Drop mod_wsgi support

As we don't provide wsgi file for mod_wsgi deployment (despite having task to do that) and trove package don't contain wsgi application we should drop apache mod_wsgi part of the setup as it's not functional. Change-Id: I0a12fad27d3f994d79ead52ac90873a1e1362144
2019-09-04 14:47:05 +03:00 · 2019-09-04 14:47:05 +03:00 · 00ab880a0d
commit 00ab880a0d
parent a7393902d0
12 changed files with 6 additions and 193 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -83,30 +83,6 @@ trove_git_constraints:
  - "git+{{ trove_git_repo }}@{{ trove_git_install_branch }}#egg=trove"
  - "--constraint {{ trove_upper_constraints_url }}"

-#: Set this to false to disable API service through Apache + mod_wsgi
-trove_use_mod_wsgi: false
-
-## Apache setup
-trove_apache_log_level: info
-trove_apache_servertokens: "Prod"
-trove_apache_serversignature: "Off"
-trove_wsgi_threads: 1
-## Cap the maximum number of processes when a user value is unspecified.
-trove_wsgi_processes_max: 32
-trove_wsgi_processes: "{{ [[ansible_processor_vcpus|default(1), 1] | max * 2, trove_wsgi_processes_max] | min }}"
-
-# set trove_ssl to true to enable SSL configuration on the trove containers
-trove_ssl: false
-trove_ssl_cert: /etc/ssl/certs/trove.pem
-trove_ssl_key: /etc/ssl/private/trove.key
-trove_ssl_ca_cert: /etc/ssl/certs/trove-ca.pem
-trove_ssl_protocol: "{{ ssl_protocol | default('ALL -SSLv2 -SSLv3 -TLSv1.0 -TLSv1.1') }}"
-trove_ssl_cipher_suite: "{{ ssl_cipher_suite | default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS') }}"
-
-# if using a self-signed certificate, set this to true to regenerate it
-trove_ssl_self_signed_regen: false
-trove_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ internal_lb_vip_address }}/subjectAltName=IP.1={{ external_lb_vip_address }}"
-
 # Database vars
 trove_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}"
 trove_galera_address: "{{ galera_address | default('127.0.0.1') }}"
--- a/examples/playbook.yml
+++ b/examples/playbook.yml
@ -1,6 +1,6 @@
 ---
 - name: Install trove
-   hosts: all
-   user: root
-   roles:
-     - role: "os_trove"
+  hosts: all
+  user: root
+  roles:
+    - role: "os_trove"
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -19,8 +19,6 @@
  systemd:
    name: "{{ trove_services['trove-api']['service_name'] }}"
    state: "restarted"
-  when:
-    - not trove_use_mod_wsgi | bool
  listen:
    - "Restart trove services"
    - "venv changed"
@ -40,16 +38,3 @@
  listen:
    - "Restart trove services"
    - "venv changed"
-
- name: Restart Apache
-  service:
-    name: "apache2"
-    state: "restarted"
-  when: trove_use_mod_wsgi | bool
-  register: apache_restart
-  until: apache_restart is success
-  retries: 5
-  delay: 2
-  listen:
-    - "Restart trove services"
-    - "venv changed"
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -174,8 +174,5 @@
  tags:
    - trove-install

- import_tasks: trove_apache.yml
-  when: trove_use_mod_wsgi | bool
-  tags:
-    - trove-install
-    - trove-config
+- name: Flush handlers
+  meta: flush_handlers
--- a/tasks/trove_apache.yml
+++ b/tasks/trove_apache.yml
@ -1,75 +0,0 @@
---
-# Copyright 2016 Internet Solutions (Pty) Ltd
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
-# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
- name: Drop apache2 virtual host and ports file
-  template:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    owner: "root"
-    group: "root"
-  with_items:
-    - { src: "trove-ports.conf.j2", dest: "/etc/apache2/ports.conf" }
-    - { src: "trove-httpd.conf.j2", dest: "/etc/apache2/sites-available/trove-httpd.conf" }
-  notify:
-    - Restart Apache
-
- name: Disable default apache site
-  file:
-    path: "/etc/apache2/sites-enabled/000-default.conf"
-    state: "absent"
-  notify:
-    - Restart Apache
-
- name: Enabled trove vhost
-  file:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    state: "{{ item.state }}"
-  with_items:
-    - { src: "/etc/apache2/sites-available/trove-httpd.conf", dest: "/etc/apache2/sites-enabled/trove-httpd.conf", state: "link" }
-  notify:
-    - Restart Apache
-
- name: Ensure Apache ServerName
-  lineinfile:
-    dest: "/etc/apache2/apache2.conf"
-    line: "ServerName {{ inventory_hostname }}"
-  notify:
-    - Restart Apache
-
- name: Ensure Apache ServerTokens
-  lineinfile:
-    dest: "/etc/apache2/conf-available/security.conf"
-    regexp: '^ServerTokens'
-    line: "ServerTokens {{ trove_apache_servertokens }}"
-  notify:
-    - Restart Apache
-
- name: Ensure Apache ServerSignature
-  lineinfile:
-    dest: "/etc/apache2/conf-available/security.conf"
-    regexp: '^ServerSignature'
-    line: "ServerSignature {{ trove_apache_serversignature }}"
-  notify:
-    - Restart Apache
-
- name: Enable/disable mod_ssl for apache2
-  apache2_module:
-    name: ssl
-    state: "{{ trove_ssl | bool | ternary('present', 'absent') }}"
-  notify:
-    - Restart Apache
--- a/tasks/trove_post_install.yml
+++ b/tasks/trove_post_install.yml
@ -38,7 +38,6 @@
      config_overrides: "{{ trove_policy_overrides }}"
      config_type: "json"
  notify:
-    - Restart Apache
    - Restart trove API services
  when: inventory_hostname in groups['trove_api']

