remove apache support for RGW

libfcgi is dead upstream (http://tracker.ceph.com/issues/16784)

The RGW developers intend to remove libfcgi support entirely before the
Luminous release.

Since libfcgi gets little-to-no developer attention or testing, remove
it entirely from ceph-ansible.

group_vars/all.sample

@@ -284,7 +284,6 @@ dummy:
 ## Rados Gateway options
 #
 #radosgw_dns_name: your.subdomain.tld # subdomains used by radosgw. See http://ceph.com/docs/master/radosgw/config/#enabling-subdomain-s3-calls
-#radosgw_frontend: civetweb # supported options are 'apache' or 'civetweb', also edit roles/ceph-rgw/defaults/main.yml
 #radosgw_civetweb_port: 8080 # on Infernalis we get: "set_ports_option: cannot bind to 80: 13 (Permission denied)"
 #radosgw_civetweb_bind_ip: "{{ ansible_default_ipv4.address }}"
 #radosgw_civetweb_num_threads: 50
@@ -296,9 +295,6 @@ dummy:
 #radosgw_keystone_revocation_internal: 900
 #radosgw_s3_auth_use_keystone: "true"
 #radosgw_nss_db_path: /var/lib/ceph/radosgw/ceph-radosgw.{{ ansible_hostname }}/nss
-# Toggle 100-continue support for Apache and FastCGI
-# WARNING: Changing this value will cause an outage of Apache while it is reinstalled on RGW nodes
-#http_100_continue: false
 # Rados Gateway options
 #redhat_distro_ceph_extra: centos6.4 # supported distros are centos6.3, centos6.4, centos6, fedora18, fedora19, opensuse12.2, rhel6.3, rhel6.4, rhel6.5, rhel6, sles11sp2
 #email_address: foo@bar.com

infrastructure-playbooks/cluster-os-migration.yml

@@ -454,7 +454,7 @@
 
     - name: Archive rados gateway configs
       shell: >
-        tar -cpvzf - --one-file-system . /etc/ceph/* /etc/apache2/* | cat > {{ ansible_hostname }}.tar
+        tar -cpvzf - --one-file-system . /etc/ceph/* | cat > {{ ansible_hostname }}.tar
         chdir=/var/lib/ceph/
         creates={{ ansible_hostname }}.tar
       when: migration_completed.stat.exists == False
@@ -477,12 +477,11 @@
         flat=yes
       when: migration_completed.stat.exists == False
 
-    - name: Gracefully stop the rados gateway and apache
+    - name: Gracefully stop the rados gateway
       service: >
         name={{ item }}
         state=stopped
       with_items:
-        - apache2
         - radosgw
       when: migration_completed.stat.exists == False
 
@@ -527,15 +526,13 @@
         chdir=/var/lib/ceph/
       with_items:
         - cp etc/ceph/* /etc/ceph/
-        - cp -r etc/apache2/* /etc/httpd/
       when: migration_completed.stat.exists == False
 
-    - name: Start rados gateway and httpd
+    - name: Start rados gateway
       service: >
         name={{ item }}
         state=started
       with_items:
-        - httpd
         - radosgw
       when: migration_completed.stat.exists == False
 

roles/ceph-common/README.md

@@ -40,7 +40,6 @@ Have a look at `defaults/main.yml`.
 * restart ceph-mds
 * restart ceph-rgw
 * restart ceph-restapi
-* restart apache2
 
 # Dependencies
 

roles/ceph-common/defaults/main.yml

@@ -277,7 +277,6 @@ mds_max_mds: 3
 ## Rados Gateway options
 #
 #radosgw_dns_name: your.subdomain.tld # subdomains used by radosgw. See http://ceph.com/docs/master/radosgw/config/#enabling-subdomain-s3-calls
-radosgw_frontend: civetweb # supported options are 'apache' or 'civetweb', also edit roles/ceph-rgw/defaults/main.yml
 radosgw_civetweb_port: 8080 # on Infernalis we get: "set_ports_option: cannot bind to 80: 13 (Permission denied)"
 radosgw_civetweb_bind_ip: "{{ ansible_default_ipv4.address }}"
 radosgw_civetweb_num_threads: 50
@@ -289,9 +288,6 @@ radosgw_keystone_token_cache_size: 10000
 radosgw_keystone_revocation_internal: 900
 radosgw_s3_auth_use_keystone: "true"
 radosgw_nss_db_path: /var/lib/ceph/radosgw/ceph-radosgw.{{ ansible_hostname }}/nss
-# Toggle 100-continue support for Apache and FastCGI
-# WARNING: Changing this value will cause an outage of Apache while it is reinstalled on RGW nodes
-http_100_continue: false
 # Rados Gateway options
 redhat_distro_ceph_extra: centos6.4 # supported distros are centos6.3, centos6.4, centos6, fedora18, fedora19, opensuse12.2, rhel6.3, rhel6.4, rhel6.5, rhel6, sles11sp2
 email_address: foo@bar.com

