mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Add identifier option to apache2_module (#33748)
* Add identifier option to apache2_module There is a convention connecting the name passed to a2enmod and the one appearing in apache2ctl -M. Not all modules follow this convention and we have added a growing list of implicit conversions. As a better long-term solution this adds an "identifier" option to be able to set both strings explicitly. * Run debian-specific tests only there * Improve cleanup after apache2 tests This is a follow-up/extension of https://github.com/ansible/ansible/pull/33630 * Add example for the new identifier option * Put all debian tests in a block
This commit is contained in:
parent
ad8ee4e60f
commit
ec80f8ad80
4 changed files with 188 additions and 119 deletions
|
@ -21,24 +21,31 @@ author:
|
||||||
- Christian Berendt (@berendt)
|
- Christian Berendt (@berendt)
|
||||||
- Ralf Hertel (@n0trax)
|
- Ralf Hertel (@n0trax)
|
||||||
- Robin Roth (@robinro)
|
- Robin Roth (@robinro)
|
||||||
short_description: enables/disables a module of the Apache2 webserver
|
short_description: Enables/disables a module of the Apache2 webserver.
|
||||||
description:
|
description:
|
||||||
- Enables or disables a specified module of the Apache2 webserver.
|
- Enables or disables a specified module of the Apache2 webserver.
|
||||||
options:
|
options:
|
||||||
name:
|
name:
|
||||||
description:
|
description:
|
||||||
- name of the module to enable/disable
|
- Name of the module to enable/disable as given to C(a2enmod/a2dismod).
|
||||||
required: true
|
required: true
|
||||||
|
identifier:
|
||||||
|
description:
|
||||||
|
- Identifier of the module as listed by C(apache2ctl -M).
|
||||||
|
This is optional and usually determined automatically by the common convention of
|
||||||
|
appending C(_module) to I(name) as well as custom exception for popular modules.
|
||||||
|
required: False
|
||||||
|
version_added: "2.5"
|
||||||
force:
|
force:
|
||||||
description:
|
description:
|
||||||
- force disabling of default modules and override Debian warnings
|
- Force disabling of default modules and override Debian warnings.
|
||||||
required: false
|
required: false
|
||||||
choices: ['True', 'False']
|
choices: ['True', 'False']
|
||||||
default: False
|
default: False
|
||||||
version_added: "2.1"
|
version_added: "2.1"
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- indicate the desired state of the resource
|
- Desired state of the module.
|
||||||
choices: ['present', 'absent']
|
choices: ['present', 'absent']
|
||||||
default: present
|
default: present
|
||||||
ignore_configcheck:
|
ignore_configcheck:
|
||||||
|
@ -69,6 +76,11 @@ EXAMPLES = '''
|
||||||
state: absent
|
state: absent
|
||||||
name: mpm_worker
|
name: mpm_worker
|
||||||
ignore_configcheck: True
|
ignore_configcheck: True
|
||||||
|
# enable dump_io module, which is identified as dumpio_module inside apache2
|
||||||
|
- apache2_module:
|
||||||
|
state: present
|
||||||
|
name: dump_io
|
||||||
|
identifier: dumpio_module
|
||||||
'''
|
'''
|
||||||
|
|
||||||
RETURN = '''
|
RETURN = '''
|
||||||
|
@ -119,15 +131,12 @@ def _get_ctl_binary(module):
|
||||||
|
|
||||||
def _module_is_enabled(module):
|
def _module_is_enabled(module):
|
||||||
control_binary = _get_ctl_binary(module)
|
control_binary = _get_ctl_binary(module)
|
||||||
name = module.params['name']
|
|
||||||
ignore_configcheck = module.params['ignore_configcheck']
|
|
||||||
|
|
||||||
result, stdout, stderr = module.run_command("%s -M" % control_binary)
|
result, stdout, stderr = module.run_command("%s -M" % control_binary)
|
||||||
|
|
||||||
if result != 0:
|
if result != 0:
|
||||||
error_msg = "Error executing %s: %s" % (control_binary, stderr)
|
error_msg = "Error executing %s: %s" % (control_binary, stderr)
|
||||||
if ignore_configcheck:
|
if module.params['ignore_configcheck']:
|
||||||
if 'AH00534' in stderr and 'mpm_' in name:
|
if 'AH00534' in stderr and 'mpm_' in module.params['name']:
|
||||||
module.warnings.append(
|
module.warnings.append(
|
||||||
"No MPM module loaded! apache2 reload AND other module actions"
|
"No MPM module loaded! apache2 reload AND other module actions"
|
||||||
" will fail if no MPM module is loaded immediately."
