--- # Copyright 2014, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - name: Create apache nogroup group group: name: "nogroup" system: "yes" - name: Create apache nogroup user user: name: "nogroup" group: "nogroup" system: "yes" shell: "/bin/false" - name: Ensure apache log folder exists file: dest: "{{ keystone_apache_default_log_folder }}" state: directory owner: "{{ keystone_apache_default_log_owner }}" group: "{{ keystone_apache_default_log_grp }}" ## Workaround for https://github.com/ansible/ansible-modules-core/issues/5328 ## TODO: Replace using apache2_module when fixed in Ansible release ## NOTE(cloudnull): ## Module enable/disable process is only functional on Debian based systems. - name: Enable/disable apache2 modules command: "{{ (item.state == 'present') | ternary('a2enmod','a2dismod') }} {{ item.name }}" register: horizon_apache2_module changed_when: - horizon_apache2_module.stdout.find('{{ item.name }} already') == -1 - horizon_apache2_module.stderr.find('{{ item.name }} does not exist') == -1 failed_when: false with_items: - "{{ { 'name': 'ssl', 'state': (keystone_ssl | bool) | ternary('present', 'absent') } }}" - "{{ { 'name': 'shib2', 'state': ( keystone_sp != {} ) | ternary('present', 'absent') } }}" - "{{ { 'name': 'proxy_http', 'state': (keystone_mod_wsgi_enabled | bool) | ternary('absent', 'present') } }}" when: - ansible_pkg_mgr == 'apt' notify: - Restart service on first node - Restart service on other nodes ## NOTE(andymccr): ## We need to enable a module for httpd on RedHat/CentOS using LoadModule inside conf files - name: Enable/disable proxy_uwsgi_module lineinfile: dest: '/etc/httpd/conf.modules.d/00-proxy.conf' line: 'LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so' state: "{{ (keystone_mod_wsgi_enabled | bool) | ternary('absent', 'present') }}" when: - ansible_pkg_mgr == 'yum' notify: - Restart service on first node - Restart service on other nodes - name: Drop apache2 config files template: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: "root" group: "root" with_items: "{{ keystone_apache_configs }}" notify: - Restart service on first node - Restart service on other nodes - name: Disable default apache site file: path: "{{ item }}" state: "absent" with_items: "{{ keystone_apache_default_sites }}" notify: - Restart service on first node - Restart service on other nodes - name: Enabled keystone vhost file: src: "{{ keystone_apache_site_available }}" dest: "{{ keystone_apache_site_enabled }}" state: "link" when: - keystone_apache_site_available is defined - keystone_apache_site_enabled is defined notify: - Restart service on first node - Restart service on other nodes - name: Ensure Apache ServerName lineinfile: dest: "{{ keystone_apache_conf }}" line: "ServerName {{ ansible_hostname }}" notify: - Restart service on first node - Restart service on other nodes - name: Ensure Apache ServerTokens lineinfile: dest: "{{ keystone_apache_security_conf }}" regexp: '^ServerTokens' line: "ServerTokens {{ keystone_apache_servertokens }}" notify: - Restart service on first node - Restart service on other nodes - name: Ensure Apache ServerSignature lineinfile: dest: "{{ keystone_apache_security_conf }}" regexp: '^ServerSignature' line: "ServerSignature {{ keystone_apache_serversignature }}" notify: - Restart service on first node - Restart service on other nodes - name: remove Listen from Apache config lineinfile: dest: "{{ keystone_apache_conf }}" regexp: '^(Listen.*)' backrefs: yes line: '#\1' notify: - Restart service on first node - Restart service on other nodes ## NOTE(mgariepy): ## We need to enable httpd on CentOS if not it won't start when the container is restarted. - name: Load service service: name: "{{ keystone_system_service_name }}" enabled: "yes" notify: - Restart service on first node - Restart service on other nodes