
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_config/molecule/mod_wsgi/molecule.yml
@@ -0,0 +1,27 @@
+---
+driver:
+ name: podman
+
+provisioner:
+ inventory:
+ hosts:
+ all:
+ hosts:
+ centos:
+ ansible_python_interpreter: /usr/bin/python3
+ name: ansible
+ log: true
+ env:
+ ANSIBLE_STDOUT_CALLBACK: yaml
+
+scenario:
+ name: mod_wsgi
+ test_sequence:
+ - destroy
+ - create
+ - prepare
+ - converge
+ - destroy
+
+verifier:
+ name: testinfra
diff --git a/tripleo_ansible/roles/tripleo_httpd_config/molecule/mod_wsgi/prepare.yml b/tripleo_ansible/roles/tripleo_httpd_config/molecule/mod_wsgi/prepare.yml
new file mode 100644
index 000000000..c629501a6
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_config/molecule/mod_wsgi/prepare.yml
@@ -0,0 +1,31 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Prepare
+ hosts: all
+ roles:
+ - role: test_deps
+ test_deps_extra_packages:
+ - httpd
+ - mod_ssl
+ - python3-mod_wsgi
+ - role: env_data
+ tasks:
+ - name: Empty default config files
+ file:
+ path: /etc/httpd/conf.d
+ state: absent
diff --git a/tripleo_ansible/roles/tripleo_httpd_config/molecule/no-service-name/converge.yml b/tripleo_ansible/roles/tripleo_httpd_config/molecule/no-service-name/converge.yml
new file mode 100644
index 000000000..595131881
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_config/molecule/no-service-name/converge.yml
@@ -0,0 +1,36 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Converge
+ hosts: all
+ tasks:
+ - name: Catch error block
+ block:
+ - name: Include role
+ include_role:
+ role: "tripleo_httpd_config"
+ rescue:
+ - name: Clear host errors
+ meta: clear_host_errors
+ - name: Successful output
+ debug:
+ msg: "Play failed as expected"
+ - name: Exit run
+ meta: end_play
+ - name: Error not detected
+ fail:
+ msg: "Play didn't detect the error properly"
diff --git a/tripleo_ansible/roles/tripleo_httpd_config/molecule/no-service-name/molecule.yml b/tripleo_ansible/roles/tripleo_httpd_config/molecule/no-service-name/molecule.yml
new file mode 100644
index 000000000..01f80b727
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_config/molecule/no-service-name/molecule.yml
@@ -0,0 +1,27 @@
+---
+driver:
+ name: podman
+
+provisioner:
+ inventory:
+ hosts:
+ all:
+ hosts:
+ centos:
+ ansible_python_interpreter: /usr/bin/python3
+ name: ansible
+ log: true
+ env:
+ ANSIBLE_STDOUT_CALLBACK: yaml
+
+scenario:
+ name: no-service-name
+ test_sequence:
+ - destroy
+ - create
+ - prepare
+ - converge
+ - destroy
+
+verifier:
+ name: testinfra
diff --git a/tripleo_ansible/roles/tripleo_httpd_config/molecule/no-service-name/prepare.yml b/tripleo_ansible/roles/tripleo_httpd_config/molecule/no-service-name/prepare.yml
new file mode 100644
index 000000000..ec16f729a
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_config/molecule/no-service-name/prepare.yml
@@ -0,0 +1,22 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Prepare
+ hosts: all
+ roles:
+ - role: test_deps
+ - role: env_data
diff --git a/tripleo_ansible/roles/tripleo_httpd_config/tasks/configure.yml b/tripleo_ansible/roles/tripleo_httpd_config/tasks/configure.yml
new file mode 100644
index 000000000..c8206a463
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_config/tasks/configure.yml
@@ -0,0 +1,31 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Generate httpd.conf
+ ansible.builtin.template:
+ dest: "{{ tripleo_httpd_config_directory }}/conf/httpd.conf"
+ src: httpd.conf.j2
+
+- name: Generate modules.conf
+ ansible.builtin.template:
+ dest: "{{ tripleo_httpd_config_directory }}/conf/modules.conf"
+ src: modules.conf.j2
+
+- name: Push status module configuration
+ when: "'status' in (tripleo_httpd_config_default_mods|combine(tripleo_httpd_config_mods))"
+ ansible.builtin.copy:
+ dest: "{{ tripleo_httpd_config_directory }}/conf.d/apache-status.conf"
+ src: apache-status.conf
diff --git a/tripleo_ansible/roles/tripleo_httpd_config/tasks/install.yml b/tripleo_ansible/roles/tripleo_httpd_config/tasks/install.yml
new file mode 100644
index 000000000..87988292d
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_config/tasks/install.yml
@@ -0,0 +1,40 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# Note: it does NOT install any package. They are already in the containers.
+# Here we mostly create the needed directory tree.
+- name: Create directory tree
+ ansible.builtin.file:
+ path: "{{ item }}"
+ state: directory
+ owner: root
+ group: root
+ mode: 0755
+ setype: container_file_t
+ loop:
+ - "{{ tripleo_httpd_config_directory }}/conf"
+ - "{{ tripleo_httpd_config_directory }}/conf.d"
+
+- name: Create empty mandatory files
+ ansible.builtin.file:
+ path: "{{ tripleo_httpd_config_directory }}/conf/{{ item }}.conf"
+ state: touch
+ owner: root
+ group: root
+ mode: 0644
+ loop:
+ - modules
+ - ports
diff --git a/tripleo_ansible/roles/tripleo_httpd_config/tasks/main.yml b/tripleo_ansible/roles/tripleo_httpd_config/tasks/main.yml
new file mode 100644
index 000000000..ea170e631
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_config/tasks/main.yml
@@ -0,0 +1,30 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Ensure we get the minimal subset of parameters
+ ansible.builtin.fail:
+ msg: "{{ item.k }} must be set to an actual value!"