|
" will fail if no MPM module is loaded immediately."
|
||||||
|
@ -138,7 +147,7 @@ def _module_is_enabled(module):
|
||||||
else:
|
else:
|
||||||
module.fail_json(msg=error_msg)
|
module.fail_json(msg=error_msg)
|
||||||
|
|
||||||
searchstring = ' ' + create_apache_identifier(name)
|
searchstring = ' ' + module.params['identifier']
|
||||||
return searchstring in stdout
|
return searchstring in stdout
|
||||||
|
|
||||||
|
|
||||||
|
@ -205,7 +214,18 @@ def _set_state(module, state):
|
||||||
result=success_msg,
|
result=success_msg,
|
||||||
warnings=module.warnings)
|
warnings=module.warnings)
|
||||||
else:
|
else:
|
||||||
module.fail_json(msg="Failed to set module %s to %s: %s" % (name, state_string, stdout),
|
msg = (
|
||||||
|
'Failed to set module {name} to {state}:\n'
|
||||||
|
'{stdout}\n'
|
||||||
|
'Maybe the module identifier ({identifier}) was guessed incorrectly.'
|
||||||
|
'Consider setting the "identifier" option.'
|
||||||
|
).format(
|
||||||
|
name=name,
|
||||||
|
state=state_string,
|
||||||
|
stdout=stdout,
|
||||||
|
identifier=module.params['identifier']
|
||||||
|
)
|
||||||
|
module.fail_json(msg=msg,
|
||||||
rc=result,
|
rc=result,
|
||||||
stdout=stdout,
|
stdout=stdout,
|
||||||
stderr=stderr)
|
stderr=stderr)
|
||||||
|
@ -219,6 +239,7 @@ def main():
|
||||||
module = AnsibleModule(
|
module = AnsibleModule(
|
||||||
argument_spec=dict(
|
argument_spec=dict(
|
||||||
name=dict(required=True),
|
name=dict(required=True),
|
||||||
|
identifier=dict(required=False, type='str'),
|
||||||
force=dict(required=False, type='bool', default=False),
|
force=dict(required=False, type='bool', default=False),
|
||||||
state=dict(default='present', choices=['absent', 'present']),
|
state=dict(default='present', choices=['absent', 'present']),
|
||||||
ignore_configcheck=dict(required=False, type='bool', default=False),
|
ignore_configcheck=dict(required=False, type='bool', default=False),
|
||||||
|
@ -232,6 +253,9 @@ def main():
|
||||||
if name == 'cgi' and _run_threaded(module):
|
if name == 'cgi' and _run_threaded(module):
|
||||||
module.fail_json(msg="Your MPM seems to be threaded. No automatic actions on module %s possible." % name)
|
module.fail_json(msg="Your MPM seems to be threaded. No automatic actions on module %s possible." % name)
|
||||||
|
|
||||||
|
if not module.params['identifier']:
|
||||||
|
module.params['identifier'] = create_apache_identifier(module.params['name'])
|
||||||
|
|
||||||
if module.params['state'] in ['present', 'absent']:
|
if module.params['state'] in ['present', 'absent']:
|
||||||
_set_state(module, module.params['state'])
|
_set_state(module, module.params['state'])
|
||||||
|
|
||||||
|
|
|
@ -32,6 +32,7 @@
|
||||||
apache2_module:
|
apache2_module:
|
||||||
name: userdir
|
name: userdir
|
||||||
state: absent
|
state: absent
|
||||||
|
register: userdir_first_disable
|
||||||
|
|
||||||
- name: disable userdir module, second run
|
- name: disable userdir module, second run
|
||||||
apache2_module:
|
apache2_module:
|
||||||
|
@ -42,7 +43,7 @@
|
||||||
- name: ensure apache2_module is idempotent
|
- name: ensure apache2_module is idempotent
|
||||||
