openstack/openstack-ansible-os_keystone
Code Issues Proposed changes
c8631347e7
openstack-ansible-os_keystone/tasks/keystone_apache.yml
Jean-Philippe Evrard 15725b7128 Ensure the log folder exists 
Restarting the apache service under ubuntu read the envvars file.
This envvars contains the folder for logrotate. If the folder
doesn't exist or hasn't the apache permissions, the restart of
the service will fail.

We ensure here the folder properly exists, with the right
permissions.

Change-Id: I4abf785f6d3d8ca4a5fc3c9520d046618cf6f380
2017-03-07 17:31:16 +00:00

146 lines
4.6 KiB
YAML
Raw Blame History

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Create apache nogroup group
group:
name: "nogroup"
system: "yes"
- name: Create apache nogroup user
user:
name: "nogroup"
group: "nogroup"
system: "yes"
shell: "/bin/false"
- name: Ensure apache log folder exists
file:
dest: "{{ keystone_apache_default_log_folder }}"
state: directory
owner: "{{ keystone_apache_default_log_owner }}"
group: "{{ keystone_apache_default_log_grp }}"
## Workaround for https://github.com/ansible/ansible-modules-core/issues/5328
## TODO: Replace using apache2_module when fixed in Ansible release
## NOTE(cloudnull):
## Module enable/disable process is only functional on Debian based systems.
- name: Enable/disable apache2 modules
command: "{{ (item.state == 'present') | ternary('a2enmod','a2dismod') }} {{ item.name }}"
register: horizon_apache2_module
changed_when:
- horizon_apache2_module.stdout.find('{{ item.name }} already') == -1
- horizon_apache2_module.stderr.find('{{ item.name }} does not exist') == -1
failed_when: false
with_items:
- "{{ { 'name': 'ssl', 'state': (keystone_ssl | bool) | ternary('present', 'absent') } }}"
- "{{ { 'name': 'shib2', 'state': ( keystone_sp != {} ) | ternary('present', 'absent') } }}"
- "{{ { 'name': 'proxy_http', 'state': (keystone_mod_wsgi_enabled | bool) | ternary('absent', 'present') } }}"
when:
- ansible_pkg_mgr == 'apt'
notify:
- Restart service on first node
- Restart service on other nodes
## NOTE(andymccr):
## We need to enable a module for httpd on RedHat/CentOS using LoadModule inside conf files
- name: Enable/disable proxy_uwsgi_module
lineinfile:
dest: '/etc/httpd/conf.modules.d/00-proxy.conf'
line: 'LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so'
state: "{{ (keystone_mod_wsgi_enabled | bool) | ternary('absent', 'present') }}"
when:
- ansible_pkg_mgr == 'yum'
notify:
- Restart service on first node
- Restart service on other nodes
- name: Drop apache2 config files
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "root"
group: "root"
with_items: "{{ keystone_apache_configs }}"
notify:
- Restart service on first node
- Restart service on other nodes
- name: Disable default apache site
file:
path: "{{ item }}"
state: "absent"
with_items: "{{ keystone_apache_default_sites }}"
notify:
- Restart service on first node
- Restart service on other nodes
- name: Enabled keystone vhost
file:
src: "{{ keystone_apache_site_available }}"
dest: "{{ keystone_apache_site_enabled }}"
state: "link"
when:
- keystone_apache_site_available is defined
- keystone_apache_site_enabled is defined
notify:
- Restart service on first node
- Restart service on other nodes
- name: Ensure Apache ServerName
lineinfile:
dest: "{{ keystone_apache_conf }}"
line: "ServerName {{ ansible_hostname }}"
notify:
- Restart service on first node
- Restart service on other nodes
- name: Ensure Apache ServerTokens
lineinfile:
dest: "{{ keystone_apache_security_conf }}"
regexp: '^ServerTokens'
line: "ServerTokens {{ keystone_apache_servertokens }}"
notify:
- Restart service on first node
- Restart service on other nodes
- name: Ensure Apache ServerSignature
lineinfile:
dest: "{{ keystone_apache_security_conf }}"
regexp: '^ServerSignature'
line: "ServerSignature {{ keystone_apache_serversignature }}"
notify:
- Restart service on first node
- Restart service on other nodes
- name: remove Listen from Apache config
lineinfile:
dest: "{{ keystone_apache_conf }}"
regexp: '^(Listen.*)'
backrefs: yes
line: '#\1'
notify:
- Restart service on first node
- Restart service on other nodes
## NOTE(mgariepy):
## We need to enable httpd on CentOS if not it won't start when the container is restarted.
- name: Load service
service:
name: "{{ keystone_system_service_name }}"
enabled: "yes"
notify:
- Restart service on first node
- Restart service on other nodes
View Git Blame Copy Permalink