mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-04-30 21:41:53 +08:00
8a4a4469e4
The proxies seem to be hitting file limits, so try increasing them. Also, set httpd to restart on failure, this should help mask the problem if it persists with the higher limit. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
116 lines
2.8 KiB
YAML
116 lines
2.8 KiB
YAML
- name: Make sure the ticketkey is deployed
|
|
copy: src=/root/ticketkey_{{env}}.tkey dest=/etc/httpd/ticketkey_{{env}}.tkey
|
|
owner=root group=root mode=0600
|
|
notify:
|
|
- reload proxyhttpd
|
|
|
|
- name: Copy in the main httpd.conf file for proxy nodes
|
|
template: >
|
|
src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
|
|
owner=root group=root mode=0644
|
|
notify:
|
|
- reload proxyhttpd
|
|
tags:
|
|
- httpd
|
|
- httpd/proxy
|
|
|
|
- name: Make sure certain files are gone
|
|
file: dest=/etc/httpd/conf.d/{{item}} state=absent
|
|
with_items:
|
|
- welcome.conf
|
|
tags:
|
|
- httpd
|
|
- httpd/proxy
|
|
|
|
- name: Copy over some basic configs into /etc/httpd/conf.d/
|
|
template: >
|
|
src={{item}} dest=/etc/httpd/conf.d/{{item}}
|
|
owner=root group=root mode=0644
|
|
with_items:
|
|
- forwarded.conf
|
|
- 02-ticketkey.conf
|
|
- 03-reqtimeout.conf
|
|
notify:
|
|
- reload proxyhttpd
|
|
tags:
|
|
- httpd
|
|
- httpd/proxy
|
|
|
|
- name: Remove the keepalives configuration
|
|
file: path=/etc/httpd/conf.d/01-keepalives.conf state=absent
|
|
notify:
|
|
- reload proxyhttpd
|
|
tags:
|
|
- httpd
|
|
- httpd/proxy
|
|
|
|
- name: set the apache mpm to use event MPM
|
|
copy: src=00-mpm.conf dest=/etc/httpd/conf.modules.d/00-mpm.conf
|
|
notify:
|
|
- reload proxyhttpd
|
|
tags:
|
|
- httpd
|
|
- httpd/proxy
|
|
|
|
- name: install libsemanage
|
|
package:
|
|
state: present
|
|
name:
|
|
- libsemanage-python
|
|
tags:
|
|
- httpd
|
|
- httpd/proxy
|
|
- selinux
|
|
when: (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 8) or (ansible_distribution_major_version|int < 30 and ansible_distribution == 'Fedora')
|
|
|
|
- name: install libsemanage in a python3 manner
|
|
package:
|
|
state: present
|
|
name:
|
|
- python3-libsemanage
|
|
tags:
|
|
- httpd
|
|
- httpd/proxy
|
|
- selinux
|
|
when: (ansible_distribution_major_version|int >= 30 and ansible_distribution == 'Fedora') or (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int >= 8)
|
|
|
|
- name: Turn on certain selinux booleans we need for our proxy layer
|
|
seboolean: name={{ item }} state=true persistent=true
|
|
with_items:
|
|
# We need this for httpd to be able to reverseproxy to other machines.
|
|
- httpd_can_network_connect
|
|
tags:
|
|
- httpd
|
|
- httpd/proxy
|
|
- selinux
|
|
|
|
- name: Create pki/httpd
|
|
file: path=/etc/pki/httpd state=directory
|
|
owner=root group=root mode=0600
|
|
tags:
|
|
- httpd
|
|
- httpd/proxy
|
|
|
|
- name: disable systemd-oomd we do not need or want it
|
|
service: name=systemd-oomd state=stopped enabled=no
|
|
tags:
|
|
- httpd
|
|
- httpd/proxy
|
|
- disablesystemdoomd
|
|
|
|
- name: create systemd drop in dir for httpd
|
|
file: path=/etc/systemd/system/httpd.service.d/ state=directory
|
|
tags:
|
|
- httpd
|
|
- httpd/proxy
|
|
- httpdoverride
|
|
|
|
- name: create systemd drop in dir for httpd
|
|
copy: src=httpdoverride.conf dest=/etc/systemd/system/httpd.service.d/httpdoverride.conf
|
|
tags:
|
|
- httpd
|
|
- httpd/proxy
|
|
- httpdoverride
|
|
notify:
|
|
- reload systemd
|