diff --git a/handlers/main.yml b/handlers/main.yml index cb1e223c..df3c0fd8 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -15,5 +15,5 @@ - name: Restart apache2 service: - name: "apache2" + name: "{{ horizon_system_service_name }}" state: "restarted" diff --git a/releasenotes/notes/os_horizon-centos-support-8070b736874602ee.yaml b/releasenotes/notes/os_horizon-centos-support-8070b736874602ee.yaml new file mode 100644 index 00000000..8978dd84 --- /dev/null +++ b/releasenotes/notes/os_horizon-centos-support-8070b736874602ee.yaml @@ -0,0 +1,3 @@ +--- +features: + - CentOS7/RHEL support has been added to the os_horizon role. diff --git a/tasks/horizon_apache.yml b/tasks/horizon_apache.yml index 09559cc3..a8045464 100644 --- a/tasks/horizon_apache.yml +++ b/tasks/horizon_apache.yml @@ -26,6 +26,8 @@ - { state: present, name: mpm_worker } - { state: present, name: rewrite } - { state: present, name: headers } + when: + - ansible_pkg_mgr == 'apt' notify: Restart apache2 - name: Drop apache2 configs @@ -34,37 +36,57 @@ dest: "{{ item.dest }}" owner: "{{ item.owner|default(horizon_system_user_name) }}" group: "{{ item.group|default(horizon_system_group_name) }}" - with_items: - - { src: "horizon_apache_ports.conf.j2", dest: "/etc/apache2/ports.conf", owner: "root", group: "root" } - - { src: "openstack_dashboard.conf.j2", dest: "/etc/apache2/sites-available/openstack-dashboard.conf" } + with_items: "{{ horizon_apache_configs }}" + notify: Restart apache2 + +- name: Disable default apache site + file: + path: "{{ item }}" + state: "absent" + with_items: "{{ horizon_apache_default_sites }}" notify: Restart apache2 - name: Enable Horizon Site file: - src: "/etc/apache2/sites-available/{{ item.name }}" - dest: "/etc/apache2/sites-enabled/{{ item.name }}" - state: "{{ item.state }}" - with_items: - - { state: link, name: openstack-dashboard.conf } - - { state: absent, name: 000-default.conf } + src: "{{ horizon_apache_site_available }}" + dest: "{{ horizon_apache_site_enabled }}" + state: "link" + when: + - horizon_apache_site_available is defined + - horizon_apache_site_enabled is defined notify: Restart apache2 - name: Ensure Apache ServerName lineinfile: - dest: "/etc/apache2/apache2.conf" + dest: "{{ horizon_apache_conf }}" line: "ServerName {{ horizon_server_name }}" notify: Restart apache2 - name: Ensure Apache ServerTokens lineinfile: - dest: "/etc/apache2/conf-available/security.conf" + dest: "{{ horizon_apache_security_conf }}" regexp: '^ServerTokens' line: "ServerTokens {{ horizon_apache_servertokens }}" notify: Restart apache2 - name: Ensure Apache ServerSignature lineinfile: - dest: "/etc/apache2/conf-available/security.conf" + dest: "{{ horizon_apache_security_conf }}" regexp: '^ServerSignature' line: "ServerSignature {{ horizon_apache_serversignature }}" notify: Restart apache2 + +# Removing the Listen from apache config to prevent conflick with ports.conf on CentOS +- name: remove Listen from Apache config + lineinfile: + dest: "{{ horizon_apache_security_conf }}" + regexp: '^(Listen.*)' + backrefs: yes + line: '#\1' + notify: Restart apache2 + +- name: Load service + service: + name: "{{ horizon_system_service_name }}" + enabled: "yes" + state: "started" diff --git a/tasks/horizon_install.yml b/tasks/horizon_install.yml index dc175c11..782febe3 100644 --- a/tasks/horizon_install.yml +++ b/tasks/horizon_install.yml @@ -20,6 +20,30 @@ when: - ansible_pkg_mgr == 'apt' +- name: Create horizon dir + file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner|default(horizon_system_user_name) }}" + group: "{{ item.group|default(horizon_system_group_name) }}" + mode: "{{ item.mode|default('0755') }}" + with_items: + - { path: "/etc/pki/tls/certs", owner: "root", group: "root" } + - { path: "/etc/pki/tls/private", owner: "root", group: "root" } + - { path: "/var/log/httpd", mode: "2755" } + when: ansible_pkg_mgr == 'yum' + +- name: Create system links + file: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + state: "link" + with_items: + - { src: "/etc/pki/tls/certs", dest: "/etc/ssl/certs" } + - { src: "/etc/pki/tls/private", dest: "/etc/ssl/private" } + - { src: "/var/log/httpd", dest: "/var/log/apache2" } + when: ansible_pkg_mgr == 'yum' + - name: Install distro packages package: name: "{{ item }}" diff --git a/tasks/main.yml b/tasks/main.yml index 31cc421c..1b586895 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -59,7 +59,9 @@ - name: Update the ca certificates command: "update-ca-certificates -f" - when: not horizon_external_ssl|bool + when: + - not horizon_external_ssl|bool + - ansible_pkg_mgr == 'apt' tags: - horizon-ssl diff --git a/vars/debian.yml b/vars/debian.yml index 4eafce7e..64d6aa4c 100644 --- a/vars/debian.yml +++ b/vars/debian.yml @@ -16,6 +16,8 @@ ## APT Cache options cache_timeout: 600 +horizon_system_service_name: apache2 + horizon_distro_packages: - apache2 - apache2-utils @@ -27,3 +29,17 @@ horizon_distro_packages: - openssl - python-mysqldb # required by the Ansible mysql_db module - gettext + +horizon_apache_conf: "/etc/apache2/apache2.conf" +horizon_apache_security_conf: "/etc/apache2/conf-available/security.conf" + +horizon_apache_site_available: "/etc/apache2/sites-available/openstack-dashboard.conf" +horizon_apache_site_enabled: "/etc/apache2/sites-enabled/openstack-dashboard.conf" + +horizon_apache_configs: + - { src: "horizon_apache_ports.conf.j2", dest: "/etc/apache2/ports.conf", owner: "root", group: "root" } + - { src: "openstack_dashboard.conf.j2", dest: "{{ horizon_apache_site_available }}" } + +horizon_apache_default_sites: + - "/etc/apache2/sites-enabled/000-default.conf" + diff --git a/vars/redhat-7.yml b/vars/redhat-7.yml new file mode 100644 index 00000000..77bb423c --- /dev/null +++ b/vars/redhat-7.yml @@ -0,0 +1,42 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +horizon_system_service_name: httpd + +horizon_distro_packages: + - cronie + - cronie-anacron + - gettext + - git + - httpd + - httpd-tools + - libxslt-devel + - mod_ssl + - mod_wsgi + - MySQL-python + - openssl + - openssl-libs + +horizon_apache_conf: "/etc/httpd/conf/httpd.conf" +horizon_apache_security_conf: "{{ horizon_apache_conf }}" + +horizon_apache_configs: + - { src: "horizon_apache_ports.conf.j2", dest: "/etc/httpd/conf.d/ports.conf", owner: "root", group: "root" } + - { src: "openstack_dashboard.conf.j2", dest: "/etc/httpd/conf.d/openstack-dashboard.conf" } + +horizon_apache_default_sites: + - "/etc/httpd/conf.d/userdir.conf" + - "/etc/httpd/conf.d/welcome.conf" + - "/etc/httpd/conf.d/ssl.conf"