assert:
|
assert:
|
||||||
that:
|
that:
|
||||||
- 'not disable.changed'
|
- disable is not changed
|
||||||
|
|
||||||
- name: enable userdir module
|
- name: enable userdir module
|
||||||
apache2_module:
|
apache2_module:
|
||||||
|
@ -53,7 +54,7 @@
|
||||||
- name: ensure changed on successful enable
|
- name: ensure changed on successful enable
|
||||||
assert:
|
assert:
|
||||||
that:
|
that:
|
||||||
- 'enable.changed'
|
- enable is changed
|
||||||
|
|
||||||
- name: enable userdir module, second run
|
- name: enable userdir module, second run
|
||||||
apache2_module:
|
apache2_module:
|
||||||
|
@ -77,100 +78,154 @@
|
||||||
that:
|
that:
|
||||||
- 'disablefinal.changed'
|
- 'disablefinal.changed'
|
||||||
|
|
||||||
|
- name: set userdir to original state
|
||||||
|
apache2_module:
|
||||||
|
name: userdir
|
||||||
|
state: present
|
||||||
|
when: userdir_first_disable is changed
|
||||||
|
|
||||||
- name: ensure autoindex enabled
|
- name: ensure autoindex enabled
|
||||||
apache2_module:
|
apache2_module:
|
||||||
name: autoindex
|
name: autoindex
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: force disable of autoindex # bug #2499
|
- name: Debian/Ubuntu specific tests
|
||||||
apache2_module:
|
|
||||||
name: autoindex
|
|
||||||
state: absent
|
|
||||||
force: True
|
|
||||||
when: "ansible_os_family == 'Debian'"
|
when: "ansible_os_family == 'Debian'"
|
||||||
|
block:
|
||||||
- name: enable evasive module, test https://github.com/ansible/ansible/issues/22635
|
- name: force disable of autoindex # bug #2499
|
||||||
apache2_module:
|
apache2_module:
|
||||||
name: evasive
|
name: autoindex
|
||||||
state: present
|
|
||||||
when: "ansible_os_family == 'Debian'"
|
|
||||||
|
|
||||||
- name: disable mpm modules
|
|
||||||
apache2_module:
|
|
||||||
name: "{{ item }}"
|
|
||||||
state: absent
|
|
||||||
ignore_configcheck: True
|
|
||||||
with_items:
|
|
||||||
- mpm_worker
|
|
||||||
- mpm_event
|
|
||||||
- mpm_prefork
|
|
||||||
when: "ansible_os_family == 'Debian'"
|
|
||||||
|
|
||||||
- name: enabled mpm_event
|
|
||||||
apache2_module:
|
|
||||||
name: mpm_event
|
|
||||||
state: present
|
|
||||||
ignore_configcheck: True
|
|
||||||
register: enabledmpmevent
|
|
||||||
when: "ansible_os_family == 'Debian'"
|
|
||||||
|
|
||||||
- name: ensure changed mpm_event
|
|
||||||
assert:
|
|
||||||
that:
|
|
||||||
- 'enabledmpmevent.changed'
|
|
||||||
when: "ansible_os_family == 'Debian'"
|
|
||||||
|
|
||||||
- name: switch between mpm_event and mpm_worker
|
|
||||||
apache2_module:
|
|
||||||
name: "{{ item.name }}"
|
|
||||||
state: "{{ item.state }}"
|
|
||||||
ignore_configcheck: True
|
|
||||||
with_items:
|
|
||||||
- name: mpm_event
|
|
||||||
state: absent
|
state: absent
|
||||||
- name: mpm_worker
|
force: True
|
||||||
|
|
||||||
|
- name: reenable autoindex
|
||||||
|
apache2_module:
|
||||||
|
name: autoindex
|
||||||
state: present
|
state: present
|
||||||
when: "ansible_os_family == 'Debian'"
|
|
||||||
|
|
||||||
- name: ensure mpm_worker is already enabled
|
- name: enable evasive module, test https://github.com/ansible/ansible/issues/22635
|
||||||
apache2_module:
|
