diff options
| -rwxr-xr-x | files/hotfix/httpd/httpd.init | 127 | ||||
| -rw-r--r-- | files/hotfix/httpd/httpd.sysconfig | 34 | ||||
| -rw-r--r-- | handlers/restart_services.yml | 3 | ||||
| -rw-r--r-- | playbooks/groups/mirrorlist.yml | 2 | ||||
| -rw-r--r-- | tasks/apache.yml | 32 |
5 files changed, 197 insertions, 1 deletions
diff --git a/files/hotfix/httpd/httpd.init b/files/hotfix/httpd/httpd.init new file mode 100755 index 000000000..71ddd10ff --- /dev/null +++ b/files/hotfix/httpd/httpd.init @@ -0,0 +1,127 @@ +#!/bin/bash +# +# httpd Startup script for the Apache HTTP Server +# +# chkconfig: - 85 15 +# description: The Apache HTTP Server is an efficient and extensible \ +# server implementing the current HTTP standards. +# processname: httpd +# config: /etc/httpd/conf/httpd.conf +# config: /etc/sysconfig/httpd +# pidfile: /var/run/httpd/httpd.pid +# +### BEGIN INIT INFO +# Provides: httpd +# Required-Start: $local_fs $remote_fs $network $named +# Required-Stop: $local_fs $remote_fs $network +# Should-Start: distcache +# Short-Description: start and stop Apache HTTP Server +# Description: The Apache HTTP Server is an extensible server +# implementing the current HTTP standards. +### END INIT INFO + +# Source function library. +. /etc/rc.d/init.d/functions + +if [ -f /etc/sysconfig/httpd ]; then + . /etc/sysconfig/httpd +fi + +# Allow environment variables to be set in /etc/sysconfig/httpd +eval $ENVSET + +# Start httpd in the C locale by default. +HTTPD_LANG=${HTTPD_LANG-"C"} + +# This will prevent initlog from swallowing up a pass-phrase prompt if +# mod_ssl needs a pass-phrase from the user. +INITLOG_ARGS="" + +# Set HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server +# with the thread-based "worker" MPM; BE WARNED that some modules may not +# work correctly with a thread-based MPM; notably PHP will refuse to start. + +# Path to the apachectl script, server binary, and short-form for messages. +apachectl=/usr/sbin/apachectl +httpd=${HTTPD-/usr/sbin/httpd} +prog=httpd +pidfile=${PIDFILE-/var/run/httpd/httpd.pid} +lockfile=${LOCKFILE-/var/lock/subsys/httpd} +RETVAL=0 +STOP_TIMEOUT=${STOP_TIMEOUT-10} + +# The semantics of these two functions differ from the way apachectl does +# things -- attempting to start while running is a failure, and shutdown +# when not running is also a failure. So we just do it the way init scripts +# are expected to behave here. +start() { + echo -n $"Starting $prog: " + LANG=$HTTPD_LANG daemon --pidfile=${pidfile} $httpd $OPTIONS + RETVAL=$? + echo + [ $RETVAL = 0 ] && touch ${lockfile} + return $RETVAL +} + +# When stopping httpd, a delay (of default 10 second) is required +# before SIGKILLing the httpd parent; this gives enough time for the +# httpd parent to SIGKILL any errant children. +stop() { + echo -n $"Stopping $prog: " + killproc -p ${pidfile} -d ${STOP_TIMEOUT} $httpd + RETVAL=$? + echo + [ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile} +} +reload() { + echo -n $"Reloading $prog: " + if ! LANG=$HTTPD_LANG $httpd $OPTIONS -t >&/dev/null; then + RETVAL=6 + echo $"not reloading due to configuration syntax error" + failure $"not reloading $httpd due to configuration syntax error" + else + # Force LSB behaviour from killproc + LSB=1 killproc -p ${pidfile} $httpd -HUP + RETVAL=$? + if [ $RETVAL -eq 7 ]; then + failure $"httpd shutdown" + fi + fi + echo +} + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + