Role - tripleo_httpd_config

Role Documentation

Welcome to the “tripleo_httpd_config” role documentation.

Role Defaults

This section highlights all of the defaults and variables set within the “tripleo_httpd_config” role.

# All variables intended for modification should be placed in this file.

# All variables within this role should have a prefix of "tripleo_httpd_config"
tripleo_httpd_config_debug: '{{ (ansible_verbosity | int) >= 2 | bool }}'
tripleo_httpd_config_hide_sensitive_logs: true

tripleo_httpd_config_service:
tripleo_httpd_config_mods: {}
tripleo_httpd_config_server_name: "{{ ansible_facts['fqdn'] }}"
tripleo_httpd_config_server_root: /etc/httpd
tripleo_httpd_config_root_directory_options:
- +FollowSymLinks
- -Indexes
tripleo_httpd_config_directory: '{{ tripleo_httpd_config_base_dir }}/{{ tripleo_httpd_config_service
  }}'
tripleo_httpd_config_httpd_conf: {}

Role Variables: main.yml

# While options found within the vars/ path can be overridden using extra
# vars, items within this path are considered part of the role and not
# intended to be modified.

# All variables within this role should have a prefix of "tripleo_httpd_config"

tripleo_httpd_config_base_dir: /var/lib/config-data/ansible-generated

# Those are the default modules loaded by apache when managed by puppetlabs
# with apache::default_mods set to false.
# We also enable ssl module by default, but not wsgi.
tripleo_httpd_config_default_mods:
  authz_core: []
  authz_host: []
  filter: []
  log_config: []
  mime:
  - TypesConfig: /etc/mime.types
  - AddType: application/x-compress .Z
  - AddType: application/x-gzip .gz .tgz
  - AddType: application/x-bzip2 .bz2
  - AddType: text/html .shtml
  - AddLanguage: ca .ca
  - AddLanguage: cs .cz .cs
  - AddLanguage: da .dk
  - AddLanguage: de .de
  - AddLanguage: el .el
  - AddLanguage: en .en
  - AddLanguage: eo .eo
  - AddLanguage: es .es
  - AddLanguage: et .et
  - AddLanguage: fr .fr
  - AddLanguage: he .he
  - AddLanguage: hr .hr
  - AddLanguage: it .it
  - AddLanguage: ja .ja
  - AddLanguage: ko .ko
  - AddLanguage: ltz .ltz
  - AddLanguage: nl .nl
  - AddLanguage: nn .nn
  - AddLanguage: no .no
  - AddLanguage: pl .po
  - AddLanguage: pt .pt
  - AddLanguage: pt-BR .pt-br
  - AddLanguage: ru .ru
  - AddLanguage: sv .sv
  - AddLanguage: zh-CN .zh-cn
  - AddLanguage: zh-TW .zh-tw
  - AddHandler: type-map var
  - AddOutputFilter: INCLUDES .shtml
  mpm_prefork:
  - StartServers: 8
  - MinSpareServers: 5
  - MaxSpareServers: 20
  - ServerLimit: ' {{ tripleo_httpd_config_prefork_serverlimit | default(100) }}'
  - MaxRequestWorkers: '{{ tripleo_httpd_config_prefork_maxrequestworkers | default(100)
      }}'
  - MaxRequestsPerChild: 4000
  - ListenBacklog: 511
  setenvif:
  - BrowserMatch: '"Mozilla/2" nokeepalive'
  - BrowserMatch: '"MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0'
  - BrowserMatch: '"RealPlayer 4\.0" force-response-1.0'
  - BrowserMatch: '"Java/1\.0" force-response-1.0'
  - BrowserMatch: '"JDK/1\.0" force-response-1.0'
  - BrowserMatch: '"Microsoft Data Access Internet Publishing Provider" redirect-carefully'
  - BrowserMatch: '"MS FrontPage" redirect-carefully'
  - BrowserMatch: '"^WebDrive" redirect-carefully'
  - BrowserMatch: '"^WebDAVFS/1.[0123]" redirect-carefully'
  - BrowserMatch: '"^gnome-vfs/1.0" redirect-carefully'
  - BrowserMatch: '"^gvfs/1" redirect-carefully'
  - BrowserMatch: '"^XML Spy" redirect-carefully'
  - BrowserMatch: '"^Dreamweaver-WebDAV-SCM1" redirect-carefully'
  - BrowserMatch: '" Konqueror/4" redirect-carefully'
  - BrowserMatch: '"MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0'
  - BrowserMatch: '"MSIE [17-9]" ssl-unclean-shutdown'
  socache_shmcb: []
  status: []
  systemd: []
  unixd: []