apache2_module:
|
||||||
name: mpm_worker
|
name: evasive
|
||||||
state: present
|
state: present
|
||||||
register: enabledmpmworker
|
|
||||||
when: "ansible_os_family == 'Debian'"
|
|
||||||
|
|
||||||
- name: ensure mpm_worker unchanged
|
- name: disable evasive module
|
||||||
assert:
|
apache2_module:
|
||||||
that:
|
name: evasive
|
||||||
- 'not enabledmpmworker.changed'
|
state: absent
|
||||||
when: "ansible_os_family == 'Debian'"
|
|
||||||
|
|
||||||
- name: try to disable all mpm modules with configcheck
|
- name: use identifier to enable module, fix for https://github.com/ansible/ansible/issues/33669
|
||||||
apache2_module:
|
apache2_module:
|
||||||
name: "{{item}}"
|
name: dump_io
|
||||||
state: absent
|
state: present
|
||||||
with_items:
|
ignore_errors: True
|
||||||
- mpm_worker
|
register: enable_dumpio_wrong
|
||||||
- mpm_event
|
|
||||||
- mpm_prefork
|
|
||||||
ignore_errors: yes
|
|
||||||
register: remove_with_configcheck
|
|
||||||
when: "ansible_os_family == 'Debian'"
|
|
||||||
|
|
||||||
- name: ensure configcheck fails task with when run without mpm modules
|
- name: disable dump_io
|
||||||
assert:
|
apache2_module:
|
||||||
that:
|
name: dump_io
|
||||||
- "{{ item.failed }}"
|
identifier: dumpio_module
|
||||||
with_items: "{{ remove_with_configcheck.results }}"
|
state: absent
|
||||||
when: "ansible_os_family == 'Debian'"
|
|
||||||
|
|
||||||
- name: try to disable all mpm modules without configcheck
|
- name: use identifier to enable module, fix for https://github.com/ansible/ansible/issues/33669
|
||||||
apache2_module:
|
apache2_module:
|
||||||
name: "{{item}}"
|
name: dump_io
|
||||||
state: absent
|
identifier: dumpio_module
|
||||||
ignore_configcheck: True
|
state: present
|
||||||
with_items:
|
register: enable_dumpio_correct_1
|
||||||
- mpm_worker
|
|
||||||
- mpm_event
|
- name: ensure idempotency with identifier
|
||||||
- mpm_prefork
|
apache2_module:
|
||||||
when: "ansible_os_family == 'Debian'"
|
name: dump_io
|
||||||
|
identifier: dumpio_module
|
||||||
|
state: present
|
||||||
|
register: enable_dumpio_correct_2
|
||||||
|
|
||||||
|
- name: disable dump_io
|
||||||
|
apache2_module:
|
||||||
|
name: dump_io
|
||||||
|
identifier: dumpio_module
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- enable_dumpio_wrong is failed
|
||||||
|
- enable_dumpio_correct_1 is changed
|
||||||
|
- enable_dumpio_correct_2 is not changed
|
||||||
|
|
||||||
|
- name: disable mpm modules
|
||||||
|
apache2_module:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: absent
|
||||||
|
ignore_configcheck: True
|
||||||
|
with_items:
|
||||||
|
- mpm_worker
|
||||||
|
- mpm_event
|
||||||
|
- mpm_prefork
|
||||||
|
|
||||||
|
- name: enabled mpm_event
|
||||||
|
apache2_module:
|
||||||
|
name: mpm_event
|
||||||
|
state: present
|
||||||
|
ignore_configcheck: True
|
||||||
|
register: enabledmpmevent
|
||||||
|
|
||||||
|
- name: ensure changed mpm_event
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- 'enabledmpmevent.changed'
|
||||||
|
|
||||||
|
- name: switch between mpm_event and mpm_worker
|
||||||
|
apache2_module:
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
