2020-03-09 10:11:07 +01:00
|
|
|
#!/usr/bin/python
|
2021-08-07 15:02:21 +02:00
|
|
|
# -*- coding: utf-8 -*-
|
2020-03-09 10:11:07 +01:00
|
|
|
|
2022-08-08 15:19:46 +02:00
|
|
|
# Copyright (c) 2013-2014, Christian Berendt <berendt@b1-systems.de>
|
2022-08-05 13:17:19 +02:00
|
|
|
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
|
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
2020-03-09 10:11:07 +01:00
|
|
|
|
|
|
|
from __future__ import absolute_import, division, print_function
|
|
|
|
__metaclass__ = type
|
|
|
|
|
|
|
|
|
|
|
|
DOCUMENTATION = '''
|
|
|
|
---
|
|
|
|
module: apache2_module
|
|
|
|
author:
|
|
|
|
- Christian Berendt (@berendt)
|
|
|
|
- Ralf Hertel (@n0trax)
|
|
|
|
- Robin Roth (@robinro)
|
2022-11-09 07:33:03 +01:00
|
|
|
short_description: Enables/disables a module of the Apache2 webserver
|
2020-03-09 10:11:07 +01:00
|
|
|
description:
|
|
|
|
- Enables or disables a specified module of the Apache2 webserver.
|
|
|
|
options:
|
|
|
|
name:
|
2020-10-31 13:53:57 +01:00
|
|
|
type: str
|
2020-03-09 10:11:07 +01:00
|
|
|
description:
|
|
|
|
- Name of the module to enable/disable as given to C(a2enmod/a2dismod).
|
|
|
|
required: true
|
|
|
|
identifier:
|
2020-10-31 13:53:57 +01:00
|
|
|
type: str
|
2020-03-09 10:11:07 +01:00
|
|
|
description:
|
|
|
|
- Identifier of the module as listed by C(apache2ctl -M).
|
|
|
|
This is optional and usually determined automatically by the common convention of
|
|
|
|
appending C(_module) to I(name) as well as custom exception for popular modules.
|
2022-09-06 21:07:46 +02:00
|
|
|
required: false
|
2020-03-09 10:11:07 +01:00
|
|
|
force:
|
|
|
|
description:
|
|
|
|
- Force disabling of default modules and override Debian warnings.
|
|
|
|
required: false
|
|
|
|
type: bool
|
2022-09-06 21:07:46 +02:00
|
|
|
default: false
|
2020-03-09 10:11:07 +01:00
|
|
|
state:
|
2020-10-31 13:53:57 +01:00
|
|
|
type: str
|
2020-03-09 10:11:07 +01:00
|
|
|
description:
|
|
|
|
- Desired state of the module.
|
|
|
|
choices: ['present', 'absent']
|
|
|
|
default: present
|
|
|
|
ignore_configcheck:
|
|
|
|
description:
|
|
|
|
- Ignore configuration checks about inconsistent module configuration. Especially for mpm_* modules.
|
|
|
|
type: bool
|
2022-09-06 21:07:46 +02:00
|
|
|
default: false
|
2020-03-09 10:11:07 +01:00
|
|
|
requirements: ["a2enmod","a2dismod"]
|
2021-07-30 18:07:38 +02:00
|
|
|
notes:
|
|
|
|
- This does not work on RedHat-based distributions. It does work on Debian- and SuSE-based distributions.
|
|
|
|
Whether it works on others depend on whether the C(a2enmod) and C(a2dismod) tools are available or not.
|
2020-03-09 10:11:07 +01:00
|
|
|
'''
|
|
|
|
|
|
|
|
EXAMPLES = '''
|
2020-05-15 12:27:06 +02:00
|
|
|
- name: Enable the Apache2 module wsgi
|
2020-07-13 21:50:31 +02:00
|
|
|
community.general.apache2_module:
|
2020-03-09 10:11:07 +01:00
|
|
|
state: present
|
|
|
|
name: wsgi
|
2020-05-15 12:27:06 +02:00
|
|
|
|
|
|
|
- name: Disables the Apache2 module wsgi
|
2020-07-13 21:50:31 +02:00
|
|
|
community.general.apache2_module:
|
2020-03-09 10:11:07 +01:00
|
|
|
state: absent
|
|
|
|
name: wsgi
|
2020-05-15 12:27:06 +02:00
|
|
|
|
|
|
|
- name: Disable default modules for Debian
|
2020-07-13 21:50:31 +02:00
|
|
|
community.general.apache2_module:
|
2020-03-09 10:11:07 +01:00
|
|
|
state: absent
|
|
|
|
name: autoindex
|