@ -89,16 +88,3 @@
  notify:
    - Restart trove taskmanager service
  when: inventory_hostname in groups['trove_taskmanager']
-
- name: Drop trove WSGI Configs
-  template:
-    src: trove-wsgi.py.j2
-    dest: /var/www/cgi-bin/trove/trove-api
-    owner: "{{ trove_system_user_name }}"
-    group: "{{ trove_system_group_name }}"
-    mode: "0755"
-  when:
-    - trove_use_mod_wsgi | bool
-    - inventory_hostname in groups['trove_api']
-  notify:
-    - Restart Apache
--- a/tasks/trove_pre_install.yml
+++ b/tasks/trove_pre_install.yml
@ -45,17 +45,3 @@
    - { path: "/var/lib/trove/tmp" }
    - { path: "/var/lib/trove/locks" }
    - { path: "/var/cache/trove", mode: "0700" }
-
- name: Create Apache mod_wsgi dirs
-  file:
-    path: "{{ item.path }}"
-    state: directory
-    owner: "{{ item.owner|default(trove_system_user_name) }}"
-    group: "{{ item.group|default(trove_system_group_name) }}"
-    mode: "{{ item.mode|default('0755') }}"
-  with_items:
-    - { path: "/var/www/cgi-bin", owner: root, group: root }
-    - { path: "/var/www/cgi-bin/trove" }
-  when:
-    - trove_use_mod_wsgi | bool
-    - inventory_hostname in groups['trove_api']
--- a/templates/trove-httpd.conf.j2
+++ b/templates/trove-httpd.conf.j2
@ -1,30 +0,0 @@
-# {{ ansible_managed }}
-# Do not edit this file manually, your changes will be overwritten.
-<VirtualHost *:{{ trove_service_port }}>
-    WSGIDaemonProcess     trove lang='en_US.UTF-8' locale='en_US.UTF-8' user={{ trove_system_user_name }} group={{ trove_system_group_name }} processes={{ trove_wsgi_processes }} threads={{ trove_wsgi_threads }} display-name=%{GROUP}
-    WSGIProcessGroup      trove
-    WSGIScriptAlias       / /var/www/cgi-bin/trove/trove-api
-    WSGIApplicationGroup  %{GLOBAL}
-
-    <IfVersion >= 2.4>
-      ErrorLogFormat "%{cu}t %M"
-    </IfVersion>
-
-    LogLevel  {{  trove_apache_log_level }}
-    ErrorLog  /var/log/trove/trove-apache-error.log
-    CustomLog /var/log/trove/trove-access.log combined
-
-{% if trove_ssl | bool and trove_service_internaluri_proto == "https" -%}
-    SSLEngine on
-    SSLCertificateFile    {{ trove_ssl_cert }}
-    SSLCertificateKeyFile {{ trove_ssl_key }}
-    {% if trove_user_ssl_ca_cert is defined -%}
-    SSLCACertificateFile  {{ trove_ssl_ca_cert }}
-    {% endif -%}
-    SSLCompression Off
-    SSLProtocol {{ trove_ssl_protocol }}
-    SSLHonorCipherOrder On
-    SSLCipherSuite {{ trove_ssl_cipher_suite }}
-    SSLOptions +StdEnvVars +ExportCertData
-{% endif %}
-</VirtualHost>
--- a/templates/trove-ports.conf.j2
+++ b/templates/trove-ports.conf.j2
@ -1,3 +0,0 @@
-# {{ ansible_managed }}
-# Do not edit this file manually, your changes will be overwritten.
-Listen {{ trove_service_port }}
--- a/vars/debian.yml
+++ b/vars/debian.yml
@ -18,8 +18,5 @@
 cache_timeout: 600

 trove_distro_packages:
-  - apache2
-  - apache2-utils
-  - libapache2-mod-wsgi
  - libsystemd-dev
  - qemu-utils
--- a/vars/redhat.yml
+++ b/vars/redhat.yml
@ -18,8 +18,5 @@
 cache_timeout: 600

 trove_distro_packages:
-  - httpd
-  - httpd-tools
-  - mod_wsgi
  - systemd-devel
  - qemu-img
--- a/vars/suse.yml
+++ b/vars/suse.yml
@ -17,8 +17,5 @@
 cache_timeout: 600

 trove_distro_packages:
-  - apache2
-  - apache2-utils
-  - apache2-mod_wsgi
  - systemd-devel
  - qemu-tools