roles/ceph-common/handlers/main.yml

@@ -122,24 +122,6 @@
     - rgw_group_name in group_names
     - ceph_release_num.{{ ceph_release }} > ceph_release_num.hammer
 
-- name: restart apache2
-  service:
-    name: apache2
-    state: restarted
-    enabled: yes
-  when:
-    - ansible_os_family == 'Debian'
-    - rgw_group_name in group_names
-
-- name: restart apache2
-  service:
-    name: httpd
-    state: restarted
-    enabled: yes
-  when:
-    - ansible_os_family == 'RedHat'
-    - rgw_group_name in group_names
-
 - name: restart ceph nfss
   service:
     name: nfs-ganesha

roles/ceph-common/tasks/installs/install_rgw_on_debian.yml

@@ -1,142 +0,0 @@
----
-- name: add ceph extra
-  apt_repository:
-    repo: "deb http://ceph.com/packages/ceph-extras/debian {{ ansible_lsb.codename }} main"
-    state: present
-  when: ansible_lsb.codename in ['natty', 'oneiric', 'precise', 'quantal', 'raring', 'sid', 'squeeze', 'wheezy']
-
-# NOTE (leseb): needed for Ubuntu 12.04 to have access to libapache2-mod-fastcgi if 100-continue isn't being used
-- name: enable multiverse repo for precise
-  apt_repository:
-    repo: "{{ item }}"
-    state: present
-  with_items:
-    - deb http://archive.ubuntu.com/ubuntu {{ ansible_lsb.codename }} multiverse
-    - deb http://archive.ubuntu.com/ubuntu {{ ansible_lsb.codename }}-updates multiverse
-    - deb http://security.ubuntu.com/ubuntu {{ ansible_lsb.codename }}-security multiverse
-  when:
-    - ansible_lsb.codename in ['precise']
-    - not http_100_continue
-
-# NOTE (leseb): disable the repo when we are using the Ceph repo for 100-continue packages
-- name: disable multiverse repo for precise
-  apt_repository:
-    repo: "{{ item }}"
-    state: absent
-  with_items:
-    - deb http://archive.ubuntu.com/ubuntu {{ ansible_lsb.codename }} multiverse
-    - deb http://archive.ubuntu.com/ubuntu {{ ansible_lsb.codename }}-updates multiverse
-    - deb http://security.ubuntu.com/ubuntu {{ ansible_lsb.codename }}-security multiverse
-  when:
-    - ansible_lsb.codename in ['precise']
-    - http_100_continue
-
-# NOTE (leseb): needed for Ubuntu 14.04 to have access to libapache2-mod-fastcgi if 100-continue isn't being used
-- name: enable multiverse repo for trusty
-  command: "apt-add-repository multiverse"
-  changed_when: false
-  when:
-    - ansible_lsb.codename in ['trusty']
-    - not http_100_continue
-
-# NOTE (leseb): disable the repo when we are using the Ceph repo for 100-continue packages
-- name: disable multiverse repo for trusty
-  command: "apt-add-repository -r multiverse"
-  changed_when: false
-  when:
-    - ansible_lsb.codename in ['trusty']
-    - http_100_continue
-
-# NOTE (leseb): if using 100-continue, add Ceph dev key
-- name: install the ceph development repository key
-  apt_key:
-    data: "{{ lookup('file', 'cephdev.asc') }}"
-    state: present
-  when: http_100_continue
-
-# NOTE (leseb): if using 100-continue, add Ceph sources and update
-- name: add ceph apache and fastcgi sources
-  apt_repository:
-    repo: "{{ item }}"
-    state: present
-  with_items:
-    - deb http://gitbuilder.ceph.com/apache2-deb-{{ ansible_lsb.codename }}-x86_64-basic/ref/master {{ ansible_lsb.codename }} main
-    - deb http://gitbuilder.ceph.com/libapache-mod-fastcgi-deb-{{ ansible_lsb.codename }}-x86_64-basic/ref/master {{ ansible_lsb.codename }} main
-  register: purge_default_apache
-  when: http_100_continue
-
