From 7a8873415c34bf8092316a4345475f5aed9d13d9 Mon Sep 17 00:00:00 2001
From: git-harry <git-harry@live.co.uk>
Date: Tue, 23 Jun 2015 14:15:24 +0100
Subject: [PATCH] Fix errors when enabling SSL for apache

keystone_ssl_enabled is used to determine whether or not to configure
apache to use SSL. Currently when this variable is set to true the
apache SSL module is not enabled.

This commit adds a task to enable/disable the SSL module based on the
variable keystone_ssl_enabled.

The keystone-httpd.conf template causes a formatting error. This commit
fixes the error so that additional whitespace is no longer added before
SSLEngine.

Change-Id: I1415e5822684af12e1a1dd8a306e708e8931fa38
Closes-bug: #1466827
---
 tasks/keystone_apache.yml        | 7 +++++++
 templates/keystone-httpd.conf.j2 | 4 ++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/tasks/keystone_apache.yml b/tasks/keystone_apache.yml
index b553e042..6fb72969 100644
--- a/tasks/keystone_apache.yml
+++ b/tasks/keystone_apache.yml
@@ -56,3 +56,10 @@
     - Restart Apache
   tags:
     - keystone-httpd
+
+- name: Enable/disable mod_ssl for apache2
+  apache2_module:
+    name: ssl
+    state: "{{ (keystone_ssl_enabled | bool) | ternary('present', 'absent') }}"
+  tags:
+    - keystone-httpd
diff --git a/templates/keystone-httpd.conf.j2 b/templates/keystone-httpd.conf.j2
index a5fc9ed4..3c86f325 100644
--- a/templates/keystone-httpd.conf.j2
+++ b/templates/keystone-httpd.conf.j2
@@ -10,7 +10,7 @@ WSGIDaemonProcess keystone user={{ keystone_system_user_name }} group=nogroup pr
     CustomLog /var/log/keystone/ssl_access.log combined
     Options +FollowSymLinks
 
-    {% if keystone_ssl_enabled == true %}
+    {% if keystone_ssl_enabled == true -%}
     SSLEngine on
     SSLCertificateFile    {{ keystone_ssl_cert }}
     SSLCertificateKeyFile {{ keystone_ssl_key }}
@@ -35,7 +35,7 @@ WSGIDaemonProcess keystone user={{ keystone_system_user_name }} group=nogroup pr
     CustomLog /var/log/keystone/ssl_access.log combined
     Options +FollowSymLinks
 
-    {% if keystone_ssl_enabled == true %}
+    {% if keystone_ssl_enabled == true -%}
     SSLEngine on
     SSLCertificateFile    {{ keystone_ssl_cert }}
     SSLCertificateKeyFile {{ keystone_ssl_key }}