+ when: item.v == '' or item.v == None
+ loop:
+ - k: 'tripleo_httpd_config_service'
+ v: "{{ tripleo_httpd_config_service }}"
+
+- name: Gather fact subset
+ ansible.builtin.setup:
+ gather_subset:
+ - '!all'
+- ansible.builtin.include_tasks: install.yml
+- ansible.builtin.include_tasks: configure.yml
diff --git a/tripleo_ansible/roles/tripleo_httpd_config/templates/httpd.conf.j2 b/tripleo_ansible/roles/tripleo_httpd_config/templates/httpd.conf.j2
new file mode 100644
index 000000000..4c1bf4bf0
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_config/templates/httpd.conf.j2
@@ -0,0 +1,28 @@
+# File managed by tripleo-ansible/tripleo_httpd_config
+{% set config_params = tripleo_httpd_config_default_httpd_conf|combine(tripleo_httpd_config_httpd_conf) %}
+{% for conf_key, conf_val in config_params.items() %}
+{{ conf_key }} {{ conf_val }}
+{% endfor %}
+
+ServerName "{{ tripleo_httpd_config_server_name }}"
+ServerRoot "{{ tripleo_httpd_config_server_root }}"
+
+
+ Require all denied
+
+
+
+ Options {{ tripleo_httpd_config_root_directory_options |join(' ') }}
+ AllowOverride None
+
+
+Include "/etc/httpd/conf/modules.conf"
+Include "/etc/httpd/conf/ports.conf"
+
+LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%a %l %u %t \"%r\" %>s %b" common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded
+
+IncludeOptional "/etc/httpd/conf.d/*.conf"
diff --git a/tripleo_ansible/roles/tripleo_httpd_config/templates/modules.conf.j2 b/tripleo_ansible/roles/tripleo_httpd_config/templates/modules.conf.j2
new file mode 100644
index 000000000..ae2f8c22c
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_config/templates/modules.conf.j2
@@ -0,0 +1,18 @@
+# File managed by tripleo_ansible/tripleo_httpd_config
+{% set modules_list = tripleo_httpd_config_default_mods|combine(tripleo_httpd_config_mods) %}
+{% for module_name in modules_list %}
+{% set so_name = modules_list[module_name]|json_query('[].so_name')|join('') %}
+{% if so_name == '' %}
+{% set so_name = module_name %}
+{% endif %}
+# BEGIN load module {{ module_name }}
+LoadModule {{ module_name }}_module modules/mod_{{ so_name }}.so
+{% for module_config in modules_list[module_name] %}
+{% for config_key, config_value in module_config.items() %}
+{% if config_key != 'so_name' %}
+{{ config_key }} {{ config_value }}
+{% endif %}
+{% endfor %}
+{% endfor %}
+# END load module {{ module_name }}
+{% endfor %}
diff --git a/tripleo_ansible/roles/tripleo_httpd_config/vars/main.yml b/tripleo_ansible/roles/tripleo_httpd_config/vars/main.yml
new file mode 100644
index 000000000..15e6ba8c3
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_config/vars/main.yml
@@ -0,0 +1,117 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+# While options found within the vars/ path can be overridden using extra
+# vars, items within this path are considered part of the role and not
+# intended to be modified.
+
+# All variables within this role should have a prefix of "tripleo_httpd_config"
+
+tripleo_httpd_config_base_dir: '/var/lib/config-data/ansible-generated'
+
+# Those are the default modules loaded by apache when managed by puppetlabs
+# with apache::default_mods set to false.
+# We also enable ssl module by default, but not wsgi.
+tripleo_httpd_config_default_mods:
+ authz_core: []
+ authz_host: []
+ filter: []
+ log_config: []
+ mime:
+ - TypesConfig: "/etc/mime.types"
+ - AddType: "application/x-compress .Z"
+ - AddType: "application/x-gzip .gz .tgz"
+ - AddType: "application/x-bzip2 .bz2"
+ - AddType: "text/html .shtml"
+ - AddLanguage: "ca .ca"
+ - AddLanguage: "cs .cz .cs"
+ - AddLanguage: "da .dk"
+ - AddLanguage: "de .de"
+ - AddLanguage: "el .el"
+ - AddLanguage: "en .en"
+ - AddLanguage: "eo .eo"
+ - AddLanguage: "es .es"
+ - AddLanguage: "et .et"
+ - AddLanguage: "fr .fr"
+ - AddLanguage: "he .he"
+ - AddLanguage: "hr .hr"
+ - AddLanguage: "it .it"
+ - AddLanguage: "ja .ja"
+ - AddLanguage: "ko .ko"
+ - AddLanguage: "ltz .ltz"
+ - AddLanguage: "nl .nl"
+ - AddLanguage: "nn .nn"
+ - AddLanguage: "no .no"
+ - AddLanguage: "pl .po"
+ - AddLanguage: "pt .pt"
+ - AddLanguage: "pt-BR .pt-br"
+ - AddLanguage: "ru .ru"
+ - AddLanguage: "sv .sv"
+ - AddLanguage: "zh-CN .zh-cn"
+ - AddLanguage: "zh-TW .zh-tw"
+ - AddHandler: "type-map var"
+ - AddOutputFilter: "INCLUDES .shtml"
+ mpm_prefork:
+ - StartServers: 8
+ - MinSpareServers: 5
+ - MaxSpareServers: 20
+ - ServerLimit: " {{ tripleo_httpd_config_prefork_serverlimit | default(100) }}"
+ - MaxRequestWorkers: "{{ tripleo_httpd_config_prefork_maxrequestworkers | default(100) }}"
+ - MaxRequestsPerChild: 4000
+ - ListenBacklog: 511
+ setenvif:
+ - BrowserMatch: '"Mozilla/2" nokeepalive'
+ - BrowserMatch: '"MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0'
+ - BrowserMatch: '"RealPlayer 4\.0" force-response-1.0'
+ - BrowserMatch: '"Java/1\.0" force-response-1.0'
+ - BrowserMatch: '"JDK/1\.0" force-response-1.0'
+ - BrowserMatch: '"Microsoft Data Access Internet Publishing Provider" redirect-carefully'
+ - BrowserMatch: '"MS FrontPage" redirect-carefully'
+ - BrowserMatch: '"^WebDrive" redirect-carefully'
