mirror of
				https://github.com/ansible-collections/community.general.git
				synced 2025-10-25 21:44:00 -07:00 
			
		
		
		
	* apache2_module: updated cgi action conditions Only the activation of the cgi module in threaded mode should be a restriction due to apache2 limitations, not the deactivation. Especially when the cgi module isn't enabled yet at all. Fixes #9140 * bug(fix): apache2_module fails to disable cgi module * Update changelog fragment. --------- Co-authored-by: Felix Fontein <felix@fontein.de>
		
			
				
	
	
		
			272 lines
		
	
	
	
		
			8.4 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
			
		
		
	
	
			272 lines
		
	
	
	
		
			8.4 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
| #!/usr/bin/python
 | |
| # -*- coding: utf-8 -*-
 | |
| 
 | |
| # Copyright (c) 2013-2014, Christian Berendt <berendt@b1-systems.de>
 | |
| # GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
 | |
| # SPDX-License-Identifier: GPL-3.0-or-later
 | |
| 
 | |
| from __future__ import absolute_import, division, print_function
 | |
| __metaclass__ = type
 | |
| 
 | |
| 
 | |
| DOCUMENTATION = r"""
 | |
| module: apache2_module
 | |
| author:
 | |
|   - Christian Berendt (@berendt)
 | |
|   - Ralf Hertel (@n0trax)
 | |
|   - Robin Roth (@robinro)
 | |
| short_description: Enables/disables a module of the Apache2 webserver
 | |
| description:
 | |
|   - Enables or disables a specified module of the Apache2 webserver.
 | |
| extends_documentation_fragment:
 | |
|   - community.general.attributes
 | |
| attributes:
 | |
|   check_mode:
 | |
|     support: full
 | |
|   diff_mode:
 | |
|     support: none
 | |
| options:
 | |
|   name:
 | |
|     type: str
 | |
|     description:
 | |
|       - Name of the module to enable/disable as given to C(a2enmod)/C(a2dismod).
 | |
|     required: true
 | |
|   identifier:
 | |
|     type: str
 | |
|     description:
 | |
|       - Identifier of the module as listed by C(apache2ctl -M). This is optional and usually determined automatically by the
 | |
|         common convention of appending V(_module) to O(name) as well as custom exception for popular modules.
 | |
|     required: false
 | |
|   force:
 | |
|     description:
 | |
|       - Force disabling of default modules and override Debian warnings.
 | |
|     required: false
 | |
|     type: bool
 | |
|     default: false
 | |
|   state:
 | |
|     type: str
 | |
|     description:
 | |
|       - Desired state of the module.
 | |
|     choices: ['present', 'absent']
 | |
|     default: present
 | |
|   ignore_configcheck:
 | |
|     description:
 | |
|       - Ignore configuration checks about inconsistent module configuration. Especially for mpm_* modules.
 | |
|     type: bool
 | |
|     default: false
 | |
|   warn_mpm_absent:
 | |
|     description:
 | |
|       - Control the behavior of the warning process for MPM modules.
 | |
|     type: bool
 | |
|     default: true
 | |
|     version_added: 6.3.0
 | |
| requirements: ["a2enmod", "a2dismod"]
 | |
| notes:
 | |
|   - This does not work on RedHat-based distributions. It does work on Debian- and SuSE-based distributions. Whether it works
 | |
|     on others depend on whether the C(a2enmod) and C(a2dismod) tools are available or not.
 | |
| """
 | |
| 
 | |
| EXAMPLES = r"""
 | |
| - name: Enable the Apache2 module wsgi
 | |
|   community.general.apache2_module:
 | |
|     state: present
 | |
|     name: wsgi
 | |
| 
 | |
| - name: Disables the Apache2 module wsgi
 | |
|   community.general.apache2_module:
 | |
|     state: absent
 | |
|     name: wsgi
 | |
| 
 | |
| - name: Disable default modules for Debian
 | |
|   community.general.apache2_module:
 | |
|     state: absent
 | |
