Drop mod_wsgi support

As we don't provide wsgi file for mod_wsgi deployment (despite
having task to do that) and trove package don't contain wsgi application
we should drop apache mod_wsgi part of the setup as it's not functional.

Change-Id: I0a12fad27d3f994d79ead52ac90873a1e1362144
This commit is contained in:
Dmitriy Rabotyagov 2019-09-04 14:47:05 +03:00
parent a7393902d0
commit 00ab880a0d
12 changed files with 6 additions and 193 deletions

View File

@ -83,30 +83,6 @@ trove_git_constraints:
- "git+{{ trove_git_repo }}@{{ trove_git_install_branch }}#egg=trove"
- "--constraint {{ trove_upper_constraints_url }}"
#: Set this to false to disable API service through Apache + mod_wsgi
trove_use_mod_wsgi: false
## Apache setup
trove_apache_log_level: info
trove_apache_servertokens: "Prod"
trove_apache_serversignature: "Off"
trove_wsgi_threads: 1
## Cap the maximum number of processes when a user value is unspecified.
trove_wsgi_processes_max: 32
trove_wsgi_processes: "{{ [[ansible_processor_vcpus|default(1), 1] | max * 2, trove_wsgi_processes_max] | min }}"
# set trove_ssl to true to enable SSL configuration on the trove containers
trove_ssl: false
trove_ssl_cert: /etc/ssl/certs/trove.pem
trove_ssl_key: /etc/ssl/private/trove.key
trove_ssl_ca_cert: /etc/ssl/certs/trove-ca.pem
trove_ssl_protocol: "{{ ssl_protocol | default('ALL -SSLv2 -SSLv3 -TLSv1.0 -TLSv1.1') }}"
trove_ssl_cipher_suite: "{{ ssl_cipher_suite | default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS') }}"
# if using a self-signed certificate, set this to true to regenerate it
trove_ssl_self_signed_regen: false
trove_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ internal_lb_vip_address }}/subjectAltName=IP.1={{ external_lb_vip_address }}"
# Database vars
trove_db_setup_host: "{{ ('galera_all' in groups) | ternary(groups['galera_all'][0], 'localhost') }}"
trove_galera_address: "{{ galera_address | default('127.0.0.1') }}"

View File

@ -19,8 +19,6 @@
systemd:
name: "{{ trove_services['trove-api']['service_name'] }}"
state: "restarted"
when:
- not trove_use_mod_wsgi | bool
listen:
- "Restart trove services"
- "venv changed"
@ -40,16 +38,3 @@
listen:
- "Restart trove services"
- "venv changed"
- name: Restart Apache
service:
name: "apache2"
state: "restarted"
when: trove_use_mod_wsgi | bool
register: apache_restart
until: apache_restart is success
retries: 5
delay: 2
listen:
- "Restart trove services"
- "venv changed"

View File

@ -174,8 +174,5 @@
tags:
- trove-install
- import_tasks: trove_apache.yml
when: trove_use_mod_wsgi | bool
tags:
- trove-install
- trove-config
- name: Flush handlers
meta: flush_handlers

View File

@ -1,75 +0,0 @@
---
# Copyright 2016 Internet Solutions (Pty) Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>
- name: Drop apache2 virtual host and ports file
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "root"
group: "root"
with_items:
- { src: "trove-ports.conf.j2", dest: "/etc/apache2/ports.conf" }
- { src: "trove-httpd.conf.j2", dest: "/etc/apache2/sites-available/trove-httpd.conf" }
notify:
- Restart Apache
- name: Disable default apache site
file:
path: "/etc/apache2/sites-enabled/000-default.conf"
state: "absent"
notify:
- Restart Apache
- name: Enabled trove vhost
file:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
state: "{{ item.state }}"
with_items:
- { src: "/etc/apache2/sites-available/trove-httpd.conf", dest: "/etc/apache2/sites-enabled/trove-httpd.conf", state: "link" }
notify:
- Restart Apache
- name: Ensure Apache ServerName
lineinfile:
dest: "/etc/apache2/apache2.conf"
line: "ServerName {{ inventory_hostname }}"
notify:
- Restart Apache
- name: Ensure Apache ServerTokens
lineinfile:
dest: "/etc/apache2/conf-available/security.conf"
regexp: '^ServerTokens'
line: "ServerTokens {{ trove_apache_servertokens }}"
notify:
- Restart Apache
- name: Ensure Apache ServerSignature
lineinfile:
dest: "/etc/apache2/conf-available/security.conf"
regexp: '^ServerSignature'
line: "ServerSignature {{ trove_apache_serversignature }}"
notify:
- Restart Apache
- name: Enable/disable mod_ssl for apache2
apache2_module:
name: ssl
state: "{{ trove_ssl | bool | ternary('present', 'absent') }}"
notify:
- Restart Apache