+ - BrowserMatch: '"^WebDAVFS/1.[0123]" redirect-carefully'
+ - BrowserMatch: '"^gnome-vfs/1.0" redirect-carefully'
+ - BrowserMatch: '"^gvfs/1" redirect-carefully'
+ - BrowserMatch: '"^XML Spy" redirect-carefully'
+ - BrowserMatch: '"^Dreamweaver-WebDAV-SCM1" redirect-carefully'
+ - BrowserMatch: '" Konqueror/4" redirect-carefully'
+ - BrowserMatch: '"MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0'
+ - BrowserMatch: '"MSIE [17-9]" ssl-unclean-shutdown'
+ socache_shmcb: []
+ status: []
+ systemd: []
+ unixd: []
+
+# These configurations are the same as provided by default by puppetlabs-apache
+tripleo_httpd_config_default_httpd_conf:
+ ServerTokens: 'Prod'
+ ServerSignature: 'Off'
+ TraceEnable: 'Off'
+ ServerRoot: '/etc/httpd'
+ PidFile: 'run/httpd.pid'
+ TimeOut: 90
+ KeepAlive: 'On'
+ MaxKeepAliveRequests: 100
+ KeepAliveTimeout: 15
+ LimitRequestFieldSize: 8190
+ LimitRequestFields: 100
+ User: 'apache'
+ Group: 'apache'
+ AccessFileName: '.htaccess'
+ HostnameLookups: 'Off'
+ ErrorLog: '/var/log/httpd/error_log'
+ LogLevel: 'warn'
+ EnableSendfile: 'On'
diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/defaults/main.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/defaults/main.yml
new file mode 100644
index 000000000..c611c2753
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_vhost/defaults/main.yml
@@ -0,0 +1,79 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+# All variables intended for modification should be placed in this file.
+
+# All variables within this role should have a prefix of "tripleo_httpd_vhost"
+tripleo_httpd_vhost_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
+tripleo_httpd_vhost_hide_sensitive_logs: true
+
+tripleo_httpd_vhost_service_name: null
+tripleo_httpd_vhost_config: "{{ tripleo_httpd_vhost_base_dir }}/{{ tripleo_httpd_vhost_service_name }}/etc/httpd"
+
+tripleo_httpd_vhost_access_log_name: "{{ tripleo_httpd_vhost_service_name }}"
+tripleo_httpd_vhost_access_log_file: "/var/log/httpd/{{ tripleo_httpd_vhost_access_log_name }}_access.log"
+tripleo_httpd_vhost_access_log_format: 'combined'
+tripleo_httpd_vhost_aliases: null
+tripleo_httpd_vhost_allow_encoded_slashes: null
+tripleo_httpd_vhost_bind_host: '*'
+tripleo_httpd_vhost_custom_options: {}
+tripleo_httpd_vhost_bind_port: 80
+tripleo_httpd_vhost_custom_wsgi_process_options: {}
+tripleo_httpd_vhost_document_root: '/var/www/cgi-bin'
+tripleo_httpd_vhost_error_log_file: "/var/log/httpd/{{ tripleo_httpd_vhost_access_log_name }}_error.log"
+tripleo_httpd_vhost_group: 'apache'
+tripleo_httpd_vhost_headers: []
+tripleo_httpd_vhost_path: '/'
+tripleo_httpd_vhost_priority: 10
+tripleo_httpd_vhost_proxy: false
+tripleo_httpd_vhost_proxy_requests: 'Off'
+tripleo_httpd_vhost_proxy_preserve_host: 'Off'
+tripleo_httpd_vhost_proxy_path: '/'
+tripleo_httpd_vhost_proxy_host: null
+tripleo_httpd_vhost_proxy_port: null
+tripleo_httpd_vhost_proxy_params:
+ retry: 10
+tripleo_httpd_vhost_request_headers: []
+tripleo_httpd_vhost_servername: "{{ ansible_facts['fqdn'] }}"
+tripleo_httpd_vhost_setenv: []
+tripleo_httpd_vhost_set_wsgi_import_script: false
+tripleo_httpd_vhost_ssl_ca: null
+tripleo_httpd_vhost_ssl_certs_dir: null
+tripleo_httpd_vhost_ssl_cert: null
+tripleo_httpd_vhost_ssl_chain: null
+tripleo_httpd_vhost_ssl_crl_path: null
+tripleo_httpd_vhost_ssl_crl: null
+tripleo_httpd_vhost_ssl: false
+tripleo_httpd_vhost_ssl_key: null
+tripleo_httpd_vhost_ssl_verify_client: null
+tripleo_httpd_vhost_threads: 1
+tripleo_httpd_vhost_user: 'apache'
+tripleo_httpd_vhost_vhost_custom_fragment: null
+# Originaly, in openstacklib, it's using a custom $::os_workers fact
+# https://github.com/openstack/puppet-openstacklib/blob/master/manifests/wsgi/apache.pp#L103-L105
+# https://github.com/openstack/puppet-openstacklib/blob/master/lib/facter/os_workers.rb#L42-L47
+tripleo_httpd_vhost_workers: "{{ ([12, [ansible_facts['processor_count'] / 2, 2]|max ]|min)|int }}"
+tripleo_httpd_vhost_wsgi: false
+tripleo_httpd_vhost_wsgi_application_group: '%{GLOBAL}'
+tripleo_httpd_vhost_wsgi_chunked_request: null
+tripleo_httpd_vhost_wsgi_daemon_process: "{{ tripleo_httpd_vhost_service_name }}"
+tripleo_httpd_vhost_wsgi_import_script_options: {}
+tripleo_httpd_vhost_wsgi_import_script: false
+tripleo_httpd_vhost_wsgi_pass_authorization: null
+tripleo_httpd_vhost_wsgi_process_display_name: "{{ tripleo_httpd_vhost_service_name }}"
+tripleo_httpd_vhost_wsgi_process_group: "{{ tripleo_httpd_vhost_service_name }}"
+tripleo_httpd_vhost_wsgi_script_alias: null
diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/meta/main.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/meta/main.yml
new file mode 100644
index 000000000..16b0d4d53
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_vhost/meta/main.yml
@@ -0,0 +1,43 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+galaxy_info:
+ author: OpenStack
+ description: TripleO OpenStack Role -- tripleo_httpd_vhost
+ company: Red Hat
+ license: Apache-2.0
+ min_ansible_version: 2.7
+ namespace: openstack
+ #
+ # Provide a list of supported platforms, and for each platform a list of versions.
+ # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+ # To view available platforms and versions (or releases), visit:
+ # https://galaxy.ansible.com/api/v1/platforms/
+ #
+ platforms:
+ - name: CentOS
+ versions:
+ - 8
+ - 9
+
+ galaxy_tags:
+ - tripleo
+
+
+# List your role dependencies here, one per line. Be sure to remove the '[]' above,
+# if you add dependencies to this list.
+dependencies: []
diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/default/converge.yml
new file mode 100644
index 000000000..59eabf144
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/default/converge.yml
@@ -0,0 +1,42 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Converge
+ hosts: all
+ vars:
+ tripleo_httpd_vhost_config: /etc/httpd
+ tripleo_httpd_vhost_service_name: default
+ tripleo_httpd_vhost_user: bar
+ tripleo_httpd_vhost_priority: 20
+ roles:
+ - "tripleo_httpd_vhost"
+ tasks:
+ - name: Validate httpd configuration
+ command: apachectl -t
+ - name: Validate some content in the generated file
+ register: validate_lines
+ lineinfile:
+ path: /etc/httpd/conf.d/20-default.conf
+ line: "{{ item }}"
+ loop:
+ - ""
+ - " ServerName {{ ansible_facts['fqdn'] }}"
+ - name: Fail if file changed
+ when: item.changed|bool
+ fail:
+ msg: 'Configuration is missing some content'
+ loop: "{{ validate_lines.results }}"
diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/default/molecule.yml
new file mode 100644
index 000000000..0d6a35358
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/default/molecule.yml
@@ -0,0 +1,27 @@
+---
+driver:
+ name: podman
+
+provisioner:
+ inventory:
+ hosts:
+ all:
+ hosts:
+ centos:
+ ansible_python_interpreter: /usr/bin/python3
+ name: ansible
+ log: true
+ env:
+ ANSIBLE_STDOUT_CALLBACK: yaml
+
+scenario:
+ name: default
+ test_sequence:
+ - destroy
+ - create
+ - prepare
+ - converge
+ - destroy
+
+verifier:
+ name: testinfra
diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/default/prepare.yml
new file mode 100644
index 000000000..16004e465
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/default/prepare.yml
@@ -0,0 +1,33 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Prepare
+ hosts: all
+ roles:
+ - role: test_deps
+ test_deps_extra_packages:
+ - httpd
+ - mod_ssl
+ - role: env_data
+ tasks:
+ - name: Create bar user
+ user:
+ name: bar
+ - name: Empty default config files
+ file:
+ path: /etc/httpd/conf.d
+ state: absent
diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/missing-vars/converge.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/missing-vars/converge.yml
new file mode 100644
index 000000000..65c2e7482
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/missing-vars/converge.yml
@@ -0,0 +1,51 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Converge
+ hosts: all
+ tasks:
+ - name: Missing all vars
+ block:
+ - name: Set up wsgi
+ include_role:
+ role: "tripleo_httpd_vhost"
+ rescue:
+ - name: Clean host errors
+ meta: clear_host_errors
+ - name: Successful output
+ debug:
+ msg: "Properly failed as expected"
+
+ - name: Missing only one var
+ vars:
+ tripleo_httpd_vhost_user: foo
+ block:
+ - name: Set up wsgi
+ include_role:
+ role: "tripleo_httpd_vhost"
+ rescue:
+ - name: Clean host errors
+ meta: clear_host_errors
+ - name: Successful output
+ debug:
+ msg: "Properly failed as expected"
+ - name: Exit play
+ meta: end_play
+
+ - name: Fail at this point
+ fail:
+ msg: 'Did not catch missing vars'
diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/missing-vars/molecule.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/missing-vars/molecule.yml
new file mode 100644
index 000000000..d066b399f
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/missing-vars/molecule.yml
@@ -0,0 +1,27 @@
+---
+driver:
+ name: podman
+
+provisioner:
+ inventory:
+ hosts:
+ all:
+ hosts:
+ centos:
+ ansible_python_interpreter: /usr/bin/python3
+ name: ansible
+ log: true
+ env:
+ ANSIBLE_STDOUT_CALLBACK: yaml
+
+scenario:
+ name: missing-vars
+ test_sequence:
+ - destroy
+ - create
+ - prepare
+ - converge
+ - destroy
+
+verifier:
+ name: testinfra
diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/missing-vars/prepare.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/missing-vars/prepare.yml
new file mode 100644
index 000000000..ec16f729a
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/missing-vars/prepare.yml
@@ -0,0 +1,22 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Prepare
+ hosts: all
+ roles:
+ - role: test_deps
+ - role: env_data
diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/proxy/converge.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/proxy/converge.yml
