Fix errors when enabling SSL for apache

keystone_ssl_enabled is used to determine whether or not to configure apache to use SSL. Currently when this variable is set to true the apache SSL module is not enabled. This commit adds a task to enable/disable the SSL module based on the variable keystone_ssl_enabled. The keystone-httpd.conf template causes a formatting error. This commit fixes the error so that additional whitespace is no longer added before SSLEngine. Change-Id: I1415e5822684af12e1a1dd8a306e708e8931fa38 Closes-bug: #1466827
2015-06-23 14:15:24 +01:00 · 2015-06-23 14:15:24 +01:00 · 7a8873415c
commit 7a8873415c
parent 9a868c3753
2 changed files with 9 additions and 2 deletions
--- a/tasks/keystone_apache.yml
+++ b/tasks/keystone_apache.yml
@ -56,3 +56,10 @@
    - Restart Apache
  tags:
    - keystone-httpd
+
+- name: Enable/disable mod_ssl for apache2
+  apache2_module:
+    name: ssl
+    state: "{{ (keystone_ssl_enabled | bool) | ternary('present', 'absent') }}"
+  tags:
+    - keystone-httpd
--- a/templates/keystone-httpd.conf.j2
+++ b/templates/keystone-httpd.conf.j2
@ -10,7 +10,7 @@ WSGIDaemonProcess keystone user={{ keystone_system_user_name }} group=nogroup pr
    CustomLog /var/log/keystone/ssl_access.log combined
    Options +FollowSymLinks

-    {% if keystone_ssl_enabled == true %}
+    {% if keystone_ssl_enabled == true -%}
    SSLEngine on
    SSLCertificateFile    {{ keystone_ssl_cert }}
    SSLCertificateKeyFile {{ keystone_ssl_key }}
@ -35,7 +35,7 @@ WSGIDaemonProcess keystone user={{ keystone_system_user_name }} group=nogroup pr
    CustomLog /var/log/keystone/ssl_access.log combined
    Options +FollowSymLinks

-    {% if keystone_ssl_enabled == true %}
+    {% if keystone_ssl_enabled == true -%}
    SSLEngine on
    SSLCertificateFile    {{ keystone_ssl_cert }}
    SSLCertificateKeyFile {{ keystone_ssl_key }}