-# NOTE (leseb): else remove them to ensure you use the default packages
-- name: remove ceph apache and fastcgi sources
-  apt_repository:
-    repo: "{{ item }}"
-    state: absent
-  with_items:
-    - deb http://gitbuilder.ceph.com/apache2-deb-{{ ansible_lsb.codename }}-x86_64-basic/ref/master {{ ansible_lsb.codename }} main
-    - deb http://gitbuilder.ceph.com/libapache-mod-fastcgi-deb-{{ ansible_lsb.codename }}-x86_64-basic/ref/master {{ ansible_lsb.codename }} main
-  register: purge_ceph_apache
-  when: not http_100_continue
-
-# NOTE (leseb): purge Ceph Apache and FastCGI packages if needed
-- name: purge ceph apache and fastcgi packages
-  apt:
-    pkg: "{{ item }}"
-    state: absent
-    purge: yes
-  with_items:
-    - apache2
-    - apache2-bin
-    - apache2-data
-    - apache2-mpm-worker
-    - apache2-utils
-    - apache2.2-bin
-    - apache2.2-common
-    - libapache2-mod-fastcgi
-  when: purge_default_apache.changed or purge_ceph_apache.changed
-
-- name: install apache and fastcgi
-  apt:
-    pkg: "{{ item }}"
-    state: present
-    update_cache: yes
-  with_items:
-    - apache2
-    - libapache2-mod-fastcgi
-
-- name: install default httpd.conf
-  template:
-    src: "{{ role_path }}/templates/httpd.conf"
-    dest: /etc/apache2/httpd.conf
-    owner: root
-    group: root
-
-- name: enable some apache mod rewrite and fastcgi
-  command: "{{ item }}"
-  with_items:
-    - a2enmod rewrite
-    - a2enmod fastcgi
-  changed_when: false
-
-- name: install rados gateway vhost
-  template:
-    src: "{{ role_path }}/templates/rgw.conf"
-    dest: /etc/apache2/sites-available/rgw.conf
-    owner: root
-    group: root
-
-- name: enable rados gateway vhost and disable default site
-  command: "{{ item }}"
-  with_items:
-    - a2ensite rgw.conf
-    - a2dissite *default
-  changed_when: false
-  failed_when: false
-  notify:
-    - restart apache2
-
-- name: install s3gw.fcgi script
-  template:
-    src: "{{ role_path }}/templates/s3gw.fcgi.j2"
-    dest: /var/www/s3gw.fcgi
-    mode: 0555
-    owner: root
-    group: root

roles/ceph-common/tasks/installs/install_rgw_on_redhat.yml

@@ -1,56 +0,0 @@
----
-- name: add ceph extra
-  template:
-    src: "{{ role_path }}/templates/ceph-extra.repo"
-    dest: /etc/yum.repos.d
-    owner: root
-    group: root
-
-- name: add special fastcgi repository key
-  rpm_key:
-    key: http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
-
-- name: add special fastcgi repository
-  command: rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
-  changed_when: false
-
-- name: install apache and fastcgi
-  yum:
-    name: "{{ item }}"
-    state: present
-  with_items:
-    - httpd
-    - mod_fastcgi
-    - mod_fcgid
-  when: ansible_pkg_mgr == "yum"
-
-- name: install apache and fastcgi
-  dnf:
-    name: "{{ item }}"
-    state: present
-  with_items:
-    - httpd
-    - mod_fastcgi
-    - mod_fcgid
-  when: ansible_pkg_mgr == "dnf"
-
-- name: install rados gateway vhost
-  template:
-    src: "{{ role_path }}/templates/rgw.conf"
-    dest: /etc/httpd/conf.d/rgw.conf
-    owner: root
-    group: root
-
-- name: install s3gw.fcgi script
-  template:
-    src: "{{ role_path }}/templates/s3gw.fcgi.j2"
-    dest: /var/www/s3gw.fcgi
-    mode: 0555
-    owner: root
-    group: root
-
-- name: disable default site
-  shell: sed -i "s/^[^+#]/#/g" /etc/httpd/conf.d/welcome.conf
-  changed_when: false
-  notify:
-    - restart apache2