new file mode 100644
index 000000000..c7a850d32
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/proxy/converge.yml
@@ -0,0 +1,32 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Converge
+ hosts: all
+ vars:
+ tripleo_httpd_vhost_service_name: proxy
+ tripleo_httpd_vhost_user: bar
+ tripleo_httpd_vhost_proxy: true
+ tripleo_httpd_vhost_proxy_host: 127.0.0.1
+ tripleo_httpd_vhost_proxy_port: 8080
+ tripleo_httpd_config_mods:
+ proxy: []
+ roles:
+ - "tripleo_httpd_vhost"
+ tasks:
+ - name: Validate httpd configuration
+ command: apachectl -t
diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/proxy/molecule.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/proxy/molecule.yml
new file mode 100644
index 000000000..5ef5423c2
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/proxy/molecule.yml
@@ -0,0 +1,27 @@
+---
+driver:
+ name: podman
+
+provisioner:
+ inventory:
+ hosts:
+ all:
+ hosts:
+ centos:
+ ansible_python_interpreter: /usr/bin/python3
+ name: ansible
+ log: true
+ env:
+ ANSIBLE_STDOUT_CALLBACK: yaml
+
+scenario:
+ name: proxy
+ test_sequence:
+ - destroy
+ - create
+ - prepare
+ - converge
+ - destroy
+
+verifier:
+ name: testinfra
diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/proxy/prepare.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/proxy/prepare.yml
new file mode 100644
index 000000000..16004e465
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/proxy/prepare.yml
@@ -0,0 +1,33 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Prepare
+ hosts: all
+ roles:
+ - role: test_deps
+ test_deps_extra_packages:
+ - httpd
+ - mod_ssl
+ - role: env_data
+ tasks:
+ - name: Create bar user
+ user:
+ name: bar
+ - name: Empty default config files
+ file:
+ path: /etc/httpd/conf.d
+ state: absent
diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/ssl/converge.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/ssl/converge.yml
new file mode 100644
index 000000000..ba42de2ad
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/ssl/converge.yml
@@ -0,0 +1,36 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Converge
+ hosts: all
+ vars:
+ tripleo_httpd_vhost_config: /etc/httpd
+ tripleo_httpd_vhost_service_name: ssl
+ tripleo_httpd_vhost_user: bar
+ tripleo_httpd_vhost_ssl: true
+ tripleo_httpd_vhost_ssl_key: /etc/pki/foo.key
+ tripleo_httpd_vhost_ssl_cert: /etc/pki/foo.pem
+ tripleo_httpd_config_mods:
+ ssl:
+ - SSLCipherSuite: 'HIGH:MEDIUM:!aNULL:!MD5:!RC4:!3DES'
+ - SSLProtocol: 'all -SSLv2 -SSLv3 -TLSv1'
+ - SSLOptions: 'StdEnvVars'
+ roles:
+ - "tripleo_httpd_vhost"
+ tasks:
+ - name: Validate httpd configuration
+ command: apachectl -t
diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/ssl/molecule.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/ssl/molecule.yml
new file mode 100644
index 000000000..b410376c1
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/ssl/molecule.yml
@@ -0,0 +1,27 @@
+---
+driver:
+ name: podman
+
+provisioner:
+ inventory:
+ hosts:
+ all:
+ hosts:
+ centos:
+ ansible_python_interpreter: /usr/bin/python3
+ name: ansible
+ log: true
+ env:
+ ANSIBLE_STDOUT_CALLBACK: yaml
+
+scenario:
+ name: ssl
+ test_sequence:
+ - destroy
+ - create
+ - prepare
+ - converge
+ - destroy
+
+verifier:
+ name: testinfra
diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/ssl/prepare.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/ssl/prepare.yml
new file mode 100644
index 000000000..e694ee8fc
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/ssl/prepare.yml
@@ -0,0 +1,48 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Prepare
+ hosts: all
+ roles:
+ - role: test_deps
+ test_deps_extra_packages:
+ - httpd
+ - mod_ssl
+ - python3-cryptography
+ - role: env_data
+ tasks:
+ - name: Create bar user
+ user:
+ name: bar
+ - name: Empty default config files
+ file:
+ path: /etc/httpd/conf.d
+ state: absent
+ - name: Create private key
+ community.crypto.openssl_privatekey:
+ path: /etc/pki/foo.key
+ - name: Generate CSR
+ community.crypto.openssl_csr:
+ path: /etc/pki/foo.csr
+ privatekey_path: /etc/pki/foo.key
+ common_name: foo.bar
+ - name: Generate fake certificate
+ community.crypto.x509_certificate:
+ path: /etc/pki/foo.pem
+ privatekey_path: /etc/pki/foo.key
+ csr_path: /etc/pki/foo.csr
+ provider: selfsigned
diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/wsgi/converge.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/wsgi/converge.yml
new file mode 100644
index 000000000..d20bdb505
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/wsgi/converge.yml
