Role - tripleo_httpd_vhost¶
Role Documentation¶
Welcome to the “tripleo_httpd_vhost” role documentation.
Role Defaults¶
This section highlights all of the defaults and variables set within the “tripleo_httpd_vhost” role.
# All variables intended for modification should be placed in this file.
# All variables within this role should have a prefix of "tripleo_httpd_vhost"
tripleo_httpd_vhost_debug: '{{ (ansible_verbosity | int) >= 2 | bool }}'
tripleo_httpd_vhost_hide_sensitive_logs: true
tripleo_httpd_vhost_service_name:
tripleo_httpd_vhost_config: '{{ tripleo_httpd_vhost_base_dir }}/{{ tripleo_httpd_vhost_service_name
}}/etc/httpd'
tripleo_httpd_vhost_access_log_name: '{{ tripleo_httpd_vhost_service_name }}'
tripleo_httpd_vhost_access_log_file: /var/log/httpd/{{ tripleo_httpd_vhost_access_log_name
}}_access.log
tripleo_httpd_vhost_access_log_format: combined
tripleo_httpd_vhost_aliases:
tripleo_httpd_vhost_allow_encoded_slashes:
tripleo_httpd_vhost_bind_host: '*'
tripleo_httpd_vhost_custom_options: {}
tripleo_httpd_vhost_bind_port: 80
tripleo_httpd_vhost_custom_wsgi_process_options: {}
tripleo_httpd_vhost_document_root: /var/www/cgi-bin
tripleo_httpd_vhost_error_log_file: /var/log/httpd/{{ tripleo_httpd_vhost_access_log_name
}}_error.log
tripleo_httpd_vhost_group: apache
tripleo_httpd_vhost_headers: []
tripleo_httpd_vhost_locations: {}
tripleo_httpd_vhost_options:
- -Indexes
- +FollowSymLinks
- +MultiViews
tripleo_httpd_vhost_path: /
tripleo_httpd_vhost_priority: 10
tripleo_httpd_vhost_proxy: false
tripleo_httpd_vhost_proxy_requests: Off
tripleo_httpd_vhost_proxy_preserve_host: Off
tripleo_httpd_vhost_proxy_path: /
tripleo_httpd_vhost_proxy_host:
tripleo_httpd_vhost_proxy_port:
tripleo_httpd_vhost_proxy_params:
retry: 10
tripleo_httpd_vhost_request_headers: []
tripleo_httpd_vhost_servername: "{{ ansible_facts['fqdn'] }}"
tripleo_httpd_vhost_setenv: []
tripleo_httpd_vhost_set_wsgi_import_script: false
tripleo_httpd_vhost_ssl_ca:
tripleo_httpd_vhost_ssl_certs_dir:
tripleo_httpd_vhost_ssl_cert:
tripleo_httpd_vhost_ssl_chain:
tripleo_httpd_vhost_ssl_crl_path:
tripleo_httpd_vhost_ssl_crl:
tripleo_httpd_vhost_ssl: false
tripleo_httpd_vhost_ssl_key:
tripleo_httpd_vhost_ssl_verify_client:
tripleo_httpd_vhost_threads: 1
tripleo_httpd_vhost_user: apache
tripleo_httpd_vhost_vhost_custom_fragment:
# Originaly, in openstacklib, it's using a custom $::os_workers fact
# https://github.com/openstack/puppet-openstacklib/blob/master/manifests/wsgi/apache.pp#L103-L105
# https://github.com/openstack/puppet-openstacklib/blob/master/lib/facter/os_workers.rb#L42-L47
tripleo_httpd_vhost_workers: "{{ ([12, [ansible_facts['processor_count'] / 2, 2]|max\
\ ]|min)|int }}"
tripleo_httpd_vhost_wsgi: false
tripleo_httpd_vhost_wsgi_application_group: '%{GLOBAL}'
tripleo_httpd_vhost_wsgi_chunked_request:
tripleo_httpd_vhost_wsgi_daemon_process: '{{ tripleo_httpd_vhost_service_name }}'
tripleo_httpd_vhost_wsgi_import_script_options: {}
tripleo_httpd_vhost_wsgi_import_script: false
tripleo_httpd_vhost_wsgi_pass_authorization:
tripleo_httpd_vhost_wsgi_process_display_name: '{{ tripleo_httpd_vhost_service_name
}}'
tripleo_httpd_vhost_wsgi_process_group: '{{ tripleo_httpd_vhost_service_name }}'
tripleo_httpd_vhost_wsgi_script_alias:
Role Variables: main.yml¶
# While options found within the vars/ path can be overridden using extra
# vars, items within this path are considered part of the role and not
# intended to be modified.
# All variables within this role should have a prefix of "tripleo_httpd_vhost"
tripleo_httpd_vhost_base_dir: /var/lib/config-data/ansible-generated
Molecule Scenarios¶
Molecule is being used to test the “tripleo_httpd_vhost” role. The following section highlights the drivers in service and provides an example playbook showing how the role is leveraged.
