summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYanis Guenane <yguenane@redhat.com>2017-12-06 09:53:09 +0100
committerYanis Guenane <yguenane@redhat.com>2017-12-06 09:53:09 +0100
commit05bbc3d89a3f8ed8d6e83a73fac72183867636ad (patch)
tree9557a19329bb59b048ec8461989edef94a70eb21
parent0c83d9ce071ca03d550827de2f7abd17f0d4bbc9 (diff)
Allow one to enable access to mod_status
By default access to /server-status is not enabled, it needs to be configured by the administrator. This commis allows an administrator to configure access to this endpoint. Also, it forces the use of ExtendedStatus rather than the basic output. Change-Id: Ib545be6371fcf7c0c729ab1c3e4384291bd46024
-rw-r--r--defaults/main.yml7
-rw-r--r--handlers/main.yml6
-rw-r--r--tasks/main.yml8
-rw-r--r--templates/mod_status.conf7
-rw-r--r--vars/RedHat.yml1
5 files changed, 26 insertions, 3 deletions
diff --git a/defaults/main.yml b/defaults/main.yml
index 0976c8a..cce6fee 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,2 +1,7 @@
---
-httpd_foo: bar
+# mod_status
+#
+httpd_mod_status_enabled: False
+
+# httpd_mod_status_deny_rule: Deny from all
+# httpd_mod_status_allow_rule: Allow from localhost
diff --git a/handlers/main.yml b/handlers/main.yml
index 48a7953..d0b736a 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -14,12 +14,14 @@
# limitations under the License.
---
-- name: restart apache httpd
+- name: restart-httpd
+ become: True
service:
name: '{{ httpd_service_name }}'
state: restarted
-- name: reload apache httpd
+- name: reload-httpd
+ become: True
service:
name: '{{ httpd_service_name }}'
state: reloaded
diff --git a/tasks/main.yml b/tasks/main.yml
index 06af7da..16b3032 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -22,6 +22,14 @@
package:
name: '{{ httpd_package_name }}'
+- name: Enable httpd mod_status
+ become: True
+ template:
+ src: mod_status.conf
+ dest: '{{ httpd_configuration_path }}/mod_status.conf'
+ when: httpd_mod_status_enabled
+ notify: reload-httpd
+
- name: Start the apache httpd service
become: True
service:
diff --git a/templates/mod_status.conf b/templates/mod_status.conf
new file mode 100644
index 0000000..d88559e
--- /dev/null
+++ b/templates/mod_status.conf
@@ -0,0 +1,7 @@
+ExtendedStatus On
+<Location /server-status>
+ SetHandler server-status
+ Order deny,allow
+ {{ httpd_mod_status_deny_rule|default('') }}
+ {{ httpd_mod_status_allow_rule|default('') }}
+</Location>
diff --git a/vars/RedHat.yml b/vars/RedHat.yml
index e6b33d2..335e8ea 100644
--- a/vars/RedHat.yml
+++ b/vars/RedHat.yml
@@ -16,3 +16,4 @@
---
httpd_package_name: httpd
httpd_service_name: httpd
+httpd_configuration_path: /etc/httpd/conf.d