--- # Copyright 2014, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - name: Create apache nogroup group group: name: "nogroup" system: "yes" - name: Create apache nogroup user user: name: "nogroup" group: "nogroup" system: "yes" shell: "/bin/false" - name: Ensure apache log folder exists file: dest: "{{ keystone_apache_default_log_folder }}" state: directory owner: "{{ keystone_apache_default_log_owner }}" group: "{{ keystone_apache_default_log_grp }}" mode: "0755" - name: Ensure apache2 MPM for Debian/Ubuntu apache2_module: name: "{{ item.name }}" state: "{{ item.state }}" warn_mpm_absent: false with_items: "{{ keystone_apache_mpms | sort(attribute='state') }}" when: - ansible_facts['pkg_mgr'] == 'apt' notify: Restart web server - name: Ensure apache2 MPM for EL copy: content: | LoadModule mpm_{{ keystone_httpd_mpm_backend }}_module modules/mod_mpm_{{ keystone_httpd_mpm_backend }}.so dest: /etc/httpd/conf.modules.d/00-mpm.conf mode: "0644" when: - ansible_facts['pkg_mgr'] == 'dnf' notify: Restart web server ## NOTE(cloudnull): ## Module enable/disable process is only functional on Debian - name: Enable apache2 modules apache2_module: name: "{{ item.name }}" state: "{{ item.state }}" with_items: "{{ keystone_apache_modules }}" when: - ansible_facts['pkg_mgr'] == 'apt' - item.state == 'present' notify: - Restart web server - name: Place apache2 config files template: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: "root" group: "root" mode: "0644" with_items: "{{ keystone_apache_configs }}" notify: - Restart web server ## NOTE(cloudnull): ## Module enable/disable process is only functional on Debian - name: Disable apache2 modules apache2_module: name: "{{ item.name }}" state: "{{ item.state }}" with_items: "{{ keystone_apache_modules }}" when: - ansible_facts['pkg_mgr'] == 'apt' - item.state == 'absent' notify: - Restart web server ## NOTE(andymccr): ## We need to enable a module for httpd on RedHat/CentOS using LoadModule inside conf files - name: Enable/disable proxy_uwsgi_module lineinfile: dest: '/etc/httpd/conf.modules.d/00-proxy.conf' line: 'LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so' state: "present" when: - ansible_facts['pkg_mgr'] == 'dnf' notify: - Restart web server - name: Disable default apache site file: path: "{{ item }}" state: "absent" with_items: "{{ keystone_apache_default_sites }}" notify: - Restart web server - name: Enabled keystone vhost file: src: "{{ keystone_apache_site_available }}" dest: "{{ keystone_apache_site_enabled }}" state: "link" when: - keystone_apache_site_available is defined - keystone_apache_site_enabled is defined notify: - Restart web server - name: Ensure Apache ServerName lineinfile: dest: "{{ keystone_apache_conf }}" line: "ServerName {{ ansible_facts['hostname'] }}" notify: - Restart web server - name: Ensure Apache ServerTokens lineinfile: dest: "{{ keystone_apache_security_conf }}" regexp: '^ServerTokens' line: "ServerTokens {{ keystone_apache_servertokens }}" notify: - Restart web server - name: Ensure Apache ServerSignature lineinfile: dest: "{{ keystone_apache_security_conf }}" regexp: '^ServerSignature' line: "ServerSignature {{ keystone_apache_serversignature }}" notify: - Restart web server - name: Remove Listen from Apache config lineinfile: dest: "{{ keystone_apache_conf }}" regexp: '^(Listen.*)' backrefs: yes line: '#\1' notify: - Restart web server