From 92b1b97885594027d3c98b5eb40eac52a2cb2d62 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Tue, 17 Sep 2024 20:19:00 +0200 Subject: [PATCH] Ensure that selected Apache MPM is enforced At the moment services might have different MPM selected while all operating the same Apache setup, ie on metal setup. This results in failures to set selected MPMs, so eventually second run of roles after initial deployment will end up in failure (ie upgrade). This patch ensures that all except selected MPMs are disabled and do role get's the desired state of deployment. We also need to align selected MPM across all roles to avoid future conflicts. Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/930272 Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-repo_server/+/929690 Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/930446 Change-Id: I480222993a63af41cfba65464f5b5c8585b2d4fd --- defaults/main.yml | 1 + .../horizon_apache_mpm-2a34436635f1bef9.yaml | 8 +++++++ tasks/horizon_apache.yml | 22 +++++++++++++++++++ vars/debian.yml | 12 ++++++---- 4 files changed, 39 insertions(+), 4 deletions(-) create mode 100644 releasenotes/notes/horizon_apache_mpm-2a34436635f1bef9.yaml diff --git a/defaults/main.yml b/defaults/main.yml index eaafea5a..cf576e6d 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -162,6 +162,7 @@ horizon_endpoint_type: internalURL horizon_server_name: "{{ ansible_facts['fqdn'] | default('horizon') }}" +horizon_apache_mpm_backend: "{{ openstack_apache_mpm_backend | default('event') }}" horizon_apache_servertokens: "Prod" horizon_apache_serversignature: "Off" horizon_log_level: info diff --git a/releasenotes/notes/horizon_apache_mpm-2a34436635f1bef9.yaml b/releasenotes/notes/horizon_apache_mpm-2a34436635f1bef9.yaml new file mode 100644 index 00000000..63158ddc --- /dev/null +++ b/releasenotes/notes/horizon_apache_mpm-2a34436635f1bef9.yaml @@ -0,0 +1,8 @@ +--- + +upgrade: + - | + In order to align used Apache MPM across the board, Horizon default + MPM is switched from ``worker`` to ``event``. + A variable ``horizon_apache_mpm_backend`` was introduced to define + the MPM in use. diff --git a/tasks/horizon_apache.yml b/tasks/horizon_apache.yml index 018f7ff0..cf9afd8a 100644 --- a/tasks/horizon_apache.yml +++ b/tasks/horizon_apache.yml @@ -13,6 +13,28 @@ # See the License for the specific language governing permissions and # limitations under the License. +- name: Ensure apache2 MPM for Debian/Ubuntu + apache2_module: + name: "{{ item.name }}" + state: "{{ item.state }}" + ignore_configcheck: yes + warn_mpm_absent: false + with_items: "{{ horizon_apache_mpms | sort(attribute='state') }}" + when: + - ansible_facts['pkg_mgr'] == 'apt' + notify: Restart wsgi process + +- name: Ensure apache2 MPM for EL + copy: + content: | + LoadModule mpm_{{ horizon_apache_mpm_backend }}_module modules/mod_mpm_{{ horizon_apache_mpm_backend }}.so + + dest: /etc/httpd/conf.modules.d/00-mpm.conf + mode: "0644" + when: + - ansible_facts['pkg_mgr'] == 'dnf' + notify: Restart wsgi process + # NOTE(hwoarang): Module enable/disable process is only functional on Debian - name: Enable apache2 modules apache2_module: diff --git a/vars/debian.yml b/vars/debian.yml index eda4fa34..fbea8c0a 100644 --- a/vars/debian.yml +++ b/vars/debian.yml @@ -53,15 +53,19 @@ horizon_apache_default_sites: - "/etc/apache2/sites-enabled/000-default.conf" - "/etc/apache2/conf-enabled/other-vhosts-access-log.conf" +horizon_apache_mpms: + - name: "mpm_event" + state: "{{ (horizon_apache_mpm_backend == 'event') | ternary('present', 'absent') }}" + - name: "mpm_worker" + state: "{{ (horizon_apache_mpm_backend == 'worker') | ternary('present', 'absent') }}" + - name: "mpm_prefork" + state: "{{ (horizon_apache_mpm_backend == 'prefork') | ternary('present', 'absent') }}" + horizon_apache_modules: - name: "wsgi" state: "present" - name: "ssl" state: "present" - - name: "mpm_event" - state: "absent" - - name: "mpm_worker" - state: "present" - name: "rewrite" state: "present" - name: "headers"