status) + status -p ${pidfile} $httpd + RETVAL=$? + ;; + restart) + stop + start + ;; + condrestart|try-restart) + if status -p ${pidfile} $httpd >&/dev/null; then + stop + start + fi + ;; + force-reload|reload) + reload + ;; + graceful|help|configtest|fullstatus) + $apachectl $@ + RETVAL=$? + ;; + *) + echo $"Usage: $prog {start|stop|restart|condrestart|try-restart|force-reload|reload|status|fullstatus|graceful|help|configtest}" + RETVAL=2 +esac + +exit $RETVAL diff --git a/files/hotfix/httpd/httpd.sysconfig b/files/hotfix/httpd/httpd.sysconfig new file mode 100644 index 000000000..d1506558c --- /dev/null +++ b/files/hotfix/httpd/httpd.sysconfig @@ -0,0 +1,34 @@ +# Configuration file for the httpd service. + +# +# The default processing model (MPM) is the process-based +# 'prefork' model. A thread-based model, 'worker', is also +# available, but does not work with some modules (such as PHP). +# The service must be stopped before changing this variable. +# +#HTTPD=/usr/sbin/httpd.worker + +# +# To pass additional options (for instance, -D definitions) to the +# httpd binary at startup, set OPTIONS here. +# +#OPTIONS= + +# +# By default, the httpd process is started in the C locale; to +# change the locale in which the server runs, the HTTPD_LANG +# variable can be set. +# +#HTTPD_LANG=C + +# +# By default, the httpd process will create the file +# /var/run/httpd/httpd.pid in which it records its process +# identification number when it starts. If an alternate location is +# specified in httpd.conf (via the PidFile directive), the new +# location needs to be reported in the PIDFILE. +# +#PIDFILE=/var/run/httpd/httpd.pid + +# Mitigate Python hash table collisions +ENVSET='export PYTHONHASHSEED=random' diff --git a/handlers/restart_services.yml b/handlers/restart_services.yml index 11067c64d..278bf3048 100644 --- a/handlers/restart_services.yml +++ b/handlers/restart_services.yml @@ -74,6 +74,9 @@ - name: restart sshd action: service name=sshd state=restarted +- name: restart supervisord + action: service name=supervisord state=restarted + - name: restart xinetd action: service name=xinetd state=restarted diff --git a/playbooks/groups/mirrorlist.yml b/playbooks/groups/mirrorlist.yml index 78f4e07f6..d3290dc1b 100644 --- a/playbooks/groups/mirrorlist.yml +++ b/playbooks/groups/mirrorlist.yml @@ -43,11 +43,11 @@ - include: $tasks/rkhunter.yml - include: $tasks/denyhosts.yml - include: $tasks/nagios_client.yml + - include: $tasks/apache.yml - include: $tasks/mod_wsgi.yml - include: $tasks/mirrorlist.yml - handlers: - include: $handlers/restart_services.yml diff --git a/tasks/apache.yml b/tasks/apache.yml new file mode 100644 index 000000000..e445f38a6 --- /dev/null +++ b/tasks/apache.yml @@ -0,0 +1,32 @@ +--- +# install apache(httpd) +- name: install apache + yum: name=$item state=installed + with_items: + - httpd + - httpd-tools + tags: + - packages + +- name: set apache running/enabled + service: name=httpd state=running enabled=yes + tags: + - service + +# install hash randomization hotfix +- name: hotfix - copy over new httpd init script + copy: src=$files/hotfix/httpd/httpd.init dest=/etc/init.d/httpd + notify: + - restart apache + tags: + - config + - hotfix + +- name: hotfix - copy over new httpd sysconfig + copy: src=$files/hotfix/httpd/httpd.sysconfig dest=/etc/sysconfig/httpd + notify: + - restart apache + tags: + - config + - hotfix + |