1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Add identifier option to apache2_module (#33748)

* Add identifier option to apache2_module

There is a convention connecting the name passed to a2enmod and the one
appearing in apache2ctl -M. Not all modules follow this convention and
we have added a growing list of implicit conversions.
As a better long-term solution this adds an "identifier" option to be
able to set both strings explicitly.

* Run debian-specific tests only there

* Improve cleanup after apache2 tests

This is a follow-up/extension of https://github.com/ansible/ansible/pull/33630

* Add example for the new identifier option

* Put all debian tests in a block
This commit is contained in:
Robin Roth 2018-01-23 18:56:59 +01:00 committed by René Moser
parent ad8ee4e60f
commit ec80f8ad80
4 changed files with 188 additions and 119 deletions

View file

@ -21,24 +21,31 @@ author:
- Christian Berendt (@berendt) - Christian Berendt (@berendt)
- Ralf Hertel (@n0trax) - Ralf Hertel (@n0trax)
- Robin Roth (@robinro) - Robin Roth (@robinro)
short_description: enables/disables a module of the Apache2 webserver short_description: Enables/disables a module of the Apache2 webserver.
description: description:
- Enables or disables a specified module of the Apache2 webserver. - Enables or disables a specified module of the Apache2 webserver.
options: options:
name: name:
description: description:
- name of the module to enable/disable - Name of the module to enable/disable as given to C(a2enmod/a2dismod).
required: true required: true
identifier:
description:
- Identifier of the module as listed by C(apache2ctl -M).
This is optional and usually determined automatically by the common convention of
appending C(_module) to I(name) as well as custom exception for popular modules.
required: False
version_added: "2.5"
force: force:
description: description:
- force disabling of default modules and override Debian warnings - Force disabling of default modules and override Debian warnings.
required: false required: false
choices: ['True', 'False'] choices: ['True', 'False']
default: False default: False
version_added: "2.1" version_added: "2.1"
state: state:
description: description:
- indicate the desired state of the resource - Desired state of the module.
choices: ['present', 'absent'] choices: ['present', 'absent']
default: present default: present
ignore_configcheck: ignore_configcheck:
@ -69,6 +76,11 @@ EXAMPLES = '''
state: absent state: absent
name: mpm_worker name: mpm_worker
ignore_configcheck: True ignore_configcheck: True
# enable dump_io module, which is identified as dumpio_module inside apache2
- apache2_module:
state: present
name: dump_io
identifier: dumpio_module
''' '''
RETURN = ''' RETURN = '''
@ -119,15 +131,12 @@ def _get_ctl_binary(module):
def _module_is_enabled(module): def _module_is_enabled(module):
control_binary = _get_ctl_binary(module) control_binary = _get_ctl_binary(module)
name = module.params['name']
ignore_configcheck = module.params['ignore_configcheck']
result, stdout, stderr = module.run_command("%s -M" % control_binary) result, stdout, stderr = module.run_command("%s -M" % control_binary)
if result != 0: if result != 0:
error_msg = "Error executing %s: %s" % (control_binary, stderr) error_msg = "Error executing %s: %s" % (control_binary, stderr)
if ignore_configcheck: if module.params['ignore_configcheck']:
if 'AH00534' in stderr and 'mpm_' in name: if 'AH00534' in stderr and 'mpm_' in module.params['name']:
module.warnings.append( module.warnings.append(
"No MPM module loaded! apache2 reload AND other module actions" "No MPM module loaded! apache2 reload AND other module actions"
" will fail if no MPM module is loaded immediately." " will fail if no MPM module is loaded immediately."
@ -138,7 +147,7 @@ def _module_is_enabled(module):
else: else:
module.fail_json(msg=error_msg) module.fail_json(msg=error_msg)
searchstring = ' ' + create_apache_identifier(name) searchstring = ' ' + module.params['identifier']
return searchstring in stdout return searchstring in stdout
@ -205,7 +214,18 @@ def _set_state(module, state):
result=success_msg, result=success_msg,
warnings=module.warnings) warnings=module.warnings)
else: else:
module.fail_json(msg="Failed to set module %s to %s: %s" % (name, state_string, stdout), msg = (
'Failed to set module {name} to {state}:\n'
'{stdout}\n'
'Maybe the module identifier ({identifier}) was guessed incorrectly.'
'Consider setting the "identifier" option.'
).format(
name=name,
state=state_string,
stdout=stdout,
identifier=module.params['identifier']
)
module.fail_json(msg=msg,
rc=result, rc=result,
stdout=stdout, stdout=stdout,
stderr=stderr) stderr=stderr)
@ -219,6 +239,7 @@ def main():
module = AnsibleModule( module = AnsibleModule(
argument_spec=dict( argument_spec=dict(
name=dict(required=True), name=dict(required=True),
identifier=dict(required=False, type='str'),
force=dict(required=False, type='bool', default=False), force=dict(required=False, type='bool', default=False),
state=dict(default='present', choices=['absent', 'present']), state=dict(default='present', choices=['absent', 'present']),
ignore_configcheck=dict(required=False, type='bool', default=False), ignore_configcheck=dict(required=False, type='bool', default=False),
@ -232,6 +253,9 @@ def main():
if name == 'cgi' and _run_threaded(module): if name == 'cgi' and _run_threaded(module):
module.fail_json(msg="Your MPM seems to be threaded. No automatic actions on module %s possible." % name) module.fail_json(msg="Your MPM seems to be threaded. No automatic actions on module %s possible." % name)
if not module.params['identifier']:
module.params['identifier'] = create_apache_identifier(module.params['name'])
if module.params['state'] in ['present', 'absent']: if module.params['state'] in ['present', 'absent']:
_set_state(module, module.params['state']) _set_state(module, module.params['state'])

