ansible-role-apache icon indicating copy to clipboard operation
ansible-role-apache copied to clipboard

Published 20 hours ago verified publisher icon geerlingguy

mods-enable: Why dont link *.conf?

Open en1cc opened this issue 3 years ago • 2 comments
trafficstars

en1cc avatar Jul 27 '22 10:07 en1cc

Hello, thanks for your playbook. I have a question regarding enabling mods:

- name: Enable Apache mods.
  file:
    src: "{{ apache_server_root }}/mods-available/{{ item }}.load"
    dest: "{{ apache_server_root }}/mods-enabled/{{ item }}.load"
    state: link
    mode: 0644
  with_items: "{{ apache_mods_enabled }}"
  notify: restart apache

Dont you need to link *.conf files also? This is what a2enmod does. So a second task with e.g.

- name: Enable Apache mods.
  file:
    src: "{{ apache_server_root }}/mods-available/{{ item }}.conf"
    dest: "{{ apache_server_root }}/mods-enabled/{{ item }}.conf"
    state: link
    mode: 0644
  with_items: "{{ apache_mods_enabled }}"
  notify: restart apache

en1cc avatar Jul 27 '22 10:07 en1cc

Reading through the docs:

Note that many modules have, in addition to a .load file, an associated .conf file. Enabling the module puts the configuration directives in the .conf file as directives into the main server context of apache2.

It seems to indicate it could move directives into the main apache2 .conf file (and not just a .conf file named after the mod—I don't believe all available mods have an associated .conf file, do they?).

To add that 2nd task, we'd have to guarantee the mods all have a related .conf file to symlink...

geerlingguy avatar Jul 27 '22 14:07 geerlingguy

Oke, when i read you quote from the docs, we dont need to link the .conf files as well. Sorry, my bad, haven't found this information before!

en1cc avatar Aug 04 '22 18:08 en1cc

Apache's a2enmod does link the .conf files too - as they're actually essential for the modules to function when present, and not just optional extras.

https://manpages.ubuntu.com/manpages/trusty/man8/a2enmod.8.html

So if this role doesn't do that, you force users to work around this and implement it themselves. This undermines the utility of ansible-role-apache.

The way to do it would be to link the file if it exists, and not if it doesn't. Ansible can do that, but as you need to stat the target file first, it doesn't make it very easy to do on a list of files, unless you abuse the command task's creates option.

In a role like this, however, I think implementing this step would be warranted. I only note this in passing rather than creating a new issue, as I've worked around the issue for my own case (enabling mod_userdir), which is a playbook I plan to stop maintaining soon.

wu-lee avatar Sep 19 '22 11:09 wu-lee

@wu-lee @en1cc My trick:

tasks:
  - name: verify apache2 mod conf
    ansible.builtin.command: a2enmod {{ item }}
      with_items: "{{ apache_mods_enabled }}"
      notify: restart apache

CorentinS6 avatar Nov 16 '22 15:11 CorentinS6