- Driver: podman
- Driver: podman
- Driver: podman
- Driver: podman
- Driver: podman
- Driver: podman
Scenario: default¶
Molecule Inventory¶
hosts:
all:
hosts:
centos:
ansible_python_interpreter: /usr/bin/python3
Example default playbook¶
- name: Converge
hosts: all
vars:
tripleo_httpd_vhost_config: /etc/httpd
tripleo_httpd_vhost_service_name: default
tripleo_httpd_vhost_user: bar
tripleo_httpd_vhost_priority: 20
roles:
- tripleo_httpd_vhost
tasks:
- name: Validate httpd configuration
command: apachectl -t
- name: Validate some content in the generated file
register: validate_lines
lineinfile:
path: /etc/httpd/conf.d/20-default.conf
line: '{{ item }}'
loop:
- <VirtualHost *:80>
- " ServerName {{ ansible_facts['fqdn'] }}"
- name: Fail if file changed
when: item.changed|bool
fail:
msg: Configuration is missing some content
loop: '{{ validate_lines.results }}'
Scenario: ssl¶
Molecule Inventory¶
hosts:
all:
hosts:
centos:
ansible_python_interpreter: /usr/bin/python3
Example ssl playbook¶
- name: Converge
hosts: all
vars:
tripleo_httpd_vhost_config: /etc/httpd
tripleo_httpd_vhost_service_name: ssl
tripleo_httpd_vhost_user: bar
tripleo_httpd_vhost_ssl: true
tripleo_httpd_vhost_ssl_key: /etc/pki/foo.key
tripleo_httpd_vhost_ssl_cert: /etc/pki/foo.pem
tripleo_httpd_config_mods:
ssl:
- SSLCipherSuite: HIGH:MEDIUM:!aNULL:!MD5:!RC4:!3DES
- SSLProtocol: all -SSLv2 -SSLv3 -TLSv1
- SSLOptions: StdEnvVars
roles:
- tripleo_httpd_vhost
tasks:
- name: Validate httpd configuration
command: apachectl -t
Scenario: proxy¶
Molecule Inventory¶
hosts:
all:
hosts:
centos:
ansible_python_interpreter: /usr/bin/python3
Example proxy playbook¶
- name: Converge
hosts: all
vars:
tripleo_httpd_vhost_service_name: proxy
tripleo_httpd_vhost_user: bar
tripleo_httpd_vhost_proxy: true
tripleo_httpd_vhost_proxy_host: 127.0.0.1
tripleo_httpd_vhost_proxy_port: 8080
tripleo_httpd_config_mods:
proxy: []
roles:
- tripleo_httpd_vhost
tasks:
- name: Validate httpd configuration
command: apachectl -t
Scenario: wsgi¶
Molecule Inventory¶
hosts:
all:
hosts:
centos:
ansible_python_interpreter: /usr/bin/python3
Example wsgi playbook¶
- name: Converge
hosts: all
vars:
tripleo_httpd_vhost_config: /etc/httpd
tripleo_httpd_vhost_service_name: wsgi
tripleo_httpd_vhost_user: bar
tripleo_httpd_vhost_wsgi: true
tripleo_httpd_vhost_wsgi_script_alias:
/: /var/www/cgi-bin/app
tripleo_httpd_config_mods:
wsgi:
- so_name: wsgi_python3
roles:
- tripleo_httpd_vhost
tasks:
- name: Validate httpd configuration
command: apachectl -t
Scenario: missing-vars¶
Molecule Inventory¶
hosts:
all:
hosts:
centos:
ansible_python_interpreter: /usr/bin/python3
Example missing-vars playbook¶
- name: Converge
hosts: all
tasks:
- name: Missing all vars
block:
- name: Set up wsgi
include_role:
role: tripleo_httpd_vhost
rescue:
- name: Clean host errors
meta: clear_host_errors
- name: Successful output
debug:
msg: Properly failed as expected
- name: Missing only one var
vars:
tripleo_httpd_vhost_user: foo
block:
- name: Set up wsgi
include_role:
role: tripleo_httpd_vhost
rescue:
- name: Clean host errors
meta: clear_host_errors
- name: Successful output
debug:
msg: Properly failed as expected
- name: Exit play
meta: end_play
- name: Fail at this point
fail:
msg: Did not catch missing vars
Scenario: locations¶
Molecule Inventory¶
hosts:
all:
hosts:
centos:
ansible_python_interpreter: /usr/bin/python3
Example locations playbook¶
- name: Converge
hosts: all
vars:
tripleo_httpd_vhost_service_name: proxy
tripleo_httpd_vhost_user: bar
tripleo_httpd_vhost_proxy: true
tripleo_httpd_vhost_proxy_host: 127.0.0.1
tripleo_httpd_vhost_proxy_port: 8080
tripleo_httpd_config_mods:
headers: []
tripleo_httpd_config_locations:
/v3/OS-FEDERATION/identity_providers/IDENTITYPROVIDER/protocols/PROTOCOL/auth:
- Options: +Indexes -MultiViews +FollowSymLinks
- Require: valid-user
/v3/auth/OS-FEDERATION/websso/PROTOCOL:
- Header: set MyHeader "%D %t"
roles:
- tripleo_httpd_vhost
tasks:
- name: Validate httpd configuration
command: apachectl -t
