Project

General

Profile

Bug #622

httpd package shoud be installed first

Added by Pierre-Louis Bonicoli about 1 year ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Normal
Category:
System :: Base
Start date:
2018-04-24
Due date:
% Done:

100%

Patch Available:
Confirmed:
No
Branch:
Entity:
DuckCorp
Security:
Help Needed:

Description

1. httpd_package is installed in roles/httpd/tasks/common.yml
2. but tasks in this playbook aren't called first
3. indeed, playbooks/tenants/duckcorp/web.yml uses dc-web role first
4. and dc-web expects apache2 service to be already installed (since handlers notified by security.yml playbook try to restart apache2 service).

$ ansible-playbook -l Toushirou -i hosts.yml -u root -v playbooks/tenants/duckcorp/web.yml
Using duckcorp-infra/ansible/ansible.cfg as config file

PLAY [web_servers] ***

TASK [dc-web : Install Apache general config parts] ***
changed: [Toushirou] => (item=security.conf) => {"changed": true, [...] }

TASK [dc-web : Install Apache modules config parts] ***
changed: [Toushirou] => (item=ssl.conf) => {"changed": true, [...] }

RUNNING HANDLER [dc-web : Reload Apache Service] *************************************************************************************************************
fatal: [Toushirou]: FAILED! => {"changed": false, "msg": "Could not find the requested service apache2: host"}

History

#1 Updated by Marc Dequènes about 1 year ago

  • Status changed from New to In Progress

True.

I integrated the HTTP2 support into `httpd` role, and had to refresh the TLS settings in the process because it's compulsory in the standard. So this makes `ssl.conf` obsolete. I think we could just recreate the original link from mods-enabled to mods-available to still get the basic Debian setup, and due to the load order the configuration from the `httpd` role would override the needed security parameters.

The fix for Passenger has been integrated into the `httpd_passenger` role but some files are left over.

So only very few settings remains. I would like to integrate them into the `httpd` role as well if possible. Then we could phase out this role entirely.

In the meanwhile I can install httpd in `dc-web` to make things work.

#2 Updated by Marc Dequènes about 1 year ago

  • Status changed from In Progress to Resolved
  • % Done changed from 0 to 100

ok, did the cleanup and added `httpd` call. The rest is outside the scope of this BR, so closing.

#3 Updated by Marc Dequènes about 1 year ago

  • Assignee set to Marc Dequènes

Also available in: Atom PDF