|     name: autoindex
 | |
|     force: true
 | |
| 
 | |
| - name: Disable mpm_worker and ignore warnings about missing mpm module
 | |
|   community.general.apache2_module:
 | |
|     state: absent
 | |
|     name: mpm_worker
 | |
|     ignore_configcheck: true
 | |
| 
 | |
| - name: Disable mpm_event, enable mpm_prefork and ignore warnings about missing mpm module
 | |
|   community.general.apache2_module:
 | |
|     name: "{{ item.module }}"
 | |
|     state: "{{ item.state }}"
 | |
|     warn_mpm_absent: false
 | |
|     ignore_configcheck: true
 | |
|   loop:
 | |
|     - module: mpm_event
 | |
|       state: absent
 | |
|     - module: mpm_prefork
 | |
|       state: present
 | |
| 
 | |
| - name: Enable dump_io module, which is identified as dumpio_module inside apache2
 | |
|   community.general.apache2_module:
 | |
|     state: present
 | |
|     name: dump_io
 | |
|     identifier: dumpio_module
 | |
| """
 | |
| 
 | |
| RETURN = r"""
 | |
| result:
 | |
|   description: Message about action taken.
 | |
|   returned: always
 | |
|   type: str
 | |
| """
 | |
| 
 | |
| import re
 | |
| 
 | |
| # import module snippets
 | |
| from ansible.module_utils.basic import AnsibleModule
 | |
| 
 | |
| _re_threaded = re.compile(r'threaded: *yes')
 | |
| 
 | |
| 
 | |
| def _run_threaded(module):
 | |
|     control_binary = _get_ctl_binary(module)
 | |
|     result, stdout, stderr = module.run_command([control_binary, "-V"])
 | |
| 
 | |
|     return bool(_re_threaded.search(stdout))
 | |
| 
 | |
| 
 | |
| def _get_ctl_binary(module):
 | |
|     for command in ['apache2ctl', 'apachectl']:
 | |
|         ctl_binary = module.get_bin_path(command)
 | |
|         if ctl_binary is not None:
 | |
|             return ctl_binary
 | |
| 
 | |
|     module.fail_json(msg="Neither of apache2ctl nor apachectl found. At least one apache control binary is necessary.")
 | |
| 
 | |
| 
 | |
| def _module_is_enabled(module):
 | |
|     control_binary = _get_ctl_binary(module)
 | |
|     result, stdout, stderr = module.run_command([control_binary, "-M"])
 | |
| 
 | |
|     if result != 0:
 | |
|         error_msg = "Error executing %s: %s" % (control_binary, stderr)
 | |
|         if module.params['ignore_configcheck']:
 | |
|             if 'AH00534' in stderr and 'mpm_' in module.params['name']:
 | |
|                 if module.params['warn_mpm_absent']:
 | |
|                     module.warn(
 | |
|                         "No MPM module loaded! apache2 reload AND other module actions"
 | |
|                         " will fail if no MPM module is loaded immediately."
 | |
|                     )
 | |
|             else:
 | |
|                 module.warn(error_msg)
 | |
|             return False
 | |
|         else:
 | |
|             module.fail_json(msg=error_msg)
 | |
| 
 | |
|     searchstring = ' ' + module.params['identifier']
 | |
|     return searchstring in stdout
 | |
| 
 | |
| 
 | |
| def create_apache_identifier(name):
 | |
|     """
 | |
|     By convention if a module is loaded via name, it appears in apache2ctl -M as
 | |
|     name_module.
 | |
| 
 | |
|     Some modules don't follow this convention and we use replacements for those."""
 | |
| 
 | |
|     # a2enmod name replacement to apache2ctl -M names
 | |
|     text_workarounds = [
 | |
|         ('shib', 'mod_shib'),
 | |
|         ('shib2', 'mod_shib'),
 | |
|         ('evasive', 'evasive20_module'),
 | |
|     ]
 | |
| 
 | |
|     # re expressions to extract subparts of names
 | |
|     re_workarounds = [
 | |
|         ('php8', re.compile(r'^(php)[\d\.]+')),
 | |
|         ('php', re.compile(r'^(php\d)\.')),
 | |
|     ]
 | |
| 
 | |
|     for a2enmod_spelling, module_name in text_workarounds:
 | |
|         if a2enmod_spelling in name:
 | |
|             return module_name
 | |
| 
 | |
|     for search, reexpr in re_workarounds:
 | |
|         if search in name:
 | |
|             try:
 | |
|                 rematch = reexpr.search(name)
 | |
|                 return rematch.group(1) + '_module'
 | |
|             except AttributeError:
 | |
|                 pass
 | |
| 
 | |
|     return name + '_module'
 | |
| 
 | |
| 
 | |
| def _set_state(module, state):
 | |
|     name = module.params['name']
 | |
|     force = module.params['force']
 | |
| 
 | |
|     want_enabled = state == 'present'
 | |
|     state_string = {'present': 'enabled', 'absent': 'disabled'}[state]
 | |
|     a2mod_binary = {'present': 'a2enmod', 'absent': 'a2dismod'}[state]
 | |
|     success_msg = "Module %s %s" % (name, state_string)
 | |
| 
 | |
|     if _module_is_enabled(module) != want_enabled:
 | |
|         if module.check_mode:
 | |
|             module.exit_json(changed=True, result=success_msg)
 | |
| 
 | |
|         a2mod_binary_path = module.get_bin_path(a2mod_binary)
 | |
|         if a2mod_binary_path is None:
 | |
|             module.fail_json(msg="%s not found. Perhaps this system does not use %s to manage apache" % (a2mod_binary, a2mod_binary))
 | |
| 
 | |
|         a2mod_binary_cmd = [a2mod_binary_path]
 | |
| 
 | |
|         if not want_enabled and force:
 | |
|             # force exists only for a2dismod on debian
 | |
|             a2mod_binary_cmd.append('-f')
 | |
| 
 | |
|         result, stdout, stderr = module.run_command(a2mod_binary_cmd + [name])
 | |
| 
 | |
|         if _module_is_enabled(module) == want_enabled:
 | |
|             module.exit_json(changed=True, result=success_msg)
 | |
|         else:
 | |
|             msg = (
 | |
|                 'Failed to set module {name} to {state}:\n'
 | |
|                 '{stdout}\n'
 | |
|                 'Maybe the module identifier ({identifier}) was guessed incorrectly.'
 | |
|                 'Consider setting the "identifier" option.'
 | |
|             ).format(
 | |
|                 name=name,
 | |
|                 state=state_string,
 | |
|                 stdout=stdout,
 | |
|                 identifier=module.params['identifier']
 | |
|             )
 | |
|             module.fail_json(msg=msg,
 | |
|                              rc=result,
 | |
|                              stdout=stdout,
 | |
|                              stderr=stderr)
 | |
|     else:
 | |
|         module.exit_json(changed=False, result=success_msg)
 | |
| 
 | |
| 
 | |
| def main():
 | |
|     module = AnsibleModule(
 | |
|         argument_spec=dict(
 | |
|             name=dict(required=True),
 | |
|             identifier=dict(type='str'),
 | |
|             force=dict(type='bool', default=False),
 | |
|             state=dict(default='present', choices=['absent', 'present']),
 | |
|             ignore_configcheck=dict(type='bool', default=False),
 | |
|             warn_mpm_absent=dict(type='bool', default=True),
 | |
|         ),
 | |
|         supports_check_mode=True,
 | |
|     )
 | |
| 
 | |
|     name = module.params['name']
 | |
|     if name == 'cgi' and module.params['state'] == 'present' and _run_threaded(module):
 | |
|         module.fail_json(msg="Your MPM seems to be threaded, therefore enabling cgi module is not allowed.")
 | |
| 
 | |
|     if not module.params['identifier']:
 | |
|         module.params['identifier'] = create_apache_identifier(module.params['name'])
 | |
| 
 | |
|     if module.params['state'] in ['present', 'absent']:
 | |
|         _set_state(module, module.params['state'])
 | |
| 
 | |
| 
 | |
| if __name__ == '__main__':
 | |
|     main()
 |