# These configurations are the same as provided by default by puppetlabs-apache
tripleo_httpd_config_default_httpd_conf:
  ServerTokens: Prod
  ServerSignature: Off
  TraceEnable: Off
  ServerRoot: /etc/httpd
  PidFile: run/httpd.pid
  TimeOut: 90
  KeepAlive: On
  MaxKeepAliveRequests: 100
  KeepAliveTimeout: 15
  LimitRequestFieldSize: 8190
  LimitRequestFields: 100
  User: apache
  Group: apache
  AccessFileName: .htaccess
  HostnameLookups: Off
  ErrorLog: /var/log/httpd/error_log
  LogLevel: warn
  EnableSendfile: On

Molecule Scenarios

Molecule is being used to test the “tripleo_httpd_config” role. The following section highlights the drivers in service and provides an example playbook showing how the role is leveraged.

Scenario: mod_wsgi

Driver: podman
Molecule Inventory
hosts:
  all:
    hosts:
      centos:
        ansible_python_interpreter: /usr/bin/python3
Example mod_wsgi playbook
- name: Converge
  hosts: all
  vars:
    tripleo_httpd_config_directory: /etc/httpd
    tripleo_httpd_config_service: wsgi
    tripleo_httpd_config_default_mods:
      alias: []
    tripleo_httpd_config_mods:
      wsgi:
      - so_name: wsgi_python3
      - WSGISocketPrefix: /var/run/wsgi
  roles:
  - role: tripleo_httpd_config
  tasks:
  - name: Check httpd configuration
    command: apachectl -t
  - name: Ensure we load wsgi module
    register: wsgi_loading
    lineinfile:
      path: /etc/httpd/conf/modules.conf
      line: LoadModule wsgi_module modules/mod_wsgi_python3.so
  - name: Fail if file changed
    when: wsgi_loading is changed
    fail:
      msg: WSGI module is not loaded
  - name: Ensure wsgi option is set
    register: wsgi_option
    lineinfile:
      path: /etc/httpd/conf/modules.conf
      line: WSGISocketPrefix /var/run/wsgi
  - name: Fail if file changed
    when: wsgi_option is changed
    fail:
      msg: WSGI option is not set

Scenario: custom-module

Driver: podman
Molecule Inventory
hosts:
  all:
    hosts:
      centos:
        ansible_python_interpreter: /usr/bin/python3
Example custom-module playbook
- name: Converge
  hosts: all
  vars:
    tripleo_httpd_config_directory: /etc/httpd
    tripleo_httpd_config_service: custom-modules
    tripleo_httpd_config_default_mods:
      alias: []
    tripleo_httpd_config_mods:
      wsgi:
      - so_name: wsgi_python3
      - WSGISocketPrefix: /var/run/wsgi
  roles:
  - role: tripleo_httpd_config
  tasks:
  - name: Check httpd configuration
    command: apachectl -t

Scenario: no-service-name

Driver: podman
Molecule Inventory
hosts:
  all:
    hosts:
      centos:
        ansible_python_interpreter: /usr/bin/python3
Example no-service-name playbook
- name: Converge
  hosts: all
  tasks:
  - name: Catch error block
    block:
    - name: Include role
      include_role:
        role: tripleo_httpd_config
    rescue:
    - name: Clear host errors
      meta: clear_host_errors
    - name: Successful output
      debug:
        msg: Play failed as expected
    - name: Exit run
      meta: end_play
  - name: Error not detected
    fail:
      msg: Play didn't detect the error properly

Scenario: default

Driver: podman
Molecule Inventory
hosts:
  all:
    hosts:
      centos:
        ansible_python_interpreter: /usr/bin/python3
Example default playbook
- name: Converge
  hosts: all
  vars:
    tripleo_httpd_config_directory: /etc/httpd
    tripleo_httpd_config_service: default
  roles:
  - role: tripleo_httpd_config
  tasks:
  - name: Check httpd configuration
    command: apachectl -t