Fix bug #5328 apache module loading #5454
Conversation
|
@michaelgugino Thanks for this PR. I now better understand what you meant in the discussion of #5328. This changes the behavior quite drastically, since
The latter is used to fix your bug, but in some way this also removes a feature, that one now only gets in check mode. What do you think about making the config check a flag, like @n0trax Please comment/review. btw: do you want to be added as a module maintainer? |
|
@robinro I think the config behavior would be better captured in it's own module as it's not apache2_module specific, rather it captures config changes that are related to all of apache, not just modules; naturally, I assume that users are going to deploy valid configs which have already been tested elsewhere. IMO, when a user runs ansible and they are not using 'check_mode' they are implicitly giving permission to ansible to make any changes necessary. Always running a2enmod or a2dismod only makes a change on disk if the current state does not equal the desired state, and if that change is made, it was desired at the time it was made. In any case, check_config is a fine feature, but I think it's outside the scope of the behavior of the module as currently intended, and outside the scope of the bug fix. It should probably be it's own PR for a new feature. |
|
@michaelgugino Please add a In the documentation of that flag one can state the behavior changes like:
|
|
Please also add an integration test for your use case in https://github.com/ansible/ansible/blob/devel/test/integration/targets/apache2_module/tasks/actualtest.yml (PR against ansible/ansible, that should be merged after this PR) It should cover:
Maybe you can at the same time also include a test for #5455, which enables |
|
@robinro yes, thanks. I would be glad if i would be added as maintainer too. @michaelgugino Thanks for your patch. |
As discussed in ansible/ansible-modules-core#5454 (comment) n0trax should be added as maintainer of apache2_module
As discussed in ansible/ansible-modules-core#5454 (comment) n0trax should be added as maintainer of apache2_module
michaelgugino
force-pushed
the
fix_bug_5328
branch
3 times, most recently
from
0208457
to
a2f7a9f
Compare
|
This current patch set is really a series of compromises. I have been working with openSUSE locally to test the behavior of apachectl, a2enmod and a2dismod. Very nonstandard behavior for this distro. I have added in to force check the config for openSUSE; I am personally of the opinion this forced check should be removed and we should only perform this check with check_config enabled. There is no good way to verify if a module will actually be loaded or not by apache on openSUSE without parsing the config. I am happy with the patch as-is, but I'm open to suggestions. Test-case patch forthcoming, please let me know what you think of this patch set. |
|
Created validation PR for patchset: ansible/ansible#18371 |
|
SuSE is not really "non-standard", since there is no standard.
In general I would prefer a more minimal patch. Only if check_config is False skip around the |
|
As i understand the apache2 manpage a I have done some research in the apache2 sources and figured out a method How about ignoring the AH0054 error when activating any mpm module? This could be done easily and does not change too much in the module. |
michaelgugino
force-pushed
the
fix_bug_5328
branch
from
a2f7a9f
to
e318b67
Compare
|
Thank you both for the good feedback. I think this current patch set covers our use-cases based on 1) keeping existing behavior in-tact (although source slightly modified) 2) adding check_config bits for disabling the apachectl steps. I think catching AH0054 approach has some merit, but that will not solve the other edge cases like #5455 In any case, please let me know what you think, I'm sure we can come up with a good patch set that covers most cases. |
|
Thanks @michaelgugino. To the current maintainers, @robinro, @n0trax please review according to guidelines (http://docs.ansible.com/ansible/developing_modules.html#module-checklist) and comment with text 'shipit', 'needs_revision' or 'close_me' as appropriate. [This message brought to you by your friendly Ansibull-bot.] |
|
I'm not really happy with disabling the config check, because we possibly are leaving the webserver in a broken state. Therefore we should not fix #5455, especially as this issue is already fixed by Debian. The other problem is the check of the return code of a2enmod. As I mentioned earlier #5454 (comment), we could have a changed state, even if no module was activated. IMO #5328 should be fixed by dealing with the specific error and not by disabling the whole check. @robinro, your opinion? |
|
needs_revision |
|
Thanks @michaelgugino for this PR. This PR requires revisions, either because it fails to build or by reviewer request. Please make the suggested revisions. When you are done, please comment with text 'ready_for_review' and we will put this PR back into review. [This message brought to you by your friendly Ansibull-bot.] |