state: "{{ item.state }}"
|
||||||
|
ignore_configcheck: True
|
||||||
|
with_items:
|
||||||
|
- name: mpm_event
|
||||||
|
state: absent
|
||||||
|
- name: mpm_worker
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: ensure mpm_worker is already enabled
|
||||||
|
apache2_module:
|
||||||
|
name: mpm_worker
|
||||||
|
state: present
|
||||||
|
register: enabledmpmworker
|
||||||
|
|
||||||
|
- name: ensure mpm_worker unchanged
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- 'not enabledmpmworker.changed'
|
||||||
|
|
||||||
|
- name: try to disable all mpm modules with configcheck
|
||||||
|
apache2_module:
|
||||||
|
name: "{{item}}"
|
||||||
|
state: absent
|
||||||
|
with_items:
|
||||||
|
- mpm_worker
|
||||||
|
- mpm_event
|
||||||
|
- mpm_prefork
|
||||||
|
ignore_errors: yes
|
||||||
|
register: remove_with_configcheck
|
||||||
|
|
||||||
|
- name: ensure configcheck fails task with when run without mpm modules
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- "{{ item.failed }}"
|
||||||
|
with_items: "{{ remove_with_configcheck.results }}"
|
||||||
|
|
||||||
|
- name: try to disable all mpm modules without configcheck
|
||||||
|
apache2_module:
|
||||||
|
name: "{{item}}"
|
||||||
|
state: absent
|
||||||
|
ignore_configcheck: True
|
||||||
|
with_items:
|
||||||
|
- mpm_worker
|
||||||
|
- mpm_event
|
||||||
|
- mpm_prefork
|
||||||
|
|
||||||
|
- name: enabled mpm_event to restore previous state
|
||||||
|
apache2_module:
|
||||||
|
name: mpm_event
|
||||||
|
state: present
|
||||||
|
ignore_configcheck: True
|
||||||
|
register: enabledmpmevent
|
||||||
|
|
|
@ -1,20 +0,0 @@
|
||||||
# This file is part of Ansible
|
|
||||||
#
|
|
||||||
# Ansible is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# Ansible is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU General Public License
|
|
||||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
- name: uninstall libapache2-mod-evasive via apt
|
|
||||||
apt:
|
|
||||||
name: libapache2-mod-evasive
|
|
||||||
state: absent
|
|
||||||
when: "ansible_os_family == 'Debian'"
|
|
|
@ -1,11 +1,21 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
||||||
- name:
|
- name:
|
||||||
block:
|
block:
|
||||||
|
- name: get list of enabled modules
|
||||||
|
shell: apache2ctl -M | sort
|
||||||
|
register: modules_before
|
||||||
- name: include only on supported systems
|
- name: include only on supported systems
|
||||||
include: actualtest.yml
|
include: actualtest.yml
|
||||||
always:
|
always:
|
||||||
- name: cleanup installed modules
|
- name: get list of enabled modules
|
||||||
include: cleanup.yml
|
shell: apache2ctl -M | sort
|
||||||
|
register: modules_after
|
||||||
|
- debug: var=modules_before
|
||||||
|
- debug: var=modules_after
|
||||||
|
- name: ensure that all test modules are disabled again
|
||||||
|
assert:
|
||||||
|
that: modules_before.stdout == modules_after.stdout
|
||||||
when: ansible_os_family in ['Debian', 'Suse']
|
when: ansible_os_family in ['Debian', 'Suse']
|
||||||
# centos/RHEL does not have a2enmod/a2dismod
|
# centos/RHEL does not have a2enmod/a2dismod
|
||||||
|
|
Loading…
Reference in a new issue