2022-09-06 21:07:46 +02:00
|
|
|
force: true
|
2020-05-15 12:27:06 +02:00
|
|
|
|
|
|
|
- name: Disable mpm_worker and ignore warnings about missing mpm module
|
2020-07-13 21:50:31 +02:00
|
|
|
community.general.apache2_module:
|
2020-03-09 10:11:07 +01:00
|
|
|
state: absent
|
|
|
|
name: mpm_worker
|
2022-09-06 21:07:46 +02:00
|
|
|
ignore_configcheck: true
|
2020-05-15 12:27:06 +02:00
|
|
|
|
|
|
|
- name: Enable dump_io module, which is identified as dumpio_module inside apache2
|
2020-07-13 21:50:31 +02:00
|
|
|
community.general.apache2_module:
|
2020-03-09 10:11:07 +01:00
|
|
|
state: present
|
|
|
|
name: dump_io
|
|
|
|
identifier: dumpio_module
|
|
|
|
'''
|
|
|
|
|
|
|
|
RETURN = '''
|
|
|
|
result:
|
|
|
|
description: message about action taken
|
|
|
|
returned: always
|
|
|
|
type: str
|
|
|
|
warnings:
|
|
|
|
description: list of warning messages
|
|
|
|
returned: when needed
|
|
|
|
type: list
|
|
|
|
rc:
|
|
|
|
description: return code of underlying command
|
|
|
|
returned: failed
|
|
|
|
type: int
|
|
|
|
stdout:
|
|
|
|
description: stdout of underlying command
|
|
|
|
returned: failed
|
|
|
|
type: str
|
|
|
|
stderr:
|
|
|
|
description: stderr of underlying command
|
|
|
|
returned: failed
|
|
|
|
type: str
|
|
|
|
'''
|
|
|
|
|
|
|
|
import re
|
|
|
|
|
|
|
|
# import module snippets
|
|
|
|
from ansible.module_utils.basic import AnsibleModule
|
|
|
|
|
2021-07-30 18:07:38 +02:00
|
|
|
_re_threaded = re.compile(r'threaded: *yes')
|
|
|
|
|
2020-03-09 10:11:07 +01:00
|
|
|
|
|
|
|
def _run_threaded(module):
|
|
|
|
control_binary = _get_ctl_binary(module)
|
2021-07-30 18:07:38 +02:00
|
|
|
result, stdout, stderr = module.run_command([control_binary, "-V"])
|
2020-03-09 10:11:07 +01:00
|
|
|
|
2021-07-30 18:07:38 +02:00
|
|
|
return bool(_re_threaded.search(stdout))
|
2020-03-09 10:11:07 +01:00
|
|
|
|
|
|
|
|
|
|
|
def _get_ctl_binary(module):
|
|
|
|
for command in ['apache2ctl', 'apachectl']:
|
|
|
|
ctl_binary = module.get_bin_path(command)
|
|
|
|
if ctl_binary is not None:
|
|
|
|
return ctl_binary
|
|
|
|
|
2021-07-30 18:07:38 +02:00
|
|
|
module.fail_json(msg="Neither of apache2ctl nor apachctl found. At least one apache control binary is necessary.")
|
2020-03-09 10:11:07 +01:00
|
|
|
|
|
|
|
|
|
|
|
def _module_is_enabled(module):
|
|
|
|
control_binary = _get_ctl_binary(module)
|
2021-07-30 18:07:38 +02:00
|
|
|
result, stdout, stderr = module.run_command([control_binary, "-M"])
|
2020-03-09 10:11:07 +01:00
|
|
|
|
|
|
|
if result != 0:
|
|
|
|
error_msg = "Error executing %s: %s" % (control_binary, stderr)
|
|
|
|
if module.params['ignore_configcheck']:
|
|
|
|
if 'AH00534' in stderr and 'mpm_' in module.params['name']:
|
|
|
|
module.warnings.append(
|
|
|
|
"No MPM module loaded! apache2 reload AND other module actions"
|
|
|
|
" will fail if no MPM module is loaded immediately."
|
|
|
|
)
|
|
|
|
else:
|
|
|
|
module.warnings.append(error_msg)
|
|
|
|
return False
|
|
|
|
else:
|
|
|
|
module.fail_json(msg=error_msg)
|
|
|
|
|
|
|
|
searchstring = ' ' + module.params['identifier']
|
|
|
|
return searchstring in stdout
|
|
|
|
|
|
|
|
|
|
|
|
def create_apache_identifier(name):
|
|
|
|
"""
|
|
|
|
By convention if a module is loaded via name, it appears in apache2ctl -M as
|
|
|
|
name_module.
|
|
|
|
|
|
|
|
Some modules don't follow this convention and we use replacements for those."""