@@ -0,0 +1,34 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Converge
+ hosts: all
+ vars:
+ tripleo_httpd_vhost_config: /etc/httpd
+ tripleo_httpd_vhost_service_name: wsgi
+ tripleo_httpd_vhost_user: bar
+ tripleo_httpd_vhost_wsgi: true
+ tripleo_httpd_vhost_wsgi_script_alias:
+ '/': '/var/www/cgi-bin/app'
+ tripleo_httpd_config_mods:
+ wsgi:
+ - so_name: 'wsgi_python3'
+ roles:
+ - "tripleo_httpd_vhost"
+ tasks:
+ - name: Validate httpd configuration
+ command: apachectl -t
diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/wsgi/molecule.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/wsgi/molecule.yml
new file mode 100644
index 000000000..00f890b24
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/wsgi/molecule.yml
@@ -0,0 +1,27 @@
+---
+driver:
+ name: podman
+
+provisioner:
+ inventory:
+ hosts:
+ all:
+ hosts:
+ centos:
+ ansible_python_interpreter: /usr/bin/python3
+ name: ansible
+ log: true
+ env:
+ ANSIBLE_STDOUT_CALLBACK: yaml
+
+scenario:
+ name: wsgi
+ test_sequence:
+ - destroy
+ - create
+ - prepare
+ - converge
+ - destroy
+
+verifier:
+ name: testinfra
diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/wsgi/prepare.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/wsgi/prepare.yml
new file mode 100644
index 000000000..f001c63ff
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_vhost/molecule/wsgi/prepare.yml
@@ -0,0 +1,34 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Prepare
+ hosts: all
+ roles:
+ - role: test_deps
+ test_deps_extra_packages:
+ - httpd
+ - mod_ssl
+ - python3-mod_wsgi
+ - role: env_data
+ tasks:
+ - name: Create bar user
+ user:
+ name: bar
+ - name: Empty default config files
+ file:
+ path: /etc/httpd/conf.d
+ state: absent
diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/tasks/install.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/tasks/install.yml
new file mode 100644
index 000000000..7f9fed902
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_vhost/tasks/install.yml
@@ -0,0 +1,22 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Call httpd_config role with appropriate parameters
+ vars:
+ tripleo_httpd_config_service: "{{ tripleo_httpd_vhost_service_name }}"
+ tripleo_httpd_config_directory: "{{ tripleo_httpd_vhost_config }}"
+ ansible.builtin.include_role:
+ role: tripleo_httpd_config
diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/tasks/main.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/tasks/main.yml
new file mode 100644
index 000000000..f1af28b16
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_vhost/tasks/main.yml
@@ -0,0 +1,79 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Ensure some of the parameters are properly set
+ ansible.builtin.fail:
+ msg: "{{ item.k }} must be set to an actual value!"
+ when: item.v == None
+ loop:
+ - k: 'tripleo_httpd_vhost_service_name'
+ v: "{{ tripleo_httpd_vhost_service_name }}"
+ - k: 'tripleo_httpd_vhost_user'
+ v: "{{ tripleo_httpd_vhost_user }}"
+
+- name: Check TLS parameters if needed
+ when:
+ - tripleo_httpd_vhost_ssl|bool
+ block:
+ - name: Ensure TLS related parameters are set
+ ansible.builtin.fail:
+ msg: "{{ item.k }} must be set if you enable TLS"
+ when: item.v == None
+ loop:
+ - k: 'tripleo_httpd_vhost_ssl_key'
+ v: "{{ tripleo_httpd_vhost_ssl_key }}"
+ - k: 'tripleo_httpd_vhost_ssl_cert'
+ v: "{{ tripleo_httpd_vhost_ssl_cert }}"
+
+- name: Check proxy parameters if needed
+ when:
+ - tripleo_httpd_vhost_proxy|bool
+ block:
+ - name: Ensure proxy parameters are set
+ ansible.builtin.fail:
+ msg: "{{ item.k }} must be set if you enable proxy"
+ when: item.v == None
+ loop:
+ - k: 'tripleo_httpd_vhost_proxy_host'
+ v: "{{ tripleo_httpd_vhost_proxy_host }}"
+ - k: 'tripleo_httpd_vhost_proxy_port'
+ v: "{{ tripleo_httpd_vhost_proxy_port }}"
+
+- name: Check wsgi parameters if needed
+ when:
+ - tripleo_httpd_vhost_wsgi|bool
+ block:
+ - name: Ensure wsgi parameters are set
+ ansible.builtin.fail:
+ msg: "{{ item.k }} must be set if you enable WSGI"
+ when: item.v == None
+ loop:
+ - k: 'tripleo_httpd_vhost_wsgi_script_alias'
+ v: "{{ tripleo_httpd_vhost_wsgi_script_alias }}"
+
+- name: Gather some facts
+ when: "'processor_count' not in ansible_facts or 'fqdn' not in ansible_facts"
+ ansible.builtin.setup:
+ gather_subset:
+ - '!all'
+ - 'min'
+ - 'processor_count'
+
+- name: Create needed directories
+ ansible.builtin.import_tasks: install.yml
+
+- name: Configure vhost
+ ansible.builtin.import_tasks: vhost.yml
diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/tasks/vhost.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/tasks/vhost.yml
new file mode 100644
