{"id":203,"sha1":"9d11c6dc215e1e84a4a60c4db1a22d97b98912f7","playbook":{"id":3,"items":{"plays":37,"tasks":374,"results":364,"hosts":2,"files":208,"records":0},"arguments":{"version":null,"verbosity":0,"private_key_file":null,"remote_user":null,"connection":"openstack.osa.ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":true,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py","/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini","/etc/openstack_deploy/inventory.ini"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":8,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["setup-infrastructure.yml"]},"labels":[{"id":1,"name":"check:False"},{"id":2,"name":"tags:all"}],"started":"2025-12-08T13:33:24.432723Z","ended":"2025-12-08T13:39:38.483304Z","duration":"00:06:14.050581","name":null,"ansible_version":"2.18.6","client_version":"1.7.4","python_version":"3.12.3","server_version":"1.7.4","status":"completed","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-infrastructure.yml","controller":"aio1.openstack.local","user":"root"},"content":"---\n# Copyright 2024, Cleura AB\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n#     http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n\ncache_timeout: 300\n\n# Generic configuration\nhttpd_conf_dir: \"/etc/{{ httpd_system_service_name }}\"\nhttpd_conf_file: \"{{ _httpd_conf_file }}\"\nhttpd_default_sites: \"{{ _httpd_default_sites }}\"\nhttpd_distro_packages: \"{{ _httpd_distro_packages }}\"\nhttpd_extra_packages: []\nhttpd_extra_conf_files: \"{{ _httpd_extra_conf_files }}\"\n\n## List of modules and MPMs to enable/disable is defined only for DEB systems\nhttpd_default_modules: \"{{ _httpd_default_modules }}\"\nhttpd_extra_modules: []\nhttpd_modules: \"{{ httpd_default_modules + httpd_extra_modules }}\"\nhttpd_mpms: \"{{ _httpd_mpms }}\"\n\nhttpd_package_state: \"{{ package_state | default('latest') }}\"\nhttpd_security_conf: \"{{ _httpd_security_conf }}\"\nhttpd_server_name: \"{{ ansible_facts['fqdn'] }}\"\nhttpd_vhost_enable_path: \"{{ _httpd_vhost_enable_path }}\"\n\nhttpd_service_home_folder: \"{{ _httpd_service_home_folder }}\"\nhttpd_service_user_name: \"{{ _httpd_service_user_name }}\"\nhttpd_service_group_name: \"{{ _httpd_service_group_name }}\"\nhttpd_system_service_name: \"{{ _httpd_system_service_name }}\"\n\n## vHost defenition example:\n# httpd_vhosts:\n#   - address: \"\"\n#     document_root:\n#     directories:\n#       - path: \"/\"\n#         options: []\n#     headers: []\n#     locations:\n#       - path: \"/\"\n#         options: []\n#     options: []\n#     port: 80\n#     server_name: \"{{ inventory_hostname }}\"\n#     state: present\n#     enabled: false\n#     ssl:\n#       # In case `cert` or `key` is undefined, certificate will be generated.\n#       # You can use `san` key to adjust CNs for the generated certificate.\n#       # `ca` key is optional and can be ommited.\n#       # You can also set ``ssl: false`` to explicitly disable any TLS configuration\n#       # for vhost\n#       cert: /path/to/vhost.crt\n#       key: /path/to/key.crt\n#       ca: /path/to/ca.crt\nhttpd_vhosts: []\n\n# Logging\nhttpd_custom_log_format: '\"%h %l %u \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-agent}i\\\"\"'\nhttpd_log_level: info\n\n# MPM tunables\nhttpd_mpm_backend: \"{{ openstack_apache_mpm_backend | default('event') }}\"\nhttpd_mpm_max_conn_child: \"{{ openstack_apache_max_conn_child | default(0) }}\"\nhttpd_mpm_max_requests: \"{{ httpd_mpm_server_limit | int * httpd_mpm_thread_child | int }}\"\nhttpd_mpm_max_spare_threads: \"{{ openstack_apache_max_spare_threads | default(75) }}\"\nhttpd_mpm_min_spare_threads: \"{{ openstack_apache_min_spare_threads | default(25) }}\"\nhttpd_mpm_server_limit: \"{{ [[ansible_facts['processor_vcpus'] | default(2) // 2, 1] | max, httpd_mpm_thread_max | int] | min }}\"\nhttpd_mpm_start_servers: \"{{ openstack_apache_start_servers | default(2) }}\"\nhttpd_mpm_thread_child: \"{{ openstack_apache_thread_child | default(25) }}\"\nhttpd_mpm_thread_limit: \"{{ openstack_apache_thread_limit | default(64) }}\"\nhttpd_mpm_thread_max: \"{{ openstack_apache_thread_max | default(16) }}\"\n\n# TLS configuration\nhttpd_ssl_protocol: \"{{ ssl_protocol | default('ALL -SSLv2 -SSLv3 -TLSv1 -TLSv1.1') }}\"\n## TLS v1.2 and below\nhttpd_ssl_cipher_suite_tls12: \"{{ ssl_cipher_suite | default('ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES256:ECDH+AES128:!aNULL:!SHA1:!AESCCM') }}\"\n## TLS v1.3\nhttpd_ssl_cipher_suite_tls13: \"{{ ssl_cipher_suite_tls13 | default('TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256') }}\"\n\nhttpd_pki_dir: \"{{ openstack_pki_dir | default('/etc/pki') }}\"\nhttpd_pki_setup_host: \"{{ openstack_pki_setup_host | default('localhost') }}\"\n\n## Create a certificate authority if one does not already exist\nhttpd_pki_create_ca: \"{{ openstack_pki_authorities is not defined | bool and httpd_pki_create_certificates }}\"\nhttpd_pki_regen_ca: \"\"\nhttpd_pki_authorities:\n  - name: \"HTTPDRoot\"\n    country: \"GB\"\n    state_or_province_name: \"England\"\n    organization_name: \"Example Corporation\"\n    organizational_unit_name: \"IT Security\"\n    cn: \"Apache HTTPD Root CA\"\n    provider: selfsigned\n    basic_constraints: \"CA:TRUE\"\n    key_usage:\n      - digitalSignature\n      - cRLSign\n      - keyCertSign\n    not_after: \"+3650d\"\n  - name: \"HTTPDIntermediate\"\n    country: \"GB\"\n    state_or_province_name: \"England\"\n    organization_name: \"Example Corporation\"\n    organizational_unit_name: \"IT Security\"\n    cn: \"Apache HTTPD Intermediate CA\"\n    provider: ownca\n    basic_constraints: \"CA:TRUE,pathlen:0\"\n    key_usage:\n      - digitalSignature\n      - cRLSign\n      - keyCertSign\n    not_after: \"+3650d\"\n    signed_by: \"HTTPDRoot\"\n\n# Installation details for certificate authorities\nhttpd_pki_install_ca:\n  - name: \"HTTPDRoot\"\n    condition: \"{{ httpd_pki_create_ca }}\"\n\n# HTTPD server certificates to generate\nhttpd_pki_certs_path: \"{{ httpd_pki_dir ~ '/certs/certs/' }}\"\nhttpd_pki_certificates: \"{{ _httpd_pki_generate_certificates_vhosts }}\"\nhttpd_pki_create_certificates: \"{{ httpd_pki_certificates | length > 0 }}\"\nhttpd_pki_default_san: \"{{ openstack_pki_san | default('DNS:' ~ ansible_facts['hostname'] ~ ',DNS:' ~ ansible_facts['fqdn']) }}\"\nhttpd_pki_keys_path: \"{{ httpd_pki_dir ~ '/certs/private/' }}\"\nhttpd_pki_regen_cert: \"\"\n\nhttpd_pki_intermediate_cert_name: \"{{ openstack_pki_service_intermediate_cert_name | default('HTTPDIntermediate') }}\"\nhttpd_pki_intermediate_cert_path: \"{{ httpd_pki_dir ~ '/roots/' ~ httpd_pki_intermediate_cert_name ~ '/certs/' ~ httpd_pki_intermediate_cert_name ~ '.crt' }}\"\n\n## Installation details for SSL certificates\nhttpd_pki_install_certificates: \"{{ _httpd_pki_install_certificates_vhosts }}\"\n\n## Destination directories for SSL certificates\nhttpd_ssl_certs_dir: /etc/ssl/certs/\nhttpd_ssl_keys_dir: /etc/ssl/private/\n","created":"2025-12-08T13:33:27.049907Z","updated":"2025-12-08T13:33:27.049943Z","path":"/home/zuul/src/opendev.org/openstack/ansible-role-httpd/defaults/main.yml"}