Ensure that selected Apache MPM is enforced
At the moment services might have different MPM selected while all operating the same Apache setup, ie on metal setup. This results in failures to set selected MPMs, so eventually second run of roles after initial deployment will end up in failure (ie upgrade). This patch ensures that all except selected MPMs are disabled and do role get's the desired state of deployment. We also need to align selected MPM across all roles to avoid future conflicts. Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/930446 Change-Id: Ia3e4af7986166f0729840d2a61fb8f52ea053676
This commit is contained in:
parent
95641cbd26
commit
870451e554
@ -232,7 +232,7 @@ keystone_apache_servertokens: "Prod"
|
|||||||
keystone_apache_serversignature: "Off"
|
keystone_apache_serversignature: "Off"
|
||||||
|
|
||||||
## Apache MPM tunables
|
## Apache MPM tunables
|
||||||
keystone_httpd_mpm_backend: event
|
keystone_httpd_mpm_backend: "{{ openstack_apache_mpm_backend | default('event') }}"
|
||||||
keystone_httpd_mpm_server_limit: "{{ keystone_wsgi_processes }}"
|
keystone_httpd_mpm_server_limit: "{{ keystone_wsgi_processes }}"
|
||||||
keystone_httpd_mpm_start_servers: 2
|
keystone_httpd_mpm_start_servers: 2
|
||||||
keystone_httpd_mpm_min_spare_threads: 25
|
keystone_httpd_mpm_min_spare_threads: 25
|
||||||
|
@ -33,6 +33,27 @@
|
|||||||
group: "{{ keystone_apache_default_log_grp }}"
|
group: "{{ keystone_apache_default_log_grp }}"
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
|
||||||
|
- name: Ensure apache2 MPM for Debian/Ubuntu
|
||||||
|
apache2_module:
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
state: "{{ item.state }}"
|
||||||
|
warn_mpm_absent: false
|
||||||
|
with_items: "{{ keystone_apache_mpms | sort(attribute='state') }}"
|
||||||
|
when:
|
||||||
|
- ansible_facts['pkg_mgr'] == 'apt'
|
||||||
|
notify: Restart web server
|
||||||
|
|
||||||
|
- name: Ensure apache2 MPM for EL
|
||||||
|
copy:
|
||||||
|
content: |
|
||||||
|
LoadModule mpm_{{ keystone_httpd_mpm_backend }}_module modules/mod_mpm_{{ keystone_httpd_mpm_backend }}.so
|
||||||
|
|
||||||
|
dest: /etc/httpd/conf.modules.d/00-mpm.conf
|
||||||
|
mode: "0644"
|
||||||
|
when:
|
||||||
|
- ansible_facts['pkg_mgr'] == 'dnf'
|
||||||
|
notify: Restart web server
|
||||||
|
|
||||||
## NOTE(cloudnull):
|
## NOTE(cloudnull):
|
||||||
## Module enable/disable process is only functional on Debian
|
## Module enable/disable process is only functional on Debian
|
||||||
- name: Enable apache2 modules
|
- name: Enable apache2 modules
|
||||||
|
@ -82,6 +82,14 @@ keystone_apache_configs:
|
|||||||
- { src: "keystone-httpd.conf.j2", dest: "/etc/apache2/sites-available/keystone-httpd.conf" }
|
- { src: "keystone-httpd.conf.j2", dest: "/etc/apache2/sites-available/keystone-httpd.conf" }
|
||||||
- { src: "keystone-httpd-mpm.conf.j2", dest: "/etc/apache2/mods-available/mpm_{{ keystone_httpd_mpm_backend }}.conf" }
|
- { src: "keystone-httpd-mpm.conf.j2", dest: "/etc/apache2/mods-available/mpm_{{ keystone_httpd_mpm_backend }}.conf" }
|
||||||
|
|
||||||
|
keystone_apache_mpms:
|
||||||
|
- name: "mpm_event"
|
||||||
|
state: "{{ (keystone_httpd_mpm_backend == 'event') | ternary('present', 'absent') }}"
|
||||||
|
- name: "mpm_worker"
|
||||||
|
state: "{{ (keystone_httpd_mpm_backend == 'worker') | ternary('present', 'absent') }}"
|
||||||
|
- name: "mpm_prefork"
|
||||||
|
state: "{{ (keystone_httpd_mpm_backend == 'prefork') | ternary('present', 'absent') }}"
|
||||||
|
|
||||||
keystone_apache_modules:
|
keystone_apache_modules:
|
||||||
- name: "ssl"
|
- name: "ssl"
|
||||||
state: "{{ (keystone_backend_ssl | bool) | ternary('present', 'absent') }}"
|
state: "{{ (keystone_backend_ssl | bool) | ternary('present', 'absent') }}"
|
||||||
|
Loading…
Reference in New Issue
Block a user