roles/ceph-common/tasks/main.yml

@@ -71,26 +71,6 @@
   # Hard code this so we will skip the entire file instead of individual tasks (Default isn't Consistent)
   static: False
 
-- include: ./installs/install_rgw_on_redhat.yml
-  when:
-    - ansible_os_family == 'RedHat'
-    - radosgw_frontend == 'apache'
-    - rgw_group_name in group_names
-  tags:
-    - package-install
-  # Hard code this so we will skip the entire file instead of individual tasks (Default isn't Consistent)
-  static: False
-
-- include: ./installs/install_rgw_on_debian.yml
-  when:
-    - ansible_os_family == 'Debian'
-    - radosgw_frontend == 'apache'
-    - rgw_group_name in group_names
-  tags:
-    - package-install
-  # Hard code this so we will skip the entire file instead of individual tasks (Default isn't Consistent)
-  static: False
-
 - include: ./misc/ntp_redhat.yml
   when:
     - ansible_os_family == 'RedHat'

roles/ceph-common/templates/ceph.conf.j2

@@ -113,9 +113,7 @@ keyring = /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ hostvars[host]['ansible_hos
 rgw socket path = /tmp/radosgw-{{ hostvars[host]['ansible_hostname'] }}.sock
 log file = /var/log/ceph/{{ cluster }}-rgw-{{ hostvars[host]['ansible_hostname'] }}.log
 rgw data = /var/lib/ceph/radosgw/{{ cluster }}-rgw.{{ hostvars[host]['ansible_hostname'] }}
-{% if radosgw_frontend  == 'civetweb' %}
 rgw frontends = civetweb port={{ radosgw_civetweb_bind_ip }}:{{ radosgw_civetweb_port }} num_threads={{ radosgw_civetweb_num_threads }}
-{% endif %}
 {% if radosgw_keystone %}
 rgw keystone url = {{ radosgw_keystone_url }}
 rgw keystone admin token = {{ radosgw_keystone_admin_token }}

roles/ceph-common/templates/rgw.conf

@@ -1,23 +0,0 @@
-# {{ ansible_managed }}
-
-FastCgiExternalServer /var/www/s3gw.fcgi -socket  /tmp/radosgw-{{ ansible_hostname }}.sock
-<VirtualHost *:80>
-        ServerName {{ ansible_hostname }}
-        ServerAdmin {{ email_address }}@{{ ansible_fqdn }}
-        DocumentRoot /var/www
-
-        <IfModule mod_fastcgi.c>
-                <Directory /var/www>
-                        Options +ExecCGI
-                        AllowOverride All
-                        SetHandler fastcgi-script
-                        Order allow,deny
-                        Allow from all
-                        AuthBasicAuthoritative Off
-                </Directory>
-        </IfModule>
-
-        RewriteEngine On
-        RewriteRule ^/([a-zA-Z0-9-_.]*)([/]?.*) /s3gw.fcgi?page=$1&params=$2&%{QUERY_STRING} [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
-
-</VirtualHost>

roles/ceph-common/templates/s3gw.fcgi.j2

@@ -1,3 +0,0 @@
-# {{ ansible_managed }}
-#!/bin/sh
-exec /usr/bin/radosgw -c /etc/ceph/{{ cluster }}.conf -n client.radosgw.{{ ansible_hostname }}

roles/ceph-rgw/README.md

@@ -3,10 +3,7 @@
 This role bootstraps Ceph Rados Gateway(s).
 It can bootstrap dockerized Ceph Rados Gateway(s).
 
-It supports two methods to configure Rados Gateway:
-
-* with civetweb (default and preferred)
-* with Apache and CGI
+Civetweb is the only supported method for the Rados Gateway.
 
 It can be configured to support a connection with OpenStack Keystone.