View file

@ -32,6 +32,7 @@
apache2_module: apache2_module:
name: userdir name: userdir
state: absent state: absent
register: userdir_first_disable
- name: disable userdir module, second run - name: disable userdir module, second run
apache2_module: apache2_module:
@ -42,7 +43,7 @@
- name: ensure apache2_module is idempotent - name: ensure apache2_module is idempotent
assert: assert:
that: that:
- 'not disable.changed' - disable is not changed
- name: enable userdir module - name: enable userdir module
apache2_module: apache2_module:
@ -53,7 +54,7 @@
- name: ensure changed on successful enable - name: ensure changed on successful enable
assert: assert:
that: that:
- 'enable.changed' - enable is changed
- name: enable userdir module, second run - name: enable userdir module, second run
apache2_module: apache2_module:
@ -77,100 +78,154 @@
that: that:
- 'disablefinal.changed' - 'disablefinal.changed'
- name: set userdir to original state
apache2_module:
name: userdir
state: present
when: userdir_first_disable is changed
- name: ensure autoindex enabled - name: ensure autoindex enabled
apache2_module: apache2_module:
name: autoindex name: autoindex
state: present state: present
- name: force disable of autoindex # bug #2499 - name: Debian/Ubuntu specific tests
apache2_module:
name: autoindex
state: absent
force: True
when: "ansible_os_family == 'Debian'" when: "ansible_os_family == 'Debian'"
block:
- name: enable evasive module, test https://github.com/ansible/ansible/issues/22635 - name: force disable of autoindex # bug #2499
apache2_module: apache2_module:
name: evasive name: autoindex
state: present
when: "ansible_os_family == 'Debian'"
- name: disable mpm modules
apache2_module:
name: "{{ item }}"
state: absent
ignore_configcheck: True
with_items:
- mpm_worker
- mpm_event
- mpm_prefork
when: "ansible_os_family == 'Debian'"
- name: enabled mpm_event
apache2_module:
name: mpm_event
state: present
ignore_configcheck: True
register: enabledmpmevent
when: "ansible_os_family == 'Debian'"
- name: ensure changed mpm_event
assert:
that:
- 'enabledmpmevent.changed'
when: "ansible_os_family == 'Debian'"
- name: switch between mpm_event and mpm_worker
apache2_module:
name: "{{ item.name }}"
state: "{{ item.state }}"
ignore_configcheck: True
with_items:
- name: mpm_event
state: absent state: absent
- name: mpm_worker force: True
- name: reenable autoindex
apache2_module:
name: autoindex
state: present state: present
when: "ansible_os_family == 'Debian'"
- name: ensure mpm_worker is already enabled - name: enable evasive module, test https://github.com/ansible/ansible/issues/22635
apache2_module: apache2_module:
name: mpm_worker name: evasive
state: present state: present
register: enabledmpmworker
when: "ansible_os_family == 'Debian'"
- name: ensure mpm_worker unchanged - name: disable evasive module
assert: apache2_module:
that: name: evasive
- 'not enabledmpmworker.changed' state: absent
when: "ansible_os_family == 'Debian'"
- name: try to disable all mpm modules with configcheck - name: use identifier to enable module, fix for https://github.com/ansible/ansible/issues/33669
apache2_module: apache2_module:
name: "{{item}}" name: dump_io
state: absent state: present
with_items: ignore_errors: True
- mpm_worker register: enable_dumpio_wrong
- mpm_event
- mpm_prefork
ignore_errors: yes
register: remove_with_configcheck
when: "ansible_os_family == 'Debian'"
- name: ensure configcheck fails task with when run without mpm modules - name: disable dump_io
