Import the apache and mod_wsgi roles from the main repo

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
2021-01-20 11:39:10 +01:00 · 2021-01-20 11:39:10 +01:00 · 74f79ee76e
commit 74f79ee76e
parent a7fb205256
10 changed files with 168 additions and 0 deletions
--- a/ansible/roles/apache/defaults/main.yml
+++ b/ansible/roles/apache/defaults/main.yml
@ -0,0 +1,2 @@
+---
+collectd_apache: true
--- a/ansible/roles/apache/files/httpd.logrotate
+++ b/ansible/roles/apache/files/httpd.logrotate
@ -0,0 +1,13 @@
+/var/log/httpd/*log {
+    daily
+    rotate 7
+    missingok
+    ifempty
+    compress
+    compresscmd /usr/bin/xz
+    uncompresscmd /usr/bin/xz
+    compressext .xz
+    dateext
+    sharedscripts
+    copytruncate
+}
--- a/ansible/roles/apache/handlers/main.yml
+++ b/ansible/roles/apache/handlers/main.yml
@ -0,0 +1,2 @@
+- name: restart apache
+  command: /usr/local/bin/conditional-restart.sh httpd httpd
--- a/ansible/roles/apache/tasks/main.yml
+++ b/ansible/roles/apache/tasks/main.yml
@ -0,0 +1,77 @@
+---
+# install apache(httpd)
+- name: install apache (package)
+  package:
+    state: present
+    name:
+    - httpd
+    - httpd-tools
+  tags:
+  - packages
+  - apache
+  when: ansible_cmdline.ostree is not defined
+
+- name: set apache running/enabled
+  service: name=httpd enabled=yes
+  ignore_errors: true
+  notify:
+  - reload apache
+  tags:
+  - service
+  - apache
+
+# install hash randomization hotfix
+- name: hotfix - copy over new httpd init script
+  copy: src="{{ files }}/hotfix/httpd/httpd.init" dest=/etc/init.d/httpd
+        owner=root group=root mode=0755
+  when: ansible_distribution_major_version|int <= 8 and ansible_distribution == 'RedHat'
+  notify:
+  - reload apache
+  tags:
+  - config
+  - hotfix
+  - apache
+
+- name: hotfix - copy over new httpd sysconfig (el7)
+  copy: src="{{ files }}/hotfix/httpd/httpd.sysconfig" dest=/etc/sysconfig/httpd
+  when: ansible_distribution_major_version|int == 7 and ansible_distribution == 'RedHat'
+  notify:
+  - reload apache
+  tags:
+  - config
+  - hotfix
+  - apache
+
+- name: add appserver headers.conf
+  template: src="headers.conf.j2" dest=/etc/httpd/conf.d/headers.conf
+  notify:
+  - reload apache
+  tags:
+  - config
+  - apache
+  - apache/headers
+
+- name: add appserver h2.conf
+  template: src="h2.conf.j2" dest=/etc/httpd/conf.d/h2.conf
+  when: ansible_distribution == 'Fedora'
+  notify:
+  - reload apache
+  tags:
+  - config
+  - apache
+  - h2
+
+- name: add apache_status location for collectd
+  template: src="apachestatus.conf" dest=/etc/httpd/conf.d/apachestatus.conf
+  notify:
+  - reload apache
+  tags:
+  - config
+  - apache
+  - apachestatus
+
+- name: setup logrotate to our needs
+  copy: src="httpd.logrotate" dest=/etc/logrotate.d/httpd
+  tags:
+  - config
+  - apache
--- a/ansible/roles/apache/templates/apachestatus.conf
+++ b/ansible/roles/apache/templates/apachestatus.conf
@ -0,0 +1,14 @@
+ExtendedStatus on
+
+<Location /apache-status>
+    SetHandler server-status
+    <IfModule mod_authz_core.c>
+    # Apache 2.4
+    <RequireAny>
+        Require ip 127.0.0.1
+	Require ip ::1
+	Require host localhost
+	Require valid-user
+    </RequireAny>
+    </IfModule>
+</Location>
--- a/ansible/roles/apache/templates/h2.conf.j2
+++ b/ansible/roles/apache/templates/h2.conf.j2
@ -0,0 +1 @@
+Protocols h2 {% if not inventory_hostname.startswith('proxy') %} h2c {% endif %} http/1.1
--- a/ansible/roles/apache/templates/headers.conf.j2
+++ b/ansible/roles/apache/templates/headers.conf.j2
@ -0,0 +1,10 @@
+ServerTokens ProductOnly
+
+Header set AppTime "%D"
+PassEnv HOSTNAME
+{% if 'proxy' in inventory_hostname %}
+Header set X-Fedora-ProxyServer "{{ inventory_hostname }}"
+{% else %}
+Header set X-Fedora-AppServer "{{ inventory_hostname }}"
+{% endif %}
+
--- a/ansible/roles/mod_wsgi/files/wsgi.conf
+++ b/ansible/roles/mod_wsgi/files/wsgi.conf
@ -0,0 +1,14 @@
+LoadModule wsgi_module modules/mod_wsgi.so
+
+# Some apps, notably anything that uses hg, need these off
+WSGIRestrictStdin Off
+WSGIRestrictStdout Off
+
+# Put the socket somewhere writable
+WSGISocketPrefix run/wsgi
+
+# Do not Optimize without stripping docstrings
+WSGIPythonOptimize 0
+
+# Set WSGIApplicationGroup to global
+WSGIApplicationGroup %{GLOBAL}
--- a/ansible/roles/mod_wsgi/meta/main.yml
+++ b/ansible/roles/mod_wsgi/meta/main.yml
@ -0,0 +1,3 @@
+dependencies:
+- role: apache
+  when: wsgi_wants_apache
--- a/ansible/roles/mod_wsgi/tasks/main.yml
+++ b/ansible/roles/mod_wsgi/tasks/main.yml
@ -0,0 +1,32 @@
+---
+# install mod_wsgi
+- name: install mod_wsgi
+  package:
+    name: mod_wsgi
+    state: present
+  tags:
+  - packages
+  when: ansible_distribution_major_version|int < 8 and ansible_distribution == 'RedHat'
+
+- name: install mod_wsgi
+  package:
+    name: python3-mod_wsgi
+    state: present
+  tags:
+  - packages
+  when: ansible_distribution_major_version|int == 8 and ansible_distribution == 'RedHat'
+
+- name: install mod_wsgi
+  package:
+    name: mod_wsgi
+    state: present
+  tags:
+  - packages
+  when: ansible_distribution == 'Fedora'
+
+- name: wsgi.conf
+  copy: src="wsgi.conf" dest=/etc/httpd/conf.d/wsgi.conf
+  notify:
+  - restart apache
+  tags:
+  - config
				`@ -0,0 +1 @@`
				`Protocols h2 {% if not inventory_hostname.startswith('proxy') %} h2c {% endif %} http/1.1`