From 92b1b97885594027d3c98b5eb40eac52a2cb2d62 Mon Sep 17 00:00:00 2001
From: Dmitriy Rabotyagov <noonedeadpunk@gmail.com>
Date: Tue, 17 Sep 2024 20:19:00 +0200
Subject: [PATCH] Ensure that selected Apache MPM is enforced
At the moment services might have different MPM selected while all
operating the same Apache setup, ie on metal setup.
This results in failures to set selected MPMs, so eventually second run
of roles after initial deployment will end up in failure (ie upgrade).
This patch ensures that all except selected MPMs are disabled and do
role get's the desired state of deployment.
We also need to align selected MPM across all roles to avoid
future conflicts.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-openstack_hosts/+/930272
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-repo_server/+/929690
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-rabbitmq_server/+/930446
Change-Id: I480222993a63af41cfba65464f5b5c8585b2d4fd
---
defaults/main.yml | 1 +
.../horizon_apache_mpm-2a34436635f1bef9.yaml | 8 +++++++
tasks/horizon_apache.yml | 22 +++++++++++++++++++
vars/debian.yml | 12 ++++++----
4 files changed, 39 insertions(+), 4 deletions(-)
create mode 100644 releasenotes/notes/horizon_apache_mpm-2a34436635f1bef9.yaml
diff --git a/defaults/main.yml b/defaults/main.yml
index eaafea5a..cf576e6d 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -162,6 +162,7 @@ horizon_endpoint_type: internalURL
horizon_server_name: "{{ ansible_facts['fqdn'] | default('horizon') }}"
+horizon_apache_mpm_backend: "{{ openstack_apache_mpm_backend | default('event') }}"
horizon_apache_servertokens: "Prod"
horizon_apache_serversignature: "Off"
horizon_log_level: info
diff --git a/releasenotes/notes/horizon_apache_mpm-2a34436635f1bef9.yaml b/releasenotes/notes/horizon_apache_mpm-2a34436635f1bef9.yaml
new file mode 100644
index 00000000..63158ddc
--- /dev/null
+++ b/releasenotes/notes/horizon_apache_mpm-2a34436635f1bef9.yaml
@@ -0,0 +1,8 @@
+---
+
+upgrade:
+ - |
+ In order to align used Apache MPM across the board, Horizon default
+ MPM is switched from ``worker`` to ``event``.
+ A variable ``horizon_apache_mpm_backend`` was introduced to define
+ the MPM in use.
diff --git a/tasks/horizon_apache.yml b/tasks/horizon_apache.yml
index 018f7ff0..cf9afd8a 100644
--- a/tasks/horizon_apache.yml
+++ b/tasks/horizon_apache.yml
@@ -13,6 +13,28 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+- name: Ensure apache2 MPM for Debian/Ubuntu
+ apache2_module:
+ name: "{{ item.name }}"
+ state: "{{ item.state }}"
+ ignore_configcheck: yes
+ warn_mpm_absent: false
+ with_items: "{{ horizon_apache_mpms | sort(attribute='state') }}"
+ when:
+ - ansible_facts['pkg_mgr'] == 'apt'
+ notify: Restart wsgi process
+
+- name: Ensure apache2 MPM for EL
+ copy:
+ content: |
+ LoadModule mpm_{{ horizon_apache_mpm_backend }}_module modules/mod_mpm_{{ horizon_apache_mpm_backend }}.so
+
+ dest: /etc/httpd/conf.modules.d/00-mpm.conf
+ mode: "0644"
+ when:
+ - ansible_facts['pkg_mgr'] == 'dnf'
+ notify: Restart wsgi process
+
# NOTE(hwoarang): Module enable/disable process is only functional on Debian
- name: Enable apache2 modules
apache2_module:
diff --git a/vars/debian.yml b/vars/debian.yml
index eda4fa34..fbea8c0a 100644
--- a/vars/debian.yml
+++ b/vars/debian.yml
@@ -53,15 +53,19 @@ horizon_apache_default_sites:
- "/etc/apache2/sites-enabled/000-default.conf"
- "/etc/apache2/conf-enabled/other-vhosts-access-log.conf"
+horizon_apache_mpms:
+ - name: "mpm_event"
+ state: "{{ (horizon_apache_mpm_backend == 'event') | ternary('present', 'absent') }}"
+ - name: "mpm_worker"
+ state: "{{ (horizon_apache_mpm_backend == 'worker') | ternary('present', 'absent') }}"
+ - name: "mpm_prefork"
+ state: "{{ (horizon_apache_mpm_backend == 'prefork') | ternary('present', 'absent') }}"
+
horizon_apache_modules:
- name: "wsgi"
state: "present"
- name: "ssl"
state: "present"
- - name: "mpm_event"
- state: "absent"
- - name: "mpm_worker"
- state: "present"
- name: "rewrite"
state: "present"
- name: "headers"