assert: apache2_module:
that: name: dump_io
- "{{ item.failed }}" identifier: dumpio_module
with_items: "{{ remove_with_configcheck.results }}" state: absent
when: "ansible_os_family == 'Debian'"
- name: try to disable all mpm modules without configcheck - name: use identifier to enable module, fix for https://github.com/ansible/ansible/issues/33669
apache2_module: apache2_module:
name: "{{item}}" name: dump_io
state: absent identifier: dumpio_module
ignore_configcheck: True state: present
with_items: register: enable_dumpio_correct_1
- mpm_worker
- mpm_event - name: ensure idempotency with identifier
- mpm_prefork apache2_module:
when: "ansible_os_family == 'Debian'" name: dump_io
identifier: dumpio_module
state: present
register: enable_dumpio_correct_2
- name: disable dump_io
apache2_module:
name: dump_io
identifier: dumpio_module
state: absent
- assert:
that:
- enable_dumpio_wrong is failed
- enable_dumpio_correct_1 is changed
- enable_dumpio_correct_2 is not changed
- name: disable mpm modules
apache2_module:
name: "{{ item }}"
state: absent
ignore_configcheck: True
with_items:
- mpm_worker
- mpm_event
- mpm_prefork
- name: enabled mpm_event
apache2_module:
name: mpm_event
state: present
ignore_configcheck: True
register: enabledmpmevent
- name: ensure changed mpm_event
assert:
that:
- 'enabledmpmevent.changed'
- name: switch between mpm_event and mpm_worker
apache2_module:
name: "{{ item.name }}"
state: "{{ item.state }}"
ignore_configcheck: True
with_items:
- name: mpm_event
state: absent
- name: mpm_worker
state: present
- name: ensure mpm_worker is already enabled
apache2_module:
name: mpm_worker
state: present
register: enabledmpmworker
- name: ensure mpm_worker unchanged
assert:
that:
- 'not enabledmpmworker.changed'
- name: try to disable all mpm modules with configcheck
apache2_module:
name: "{{item}}"
state: absent
with_items:
- mpm_worker
- mpm_event
- mpm_prefork
ignore_errors: yes
register: remove_with_configcheck
- name: ensure configcheck fails task with when run without mpm modules
assert:
that:
- "{{ item.failed }}"
with_items: "{{ remove_with_configcheck.results }}"
- name: try to disable all mpm modules without configcheck
apache2_module:
name: "{{item}}"
state: absent
ignore_configcheck: True
with_items:
- mpm_worker
- mpm_event
- mpm_prefork
- name: enabled mpm_event to restore previous state
apache2_module:
name: mpm_event
state: present
ignore_configcheck: True
register: enabledmpmevent

View file

@ -1,20 +0,0 @@
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: uninstall libapache2-mod-evasive via apt
apt:
name: libapache2-mod-evasive
state: absent
when: "ansible_os_family == 'Debian'"

View file

@ -1,11 +1,21 @@
--- ---
- name: - name:
block: block:
- name: get list of enabled modules
shell: apache2ctl -M | sort
register: modules_before
- name: include only on supported systems - name: include only on supported systems
include: actualtest.yml include: actualtest.yml
always: always:
- name: cleanup installed modules - name: get list of enabled modules
include: cleanup.yml shell: apache2ctl -M | sort
register: modules_after
- debug: var=modules_before
- debug: var=modules_after
- name: ensure that all test modules are disabled again
assert:
that: modules_before.stdout == modules_after.stdout
when: ansible_os_family in ['Debian', 'Suse'] when: ansible_os_family in ['Debian', 'Suse']
# centos/RHEL does not have a2enmod/a2dismod # centos/RHEL does not have a2enmod/a2dismod