View File

@ -38,7 +38,6 @@
config_overrides: "{{ trove_policy_overrides }}"
config_type: "json"
notify:
- Restart Apache
- Restart trove API services
when: inventory_hostname in groups['trove_api']
@ -89,16 +88,3 @@
notify:
- Restart trove taskmanager service
when: inventory_hostname in groups['trove_taskmanager']
- name: Drop trove WSGI Configs
template:
src: trove-wsgi.py.j2
dest: /var/www/cgi-bin/trove/trove-api
owner: "{{ trove_system_user_name }}"
group: "{{ trove_system_group_name }}"
mode: "0755"
when:
- trove_use_mod_wsgi | bool
- inventory_hostname in groups['trove_api']
notify:
- Restart Apache

View File

@ -45,17 +45,3 @@
- { path: "/var/lib/trove/tmp" }
- { path: "/var/lib/trove/locks" }
- { path: "/var/cache/trove", mode: "0700" }
- name: Create Apache mod_wsgi dirs
file:
path: "{{ item.path }}"
state: directory
owner: "{{ item.owner|default(trove_system_user_name) }}"
group: "{{ item.group|default(trove_system_group_name) }}"
mode: "{{ item.mode|default('0755') }}"
with_items:
- { path: "/var/www/cgi-bin", owner: root, group: root }
- { path: "/var/www/cgi-bin/trove" }
when:
- trove_use_mod_wsgi | bool
- inventory_hostname in groups['trove_api']

View File

@ -1,30 +0,0 @@
# {{ ansible_managed }}
# Do not edit this file manually, your changes will be overwritten.
<VirtualHost *:{{ trove_service_port }}>
WSGIDaemonProcess trove lang='en_US.UTF-8' locale='en_US.UTF-8' user={{ trove_system_user_name }} group={{ trove_system_group_name }} processes={{ trove_wsgi_processes }} threads={{ trove_wsgi_threads }} display-name=%{GROUP}
WSGIProcessGroup trove
WSGIScriptAlias / /var/www/cgi-bin/trove/trove-api
WSGIApplicationGroup %{GLOBAL}
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
LogLevel {{ trove_apache_log_level }}
ErrorLog /var/log/trove/trove-apache-error.log
CustomLog /var/log/trove/trove-access.log combined
{% if trove_ssl | bool and trove_service_internaluri_proto == "https" -%}
SSLEngine on
SSLCertificateFile {{ trove_ssl_cert }}
SSLCertificateKeyFile {{ trove_ssl_key }}
{% if trove_user_ssl_ca_cert is defined -%}
SSLCACertificateFile {{ trove_ssl_ca_cert }}
{% endif -%}
SSLCompression Off
SSLProtocol {{ trove_ssl_protocol }}
SSLHonorCipherOrder On
SSLCipherSuite {{ trove_ssl_cipher_suite }}
SSLOptions +StdEnvVars +ExportCertData
{% endif %}
</VirtualHost>

View File

@ -1,3 +0,0 @@
# {{ ansible_managed }}
# Do not edit this file manually, your changes will be overwritten.
Listen {{ trove_service_port }}

View File

@ -18,8 +18,5 @@
cache_timeout: 600
trove_distro_packages:
- apache2
- apache2-utils
- libapache2-mod-wsgi
- libsystemd-dev
- qemu-utils

View File

@ -18,8 +18,5 @@
cache_timeout: 600
trove_distro_packages:
- httpd
- httpd-tools
- mod_wsgi
- systemd-devel
- qemu-img

View File

@ -17,8 +17,5 @@
cache_timeout: 600
trove_distro_packages:
- apache2
- apache2-utils
- apache2-mod_wsgi
- systemd-devel
- qemu-tools