index 000000000..61f6c1286
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_vhost/tasks/vhost.yml
@@ -0,0 +1,29 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Push vhost port
+ ansible.builtin.lineinfile:
+ path: "{{ tripleo_httpd_vhost_config }}/conf/ports.conf"
+ line: 'Listen {{ tripleo_httpd_vhost_bind_host }}:{{ tripleo_httpd_vhost_bind_port }}'
+ create: true
+ group: root
+ owner: root
+ mode: 0644
+
+- name: Push vhost configuration file
+ ansible.builtin.template:
+ dest: "{{ tripleo_httpd_vhost_config }}/conf.d/{{ tripleo_httpd_vhost_priority }}-{{ tripleo_httpd_vhost_service_name }}.conf"
+ src: vhost.conf.j2
diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/templates/proxy.inc.j2 b/tripleo_ansible/roles/tripleo_httpd_vhost/templates/proxy.inc.j2
new file mode 100644
index 000000000..14c2c988c
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_vhost/templates/proxy.inc.j2
@@ -0,0 +1,5 @@
+ # Proxy configuration
+ ProxyRequests {{ tripleo_httpd_vhost_proxy_requests }}
+ ProxyPreserveHost {{ tripleo_httpd_vhost_proxy_preserve_host }}
+ ProxyPass {{ tripleo_httpd_vhost_proxy_path }} http://{{ tripleo_httpd_vhost_proxy_host }}:{{ tripleo_httpd_vhost_proxy_port }}/ {{ tripleo_httpd_vhost_proxy_params.items() | map('join', '=') | join(' ') }}
+ ProxyPassReverse / http://{{ tripleo_httpd_vhost_proxy_host }}:{{ tripleo_httpd_vhost_proxy_port }}/
diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/templates/ssl.inc.j2 b/tripleo_ansible/roles/tripleo_httpd_vhost/templates/ssl.inc.j2
new file mode 100644
index 000000000..bcdddf11c
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_vhost/templates/ssl.inc.j2
@@ -0,0 +1,22 @@
+ # TLS configuration
+ SSLEngine on
+ SSLCertificateFile "{{ tripleo_httpd_vhost_ssl_cert }}"
+ SSLCertificateKeyFile "{{ tripleo_httpd_vhost_ssl_key }}"
+{% if tripleo_httpd_vhost_ssl_ca %}
+ SSLCACertificateFile "{{ tripleo_httpd_vhost_ssl_ca }}"
+{% endif %}
+{% if tripleo_httpd_vhost_ssl_verify_client %}
+ SSLVerifyClient {{ tripleo_httpd_vhost_ssl_verify_client }}
+{% endif %}
+{% if tripleo_httpd_vhost_ssl_chain %}
+ SSLCertificateChainFile "{{ tripleo_httpd_vhost_ssl_chain }}"
+{% endif %}
+{% if tripleo_httpd_vhost_ssl_crl_path %}
+ SSLCARevocationPath "{{ tripleo_httpd_vhost_ssl_crl_path }}"
+{% endif %}
+{% if tripleo_httpd_vhost_ssl_crl %}
+ SSLCARevocationFile "{{ tripleo_httpd_vhost_ssl_crl }}"
+{% endif %}
+{% if tripleo_httpd_vhost_ssl_certs_dir %}
+ SSLCACertificatePath "{{ tripleo_httpd_vhost_ssl_certs_dir }}"
+{% endif %}
diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/templates/vhost.conf.j2 b/tripleo_ansible/roles/tripleo_httpd_vhost/templates/vhost.conf.j2
new file mode 100644
index 000000000..dacdd6591
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_vhost/templates/vhost.conf.j2
@@ -0,0 +1,42 @@
+# File managed by tripleo-ansible/tripleo_httpd_vhost
+
+ ServerName {{ tripleo_httpd_vhost_servername }}
+
+ ## Vhost docroot
+ DocumentRoot "{{ tripleo_httpd_vhost_document_root }}"
+
+
+ Options -Indexes +FollowSymLinks +MultiViews
+ AllowOverride None
+ Require all granted
+
+
+ ## Logging
+ ErrorLog "{{ tripleo_httpd_vhost_error_log_file }}"
+ ServerSignature Off
+ CustomLog "{{ tripleo_httpd_vhost_access_log_file }}" {{ tripleo_httpd_vhost_access_log_format }}
+ SetEnvIf X-Forwarded-Proto https HTTPS=1
+{% for request_header in tripleo_httpd_vhost_request_headers %}
+ RequestHeader {{ request_header }}
+{% endfor -%}
+{% for header in tripleo_httpd_vhost_headers %}
+ Header {{ header }}
+{% endfor %}
+{% if tripleo_httpd_vhost_allow_encoded_slashes != None %}
+ AllowEncodedSlashes {{ tripleo_httpd_vhost_allow_encoded_slashes }}
+{% endif %}
+
+{% if tripleo_httpd_vhost_wsgi|bool %}
+{% include 'templates/wsgi.inc.j2' %}
+{% endif %}
+{% if tripleo_httpd_vhost_ssl|bool %}
+{% include 'templates/ssl.inc.j2' %}
+{% endif %}
+{% if tripleo_httpd_vhost_proxy|bool %}
+{% include 'templates/proxy.inc.j2' %}
+{% endif %}
+
+{%- for option, value in tripleo_httpd_vhost_custom_options.items() %}
+ {{ option }} {{ value }}
+{% endfor %}
+
diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/templates/wsgi.inc.j2 b/tripleo_ansible/roles/tripleo_httpd_vhost/templates/wsgi.inc.j2
new file mode 100644
index 000000000..88d2cf958
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_vhost/templates/wsgi.inc.j2
@@ -0,0 +1,38 @@
+ ## WSGI configuration
+{% set default_wsgi_opts = {'user': tripleo_httpd_vhost_user, 'group': tripleo_httpd_vhost_group, 'processes': tripleo_httpd_vhost_workers, 'threads': tripleo_httpd_vhost_threads, 'display-name': tripleo_httpd_vhost_wsgi_process_display_name} -%}