michaelgugino
force-pushed
the
fix_bug_5328
branch
from
e318b67
to
96bcab4
Compare
|
For the return code 0 in openSUSE, I would say that we 'technically' have a changed state, although it might not be the desired one. using 'a2enmod non_existing_mod' on openSUSE will insert an entry for 'non_existing_mod' in apache's config in /etc/sysconfig. Additionally, using 'a2enmod -l' on openSUSE (which appears to be an openSUSE specific switch) will include 'non_existing_mod' in it's output, although apache will not actually load or complain about the non-existing module. Specifically handling the mpm specific error code is a small tradeoff as well. It may result in an unbootable apache service if the deployer doesn't ensure that an mpm module is enabled. Either solution is somewhat of a tradeoff. I have a small inclination towards the existing patch set because it's already written, but I'm happy to make additional changes if needed. In any case, I think we should come to a consensus, and then execute on that idea. |
|
To me it seems that mpm is really a special case. Especially since apache has a dedicated error for it. So a fix that only checks for that case should be best. I agree with @n0trax. Regarding loading non_existing_mod in openSUSE: We run |
michaelgugino
force-pushed
the
fix_bug_5328
branch
from
96bcab4
to
b05f7a2
Compare
|
@robinro Sounds good. This latest patch just catches the error for mpm modules. It doesn't exit with any specific code, but parsing stderr seems to work okay. |
|
@michaelgugino did most of the work already, so it should be his PR I don't have a strong opinion on the name, but I want the default to be the current 2.2.0.0 behavior and ignoring the warnings should only be an option. I'd keep the name general, in case other modules should also be included there. Another option I had in mind was to use the already existing |
|
@n0trax which name would you prefer for that option? |
|
Unfourtunatly i have no nice idea for an other name...But what do you think about using the |
michaelgugino
force-pushed
the
fix_bug_5328
branch
from
524def2
to
4e21379
Compare
|
@michaelgugino A friendly reminder: this pull request has been marked as needing your action. If you still believe that this PR applies, and you intend to address the issues with this PR, just let us know in the PR itself and we will keep it open pending your changes. When you do address the issues, please respond with ready_for_review in your comment, so that we can notify the maintainer. [This message brought to you by your friendly Ansibull-bot.] |
|
ready_for_review |
|
Thanks @michaelgugino. To the current maintainers, @robinro, @n0trax please review according to guidelines (http://docs.ansible.com/ansible/developing_modules.html#module-checklist) and comment with text 'shipit', 'needs_revision' or 'close_me' as appropriate. [This message brought to you by your friendly Ansibull-bot.] |
|
Could you please take a look at my suggestion for a more global I think it is the last point for this PR... |
|
I'm fine with the latest version. |
|
shipit |
|
Thanks again to @michaelgugino for this PR, and thanks @robinro, @n0trax for reviewing. Marking for inclusion. [This message brought to you by your friendly Ansibull-bot.] |
|
This repository has been locked. All new issues and pull requests should be filed in https://github.com/ansible/ansible Please read through the repomerge page in the dev guide. The guide contains links to tools which automatically move your issue or pull request to the ansible/ansible repo. |
|
@michaelgugino Please move this PR to the merged repo using the instructions above (https://prmover.pythonanywhere.com/). |
Currently, the apache2_module module parses apache configs for correctness when enabling or disabling apache2 modules. This behavior introduced a conflict condition when transitioning between mpm modules, such as mpm_worker and mpm_event. This change accounts for the specific error condition raised by ``apachectl -M``: ``AH00534: apache2: Configuration error: No MPM loaded.`` When loading or unloading a module with a name that contains 'mpm_', apache2_module will ignore the error raised by apachectl if stderr contains 'AH00534'. Fixes ansible#5328
michaelgugino
force-pushed
the
fix_bug_5328
branch
from
a474329
to
80f50de
Compare
|
New PR created with PR mover: |
|
Merged to devel via ansible/ansible#19355, probably will not be cherry-picked to stable-2.2 due to addition of new arg. |
ISSUE TYPE
COMPONENT NAME
web_infrastructure/apache2_module.py
ANSIBLE VERSION
SUMMARY
Currently, the apache2_module module parses apache configs
for correctness when enabling or disabling apache2 modules.
This behavior introduced a conflict condition when transitioning
between certain modules, such as mpm_worker and mpm_event.
This change only parses apache's configs during check mode,
otherwise it parses the stdout results of attempted to enabled
or disable modules to determine change state.