Add workaround for evasive in apache2_module (#22649)
* Add workaround for evasive in apache2_module * Fixes #22635 * Clean up workarounds for php/shib * Add test for evasive workaround * Remove use of re module, since all searches work with native python * Add unit tests to apache2_module name replacements Go back to using re package where needed * Rename replace_name to create_apache_identifier
This commit is contained in:
parent
7e3af115ce
commit
6f40cb9647
3 changed files with 59 additions and 18 deletions
|
@ -109,10 +109,7 @@ def _run_threaded(module):
|
||||||
|
|
||||||
result, stdout, stderr = module.run_command("%s -V" % control_binary)
|
result, stdout, stderr = module.run_command("%s -V" % control_binary)
|
||||||
|
|
||||||
if re.search(r'threaded:[ ]*yes', stdout):
|
return bool(re.search(r'threaded:[ ]*yes', stdout))
|
||||||
return True
|
|
||||||
else:
|
|
||||||
return False
|
|
||||||
|
|
||||||
def _get_ctl_binary(module):
|
def _get_ctl_binary(module):
|
||||||
for command in ['apache2ctl', 'apachectl']:
|
for command in ['apache2ctl', 'apachectl']:
|
||||||
|
@ -146,20 +143,38 @@ def _module_is_enabled(module):
|
||||||
else:
|
else:
|
||||||
module.fail_json(msg=error_msg)
|
module.fail_json(msg=error_msg)
|
||||||
|
|
||||||
"""
|
searchstring = ' ' + create_apache_identifier(name)
|
||||||
Work around for php modules; php7.x are always listed as php7_module
|
return searchstring in stdout
|
||||||
"""
|
|
||||||
php_module = re.search(r'^(php\d)\.', name)
|
|
||||||
if php_module:
|
|
||||||
name = php_module.group(1)
|
|
||||||
|
|
||||||
|
def create_apache_identifier(name):
|
||||||
"""
|
"""
|
||||||
Workaround for shib2; module is listed as mod_shib
|
By convention if a module is loaded via name, it appears in apache2ctl -M as
|
||||||
"""
|
name_module.
|
||||||
if re.search(r'shib2', name):
|
|
||||||
return bool(re.search(r' mod_shib', stdout))
|
Some modules don't follow this convention and we use replacements for those."""
|
||||||
|
|
||||||
|
# a2enmod name replacement to apache2ctl -M names
|
||||||
|
text_workarounds = [
|
||||||
|
('shib2', 'mod_shib'),
|
||||||
|
('evasive', 'evasive20_module'),
|
||||||
|
]
|
||||||
|
|
||||||
|
# re expressions to extract subparts of names
|
||||||
|
re_workarounds = [
|
||||||
|
('php', r'^(php\d)\.'),
|
||||||
|
]
|
||||||
|
|
||||||
|
for a2enmod_spelling, module_name in text_workarounds:
|
||||||
|
if a2enmod_spelling in name:
|
||||||
|
return module_name
|
||||||
|
|
||||||
|
for search, reexpr in re_workarounds:
|
||||||
|
if search in name:
|
||||||
|
rematch = re.search(reexpr, name)
|
||||||
|
return rematch.group(1) + '_module'
|
||||||
|
|
||||||
|
return name + '_module'
|
||||||
|
|
||||||
return bool(re.search(r' ' + name + r'_module', stdout))
|
|
||||||
|
|
||||||
def _set_state(module, state):
|
def _set_state(module, state):
|
||||||
name = module.params['name']
|
name = module.params['name']
|
||||||
|
@ -221,6 +236,6 @@ def main():
|
||||||
_set_state(module, module.params['state'])
|
_set_state(module, module.params['state'])
|
||||||
|
|
||||||
# import module snippets
|
# import module snippets
|
||||||
from ansible.module_utils.basic import *
|
from ansible.module_utils.basic import AnsibleModule
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
main()
|
main()
|
||||||
|
|
|
@ -15,9 +15,12 @@
|
||||||
|
|
||||||
- name: install apache via apt
|
- name: install apache via apt
|
||||||
apt:
|
apt:
|
||||||
name: apache2
|
name: "{{item}}"
|
||||||
state: present
|
state: present
|
||||||
when: "ansible_os_family == 'Debian'"
|
when: "ansible_os_family == 'Debian'"
|
||||||
|
with_items:
|
||||||
|
- apache2
|
||||||
|
- libapache2-mod-evasive
|
||||||
|
|
||||||
- name: install apache via zypper
|
- name: install apache via zypper
|
||||||
zypper:
|
zypper:
|
||||||
|
@ -84,4 +87,11 @@
|
||||||
name: autoindex
|
name: autoindex
|
||||||
state: absent
|
state: absent
|
||||||
force: True
|
force: True
|
||||||
when: "ansible_os_family != 'Suse'"
|
when: "ansible_os_family == 'Debian'"
|
||||||
|
|
||||||
|
|
||||||
|
- name: enable evasive module, test https://github.com/ansible/ansible/issues/22635
|
||||||
|
apache2_module:
|
||||||
|
name: evasive
|
||||||
|
state: present
|
||||||
|
when: "ansible_os_family == 'Debian'"
|
||||||
|
|
16
test/units/modules/web_infrastructure/test_apache2_module.py
Normal file
16
test/units/modules/web_infrastructure/test_apache2_module.py
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
import pytest
|
||||||
|
|
||||||
|
from ansible.modules.web_infrastructure.apache2_module import create_apache_identifier
|
||||||
|
|
||||||
|
REPLACEMENTS = [
|
||||||
|
('php7.1', 'php7_module'),
|
||||||
|
('php5.6', 'php5_module'),
|
||||||
|
('shib2', 'mod_shib'),
|
||||||
|
('evasive', 'evasive20_module'),
|
||||||
|
('thismoduledoesnotexist', 'thismoduledoesnotexist_module'), # the default
|
||||||
|
]
|
||||||
|
|
||||||
|
@pytest.mark.parametrize("replacement", REPLACEMENTS, ids=lambda x: x[0])
|
||||||
|
def test_apache_identifier(replacement):
|
||||||
|
"test the correct replacement of an a2enmod name with an apache2ctl name"
|
||||||
|
assert create_apache_identifier(replacement[0]) == replacement[1]
|
Loading…
Add table
Reference in a new issue