+{% set default_script_opts = {'process-group': tripleo_httpd_vhost_wsgi_daemon_process, 'application-group': tripleo_httpd_vhost_wsgi_application_group} -%}
+{% set wsgi_opt = default_wsgi_opts|combine(tripleo_httpd_vhost_custom_wsgi_process_options) -%}
+{% set script_opt = default_script_opts|combine(tripleo_httpd_vhost_wsgi_import_script_options) -%}
+{% set path_real = tripleo_httpd_vhost_path | regex_replace('(^/.*)/$', '\1') -%}
+
+{% if tripleo_httpd_vhost_wsgi_daemon_process is string %}
+ WSGIDaemonProcess {{ tripleo_httpd_vhost_wsgi_daemon_process }} {{ wsgi_opt.items()|map('join', '=')|join(' ') }}
+{% elif tripleo_httpd_vhost_wsgi_daemon_process is mapping %}
+{% for key, value in tripleo_httpd_vhost_wsgi_daemon_process.items() %}
+{% if value %}
+ WSGIDaemonProcess {{ key }} {{ value.items()|map('join', '=')|join(' ') }}
+{% else %}
+ WSGIDaemonProcess {{ key }}
+{% endif %}
+{% endfor -%}
+{% endif %}
+
+{%- if tripleo_httpd_vhost_wsgi_process_group %}
+ WSGIProcessGroup "{{ tripleo_httpd_vhost_wsgi_process_group }}"
+{% endif %}
+
+{%- for key, value in tripleo_httpd_vhost_wsgi_script_alias.items() %}
+ WSGIScriptAlias {{ key }} "{{ value }}"
+{% endfor %}
+
+{%- if tripleo_httpd_vhost_wsgi_application_group %}
+ WSGIApplicationGroup "{{ tripleo_httpd_vhost_wsgi_application_group }}"
+{% endif -%}
+
+{%- if tripleo_httpd_vhost_wsgi_pass_authorization %}
+ WSGIPassAuthorization {{ tripleo_httpd_vhost_wsgi_pass_authorization }}
+{% endif -%}
+
+{%- if tripleo_httpd_vhost_wsgi_chunked_request %}
+ WSGIChunkedRequest {{ tripleo_httpd_vhost_wsgi_chunked_request }}
+{% endif -%}
diff --git a/tripleo_ansible/roles/tripleo_httpd_vhost/vars/main.yml b/tripleo_ansible/roles/tripleo_httpd_vhost/vars/main.yml
new file mode 100644
index 000000000..9f1658170
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_httpd_vhost/vars/main.yml
@@ -0,0 +1,24 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+# While options found within the vars/ path can be overridden using extra
+# vars, items within this path are considered part of the role and not
+# intended to be modified.
+
+# All variables within this role should have a prefix of "tripleo_httpd_vhost"
+
+tripleo_httpd_vhost_base_dir: '/var/lib/config-data/ansible-generated'
diff --git a/zuul.d/molecule.yaml b/zuul.d/molecule.yaml
index 67f9b524e..e43bce1ae 100644
--- a/zuul.d/molecule.yaml
+++ b/zuul.d/molecule.yaml
@@ -35,6 +35,8 @@
- tripleo-ansible-centos-stream-molecule-tripleo_ha_wrapper
- tripleo-ansible-centos-stream-molecule-tripleo_hieradata
- tripleo-ansible-centos-stream-molecule-tripleo_hosts_entries
+ - tripleo-ansible-centos-stream-molecule-tripleo_httpd_config
+ - tripleo-ansible-centos-stream-molecule-tripleo_httpd_vhost
- tripleo-ansible-centos-stream-molecule-tripleo_image_serve
- tripleo-ansible-centos-stream-molecule-tripleo_iscsid
- tripleo-ansible-centos-stream-molecule-tripleo_kernel
@@ -105,6 +107,8 @@
- tripleo-ansible-centos-stream-molecule-tripleo_ha_wrapper
- tripleo-ansible-centos-stream-molecule-tripleo_hieradata
- tripleo-ansible-centos-stream-molecule-tripleo_hosts_entries
+ - tripleo-ansible-centos-stream-molecule-tripleo_httpd_config
+ - tripleo-ansible-centos-stream-molecule-tripleo_httpd_vhost
- tripleo-ansible-centos-stream-molecule-tripleo_image_serve
- tripleo-ansible-centos-stream-molecule-tripleo_iscsid
- tripleo-ansible-centos-stream-molecule-tripleo_kernel
@@ -174,6 +178,8 @@
- tripleo-ansible-centos-stream-molecule-tripleo_ha_wrapper
- tripleo-ansible-centos-stream-molecule-tripleo_hieradata
- tripleo-ansible-centos-stream-molecule-tripleo_hosts_entries
+ - tripleo-ansible-centos-stream-molecule-tripleo_httpd_config
+ - tripleo-ansible-centos-stream-molecule-tripleo_httpd_vhost
- tripleo-ansible-centos-stream-molecule-tripleo_image_serve
- tripleo-ansible-centos-stream-molecule-tripleo_iscsid
- tripleo-ansible-centos-stream-molecule-tripleo_kernel
@@ -453,6 +459,20 @@
parent: tripleo-ansible-centos-stream-base
vars:
tripleo_role_name: tripleo_hosts_entries
+- job:
+ files:
+ - ^tripleo_ansible/roles/tripleo_httpd_config/(?!meta).*
+ name: tripleo-ansible-centos-stream-molecule-tripleo_httpd_config
+ parent: tripleo-ansible-centos-stream-base
+ vars:
+ tripleo_role_name: tripleo_httpd_config
+- job:
+ files:
+ - ^tripleo_ansible/roles/tripleo_httpd_vhost/(?!meta).*
+ name: tripleo-ansible-centos-stream-molecule-tripleo_httpd_vhost
+ parent: tripleo-ansible-centos-stream-base
+ vars:
+ tripleo_role_name: tripleo_httpd_vhost
- job:
files:
- ^tripleo_ansible/roles/tripleo_image_serve/(?!meta).*