|
|
|
|
|
|
|
|
# a2enmod name replacement to apache2ctl -M names
|
|
|
|
text_workarounds = [
|
2020-11-26 07:26:40 +01:00
|
|
|
('shib', 'mod_shib'),
|
2020-03-09 10:11:07 +01:00
|
|
|
('shib2', 'mod_shib'),
|
|
|
|
('evasive', 'evasive20_module'),
|
|
|
|
]
|
|
|
|
|
|
|
|
# re expressions to extract subparts of names
|
|
|
|
re_workarounds = [
|
2021-07-30 18:07:38 +02:00
|
|
|
('php', re.compile(r'^(php\d)\.')),
|
2020-03-09 10:11:07 +01:00
|
|
|
]
|
|
|
|
|
|
|
|
for a2enmod_spelling, module_name in text_workarounds:
|
|
|
|
if a2enmod_spelling in name:
|
|
|
|
return module_name
|
|
|
|
|
|
|
|
for search, reexpr in re_workarounds:
|
|
|
|
if search in name:
|
|
|
|
try:
|
2021-07-30 18:07:38 +02:00
|
|
|
rematch = reexpr.search(name)
|
2020-03-09 10:11:07 +01:00
|
|
|
return rematch.group(1) + '_module'
|
|
|
|
except AttributeError:
|
|
|
|
pass
|
|
|
|
|
|
|
|
return name + '_module'
|
|
|
|
|
|
|
|
|
|
|
|
def _set_state(module, state):
|
|
|
|
name = module.params['name']
|
|
|
|
force = module.params['force']
|
|
|
|
|
|
|
|
want_enabled = state == 'present'
|
|
|
|
state_string = {'present': 'enabled', 'absent': 'disabled'}[state]
|
|
|
|
a2mod_binary = {'present': 'a2enmod', 'absent': 'a2dismod'}[state]
|
|
|
|
success_msg = "Module %s %s" % (name, state_string)
|
|
|
|
|
|
|
|
if _module_is_enabled(module) != want_enabled:
|
|
|
|
if module.check_mode:
|
|
|
|
module.exit_json(changed=True,
|
|
|
|
result=success_msg,
|
|
|
|
warnings=module.warnings)
|
|
|
|
|
2021-08-25 06:36:19 +02:00
|
|
|
a2mod_binary_path = module.get_bin_path(a2mod_binary)
|
|
|
|
if a2mod_binary_path is None:
|
2020-03-09 10:11:07 +01:00
|
|
|
module.fail_json(msg="%s not found. Perhaps this system does not use %s to manage apache" % (a2mod_binary, a2mod_binary))
|
|
|
|
|
2021-08-25 06:36:19 +02:00
|
|
|
a2mod_binary_cmd = [a2mod_binary_path]
|
|
|
|
|
2020-03-09 10:11:07 +01:00
|
|
|
if not want_enabled and force:
|
|
|
|
# force exists only for a2dismod on debian
|
2021-08-25 06:36:19 +02:00
|
|
|
a2mod_binary_cmd.append('-f')
|
2020-03-09 10:11:07 +01:00
|
|
|
|
2021-08-25 06:36:19 +02:00
|
|
|
result, stdout, stderr = module.run_command(a2mod_binary_cmd + [name])
|
2020-03-09 10:11:07 +01:00
|
|
|
|
|
|
|
if _module_is_enabled(module) == want_enabled:
|
|
|
|
module.exit_json(changed=True,
|
|
|
|
result=success_msg,
|
|
|
|
warnings=module.warnings)
|
|
|
|
else:
|
|
|
|
msg = (
|
|
|
|
'Failed to set module {name} to {state}:\n'
|
|
|
|
'{stdout}\n'
|
|
|
|
'Maybe the module identifier ({identifier}) was guessed incorrectly.'
|
|
|
|
'Consider setting the "identifier" option.'
|
|
|
|
).format(
|
|
|
|
name=name,
|
|
|
|
state=state_string,
|
|
|
|
stdout=stdout,
|
|
|
|
identifier=module.params['identifier']
|
|
|
|
)
|
|
|
|
module.fail_json(msg=msg,
|
|
|
|
rc=result,
|
|
|
|
stdout=stdout,
|
|
|
|
stderr=stderr)
|
|
|
|
else:
|
|
|
|
module.exit_json(changed=False,
|
|
|
|
result=success_msg,
|
|
|
|
warnings=module.warnings)
|
|
|
|
|
|
|
|
|
|
|
|
def main():
|
|
|
|
module = AnsibleModule(
|
|
|
|
argument_spec=dict(
|
|
|
|
name=dict(required=True),
|
2021-07-30 18:07:38 +02:00
|
|
|
identifier=dict(type='str'),
|
|
|
|
force=dict(type='bool', default=False),
|
2020-03-09 10:11:07 +01:00
|
|
|
state=dict(default='present', choices=['absent', 'present']),
|
2021-07-30 18:07:38 +02:00
|
|
|
ignore_configcheck=dict(type='bool', default=False),
|
2020-03-09 10:11:07 +01:00
|
|
|
),
|
|
|
|
supports_check_mode=True,
|
|
|
|
)
|
|
|
|
|
|
|
|
module.warnings = []
|
|
|
|
|
|
|
|
name = module.params['name']
|
|
|
|
if name == 'cgi' and _run_threaded(module):
|
2021-07-30 18:07:38 +02:00
|
|
|
module.fail_json(msg="Your MPM seems to be threaded. No automatic actions on module cgi possible.")
|
2020-03-09 10:11:07 +01:00
|
|
|
|
|
|
|
if not module.params['identifier']:
|
|
|
|
module.params['identifier'] = create_apache_identifier(module.params['name'])
|
|
|
|
|
|
|
|
if module.params['state'] in ['present', 'absent']:
|
|
|
|
_set_state(module, module.params['state'])
|
|
|
|
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
|
|
|
main()
|