Ensure that selected Apache MPM is enforced

At the moment services might have different MPM selected while all
operating the same Apache setup, ie on metal setup.
This results in failures to set selected MPMs, so eventually second run
of roles after initial deployment will end up in failure (ie upgrade).

This patch ensures that all except selected MPMs are disabled and do
role get's the desired state of deployment.

We also need to align selected MPM across all roles to avoid
future conflicts.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/930272
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-repo_server/+/929690
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/930446
Change-Id: I480222993a63af41cfba65464f5b5c8585b2d4fd
This commit is contained in:
Dmitriy Rabotyagov 2024-09-17 20:19:00 +02:00 committed by Jonathan Rosser
parent b0d9b99f70
commit 92b1b97885
4 changed files with 39 additions and 4 deletions

View File

@ -162,6 +162,7 @@ horizon_endpoint_type: internalURL
horizon_server_name: "{{ ansible_facts['fqdn'] | default('horizon') }}" horizon_server_name: "{{ ansible_facts['fqdn'] | default('horizon') }}"
horizon_apache_mpm_backend: "{{ openstack_apache_mpm_backend | default('event') }}"
horizon_apache_servertokens: "Prod" horizon_apache_servertokens: "Prod"
horizon_apache_serversignature: "Off" horizon_apache_serversignature: "Off"
horizon_log_level: info horizon_log_level: info

View File

@ -0,0 +1,8 @@
---
upgrade:
- |
In order to align used Apache MPM across the board, Horizon default
MPM is switched from ``worker`` to ``event``.
A variable ``horizon_apache_mpm_backend`` was introduced to define
the MPM in use.

View File

@ -13,6 +13,28 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
- name: Ensure apache2 MPM for Debian/Ubuntu
apache2_module:
name: "{{ item.name }}"
state: "{{ item.state }}"
ignore_configcheck: yes
warn_mpm_absent: false
with_items: "{{ horizon_apache_mpms | sort(attribute='state') }}"
when:
- ansible_facts['pkg_mgr'] == 'apt'
notify: Restart wsgi process
- name: Ensure apache2 MPM for EL
copy:
content: |
LoadModule mpm_{{ horizon_apache_mpm_backend }}_module modules/mod_mpm_{{ horizon_apache_mpm_backend }}.so
dest: /etc/httpd/conf.modules.d/00-mpm.conf
mode: "0644"
when:
- ansible_facts['pkg_mgr'] == 'dnf'
notify: Restart wsgi process
# NOTE(hwoarang): Module enable/disable process is only functional on Debian # NOTE(hwoarang): Module enable/disable process is only functional on Debian
- name: Enable apache2 modules - name: Enable apache2 modules
apache2_module: apache2_module:

View File

@ -53,15 +53,19 @@ horizon_apache_default_sites:
- "/etc/apache2/sites-enabled/000-default.conf" - "/etc/apache2/sites-enabled/000-default.conf"
- "/etc/apache2/conf-enabled/other-vhosts-access-log.conf" - "/etc/apache2/conf-enabled/other-vhosts-access-log.conf"
horizon_apache_mpms:
- name: "mpm_event"
state: "{{ (horizon_apache_mpm_backend == 'event') | ternary('present', 'absent') }}"
- name: "mpm_worker"
state: "{{ (horizon_apache_mpm_backend == 'worker') | ternary('present', 'absent') }}"
- name: "mpm_prefork"
state: "{{ (horizon_apache_mpm_backend == 'prefork') | ternary('present', 'absent') }}"
horizon_apache_modules: horizon_apache_modules:
- name: "wsgi" - name: "wsgi"
state: "present" state: "present"
- name: "ssl" - name: "ssl"
state: "present" state: "present"
- name: "mpm_event"
state: "absent"
- name: "mpm_worker"
state: "present"
- name: "rewrite" - name: "rewrite"
state: "present" state: "present"
- name: "headers" - name: "headers"